There have been many media reports in recent years about cyber attacks on governments and a variety of private sector companies. The rather ambiguous term ‘Advanced Persistent Threat’ (‘APT’) is widely used to describe any attack which appears to have compromised computers in these companies or organisations, regardless of the source or purpose of the attack. We prefer simply to call them ‘targeted attacks’ and leave marketing terms to one side. This paper is not concerned with the technical aspects of targeted attacks, but seeks instead to inform readers about the full scope and nature of these attacks, the reasons why they are launched and the people and policies behind their design and execution.

Many reports of attacks inevitably end by asking ‘Who did it?’ But the answer is rarely straightforward. Western Governments usually allege the attacks come from ‘Asia’ or the ‘Far East’, rather than risk offending the Chinese government. Large corporations are similarly vague in their descriptions of these events, for fear of harming lucrative business arrangements. Security ‘experts’ always caution that IP addresses can be used as hop points through which attackers disguise their true origins, so perhaps this could be a case of other countries trying to make it look as if China was the source. While true, if something looks, walks and quacks like a duck, it is almost always a duck.

We will not be so coy. This paper will look directly at the most prolific sponsor of computer network exploitation attacks: China. We know other countries have implemented similar programs for attacking computer networks and have seen many examples of these in our work over the last few years, but our focus here is China.

We will examine various aspects of these attacks, including the nature of the information targeted and the types of organisations threatened. We will consider the effort involved in planning, executing and managing these attacks; and assess the information products they generate, in order to understand the scale of human involvement and the government policies which sponsor information theft via targeted attacks. With all this in mind we will then postulate on where the stolen information goes and how it may be used.

Download the whitepaper here

About ContextIS
The company was founded in 1998 with the aim of providing holistic security services.

Our client base has grown steadily over the years, thanks in large part to personal recommendations from existing clients who value us as business partners. We believe our success is based on the value our clients place on our product-agnostic, holistic approach; the way we work closely with them to develop a tailored service; and to the independence, integrity and technical skills of our consultants.
In a number of cases, Context has been retained by major blue-chip companies and institutions as a valued service provider while contracts with other IT security suppliers originally hired alongside us have not been renewed.

The best security experts need to bring a broad portfolio of skills to the job, so Context has always sought to recruit staff with extensive business experience as well as technical expertise. Our consultants hold an impressive range of security qualifications, but we are not just a bunch of techies who will try to blind you with science. Our aim is to provide effective and practical solutions, advice and support: when we report back to clients we always communicate our findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report.

www.contextis.co.uk

About Armadillo
Armadillo is the UK’s leading security solutions integrator with an extensive portfolio of complementary products that make us unique in our ability to provide true end-to-end security solutions, customised to meet a client’s specific technology and budgetary requirements. Our approach to delivering client solutions has evolved over a number of years through a wealth of experience in architecting, delivering and maintaining solutions for large and small enterprises across all market sectors, featuring strongly in the financial services, online gaming, legal, public, retailing and Government sectors. For more information, visit Armadillo at www.armadillouk.com

In a transaction that will significantly broaden and deepen the authentication and cloud-based services it offers to clients, SafeNet, today announced that it has acquired Cryptocard, a privately held leader of cloud based authentication solutions . Financial terms were not disclosed.

With the acquisition of Cryptocard, SafeNet significantly enhances its market leading authentication portfolio, providing both enterprises and service providers with one of the most advanced authentication-as-a- service (Auth-as-a-Service) offerings in the marketplace. Cryptocard’s platform will provide a unique opportunity for mobile and telecom service providers, as well as IT system integrators and service providers, to rapidly introduce Auth-as-a-Service and market leading authentication solutions to their end users.

By combining SafeNet’s Fully Trusted Authentication Solutions with Cryptocard’s innovative & flexible Blackshield Cloud platform, SafeNet’s customers worldwide will now have access to secure, flexible and cost-effective on-premise and as-a-service solutions.

“As data continues to proliferate and move beyond traditional perimeters, both enterprise and government customers are demanding solutions that protect and control data and identities across networks, mobile devices and to and from the cloud,” said Chris Fedde, President and Chief Executive Officer of SafeNet. “By joining forces and engaging SafeNet’s global scale, we are uniquely positioned to help customers around the world accelerate the migration to and from the cloud in the most secure and cost effective manner.”

The acquisition will also expand SafeNet’s addressable market opportunity, solidifying the company’s leadership position in user authentication and strongly positioning the company to capitalize on the fast-growing Auth-as-a-Service and cloud services markets.

According to Gartner Inc.’s January 2012 “Magic Quadrant for User Authentication” report, Ant Allan, Vice President, stated, “The user authentication market is expected to grow by approximately 30 percent in the upcoming year. Gartner predicts that, by 2017, more than 50 percent of enterprises will choose cloud-based services as the delivery option for new or refreshed user authentication implementations, up from less than 10% today. However, it is likely that on-premise solutions will persist, especially in more risk averse enterprises that want to retain control of identity administration, credentialing and verification.”

Together, the combined company’s product and service offerings will enable customers to more effectively tailor, deploy and manage their authentication strategies to meet both current and future business needs. The addition of Cryptocard’s Auth-as-a-Service capabilities will help customers worldwide accelerate the deployment of authentication solutions, with improved flexibility and at a lower cost. In addition, SafeNet’s large global presence will enable the expansion of Cryptocard’s Auth-as-a-Service portfolio to APAC and across the broader EMEA and Americas markets.

“As mobile and cloud computing began to transform the security industry, Cryptocard saw a need to develop cloud based authentication solutions and a platform that would help our service provider and enterprise customers meet the emerging needs of this new security landscape,” said Neil Hollister, Chairman and Chief Executive Officer, Cryptocard. “Our unique platform for delivering Authentication-as-a Service is powerful, easy to deploy and helps our customers secure their most sensitive data against current and future security threats.”

Gartner Inc. has recognized both SafeNet and Cryptocard in its January 17, 2012 publication, titled “Magic Quadrant for User Authentication”. SafeNet was positioned as a Leader in Gartner’s “Magic Quadrant for User Authentication”. Cryptocard was positioned as a Visionary in Gartner’s “Magic Quadrant for User Authentication”.

About Cryptocard
Cryptocard helps organizations mitigate the risk of identity theft by using strong authentication to secure digital identities. Established in 1989 and headquartered in Canada and the UK, Cryptocard solutions are used by thousands of companies in more than 70 countries globally. For more information, visit: www.cryptocard.com

About SafeNet, Inc.
Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe. SafeNet’s data-centric approach focuses on the protection of high value information throughout its lifecycle, from the data center to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments. For more information, visit: www.safenet-inc.com

About Armadillo
Armadillo is the UK’s leading security solutions integrator with an extensive portfolio of complementary products that make us unique in our ability to provide true end-to-end security solutions, customised to meet a client’s specific technology and budgetary requirements. Our approach to delivering client solutions has evolved over a number of years through a wealth of experience in architecting, delivering and maintaining solutions for large and small enterprises across all market sectors, featuring strongly in the financial services, online gaming, legal, public, retailing and Government sectors. For more information, visit Armadillo at www.armadillouk.com

London, UK – March 02, 2012 - Armadillo, the UK’s leading security solutions integrator and one of the world’s most experienced eGRC providers, today announced that it has entered into partnership with Voltage Security in order to bring data-centric security and simplified stateless key management to customers, many of which are very large, complex and heterogeneous enterprises. Voltage solutions enable the protection of structured and unstructured sensitive data from end-to-end, as it’s used across data centres, public and private clouds and mobile devices. Data-centric security is one of the most powerful ways to protect against the impact of data breaches while effectively addressing current and future compliance requirements. Voltage leverages breakthrough technologies to enable solutions that work seamlessly, are highly scalable, and reduce costs and complexity.

Through this partnership, Armadillo can immediately empower customers with a fully-integrated end-to-end security offering that brings data-centric security to email messages, files and documents, databases and applications enterprise-wide.

“CISOs know that at some point their networks will be compromised; it’s no longer a case of if you will be hacked, but likely when,” said Rob Hale, eGRC Practice Lead. “With the latest technology advancements and innovations brought about by Voltage, security can now evolve from a focus on protecting the network perimeter to the ‘best case scenario’ of protecting the data itself. Then, in the event that a network breach does occur, any data that is stolen becomes worthless to criminals.”

“Data-centric protection should be a critical part of an effective security strategy, and the Voltage products offer the perfect complement to Armadillo’s eGRC solution set,” added Mark Newns, CEO of Armadillo.

“By working together we can better serve the needs of the many enterprise organisations currently wrestling with the complexity of regulatory and compliance mandates,” said Ravi Pather, vice president of sales, EMEA for Voltage Security. “Voltage’s data-centric approach leverages technologies such as Voltage Identity-Based Encryption™ (IBE) and Voltage Format-Preserving Encryption™ (FPE), rendering sensitive data useless to hackers and, in effect, turning the gold they’re after into straw.”

About Voltage Security
Voltage Security®, Inc. is the world leader in providing data-centric encryption and key management solutions for combating new and emerging security threats. With innovative, powerful and easy-to-use encryption and tokenization solutions for protecting sensitive business data, Voltage customers are able to address privacy regulations and best practices from around the world. Voltage customers adopting data-centric encryption include some of the largest companies in the world across a wide variety of industries including payments, financial, insurance, medical, e-commerce and more. Voltage solutions include three groundbreaking encryption approaches: Identity-Based Encryption™ (IBE), Format-Preserving Encryption™ (FPE), and Page-Integrated Encryption™ (PIE). Voltage solutions have changed how enterprises protect their most valuable assets—their customer data. Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureData Payments™, Voltage SecureFile™, Voltage SecureData Web™ and Voltage Cloud Services™, which provides cloud scale encryption and key management for their businesses, partners and customers. The company has been issued several U.S. patents and has several patents pending in the EU based upon breakthrough research in mathematics and cryptographic systems. To learn more about Voltage customers please visit voltage.com/customers/

About Armadillo
Armadillo is the UK’s leading security solutions integrator with an extensive portfolio of complementary products that make us unique in our ability to provide true end-to-end security solutions, customised to meet a client’s specific technology and budgetary requirements. Our approach to delivering client solutions has evolved over a number of years through a wealth of experience in architecting, delivering and maintaining solutions for large and small enterprises across all market sectors, featuring strongly in the financial services, online gaming, legal, public, retailing and Government sectors. For more information, visit Armadillo at www.armadillouk.com

Bedford, MA— RSA, The Security Division of EMC (NYSE: EMC) today announced that the RSA Archer Governance, Risk and Compliance platform ranked in the Leaders category in two simultaneous Forrester Research, Inc. Waves evaluating IT and eGRC platform vendors for Q4 2011. RSA Archer was the only GRC vendor to be named to both Forrester Waves and awarded the highest rankings for current offering, strategy and market presence in the IT GRC Wave, and the highest ranking for market presence in the eGRC Wave. Not only was the RSA Archer platform named a leader but it is also positioned as having the highest rating for market presence in both reports.

The Forrester Wave is designed to provide insight into a particular market or technology – to keep decision makers well-informed. For The Forrester Wave: IT Governance, Risk and Compliance Platforms, Q4 2011, December 1, 2011, Forrester evaluated leading risk and compliance software vendors across 59 criteria and found that the RSA Archer platform scored at the top of the evaluation for content management, risk and control management, and workflow management. Forrester noted in the report that “the strong technical capabilities of the RSA Archer platform and the company’s market success set it above the competition,” and the RSA Archer platform is “one of the best overall technical platforms we assessed in the IT GRC space. With the Archer platform now under the wings of the RSA brand, the larger set of development resources along with the extended sales and marketing force will enable RSA to remain a leader in the IT GRC market for the foreseeable future.”

Reflecting the still substantial gap that exists in most organizations between the IT and enterprise GRC functions, Forrester conducted and published a second evaluation, The Forrester Wave: Enterprise Governance, Risk and Compliance Platforms, Q4 2011, November 30, 2011. Again the RSA Archer platform emerged as a leader based on a strong vision and the ability to evolve quickly and address customers’ changing needs. “With solid technical functionality and a satisfied customer base, Archer made the leap into the Leaders category in this year’s evaluation. The company’s platform is highly configurable with an intuitive and easy-to-navigate interface, and its ability to facilitate customer-led development sets it apart from competitors,” the report noted.

“Many companies are looking for tools to manage inter-related risks across the business not only in IT but also finance, operations, and legal domains, said David Walter, Senior Director, GRC Strategy and Solutions at RSA. “Our continued investment and dedication to creating a best-of-breed GRC platform helped to solidify our position in the market. The RSA Archer eGRC platform automates the measurement and visualization of risks across the enterprise to enable an apples-to-apples prioritization and enable a more effective utilization of limited risk mitigation resources. Our strong ecosystem of partners and vast community of users, help us to keep innovating and answer the latest GRC challenges facing our customers.”

On Tuesday, January 24, 2012 at 2:00 PM EST, RSA will host a webinar to discuss the increased need for a converged GRC platform enabling holistic management of risk and compliance across the organization. Joining David Walter in the discussion will be guest Chris McClean, Forrester Senior Analyst and author of the GRC Waves, and a panel of Fortune 500 organizations.

About Armadillo
Armadillo is the UK’s leading security solutions integrator with an extensive portfolio of complementary products that make us unique in our ability to provide true end-to-end security solutions, customised to meet a client’s specific technology and budgetary requirements. Our approach to delivering client solutions has evolved over a number of years through a wealth of experience in architecting, delivering and maintaining solutions for large and small enterprises across all market sectors, featuring strongly in the financial services, online gaming, legal, public, retailing and Government sectors. For more information, visit Armadillo at www.armadillouk.com

About RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.rsa.com

Additional News from RSA

The company also announced the availability of RSA NetWitness Spectrum, a state-of-the-art malware analytical workbench that revolutionizes the identification and analysis of zero-day malware. Conference delegates can see the new capabilities in booth #D1.

RSA is also offering software developers the capability to build in additional layers of security and access control into mobile applications for the leading mobile application platforms through the integration of RSA’s award-winning RSA SecurID and RSA Adaptive Authentication solutions. By extending strong and risk-based authentication controls to mobile, developers of mobile applications for business, banking and data access can help increase security and confidence in their mobile products.

SAN MATEO, CA–(Marketwire - Sep 19, 2011) - RedSeal Systems, Inc. today announced that online gaming giant Betfair has selected RedSeal’s proactive network security assessment solutions to further strengthen its defensive infrastructure and protect critical information systems.

RedSeal empowers enterprise organizations to analyze any possible path of access permitted or denied across their entire network to understand real-world points of IT risk before they can be compromised.

Rather than addressing individual threats, aggregating log data or auditing the behavior of individual firewalls or routers, RedSeal models the interaction of all network defenses to provide detailed visibility into any gaps in security, empower continuous compliance with industry regulations and ensure protection of key business assets.

By providing management with the unique ability to identify exposure to real-world threats and create metrics to trend the efficacy of network security defenses over time, RedSeal allows organizations with complex infrastructure to understand and improve the effectiveness of their overall security strategy.

“The complexity and incessant change in today’s enterprise networks has made it impossible for people to manage security without the aid of automation,” said Dr. Mike Lloyd, Chief Technology Officer at RedSeal. “We’re very pleased to list Betfair as a customer, as they are a high-profile leader in their industry who recognized RedSeal as a solution that’s necessary to address today’s real-world security challenges.”

Facilitating Betfair’s adoption of RedSeal was UK security systems integration specialists Armadillo, which has established a long-standing reputation within the gaming industry, along with other key verticals including the government and financial services sectors.

“RedSeal represents a tremendous opportunity for enterprise organizations to adopt a powerful, innovative new methodology for visualizing network security to bolster compliance and improve protection of assets and information,” said Mark Newns, CEO of Armadillo. “We’re proud to have helped bring RedSeal into a respected organization such as Betfair and believe that there’s huge potential for this solution to advance network security and risk management across our entire customer base.”

For more information on RedSeal Systems solutions and professional services, please contact us at +44(0)208 6106090 or email info@armadillouk.com to arrange a demo

About RedSeal Systems, Inc.
RedSeal Systems develops proactive network security assessment software that enables organizations to visualize their security standing, maintain continuous compliance with regulations and better protect their critical assets. Unlike systems that detect attacks once they occur, RedSeal identifies holes in security infrastructure before they are discovered by hackers. RedSeal software analyzes and simplifies the complex interaction of firewalls and all other network security devices, delivering in-depth understanding of real-world exposure. For more information, visit RedSeal at www.redseal.net

About Armadillo
Armadillo is the UK’s leading security solutions integrator with an extensive portfolio of complementary products that make us unique in our ability to provide true end-to-end security solutions, customised to meet a client’s specific technology and budgetary requirements. Our approach to delivering client solutions has evolved over a number of years through a wealth of experience in architecting, delivering and maintaining solutions for large and small enterprises across all market sectors, featuring strongly in the financial services, online gaming, legal, public, retailing and Government sectors. For more information, visit Armadillo at www.armadillouk.com

About Betfair
Betfair is one of the world’s largest international online sports betting providers and pioneered the betting exchange in 2000. Driven by cutting-edge technology, Betfair enables customers to choose their own odds and bet against each other. The company now processes over five million transactions a day from its three million registered customers around the world. In addition to sports betting, Betfair offers a portfolio of innovative products including casino, exchange games and poker. Betfair has twice been named the UK’s ‘Company of the Year’ by the Confederation of British Industry and has won two prestigious Queen’s Awards for Enterprise, being recognised for Innovation in 2003 and most recently for International Trade in 2008. Betfair currently employs over 2,000 people worldwide. The company holds betting licences in Gibraltar, the US, Tasmania, Italy and Malta. For more information, visit Betfair at www.betfair.com

Topics being discussed by industry key speakers include:

Protecting Information is Key to Protecting Brands. ‘If it moves, encrypt it. Even if it doesn’t!’
Automation vs Complexity: Creating Tangible Network Security Metrics
The $20B IT Security Gap! How Every Organization is at Risk to the New Breed of Next Generation Threats
Carrying out a Level 1 PCI-DSS Merchant audit internally; getting the Bank and the Card Scheme on-board

This promises to be an informative and highly relevant event for all the gaming industry, so keep an eye on your inbox for your invitation over the coming days.

RSA, the Security Division of EMC, Revolutionizes Situational Awareness, Providing Real-Time Visibility into The Most Complex Cyber Threats
RSA NetWitness Panorama™ Module Unifies Pervasive Network Monitoring and Log Data to Deliver Complete View of Potential Threats.
RSA enVision® 4.1 SIEM Platform Improves Speed and Simplicity for Real-Time Queries and Reporting, Enabling Faster, More Granular Investigations of Events and Log Data.

RSA, The Security Division of EMC (NYSE:EMC), today announced a revolutionary approach to situational awareness for information security with the launch of RSA NetWitness Panorama™ technology and enhancements to its RSA enVision® Security Information and Event Management (SIEM) platform. These improvements are designed to provide customers with the ability to better identify and combat today’s advanced threats.

RSA NetWitness Panorama, a new module in the RSA NetWitness family, delivers innovation in security analytics through the fusion of hundreds of log data sources with external threat intelligence. Combined with RSA NetWitness, enterprises can now have extraordinarily broad and robust high-speed visibility into the critical information needed to help detect today’s targeted, dynamic and stealthy attack techniques. RSA NetWitness Panorama may be deployed in three ways: as an extension to RSA NetWitness installations to combine the diverse information contained in log files with the deep content of full traffic capture, alongside RSA enVision for fast security analytics across the volumes of log data collected by RSA enVision, or as a standalone log analytics module with or without other 3rd party SIEM tools.

“Customers are wrestling with the need to use a variety of data sources both to demonstrate compliance and to combat advanced threats”

said Amit Yoran, Senior Vice President and General Manager, Security Management and Compliance Business, RSA, The Security Division of EMC.

“Log management and SIEM technologies are important elements of incident and threat management processes, but have been constrained by a lack of a common lexicon, scalability, and the agility to adapt to the ever-changing threat landscape. Our enhancements to RSA enVision make it a more powerful tool for compliance reporting and also for analysis of log data as part of the security process. And, by providing native, cross-environment visibility and threat-informed analytics across log data and full packet capture, RSA NetWitness Panorama technology offers security teams an unprecedented view of organizational activity across even more of their IT infrastructure.”

RSA NetWitness Panorama Module Delivers Situational Awareness
RSA NetWitness Panorama technology is designed to apply a host of NetWitness innovations to make log data an active part of security operations. Those innovations are engineered to include:

RSA enVision Enhancements Improve Speed of Investigations.
Enhancements to the RSA enVision SIEM platform are designed to increase the speed and simplicity of ad-hoc queries against log data, while improving report management capabilities. Customers can now execute queries for investigation and incident response across large volumes of log data with up to 10X improvements in response time over the previous version. RSA enVision 4.1platform is also engineered to enable RSA enVision ES centralized deployments to be run as a fully virtual machine and offers virtual collectors for RSA enVision LS distributed deployments, making it simpler for customers to implement consistent security and compliance across physical and virtual infrastructures. The performance improvements of ad-hoc queries in the RSA enVision 4.1 platform help deliver the speed and flexibility critical for log-specific investigations and forensics.

Please click here download the solution brief PDF for more information

RSA, the Security Division of EMC, urges critical actions for SecurID installations

Following on from RSA’s recent announcement today that they have experienced a security breach please see below for recommended actions by RSA, links to the RSA open letter to all their clients and RSA’s SCOL advisory on general security best practices and product best practices.

Overall Recommendations:
RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked to this note.

• We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
• We recommend customers enforce strong password and pin policies.
• We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
• We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
• We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
• We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
• We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
• We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
• We recommend customers update their security products and the operating systems hosting them with the latest patches.

For RSA product-specific recommendations, please follow the links below to the Security Best Practices Guides for each product. If you are unable to access the files via RSA SecurCare http://knowledge.rsa.com/ please contact support at:

U.S.: 1-800-782-4362, Option #5 for RSA, Option #1 for SecurCare note
Canada: 1-800-543-4782, Option #5 for RSA, Option #1 for SecurCare note
International: +1-508-497-7901, Option #5 for RSA, Option #1 for SecurCare note

SecurCare Online Advisory Direct Link https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8884

RSA open Letter to Customers http://www.rsa.com/node.aspx?id=3872