Date: 19-Oct-2007
Source:Security Focus
Arthur: Security Focus
U.S. lawmakers wrangle over wiretapping act
Lawmakers and the Bush Administration continued to fight this week over the extent of powers granted by a bill that would update the United States' government's ability to eavesdrop on foreign terrorists.
Named in typical Washingtonian style, the Responsible Electronic Surveillance That is Overseen, Reviewed, and Effective (RESTORE) Act of 2007 would allow law enforcement and intelligence officials to wiretap phone or Internet communications between non-U.S. citizens routed through the United States. The act would require that agents get a warrant if any participants in the communication are U.S. citizens, but allow agents to get a one-year authorization to surveil a specific group. The bill, introduced into the U.S. House of Representatives, would not give telecommunications companies immunity from lawsuits if they have cooperated with wiretapping efforts by the Bush Administration.
While the American Civil Liberties Union took issue with the bill because it allowed Americans to be spied upon in certain circumstances, the Center for Democracy and Technology found (PDF) the legislation to be a reasonable compromise.
"The RESTORE Act may not be perfect, and many would want to see individualized warrants for interception of calls to and from Americans, but at this time the RESTORE Act is the best chance the House has to improve protection of civil liberties," the CDT stated in a summary of the bill. "If the bill fails because it does not have enough votes, a substantially worse bill could pass."
The CDT's concerns appear to be coming true. A vote on the legislation was postponed on Wednesday after a Republican representative threatened to amend the bill with politically-charged language. A second piece of legislation -- that would have allowed warrantless wiretapping of communications between a terrorist suspect and an American citizen and given telecos immunity from lawsuits -- passed the Senate Intelligence Committee on Thursday by a vote 13-2. Senator Chris Dodd (D-CT), a candidate for the U.S. presidency, promised to put a hold on the Senate bill, effectively blocking it from a vote by the full Senate.
The RESTORE Act is designed to replace stopgap legislation, which gave the Bush Administration broad spying powers and is due to expire in February 2008. A number of lawsuits have been filed against telecommunications companies following the revelation that they cooperated with the National Security Agency to wiretap communications without warrants, in violation of the Federal Intelligence Surveillance Act, or FISA.
Date: 10-Sep-2007
Source: Lumension Security
Arthur: Lumension Security
PatchLink unveils new corporate name Lumension Security
Redefines Corporate Strategy and Positions the Company to Lead Emerging Unified Protection and Control Market
PatchLink Corporation today unveiled a new corporate name, Lumension Security™, to match its position as the industry only IT security company to deliver holistic unified protection and control over enterprise endpoints. Lumension Security™, formed by the combination of PatchLink and SecureWave S.A., will bring to market the only integrated best-of-breed, policy-based solutions that simplify the entire security management lifecycle. Through its Positive Security Model, Lumension enables enterprises to continuously enforce and maintain a desired security posture.
"There is considerable amount of consolidation in the market place as security vendors add capabilities to complete their existing portfolios Patrick Clawson, chairman and CEO of Lumension Security™ ",Our new corporate strategy meets the increasing customer demand for tightly integrated solutions that are cost effective, easy to use and manage. The market is crowded with stand alone point solutions. Lumension Security™ is shifting the paradigm from a reactive to a proactive approach by unifying best-of-breed, enterprise-class solutions that enforce and maintain security policies, reduce overall complexity and costs, and ultimately accelerate business results.
A Tradition of Ineffective Security
According to a May 2007 report published by the National Vulnerability Database, 24 new vulnerabilities are identified every day, more than half of which are considered dangerous enough to warrant immediate remediation by IT departments. In addition to the increasing volume of new vulnerabilities being discovered every day, many organizations are also forced to rely on a wide variety of security and configuration management technologies. Because traditional security models are reactive in nature and attempt to resolve threats after they are discovered, they simply cannot keep up with this constant deluge of new threats. Gartner estimates that by the end of 2007, 75 percent of enterprises will be infected with financially motivated, targeted malware that evaded traditional perimeter and host defenses.
Furthermore, protecting data continues to confound organizations today. According to a 2006 CSI/FBI Computer Crime and Security Survey, 75 percent of Fortune 1000 companies fell victim to data leakage.
Relying on numerous traditional point solutions forces companies to manage in silos,producing inconsistent security approaches, fragmented policy enforcement and reporting and ultimately, a more complex network to manage and secure.
Constantly reacting to perceived threats creates a chaotic situation for IT managers, forcing them to frantically issue ad hoc emergency patches, update signatures, and review security policies. To further complicate matters, organizations are often dealing with disparate, unaligned security solutions that impede swift remediation said Charles Kolodgy, research director at IDC.0Lumension is offering solutions that take the initiative away from the attacker by combining best-of-breed technologies that integrate vulnerability assessment, remediation and policy enforcement processes on a continuous cycle. In this way customers can proactively maintain a consistent level of security risk management without relying on a wide variety of incongruent solutions. The combination of these security management segments is defining a unified protection and control market.
The Positive Security Model
Lumension Security™ addresses the inability of traditional and endpoint security point solutions to effectively protect an organization proprietary information and systems by integrating best-of-breed solutions based on the Positive Security Model. By shifting the security paradigm from a reactive model to a proactive approach, Lumension Security™ provides unified protection and control of enterprise data and IT assets with its comprehensive suite of security solutions.
At ECSuite.com, security has always been a top priority. Our philosophy is that security efforts should proactively stay ahead of emerging threats, not simply react to them, said William Bell, director of information security at ECSuite.com. SecureWave Sanctuary and PatchLink vulnerability and patch management solutions have been integral components to this positive approach, keeping our sensitive information and digital assets safe from both external and internal threats. I am looking forward to deploying Lumension fully integrated product suite as an unparalleled solution that will enhance our end-to-end security posture.
Lumension Security™ best-of-breed, policy-based solutions - including PatchLink robust patch and remediation management suite, Harris Corporation STAT vulnerability assessment solution and SecureWave Sanctuary application and device control endpoint policy enforcement technologies - are currently deployed at more than 5,100 enterprises worldwide.
When all of the company solutions are integrated, Lumension Security™ will offer the industry only product suite that provides complete global security management, including Unified Vulnerability Management (Automated Discovery, Assessment, Remediation and Validation); Unified Endpoint Policy Enforcement (Application and Device Control); Integration with Leading Network Access Control Solutions; and Extensive Policy Compliance Reporting.
About Lumension Security™, Inc.
Lumension Security™, a company formed by the combination of PatchLink Corporation and SecureWave U S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; application and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, Hong Kong and Singapore. PatchLink, now Lumension, was founded in 1991 by Sean Moshir. More information can be found at www.lumension.com.
Date:31-Jan-2007 - San Jose
i-Security Expands Scope of SIM Technology with Announcement of CentralMon™ V4
i-Security Inc., a leading provider of information security appliance solutions, announced today that CentralMon™ V4 will extend i-Security in active response technology with the introduction of event trigger interface that puts the product's entire response framework at the fingertips of IT personnel.
With CentralMon's new event trigger interface, an IP can be blocked or traffic routed, applications and services can be started or stopped, accounts can be enabled or disabled, privileges can be revoked, machines quarantined or shutdown, and these are just a few of the dozens of actions that empower IT teams to centrally manage both their network and their network security.
"There are a lot of ways the new event trigger interface functionality makes life easier for IT teams," says Michael Daniels, product manager, CentralMon™ product line. "Imagine seeing an account lockout in the console, and simply re-enabling the account, or if you detect some inappropriate web browsing, you could send a pop-up warning and even close their browser. These are network management and policy enforcement tasks, but CentralMon™ has a history of pushing SIM technology beyond the log aggregation and analysis role of first generation products."
V4 also expands CentralMon's anomaly behavior detection capabilities with the addition of a Real-Time Flow Analyzer that captures flow data on the wire. "CentralMon's real-time event correlation has always been a powerful tool for behavior analysis by correlating application, operating system, user and network infrastructure events," says Michael, "With the addition of real-time flow data IT teams will gain even greater insight into what's happening on their networks."
V4 expands existing functionality by delivering nearly 600 pre-built event correlations, directory service enhancements for identity, change management, event monitoring and active response, over 250 security, network and compliance reports and support for an even broader array of network products and applications.
CentralMon's SIM targets Telco and large enterprises which face the same network management, regulatory compliance and business continuity challenges of large enterprise networks but without the budget or staff to accomplish this affordably.
|
