Breaking News - HP Bolsters Security Products
HP today announced it is adding new products to its HP Secure Advantage product line intended to increase data protection and compliance in storage environments. HP Secure Advantage focuses on three main areas, including protection of resources to make sure service is uninterrupted; protection of data at rest, in transit or in use through encryption, key management and identity management; and validation for regulatory requirements, Gary Lefkowitz, director of marketing for HP Secure Advantage, told 5 Minute Briefing.
The new products "bolster our portfolio in a number of key areas," Lefkowitz noted. This includes a secure fabric switch; an encryption kit for tape autoloaders and libraries; integration of compliance and key management appliances; as well as an online security assessment tool. These offerings are aimed at providing customers with a more holistic approach to data security, he noted, from evaluating existing security strategies to identifying and combating potential security threats.
The new HP C-Series MDS 9000 Storage Media Encryption (SME) fabric switch secures data stored on tape drives and virtual tape libraries (VTLs) in a storage area network (SAN) environment. The SME feature is designed to run on the MDS 9000 family, offering encryption and key management functionality for legacy tape devices to ensure maximum protection of existing product investments.
The HP StorageWorks 1/8 G2 & MSL LTO-4 Encryption Kit offers small to midsize businesses data encryption capabilities. The kit is designed specifically for the HP 1/8 G2 Tape Autoloader and MSL Tape Libraries with LTO-4 tape technology. It generates and retains encryption keys so that critical business information remains private in the event that tapes are lost or stolen.
HP has also integrated the HP StorageWorks Secure Key Manager (SKM) with the HP Compliance Log Warehouse (CLW) to deliver an end-to-end compliance validation solution for LTO-4 enterprise tape libraries. CLW also collects the business intelligence needed to generate regulatory reports for forensic investigations with a single click of the mouse.
"We also are making available a storage security assessment tool online, which is an interactive tool that allows customer to get a sense of privacy vulnerabilities and various concerns that they might have about managing risk and protecting sensitive data," said Lefkowitz. The new HP Storage Security Assessment is available free of charge on the HP Web site. HP today also announced additional solutions and services to the HP Secure Advantage portfolio. For more information, go here. For HP's online Storage Security Assessment, go here.
Back
to top
Breaking News - Sterling Commerce Unveils Internet-Based File Transfer Solution
Sterling Commerce, an AT&T subsidiary that supports e-business messaging, today announced the availability of Sterling Secure Proxy, a security solution for managed file transfer (MFT) that sits outside a company's firewall to protect file transfers with advanced security features. By enforcing tighter security controls, Sterling Secure Proxy is intended to protect companies against theft or compromise of sensitive customer data as well as proprietary, financial accounting and intellectual property as it moves across the Internet into an organization's enterprise systems.
"What Secure Proxy is going to allow people to do is expand out their ability to interact securely in a manageable, auditable manner with trading partners, leveraging the open Internet," Geoff Baird, vice president of global product management for Sterling’s MFT line, told 5 Minute Briefing. Sterling Secure Proxy enforces multiple layers of security for file transfer operations, including firewall navigation, secure socket layer (SSL) session breaks and multifactor authentication to protect against security threats. It also facilitates audits by tracking the movement of files in transit, which provides a higher level of security and also helps meet compliance requirements, the vendor said.
"We have made a name for ourselves with our Connect product family, and we are really known as the go-to company to move large amounts of sensitive data around securely and the ability to manage and audit," said Baird. The development of Sterling Secure Proxy, he said, was prompted by customers' desire to exchange increasing volumes of critical data with more partners.
Companies want to be able to bring on new partners as the Internet lowers the costs associated with such acquisitions, Baird said. But they want to do this in a way that lowers their TCO as opposed to raising it, he added.
"The traditional way people have been leveraging the Internet to move files round when you are talking about these large and high-volume B2B transactions - if not using our product - was primarily through regular free FTP," said Baird. However, he said, this increased "the cost of ownership of FTP, because of the lack of security and auditability" and the fact that organizations "can be in violation of some standards like Sarbanes-Oxley or HIPAA." This meant "the TCO was going up dramatically as they were adding trading partners as opposed to being able to go down," Baird said.
According to Baird, "What Sterling Secure Proxy allows them to do, in a very traditional manner, just like our Connect products, which are tried and true and tested in the marketplace, is leverage the open Internet environment to rapidly expand trading partners and still have all the things they need - the ability to drive complex perimeter-based security policies, to do protocol inspections as the files are coming in." More information about Sterling Commerce is here. Go here for information about Secure Proxy.
Back
to top
Symark Extends Active Directory Security to Unix and Linux
Symark International, a developer of security solutions, has begun shipping an integrated authentication and configuration solution that extends Microsoft Active Directory's centralized authentication, authorization, account access, policy enforcement and infrastructure management functionality to Unix and Linux systems. The product, called PowerADvantage, is intended to reduce administration costs, and improve security and support compliance efforts by enabling organizations to centrally manage disparate Unix/Linux user identifications, authentication, security policies and automatic deployment of configuration settings through Microsoft Active Directory. This helps create a unified, single login environment, the vendor said.
"Active Directory is a very popular product," Ellen Libenson, vice president of product marketing for Symark, told 5 Minute Briefing. The only missing link was that it did not work with non-Microsoft platforms such as Unix and Linux, she said. "By integrating Unix and Linux systems into Active Directory, you can leverage the authentication and the configuration features that Active Directory has,” she explained. “You end up with a centralized solution for all your authentication, your authorization, your account access, your security policy enforcement - and really the infrastructure management," said Libenson. In addition to cross-platform unified login for users, PowerADvantage also offers a non-intrusive installation process and comprehensive centralized storage.
PowerADvantage extends Active Directory's identity management, access control and group policy services to Unix and Linux systems, and integrates with Symark's PowerBroker, a solution for Unix and Linux system authorization and access control. The combination of PowerADvantage and PowerBroker enhances security and compliance efforts by facilitating efficient management of both end-user and administrator account access from Active Directory while controlling access and tasks performed using the root account, according to Symark.
Microsoft's Group Policy feature is very important, noted Libenson. Using Group Policy, IT administrators can leverage Active Directory to establish secure, centrally managed configuration services to Unix and Linux hosts (as well as to the applications running on them). Administrators create configuration settings that are automatically stored in Active Directory, facilitating rapid automatic deployment and maintenance of configuration settings across a large number of hosts.
Because these policies are reapplied to each host based on a pre-determined interval, any unapproved changes to the configuration items maintained by PowerADvantage will be reset back to the approved settings at the next policy refresh interval. "That's something that's very powerful and very helpful and saves a lot of time" said Libenson. For more details on PowerADvantage, go here.
Back
to top
Tizor Upgrades Database Monitoring and Auditing Tool
Tizor Systems, a provider of enterprise database auditing and protection solutions, announced version 5.9 of Mantra, a solution intended to help companies address database security, internal data governance, as well as external compliance requirements such as SOX, GLBA, FFIEC and PCI. "The focus of 5.9 was to make it a lot easier for companies to automate their database monitoring projects and save money while they are doing that," Bill Bartow, vice president of marketing, Tizor, told 5 Minute Briefing. New features include automated policy creation for faster time to deployment; advanced analytics for mitigating data risk in real time; and an enhanced user interface.
"Given the heightened sensitivity to all the data breaches and data leaks that are happening out there, people are looking for fast and efficient, cost-effective ways to get a better handle on who is doing what with their core databases," said Bartow. Customers want a solution that "gets up and running quickly" and will "help them save money in terms of manual labor." The enhancements in Mantra 5.9 "really help speed the time to deployment for database monitoring," he said. "With Mantra now you can have the box plugged in, up and running and have results within a day."
A new feature added to Mantra is improved user interface design and functionality, said Bartow. "We have made it very easy for a person to navigate through the system. You don't have to open up a manual. You don't have to take a training course."
In addition, Bartow said, new wizards have been added "to help guide you through the process of creating data monitoring policies to audit against data leak or data breach or just SOX or PCI projects." The new Policy Creation Wizard walks the user through a set of steps to define and automatically deploy compliance and security policies. Another feature, the Change Management Wizard, helps administrators automatically monitor all database changes that would be integrated and reconciled with enterprise change management systems, to ensure only approved changes are made to the database.
"We have also added things like Software Collectors," said Bartow. Mantra E-TAP Agents can now be used to collect local and network traffic offering a simple solution for auditing branch offices or remote sites where an appliance cannot be deployed. For more details on Mantra 5.9, which will be generally available in Q2 2008, go to Tizor's Web site, or data auditing blog.
Back
to top
Ecora and Compliance Spectrum to Link GRC and Configuration Solutions
Ecora, a provider of configuration auditing and compliance reporting solutions, and Compliance Spectrum, a provider of governance, risk and compliance (GRC) solutions, announced a partnership that combines GRC with comprehensive configuration auditing and automated evidentiary reporting.
This integration is intended to help customers create a compliance system of record, in which objectives and controls are backed up by detailed configuration reports that reflect actual configuration of the complete IT infrastructure from network and OS through applications.
The combined solution enables customers to coordinate compliance management processes from a customized “Compliance Map” within Compliance Spectrum's compliance management solution, Spectra, that links all applicable compliance objectives and controls against best practices frameworks. Customers can retrieve, store, and link to compliance regulations the IT configuration auditing evidence provided by Ecora's Auditor Professional.
“Through the use automation, we capture rich information about your environment and can generate reports automatically for that," John Walsh senior vice president of engineering of Ecora, told 5 Minute Briefing. "Those could be evidentiary reports for compliance initiatives, disaster recovery reports, or just helping you find change going on inside of an organization," Walsh said.
"Compliance Spectrum, through its governance risk and compliance suite, is building policies. What they need is the evidence to support those policies and by partnering together, Ecora can provide the evidentiary reports to match against that policy."
The solution will be generally available with the release of Spectra 3.0 scheduled for the second quarter of 2008. Customers can deploy Auditor Professional or Spectra today and all frameworks, data and reports will integrate seamlessly when the full solution launches. For more on Ecora, go here. For more on Compliance Spectrum, go here.
Back
to top |
