Helsinki has been named World Design Capital for 2012.

As you might know, Design is not only about chairs, desktop and furniture…

The word comes from the late Middle English as a derivative word from Latin “Designare“, which means to indicate something for a purpose or duty.

As it happens for many concepts, the word has a definition but different meanings depending on the context where it is applied.

Just like Security.

Two important principles related to design are usability and ergonomics.
Both are related to improve people efficiency in their working environment.

The same two principles are not only related, but fundamentally important for Security.

When you design something, you mainly think about the purpose of that something in different contexts.
Because different usage contexts mean different needs to address, different perspectives, different angles.

Just like in Security planning.

Especially after Cloud Computing wave, there has been lots of talking about context-aware security.
To highlight and stress that security technologies and implementations should always consider the whole context of a session and not only a fragment of it.
For example, not limiting authentication to user credentials validation only but extend the analysis and validation to the whole “security posture” by assessing the hardware he’s using, the network he’s coming from, the strength of the authentication method used, etc.

At Stonesoft, we have blended all these important principles in our solutions from day one.

We offer dynamic, software based network security solutions that can adapt to the context where they are implemented, providing protection against the lastest and most dangerous threats: AETs.

We provide great usability both for security administrators and for users, to maximize the efficiency and user experience while minimizing impact on resources.

We can prove reduction of CAPEX and OPEX costs with real, tangible savings.

We believe in ergonomics principles applied to (e.g.) authentication, where users should be able to achieve strong authentication naturally, using methods and devices they learnt to use daily for multiple other purposes.

We offer secured authenticated access to the cloud, enabling universal access from multiple platforms and context-aware security.

We empower MSSPs to provide faster time-to-market for security services and most scalable solution to manage thousands customers with minimized OPEX.

Ins’t this… ergonomic Network Security by design?

The primary flaw discovered by Columbia University researchers rests in the firmware that allows modern printers to function as small computers. Like software, the printer routinely updates its firmware by connecting to the internet and downloading appropriate updates. Researchers discovered that printers don’t verify the source of the update software or the software’s authenticity, thereby providing a hidden point of entry for cyber criminals to gain access to the printer. As a result, a seemingly benign printer can be transformed into a “beachhead” for launching a network-wide attack.

As researchers determine which printer vendors are vulnerable and the extent of these vulnerabilities, Stonesoft would like to remind you of the following:

• Any device connected to your network is at risk. Security targets aren’t limited to desktops, laptops and servers. If left unprotected, printers, VoIP, PBXs and other low-interfacing devices can be gateways to network attacks.
• Your network security strategy should cover every device. When is the last time you inventoried how many disparate devices are accessing your network and how? Most enterprises fail to protect every network-connected device, and this is certainly the case with printers.
• Multi-layer protection is critical. Deep packet and web traffic inspection should be executed at the perimeter and inside of the network.

since I’ve been upgrading and installing a 5.3.2 cluster, I now do see these situations in the logs: Anti-Virus_Buffering-Limit-Exceeded ==> I suspect this messsage means that the AV part of the FW can not handle the size of the requested file.

As I couldn’t find it in the online-doc, is there anyone who can point me out the documentation that describe the value of this size limit ?

Is the a way to modify this limit ?

As it is new to me, what is the user supposed to see when such a limit is reached ?

PS: sorry, I’m new to WordPress and posting in forum: is there a better place to share q&a about StoneGate ?

This is where Stonesoft Mass Security comes in. We’re making the installation of advanced network security as simple as plugging in a laptop. Perfect for multi-location and franchised businesses, office managers and store clerks simply have to plug in the security device (e.g. firewall) and it calls home to an installation cloud to access pre-configured settings.

Right now, our goal here at Stonesoft is to educate the masses about what Mass Security is, how it works and how it’s changing the landscape of network security. We have a ton of resources available to help speed this along, including:

• Website: This is a microsite dedicated solely to all things Mass Security. Everything you need to know – from technical know how to the basic “What is it?” – is here.
• Brief: This not-too-technical whitepaper explains how Mass Security works. It’s a must-have primer. Download here.
• Video: When’s the last time you’ve installed a firewall in 81 seconds? Now, when’s the last time you’ve enabled thousands of firewalls to install in 81 seconds? Check out this video to see it done.
• Webcast: Our next online discussion about Mass Security is on November 2, 2011 at 1pm ET (US). Join us.

Few days ago Stonesoft released the A2Cloud solution.
That is, the combination of multiple technologies to create secured and authenticated access to the cloud, no matter if it is public or private… because everybody has a cloud, right?

There is nothing new in the purpose to authenticate access to data and applications, since this has been a need for quite a while now… what A2Cloud the idea is to innovate the way to answer to this need from two main standpoints.

• Ergonomic Authentication
• Governance

For too long strong authentication has been synonym of hardware tokens, dedicated devices to carry around with the sole purpose of generating a one-time password based on specific algorithms.
And for too long these devices has been prone to errors in usage, battery run out ahead of time, clumsy usability and… being forgotten at home.

And for too long awareness of what was happening in the field from authentication and security governance viewpoints has been a serious issue for security administrators and auditors.
Questions such as “how often a given authentication method was used”, “how users reacted to strong authentication”, “how easy it was to use that given authentication” and many others remained without a proper answer.

A2Cloud was conceived to provide a reliable and complete answer to these questions, while relieving the users from the “doom of hardware tokens”.

Ergonomic authentication means to apply the principles of ergonomics to enable usage of common tools we’re keen to use everyday for strong authentication purposes too. And these tools are something we’ll never forget home (or, better, if it happens we’re very willing to get back home to take them )… I’m talking about mobile phones, smartphones, PDAs, tablets, netbooks and notebooks.

In short, tools we can’t live without (anymore).

Security awareness means availability of tools to understand what’s going on, how to audit authentication and other security related operations; how to get the information you need, when you need it, and with the level of detail you need to do what you need to do (supervision, troubleshooting, monitoring, alert, react to security threat, log analysis, auditing, etc.).

Visit A2Cloud minisite to develop a better understanding about how Stonesoft solution can ease your professional life of a cloud user and/or security administrator.

Share a little of that human touch…

Companies need to pay much more attention to their internal network activities and traffic. It should not come as a surprise to anybody that individual laptops are compromized. Workstation networks must be separated from the servers by firewalls and intrusion prevention systems; not only by installing these devices, but also by paying attention to rules and monitoring their alerts.

Layered defense requires more intelligence and integration

Without proper situation and context awareness, once a hacker is inside the company’s network, he has disappeared out of sight and can use the traditional hacking methods to look for new hosts to compromize. This means port scans, exploits, password guessing, among others – activities that any IPS device should be able to recognize. Alarm bells should ring whenever a computer inside the corporate network starts to misbehave. An advanced hacker can throw in more advanced evasions methods, fooling some systems, but at the end of the day, most attacks always leave enough traces to prove that something terribly odd has been going on.

In order to see these traces and to regain control, organizations need to consider investing in an more integrated and intelligent Network Security Services Platform. This platform enables building layered defense where layers (email security, host security, intrusion prevention, firewalls etc.) are communicating seamlessly with each other. When one layer notices something odd, the others will become aware of that and are able to correlate similar instances until these become significant enough to create an alert and stop the odd behavior. The era of point security solutions with isolated management systems is simply dead. We may compare it to a night club having a security team at the door and also inside the club, continuously communicating with each other. Those criminals that can bypass the doorman need to be stopped inside if misbehaving or doing something odd– before the damage is done. This is what comprehensive situation and context awareness, which has been the leading design principle of Stonesoft Network Security Services Platform for years, is all about. Not inspecting and protecting one layer alone but working together. Another important capability can be called intelligent inspection. It handles traffic data, logs and events in a more intelligent way to provide more accurate and timely alerts and reports. Stonesoft’s Intrusion Prevention System (IPS) performs intelligent inspection on multiple layers and the centralized management system is capable of monitoring also 3rd party security devices.

Learnings from Shady Rat

The McAfee report about the “Shady RAT” incidence confirms what Stonesoft has been saying since several months: There are hacker methods like Advanced Evasion Techniques (AETs) that can bypass security systems without leaving a trace. You cannot stop something that is not detected. Once inside you can do riot or act silently in company computer networks. As the McAfee example shows, especially the networks of governments, large enterprises and organizations are threatened and can be breached once and then continue to leak information for years. Usually the blame goes to the organizations themselves and their security policies but certainly also the security vendor community, security advisors and consultants have a lot of room for improvement.

User and application control is just a one piece of context and situation awareness

The core mission of security solutions is to detect and stop exploits and prevent malicious content from spreading, inspect data traffic, look for anomalities and ultimately report and alert. This core function has very little to do with setting barriers to using web applications and accessing data by users. The latest hype of “you need to add more user and application control” has its downside as well. It reduces employee productivity and adoption of new internet based services. And it is a never ending race. Best solutions can regognize already thousands of web applications but at the same time more will be created. This should not be the core focus of security vendors. We need to be smarter than that. Do not get me wrong, application and identity identification is important part of context and situation awareness but it is just a start. For example, How about knowing when and were evasions were used against you and having that reported? Who knowsthat currently? Not many.

Relying on security devices only is a BIG risk

Like the recent publicly reported breaches to large organizations have shown, it is not just a matter of security expertise, knowledge or how much money is burnt. We all know these organizations have had enough expertise and knowledge to stop intrusions and they have invested billlions for security devices that are supposed to protect them. What they have been missing is a true situation and context awareness and they have been simply too blind to see. In other words they have relied on systems and products standing at their main doors. Unfortunately someone used another entry method and is already inside.

Ari Vänttinen
VP of solution marketing
Stonesoft Corp.

http://twitter.com/arivantin

If you’ll be in Las Vegas for Black Hat, there are a few things you shouldn’t miss out on…

• See AETs in action. Watch advanced evasion techniques bypass leading IPS devices. We’ll be hosting live AET demos on Wednesday, 8/3 at (12:30pm and 2pm) and on Thursday, 8/4 at 9am, 10am and 11am. Learn more here.
• Get Your Game On. Join us for Stonesoft’s Zombie Invasion Video Game Tournament at Black Hat Circuit on Wednesday, 8/3 in the Pisa Room. Register here or just show up for the fun.
• Be Scared (and win something while you’re at it). We’re giving away a trip for two to Universal Studios and Halloween Horror Nights. Register here. Winners will be announced at the Black Hat Circuit.

Innotrac’s story echoes those of many enterprise networks. A cumbersome network from years of M&A activity. A mandate to be compliant with PCI standards. And, of course, a desire to reduce network costs in a time of conservative IT spending. With the help of the StoneGate Firewall/VPN and IPS solutions, Innotrac has been able simplify and drive cost out of its network infrastructure, all while achieving PCI compliance. Highlights of the results of this collaboration include:

• Reduced network, administration and data circuit costs: A single network administrator can now handle the network management responsibilities of 2.5 full time employees with little day-to-day administration. Additionally, Innotrac’s data circuit costs have been reduced by 30 percent.
• Improved network resiliency: StoneGate’s built-in high availability tools, including Multi-Link™, ensures Innotrac’s network and firewalls are always up and running.
• Simplified PCI compliance and network management: Innotrac can now easily monitor, update and configure all network devices from StoneGate’s single management console. This centralized approach also provides the reporting and management technologies needed for Level 1 PCI compliance.

For the whole story on Innotrac, read the case study here.

Skype and Security – Our Thoughts: Skype is a company that has long been embattled from a security perspective, and, for the most part, Skype has been quite responsive in addressing many of the security concerns. Though largely theoretical, there are scenarios in which users could be tricked into downloading malicious content.  This could take the form of cross-site scripting for unencrypted advertisements or someone impersonating a user in your contact list.  The threat of one application over another is largely subjective, but for administrators that remain concerned about real or theoretical problems with Skype, they should have the full attention of the security community to ensure these concerns are addressed.

Skype in the Enterprise: The main concerns with bringing Skype into the enterprise are the following:  transparency and control.  Skype uses a proprietary protocol that has not had a great deal of peer review. With that in mind, customers should give thought to asking Microsoft for more transparency into the capabilities and shortcomings of Skype so that administrators can decide for themselves about deploying Skype in the enterprise. Consideration should also be given to how the Skype peer-to-peer architecture works and if it is permitted my existing security policies. As for control, Skype can use common ports for communication, such as web and secure web ports, so there is another level of identification required to assess what applications, such as Skype, may be running on these ports.  Stonesoft and many other vendors have invested a great deal of time and effort into identifying applications such as Skype.  As the integration with Microsoft continues, it is reasonable to assume that Microsoft may change some aspects of Skype that may have ramifications for identifying it.  Vendors will have to remain focused on researching and testing any changes in Skype that may render current identification mechanisms useless.

Microsoft & Skype – Good Thing or Bad? To summarize, Stonesoft believes that this will be a great merger of two great technologies.  At the same time, it is important to critically consider the security implications when a technology like Skype is moved closer to the enterprise by a company like Microsoft, on which millions rely.  The most revealing aspects of the security implications are yet to come as we wait and see the level to which Microsoft integrates Skype technology

• Data needs to be actionable. The data produced by a security solution should be succinct, clear, and ready to be investigated by the security staff. Polyglot information that provides no focus on the threat is of little value to the security team.
• Greater visibility is a must. We’ve all heard this one before, but the fact of the matter is that lack of network visibility is still a major issue for network security. If you want to prepare your network against the unknown, you need to have improved and centralized visibility into your network traffic.
• Innovation has stalled. The network security industry is rife with lack of focus and lack of research. It’s become a “quick fix” industry that responds to threats, but does little to prevent new vulnerabilities from being discovered and exploited.

What do you think?