Businesses to Achieve Improved Data Understanding in New ASG Enterprise Data Intelligence 8.8

ASG Technologies , has announced the launch of ASG Enterprise Data Intelligence release 8.8. Building on the strength of ASG’s industry-leading data intelligence solution, the update adds proactive notification features to offer ongoing visibility into the origin and transformation of critical corporate data elements, something many organizations currently lack. As a result, users gain confidence in the accuracy and timeliness of the underlying information that influences everything from forward-looking business strategy, to compliance, to real-time customer interactions.

The enhanced metadata management capabilities in ASG Enterprise Data Intelligence 8.8 offer a clearer, more immediate view of important changes to support accurate and timely business decisions and compliance responses. For example, with the new Lineage Subscription feature, a compliance officer responsible for preparing regulatory reports can be automatically notified when lineage for critical data elements relevant to his or her reports are changed. With immediate notification of lineage changes, businesses can eliminate data-related surprises, shorten time-to-compliance, and support proactive metadata management and data governance strategies.

“ASG’s goal is to develop innovative products that increase confidence for our customers, and our updates to ASG Enterprise Data Intelligence deliver that by improving visibility of the data companies depend on,” said Swamy Viswanathan, Executive Vice President and Chief Product Officer, ASG Technologies. “Businesses gain a proactive way to trace and understand their corporate data, which puts them in a better position to avoid potential compliance risks and take advantage of new business opportunities.”

Businesses can incorporate application data from more than 220 sources across mainframe, distributed and Hadoop-based systems, making ASG Enterprise Data Intelligence the most comprehensive and fully integrated solution of its kind. Current ASG-Rochade or ASG-Becubic customers will be able to upgrade to ASG Data Intelligence 8.8.

Additional new features in ASG Enterprise Data Intelligence 8.8 include:

· Targeted UI Enhancements – Simplifies how business users view critical data elements and business rules

· Data Quality Integrated in Lineage Views – Enables business users to see changes to data quality in the data path over time so they can track the long-term accuracy of critical data elements

· Bulk Load – Simplifies the loading of flat files, providing time savings and improved efficiency

· Rules based Lineage Stitching Enhancements – Makes it easier for users to form relationships between data elements, helping them to better understand crucial data dependencies

(101)

Share

Tesco Bank halts online transactions after fraudsters strike

Following the news that Tesco Bank has halted online payments for current account customers after thousands were affected by fraudsters, comments have been provided below:

Lee Munson, security researcher from Comparitech.com:

“The concerted attack against some 20,000 Tesco Bank customers is the first time such a British financial institution has seemingly been targeted by online criminals, at least as far as we are aware.

“While we do not have any details yet, the fact that there were so many compromises at just one bank suggests to me that the grocer may have either been hacked by an online group, or even compromised from within.

“Fortunately for its customers, Tesco Bank appears to be taking the matter as seriously as it should, informing them of what is happening at an early opportunity, and taking control of the undoubted media fallout.

“All customers of Tesco Bank should, however, be on their guard, not only for suspicious activity around their accounts, but also phishing emails referencing the incident and trying to trick them into visiting an imposter site.

“The correct course of action is, of course, for customers to type their online banking URL directly into their browser and, once logged in, they should change their passwords, whether their account has been compromised or not.

“That said, British banking is still entirely secure from a consumer point of view – incidents such as this are extremely rare and, in Britain at least, all losses arising from unauthorised activity must be refunded immediately anyway. Not only that, the financial services industry is extremely proactive in protecting its assets, as evidenced by massive recent operations such as Wire Shark and Operation Resilient Shield

“Tesco will, I’m sure, learn from the attack, and put in place the necessary technological, procedural or people changes required to mitigate the risk of it happening again.

“The only thing their customers will be thinking they could have done better is in terms of the one-to-one response times after its initial communication that accounts had been compromised.”

Alex Mathews, Technical Manger EMEA at Positive Technologies:

“25% of investigated online banking systems are under threat of serious attack including theft of money by an authorised user as a result of rounding attacks, unauthorised access to arbitrary user operations, and SQL Injection. About half of the tested systems (55%) allow an unauthorised user to access a database management system with personal and financial data.

“As always with fast-developing big attacks such as this, detailed information on the criminal techniques used and the extent to which it will impact customers, will probably only emerge over the next few days. The fact that a full stop has been put on online transactions and the rapidity with which the CEO issued a statement, both show how seriously the bank is taking it. The security team’s emergency plan appears to be in full affect.”

“Affected customers should wait for guidance from the bank itself on the situation and follow this. They will have the best view of the crucial details.”

Mike Fenton, CEO at Redscan:

“While Tesco conducts an investigation into the source of the attack, the temporary suspension of online transactions signals a positive move by the bank to limit any further damage.

“Customers won’t tolerate disruption to services for long however. To limit reputational damage, Tesco needs to quickly release more information about the cause of the attack and additional steps it intends to take to protect account holders.”

(117)

Share

The Cyber Security Training Range of Maryland is the first hands-on cyber-security training center for IT and SCADA security professionals in the U.S.


Elbit Systems Ltd. (NASDAQ and TASE: ESLT) (“Elbit Systems”), has announced that its subsidiary, CYBERBIT Ltd. (“CYBERBIT”), was awarded a contract to supply its CYBERBIT Range platform to the Cyber Security Training Range (CSTR) of Maryland, LLC, the first hands-on cyber-security training center for IT and SCADA security professionals in the U.S.

CYBERBIT’s training and simulation platform will serve as the launching capability of the CSTR , instructing cyber-security professionals how to protect national assets and infrastructure against cyber attacks. The contract, in an amount that is not material to Elbit Systems, will be performed during the year 2017.

Leveraging the capabilities of the CYBERBIT Range, the CSTR of Maryland provides a unique approach to cyber-security training, enabling the entire security and business team to practice the incident-response workflow in hyper-realistic settings that mimic the trainee’s actual work environment. Thus, it allows teams to respond faster and more effectively to complex and advanced attacks, such as ransomware, and to perform better as a team. Centrally located in Baltimore, close to the federal government’s cyber-related activities, CSTR of Maryland will offer cyber-security professionals in both private and public sectors the convenience of training with the most current cyber warfare strategies.

Adi Dar, General Manager of CYBERBIT said: “Public sector organizations manage highly sensitive infrastructure and cannot afford to have the staff’s first encounter with a threat occur during attacks. By training and simulating the response process in advance, security staff can dramatically improve their performance. We are looking forward to helping CSTR create top-notch security experts by means of the Range platform.”

About Elbit Systems
Elbit Systems Ltd. is an international high technology company engaged in a wide range of defense, homeland security and commercial programs throughout the world. The Company, which includes Elbit Systems and its subsidiaries, operates in the areas of aerospace, land and naval systems, command, control, communications, computers, intelligence surveillance and reconnaissance (“C4ISR”), unmanned aircraft systems, advanced electro-optics, electro-optic space systems, EW suites, signal intelligence systems, data links and communications systems, radios and cyber-based systems. The Company also focuses on the upgrading of existing platforms, developing new technologies for defense, homeland security and commercial applications and providing a range of support services, including training and simulation systems.
For additional information, visit: http://elbitsystems.com

(83)

Share

Cyber attack takes Liberia’s entire Internet down

A cyber attack has knocked Liberia’s internet offline, as hackers targeted the nation’s infrastructure using the same method that shut down hundreds of the world’s most popular websites at the end of last month. Multiple attacks against Liberia’s internet infrastructure have intermittently taken the country’s websites offline over the course of a week.

Commenting on this, Stephen Gates, chief research intelligence analyst at NSFOCUS, said “Researchers and analysts (like myself) have been warning organisations all over the world that this day would come, and now it’s here. Since the attacks on Spamhaus in early 2013 that exceeded 300Gbps, taking a country offline in a DDoS attack became more of a reality. Doing the math, a 1Tbps DDoS attack can fill 100 – 10Gbps pipes. Many smaller countries don’t have that much bandwidth serving their entire country.

Sabotaging parts of the “Internet” in the U.S. on election day is quite possible. However, polling machines in the U.S. are not directly connected to the Internet. Unfortunately, it’s still unclear if voter “identification systems” are. In some states, the voter ID must be checked before a voter can proceed. If those systems are connected to the Internet to gain access to a database of registered voters, and they were taken offline, then would-be voters could not be verified. What that would mean to the election process is anyone’s guess.”

(73)

Share

Kroll Ontrack launches second annual New Frontiers in Ediscovery Report

The report highlights the continued and rapid international expansion in the use of ediscovery techniques and technologies by law firms and their clients as well as ongoing progress made in the capabilities of ediscovery itself and its inclusion in an ever expanding range of business processes.

Tim Phillips, Managing Director of Kroll Ontrack International Legal Technologies, said: “The use of ediscovery in litigation and regulatory compliance shows no signs of slowing down and is increasingly being adopted within general business itself. There is growing interest in technologies such as Predictive Coding and mobile ediscovery solutions used onsite as companies seek to reduce the cost of litigation and the risks associated with transferring data across borders. Countries in Europe that were traditionally hesitant about adopting ediscovery, notably Spain, Italy and those in Scandinavia, are now seeing the benefits of using sophisticated legal technologies such as predictive coding.

“There is also a marked trend by corporates all over the world to use ediscovery to proactively pre-empt problems, whether that means investigating third party supplier behaviour or analysing potential instances of bribery and corruption. More and more we are seeing ediscovery being used to anticipate problems before they occur, rather than reacting to them when they are already a serious – and potentially damaging issue – to address.

“Another noticeable development in this year’s report is the gap between the adoption of ediscovery in Western economies and those in the East, including China, Japan, Singapore and Hong Kong. This gap is shrinking quickly along with the emergence of new legislation and regulation relating to compliance and competition including the Counter-Terrorism Law of the People’s Republic of China. As the global leader in ediscovery, we believe it is important for us to continue monitoring these changes and ensuring organisations and their law firms are kept up to speed with developments.”

The new report outlines what’s happening with ediscovery and looks at the impact of changing data privacy regimes in different regions around the world, in the wake of seismic shifts caused by the cancellation of the US EU Safe Harbor, the emergence of the General Data Protection Regulation and Brexit in Europe. It also tracks developments in Digital Forensics behind the Lab Door; ediscovery technology and how organisations are using ediscovery to avoid corporate scandals. It includes valuable insights into how Kroll Ontrack works with Kroll, the global leader in risk mitigation, compliance, investigations, security, and incident response solutions, in complex, cross-border multidisciplinary investigations involving multiple jurisdictions and unique global challenges.

For more information on Kroll Ontrack visit http://www.ediscovery.com/uk/
To download a copy of the Kroll Ontrack New Frontiers in Ediscovery Report, visit: http://www.ediscovery.com/uk/new-frontiers-in-ediscovery/

(61)

Share

Solution which Eases Secure Mobile Services Integration Wins EuroCloud Award

A solution which enables service providers to quickly and simply integrate secure mobile services within an existing smart card infrastructure, has won the ‘Best Cloud Services provided by Start-Ups’ category at the EuroCloud 2016 Awards.

The Medius CloudSE solution, developed by bespoke software house Medius, uses host card emulation (HCE), to allow third party applications to benefit from ‘plug and play’ secure mobile functionality through a virtual secure element (SE) hosted in the cloud and accessed via secure web services.

The solution enables service providers to offer enhanced secure services, such as mobile ticketing, while reducing development and deployment time, shortening time to market and cutting cost. Because it provides a simple-to-integrate method of storing secure data such as credentials away from the device, it allows service providers to add these services to their systems without the need to upgrade existing infrastructures for smart card based applications. As the solution does not require investment in a physical SE, it also removes the requirement to form multiple business agreements with issuers of hardware SEs, typically mobile operators or handset vendors, thereby simplifying the business model.

“Mobile is the obvious next step for service providers who have already introduced smart card based applications, however many operators are actively seeking a solution to overcome the challenge of developing multiple apps for different handsets and secure element implementations, while retaining a focus on security,” said Viktor Brajak, chief operating officer of Medius. “Medius CloudSE combines the security of a virtual SE with the convenience of HCE, which permits software emulation of a traditional smart card or SE on a NFC-enabled mobile handset. This turns the device into a relay, simply routing commands from the reader to the SE in the cloud over a secure channel. Security and simplicity of deployment are fundamental to the solution and we are very proud that it has been recognised as best in class in the recent EuroCloud awards.”

Viktor Brajak concludes: “For example, Medius CloudSE delivers strong benefits to the transit industry, but it can also be used across a wide variety of application areas other than ticketing, such as hotel and venue access control, event services and retail loyalty. Wherever a smart card application exists, Medius CloudSE is a simple component that streamlines the introduction of mobile services.”

For more information about Medius CloudSE and to hear Viktor Brajak deliver a webinar about HCE in ticketing, visit http://cloudsecureelement.com

(27)

Share

SaltDNA Adds Desktop Application to its Secure Mobile Communication Solution for the Enterprise

SaltDNA, the first company to provide encrypted mobile communications with full, centralized control for the enterprise, has added secure desktop communications to its solution. SaltDesktop is an application that allows users to communicate privately between computers and mobile devices. This new addition to the product line expands the enterprise’s ability to communicate privately and facilitates the transfer of highly confidential images and documents.

“We continue to quickly add new functionality to the SaltDNA solution as our customers demand. The ability to securely connect the back office with mobile devices is a key requirement for our customers in many of the industries we serve, including security services, legal, healthcare and financial. In the industries that we work in, we’ve seen that in certain office environments employees have restricted access to their mobile devices. Our new desktop application will act as the perfect solution for communications between office and field works who may been to share information and documentation securely. We are delighted to deliver on this requirement,” said Kevin Donaghy, CEO at SaltDNA.

SaltDesktop enables greater collaboration and efficiency by allowing remote users to securely access information and files from the office. It meets the privacy and compliance requirements for regulated industries like healthcare (HIPAA) and financial (FINRA); and provides the most up-to-date intelligence for legal and security services/law enforcement organizations. SaltDesktop is available today on computers running Mac OS X with a Windows-compatible version available next month.

“SaltDNA continues to innovate with new functionality while maintaining important ease-of-use and ease-of-deployment features. As a partner, we appreciate that. The addition of secure desktop communications to the mobile offering greatly broadens the use case for this solution within our customer base,” said Juan Manuel Garcia de Quevedo, the CEO of Alta Estrategia SOS.

About SaltDNA

SaltDNA provides a fully enterprise-managed software solution that enables absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. The SaltDNA Desktop and Mobile apps are intuitive and easy to install and use. The SaltDNA Communication Manager provides a console for tight management of users and can be configured for the management of regulatory (i.e. FINRA, HIPAA and MiFID) compliance. SaltDNA is headquartered in Cambridge, Massachusetts and Belfast, UK, and is funded by Accomplice (formerly Atlas Venture) and Stonehammer Capital. www.saltdna.com.

press2

(130)

Share

UK to increase national cyber-defence grid

Following news on the anticipated announcement today by Chancellor Philip Hammond of an increase in national cyber-defence spending to £1.9billion, please see below comment from cyber security experts on the real effects this might have on the UK’s cyber security efforts:

James Tolfree, UK Director at Cryptzone:

“Talk of ‘Strike back’ represents quite a change in mindset. Traditionally, UK governments cyber strategy has focused on ‘defence’ but in recent months we have heard much more rhetoric around an offensive cyber capability. This recognises that the cyber space is the new battleground – you can’t be in a battle space with only a defensive position, especially when dealing with state-sponsored cyber attack strategies.

“We know that our current defences are inadequate. This is apparent by the 22% rise in cyber crime recently outlined in a report by Action Fraud. Given that the cost of this to the UK economy is estimated to be as much as £11billion per year, some might ask the question ‘ is this response by government enough?’

“The reality is of course that Cyber defence is the responsibility of us all. Government should lead much of the initiative but the responsibility and cost needs to be borne by government, industry and us as individuals; in much the same way we expect government to lead on other areas of crime, but it is all our responsibility to make sure our homes are fitted with adequate locks and alarms, and that we use them.

“One of the main challenges is the ‘shape-shifting’ nature of cyber threats. We’ve seen a very fast evolution of cyber threats from well organised criminal organisations as well as state-sponsored attacks. These now take on a multi-vectored form, utilising combinations of, advanced reconnaissance, elegant well-hidden malicious code and social engineering. Traditional cyber defence strategies that tend to focus on the concept of protecting network perimeters haven’t kept pace with the criminals and cannot respond to these advanced threats. So whilst increased government spend should broadly be welcomed and applauded, unless it is focused towards a fundamental shift in approach to cyber defence, it risks being a case of good money after bad.

“It is a little too early to say what this will mean for cyber security in the UK. It is encouraging that part of the funding has been ear-marked for training cyber security professions as there is currently a noticeable skills-gap here in the UK. It is also encouraging that funding will be available to innovative start-up cyber security businesses. The UK has long been respected for its skills in this sector, but in order to maintain this position, strong investment from both government and industry is needed.”

Gavin Millard, EMEA Technical Director at Tenable Network Security:

“With boots on the battlefield being replaced by bits and bytes directed at critical infrastructure, shoring up our cyber defences is a prudent move by the UK government.

“As demonstrated last week with the Mirai DDoS levied against the East Coast of America, bringing down huge swathes of internet services for a short time, infrastructure can easily, and will be more frequently, targeted in the future.

“With ageing critical national infrastructure, investments need to be made to remediate easily exploitable services and reduce the available attack surface an adversary could target.

“Cyber attacks affecting our citizens are becoming part of everyday life. Money is the current target for most attackers, but if the approaches they take are more political in nature, we could see the UK severely impacted unless proactive steps are taken to reduce the risks.”

Richard Meeus, VP technology EMEA at NSFOCUS:

“National investment into cyber-security can only be encouraged as recent events have shown. We need to place this threat in the same arena as the Police and Armed Forces and stop treating it as an inconvenience. It is important, however, that this investment does not create barriers around the UK’s cyber infrastructure such that it reduces the overall benefit of the web. This “Balkanisation” of the internet should be avoided else we retreat from the cyber world quicker than Brexit…

“Hopefully the investment will be far-reaching and not only help the advancement of cyber-security companies in the UK but also the education of the general public. The World wide web has been around for over 20 years and basic security controls are still ignored by the general populace; we are told frequently to close our windows and doors, not to speak to strangers, don’t always trust people at your front door are who they say they are – yet how many people still don’t have a screen lock on their Smartphone?”

Paul Calatayud, CTO, FireMon:

“When it comes to national cyber defence, most of the time current funding focuses on critical infrastructure protection. When funding by governments increases, it is usually attributed to two main factors: definitions of critical often expand and changes in adversary attack techniques that require more investments.

“If expansions in the cyber defence programme are attributed to expanded scopes, more resources will be required. Often this comes in the form of outreach grants and new laws to help assist the corporate side. It also means increase collaboration between government and private industry.”

Alex Mathews, EMEA Technical Manager at Positive Technologies:

“The investment is a reflection of how seriously The Government is taking the problem. Safeguarding the populous from cybercrime is worthy, but there also needs to be a sharpening of focus on protecting critical infrastructure. There is a rising risk from cyber-attacks targeting vital services such as transport, utilities and industrial systems within the UK. Taking down an electrical grid or breaching an Air Traffic or Railway network, doesn’t just cause disruption and financial damage, it puts lives at risk. The fact the same IT systems manage everything from banking infrastructure to power stations, makes them a target for attack.

“More investment means the UK can become better at staying ahead of the vast array of continually advancing threats. This is achieved through better technology, education and sharing of threat intelligence. In an ideal world, investment should be underpinned by added legislative teeth. This will help ensure that companies and IT companies take the responsibility to protect their assets and customers at all levels seriously.”

(355)

Share