StoneBlog.stonesoft.com

Dear StoneBloggers,
springtime is moving toward an intense summer where Stonesoft will present very many interesting news: a new awesome version of StoneGate Management Center and StoneGate Authentication Solution are just two of the great recipes our Research and Development is cooking.
Therefore Antti Pilvinen and his cool adventures will take a break for a while.
Before that, however, be sure to read the eight episode which has just been published.
All episodes published so far will remain available in The Adventures of Antti Pilvinen page, together with the saga backgrounder.
Happy reading!

written by RoarinPenguin - 636 views \\ tags: break, The Adventures of Antti Pilvinen

Read the seventh episode, fresh from publishing!

Happy reading,

RoarinPenguin

written by RoarinPenguin - 635 views \\ tags: market anakysis, niche player, stonesoft, The Adventures of Antti Pilvinen

…don’t miss the sixth episode of The Adventures of Antti Pilvinen, which has just been published

Happy reading,

The RoarinPenguin

written by RoarinPenguin - 774 views \\ tags: layered security, StoneGate Network Security Platform, The Adventures of Antti Pilvinen

…the saga continues, with a new cool episode: Money could turn passionate Hackers in Cybercriminals!

Do you like this story? Please let us know in the comments…

Have a nice reading,

RoarinPenguin

written by RoarinPenguin - 579 views \\ tags: AET, Antievasion, IPS, SMC, The Adventures of Antti Pilvinen

Hello World!

While springtime is slowly but inexorably coming, I’ve decided to celebrate this very nice season start by announcing the official page of “The Adventures of Antti Pilvinen”.

Four episodes are already published, and new ones are about to come… plus the curiosity that character names raised among StoneBlog Readers has finally an answer… in the saga backgrounder.

So join me in saying hello to… The Adventures of Antti Pilvinen Official Page!

written by RoarinPenguin - 514 views \\ tags: antti pilvinen, home, The Adventures of Antti Pilvinen

“The Adventures of Antti Pilvinen” - A story by the RoarinPenguin

DISCLAIMER: All facts, people and companies in this story are fictional and do not have links with any real situation.

“I admit that when you invited me for a walk on the frozen sea to discuss business I expected a somewhat mystic experience… but I wasn’t certainly expecting THIS! I am literally enchanted!” exclaimed Claudio Nuvolari, Alliance Manager of CloudyBiz SpA.

Surely Antti Pilvinen knew how to impress his business partners with drops of typical Finnish beauty. After a long business lunch with Claudio (Italians are amazingly talkative and they simply love these endless lunches, where important business discussions can take place), Antti proposed a different experience.
“Instead of going back to the office to continue the discussion, let’s enjoy these few hours of sun and have a walk on the frozen sea, he offered.”

“Uhmmm…” mumbled Claudio, “isn’t it a bit cold outside?”

“Well, -12 celsius is just normal for February here and the sun is shining outside,” commented Antti. Then, with a subtle smile on his face, he added, “and I doubt you have ever seen a 3pm sunset on the frozen sea… you might find it beautiful!”

“All right, you convinced me. After all we don’t need laptops and dashboards to continue our interesting discussion” said Claudio.

15 minutes later, they were strolling in the middle of the sea near Espoo, where the ASPF headquarters were located. They admired the incredible lights of the winter sunset ranging from dark blues to insanely bright oranges and reds –  in a word, spectacular!

That day was very important for Antti’s company, since a partnership with this Italian cloud computing service provider would mean a significant boost in business.

CloudyBiz was an Italian leading CRM services provider to an incredible number of small and medium size companies all over Europe. The recent dramatic growth of demand raised critical security concerns about access to the solution. Customers started to ask more about the security of their access and strong authentication, each one wanting a different authentication approach. Some love digital certificates, some dream for a one-time password, others ask for Active Directory integration, while some still have Novell eDirectory and would like to use it for authentication purposes (you know, customers take it always to extreme).

When Antti said ASPF might have a solution, Claudio immediately became interested and agreed to a meeting.

Antti started to talk about their solution. He mentioned, “two years ago we included in our offering solutions from an interesting Finnish vendor, Stonesoft.”

“Oh yes, I have heard of them,” commented Claudio. “They are the company that proposed a clustering solution for other vendors… stonedance, stone… beat, yes, StoneBeat was the name!”

“Of course,” continued Antti, “that was many years ago. However, now their offering has evolved into an advanced network security platform called StoneGate, which includes an identity and access management solution called StoneGate SSL VPN.”

“This could be a very good solution to CloudyBiz’s needs, because it supports over 25 different authentication methods and I’m pretty sure it includes the ones your customers are asking for.”

“Hmmm,” mumbled Claudio, “could be, but sometimes the customers are really reluctant in relying on CloudyBiz for user authentication… or in some cases they have hundreds of users already defined, and they don’t want to force these users to have yet another account and password to maintain and remember!”

“This is very true and understandable,” continued Antti, “that’s why we very often propose this solution in a federated authentication fashion: the basic idea is that users keep authentication at home and once it is successful, they will have access to the cloud in a secured way, providing only that bit of information (for example email address or mobile number) to identify the user profile and provide single sign-on to applications. I’m sure I can ask Juhani Kiviportti, our techie guru, to show you how it works. This is a very interesting and powerful solution.”

“It seems indeed,” exclaimed Claudio, “so now let’s go back to your office as it’s getting dark… and a bit cold for my tastes… we can see if Juhani is available and see this marvel in action”.

A few weeks later, CloudyBiz SpA announced a new security option in their offering with an amazingly funny advertising campaign having the following slogan:

“Spaghetti and reindeers: securing access to your CRM!”

written by RoarinPenguin - 551 views \\ tags: authentication, Federated ID, The Adventures of Antti Pilvinen

“The Adventures of Antti Pilvinen” - A story by the RoarinPenguin

DISCLAIMER: All facts, people and companies in this story are fictional and do not have links with any real situation.

“Business is business, but some days are really long and stressful!”

That was the thought of Antti Pilvinen on a bright and sunny 12^th day of September near Espoo, Finland.

And this thought had nothing to do with the beautiful lengthy summer days. Instead, it seemed that the phone couldn’t stop ringing that day, which was awesome since almost all of the calls were business related (including that interesting security project for a Helsinki municipality).

Anyway, such is the hard life of a successful salesman, and at 18.45 in the evening the sunset view he was enjoying from the small cottage on the Helsinki coastline was marvelous. Late summer sunsets in Finland are like a movie –  they can last more than one hour… of pure enchantment!

While waiting for friends to arrive, Antti thought it would be good time to connect to his SSL VPN portal and do one last email check before an evening of relaxation and fun. He booted up his laptop, connected to the portal via the 3G network and was ready for authentication. When grabbing his Nokia E72 phone to proceed with the MobileID authentication, he discovered… boom! No battery! Zero! Phone is dead!

“Right”, he thought. “I managed to dry out a Nokia E72 battery in one day! Tomorrow I’ll have to write to the Guinness Book of World Records!” “How to authenticate now”, he questioned. That MobileID client token software is a cool strong solution for authentication, but it relies upon one important assumption: your phone, that specific phone where the software is loaded and seeded…must be up and running. While he was cursing himself for leaving the additional battery lying in the first drawer of his living room closet at home, the loud sound of a Volvo V70 horn woke him up to reality!

Matti! Matti Pelastaja was arriving! Hopefully with the brand new iPhone 4 he was showing so proudly last week at the public sauna! After greetings were exchanged, Antti kindly asked him if he could borrow the phone for an urgent local call and he dialed the number of Juhani KiviPortti, the technical Guru of IT.
After Juhani patiently listened to the story, he simply replied, “I have a solution for you! I’ll change your mobile number to the one you’re dialing from, then you can select StoneGate Mobile Text to authenticate and a one time password will come straight to your phone with a text message”.

“Whoa!”, Antti said. “Isn’t this a bit insecure?”

“Well no,” Juhani replied. “Because you will need to type in your network password to trigger the sending of the OTP, and also the number it will use is coded in your user profile.”

“Fantastic!”

Juhani added, “To avoid confusing our roaming employees, we took the benefit of the multi-portal feature of StoneGate SSL VPN and created another portal for this authentication. You have to point your browser https://smsauth.apsf.fi”.

“Many thanks Juhani… have a great evening!”

Before the other two friends arrived, Antti was able to authenticate using an OTP sent to Matti’s mobile, check his mail and complete the offer for a project that he successfully concluded three weeks later. Right in time for the closing of the business quarter!

written by RoarinPenguin - 588 views \\ tags: The Adventures of Antti Pilvinen

“The Adventures of Antti Pilvinen” - A story by the RoarinPenguin

DISCLAIMER: All facts, people and companies in this story are fictional and do not have links with any real situation.

Our friend Antti Pilvinen was experiencing a moment of maximum happiness and satisfaction: not only had he overachieved his sales quota, not only did he add many new customers to his company (APSF – Antti Pilvinen Securing Finland)… he also won the internal sales competition’s top prize! Antti was now the owner of a shiny, new iPad 64 GB 3G, including a flat rate data contract for one year. The prize was proudly delivered that morning during a beautiful ceremony on the company’s fifth floor terrace with all of his colleagues applauding that great achievement.

That warmed terrace has been the best investment of last year: a great space with all windows to enjoy the beautiful panorama in Espoo. It is just an all around classy meeting room for these nice internal events, a very nice place to be in January. Although it was mid-morning and the sun was shining, outside it was -16 Celsius and the frozen pine trees were creating an enchanted landscape. Ah, beautiful Finland!

Later in the afternoon, while the light outside was disappearing into the chilly winter night, he started daydreaming of what to do with that oh so cool jewel… ebooks, surfing the web, watching podcasts, listening to music, storing the pictures of his latest travel in Dubai, reading corporate mail… wait! WAIT! Mail? Uhmmm… that might very well be an issue, and a serious one, since APSF was very strict on mail access and security in general. Of course, he could continue to read mail using the Outlook Web interface through that marvelous StoneGate SSL VPN they bought recently but… well, iPad mail is a completely new and insanely great experience!

In addition, iPad has native support for Microsoft Exchange, the platform APSF moved to recently. Timing was just right to meet the guru of their internal systems: Juhani Kiviportti. Full of hope, he went to the internal systems department to look for that genius, who seems to have the native talent to solve all IT issues, no matter how complex they are. Juhani was the person who insisted upon adoption of the StoneGate SSL VPN, which has brought many benefits, in particular increasing the productivity of the sales team. Ubiquitous access to corporate data and applications… from anywhere… but now? Secured access to mail using iPad native exchange support? Maybe this was too much even for Juhani…

Lost in these obscure thoughts, he almost bumped into Juhani’s desktop, fully covered with every possible gadget, including a penguin coming down from the ceiling as a symbol of his “IT faith”: Linux.

With a trembling voice, he started sharing with Juhani his “happy problem”. His mood boosted suddenly when he saw a smile growing on the face of his genial colleague, who simply said: “yeah, this is a part of our SSL VPN I’m thinking to deepen… leave it with me”.

Two days later, he received the following email from Juhani:

“Hi Antti. Please proceed to configure your mail on the iPad simply by typing your email address and you should be operational within few seconds”.

With a sense of disbelief (naah, it couldn’t be that simple!), he tapped on Settings – Mail – Add Account – Microsoft Exchange on his iPad and inserted antti.pilvinen@apsf.fi. He was shocked to see a few seconds later that his iPad screen populated with… his mail messages! Suddenly (professional bias), he wanted to know everything about the security of the entire implementation so he went to see Juhani again with a bunch of question to “stress test” him.

Antti: “How did you do it? This is… magic!!!”

Juhani: “Any sufficiently advanced technology is indistinguishable from magic…”

Antti: “Seriously… is this secure?”

Juhani: “Of course, thanks to the StoneGate SSL VPN support of secure Active Sync with Device ID Locking in case of loss or theft of the device. Plus, I registered your iPad on Apple MobileMe free service as an additional security measure”.

Antti: “I’m astonished! And you did this in two days?”

Juhani: “Well… no… yesterday I was on holiday.”

Antti: “WOW! And is it working only for iPad?”

Juhani: “That’s the best part of it! You have been the Proof of Concept. The configuration we implemented will allow every device in the company supporting Microsoft Exchange to access email in a secure and authenticated way: Nokia phones, Android phone, iPhone, iPad… all of them… with complete mail, calendar and contacts synchronization. We have reached complete client independence from the mail server!!!”

Antti: “Fantastic! Awesome! Thank you very much for this!”

Juhani “You are very welcome”.

The best part for Juhani Kiviportti came at the end of that month… when he saw a special bonus in his salary with one comment:“To the person who brought APSF to Secure Mail Nirvana! A.P.”

written by RoarinPenguin - 788 views \\ tags: iPad, MS Exchange, SSL VPN, The Adventures of Antti Pilvinen

“The Adventures of Antti Pilvinen” - A story by the RoarinPenguin

DISCLAIMER: All facts, people and companies in this story are fictional and do not have links with any real situation with the exception of Robert’s Coffee, Sonera and Finavia.

Helsinki – February – 8.30 AM – Vantaa airport

Antti Pilvinen, a typical Finnish salesman, has just finished his espresso at Robert’s Coffee… the aroma of his croissant is still pervading the warm environment…

What a beautiful feeling, especially when the car he left in the parking lot 20 minutes earlier is still freezing at -23 C.

Sitting in a comfortable chair, he realizes that there is still 45 minutes before the green flashing Portille sign will appear on the screen at the gate.

Thinking about how fantastic this morning is for business, he remembers that he has to finish an offer for 10 SSL VPN application portals for his potential client Sanomat. Then, it occurs to him that it could be a great moment to check email and also update Salesforce.com with a couple of notes about the two meetings he attended yesterday.

He is particularly thinking of the very promising second meeting which involves a potentially immense number of IPS engines, after the Stuxnet threat variation appeared in the wild a few days before. He needs to react quickly and prompt the Sales Engineer to send more info to Mr. Virtanen.

While waiting for his Dell to boot up, he was silently giving thanks to Finavia for sponsoring free WiFi connectivity at the airport. Sonera’s network is good but not free.

Two minutes later, he’s cheered by the logo of APSF (Antti Pilvinen Securing Finland) Oy, a nice puffy cloud on the SSL VPN portal.

Once again, he thought to what a worthwhile investment that StoneGate SSL VPN technology has been! Even on an insecure WiFi connection, from anywhere, it allowed him to safely access applications he needed. No fear about theft of identity or credentials, since  the combination of certificate-based authentication and the one time password sent to his Nokia E72 makes authentication secure and valid only for that session.

The comfortable set of icons appeared to him after the system silently but efficiently checked his security posture, and 25 minutes later he was boarding Finnair flight AY796 to Milan Malpensa to enjoy the Sales Meeting in Lago di Como organized by the Country Manager of the Italian subsidiary, Emilio.

His sales mind, so committed to results, so keen on convincing every customer to invest in security solutions… never gave a single second’s thought to the backend complexity of accessing three different systems (Outlook Web Mail, Word in Remote Desktop and CRM hosted in the cloud by Salesforce.com), each one with different credentials, simply by…

…clicking an icon.

Secure access to applications in the cloud. Simplified!

written by RoarinPenguin - 994 views \\ tags: secured access to the cloud, sslvpn, story, The Adventures of Antti Pilvinen