IT Latest News

Innovative product improves overall network security while reducing the burden on security and IT operations teams

Boston, MA - October 08, 2014 - Rapid7, a leading provider of security analytics software and services, today announced the release of Rapid7 Nexpose Ultimate to help security professionals more effectively and efficiently reduce the attack surface and manage risk. Nexpose Ultimate is the first and only vulnerability management solution to combine assessment of vulnerabilities and controls, vulnerability validation, and prioritized remediation planning in a single solution.

US State Department research has shown that organizations can achieve more than 88% risk reduction through rigorous implementation of the SANS Top 20 Controls but most organizations lack the visibility and resources to identify which controls are properly deployed in their organization and how to prioritize resources to maximize risk reduction. Rapid7 Nexpose Ultimate provides security and IT with guidance on the most impactful vulnerabilities to remediate and the most significant controls to implement, fully validated with built-in, automated security testing.

"An effective security program requires visibility and risk management across vulnerabilities, configurations, and controls," said Lee Weiner, senior vice president of products and engineering at Rapid7. "Nexpose Ultimate uniquely provides this in a unified solution. It optimizes action to reduce risk based on a deep understanding of the attacker mindset, business context and customized remediation reports."

Looking at vulnerabilities and controls in isolation creates holes which attackers can exploit. Vulnerability validation solves this problem by testing whether vulnerabilities in your network could be exploited by an attacker. Lack of vulnerability validation along with long reports showing numerous "high" priority issues leads to lack of confidence and the inability for IT organizations to act on security issues. Nexpose Ultimate addresses both of these challenges by assessing vulnerabilities and controls together, and by providing IT operations with validated, simple, and clear remediation reports, specific to their area of responsibility. This enables them to act on the highest priority issues.

Assess

By gathering vulnerability, compliance, and controls information in a single scan, Rapid7 Nexpose Ultimate enables IT security teams to determine their exposure across their physical and virtual networks, mobile devices, and Amazon Web Services cloud while understanding the risk associated with each asset. This unique single scan methodology enables organizations to gain critical insight into their risk while imposing the smallest possible burden on the network. The insight into risk goes beyond looking at the vulnerabilities in browsers, operating systems, Flash, Java and other third-party software to common weaknesses in controls such as weak password policies, out of date anti-virus solutions or desktop applications installed on servers.

Test

Security teams seek to identify the most impactful issues to address and to avoid false positives or security issues negated by another control. Rapid7 Nexpose Ultimate enables IT security teams to prioritize the severity of vulnerabilities by determining whether they can be exploited using the integrated Metasploit Vulnerability Validation wizard. Only Rapid7 is able to offer this critical validation to ensure security teams focus on the right issues.

Improve

A key criteria of a successful security program is the operational execution of remediating vulnerabilities and implementing controls, which is challenging for many security teams due to complexity and scale. The key to getting operating teams to act on security issues is prioritization, clarity on action needed, and credibility of information. In addition to using vulnerability validation, controls and vulnerabilities in Nexpose are prioritized according to three advanced algorithms developed by Rapid7:

  • The patented RealRisk™ algorithm weighs not only the CVSS score but also common factors such as malware and exploit exposure and temporal risk metrics.
  • RealContext™ deepens prioritization by ensuring organizations focus on the most critical assets.
  • The patent-pending Rapid7 intelligent threat model helps organizations understand the effectiveness of the controls they have in place and identifies the next controls they should implement or improve to secure their overall enterprise.

Armed with granular risk scoring, business context, and a proven threat model, Rapid7 Nexpose Ultimate provides guidance to the security team on the top 25 vulnerabilities they need to address and the most critical controls to implement. It goes further, making remediation easier with step-by-step instructions for addressing the critical issues identified.

About Rapid7

Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

About Rapid7 Nexpose

Rapid7 Nexpose is the only vulnerability management solution that analyzes risk across vulnerabilities, configurations, and controls with awareness of the threat landscape across the modern network. Users can efficiently manage vulnerabilities found in operating systems, third-party software, Web applications, browsers and databases, as well as identifying misconfiguration issues, all in one solution with over 52,000 vulnerabilities and 130,000 vulnerability checks. The unique Metasploit integration, RealRisk™ score, and contextual business intelligence make Nexpose the most effective vulnerability management solution for finding the "who, what, and where" of your risk, and driving prioritized remediation across all your IT assets and environments. Rapid7 Nexpose's most advanced edition, Nexpose Ultimate, provides visibility and risk management across vulnerabilities, configurations and controls in a single unified solution, which enables IT security teams to effectively reduce risk with a deep understanding of the attacker mindset, business context and customized remediation reports. Use Nexpose to improve your overall risk posture and comply with regulations, including security requirements for PCI, CIS, HIPAA, HITECH Act, FISMA (including SCAP Compliance), Sarbanes-Oxley (SOX), and NERC CIP.

 

 

Barracuda Extends NG Firewall Product Line with New Version and New Model F1000 with 40 Gbps Throughput

Campbell, Calif. (October 8, 2014) – Barracuda Networks, Inc. (NYSE: CUDA),

Press Release Highlights:

  • Barracuda NG Firewall version 6.0 offers Advanced Threat Detection to protect customers against malware and zero-day attacks.
  • Barracuda Advanced Threat Detection implements full system emulation, which provides deeper visibility into malware behavior leveraging a virtual sandbox.
  • Barracuda NG Firewall version 6.0 extends secure mobile access via iPhones, iPads or Android devices, and secure remote SSL VPN.
  • The new Barracuda NG Firewall F1000 brings powerful 40 Gbps throughput for data center deployments

"The latest Barracuda NG Firewall release offers customers powerful cloud-based Advanced Threat Detection, which provides an entirely new level of security, and extends secure access on mobile devices,” said Klaus Gheri, VP Network Security, Barracuda. “These enhancements, combined with the powerful new F1000, create a strong solution for distributed enterprises seeking advanced, next-generation firewall protection at an affordable price.”

Advanced Malware Detection

Barracuda NG Firewall version 6.0 now offers Advanced Threat Detection (ATD), which leverages a virtual sandbox to detect malicious behavior such as attempts to steal data or disable security mechanisms. Windows executable files, Android APK, PDF and Word documents can be analyzed. This dynamic on-demand analysis can thwart propagation of these zero-day exploits to users, and also results in corresponding entries in signature-based threat databases to prevent propagation of the threats. To learn more about Barracuda Advanced Threat Detection, please visit http://cuda.co/ngfwatd.

Complete Granular Control

IT administrators can define granular rule-based policies governing which file types to check and policy actions after inspection. Options include preventing delivery of unknown files until after successful inspection or for immediate delivery of files with threat reports once detected. If the Barracuda NG Firewall discovers a threat in a file that already has been delivered, then it automatically places the user in quarantine in order to prevent the malware from spreading. The Barracuda ATD analysis is integrated completely into the SSL Inspection to detect malware in encrypted data traffic.

Improved Mobility for Secure Access

Barracuda NG Firewall now includes improved integration of mobile devices that can access corporate applications. With Barracuda NG Firewall version 6.0, administrators easily can set policies regarding access to corporate applications from iPhones, iPads or Android devices. The new version also includes improved remote SSL VPN access via a browser-based portal.

Powerful New Model Designed for Data Centers

The Barracuda NG Firewall model F1000 doubles the throughput rate achieved by the previous high-end NG Firewall models to support data center deployments. The Barracuda NG Firewall model F1000 supports a data throughput rate to 40Gbps, making it one of the fastest next-generation firewalls available. In addition to the advanced security features for malware, IPS and DDoS protection, the Barracuda NG Firewall also provides seamless bandwidth management and load balancing.

About Barracuda Networks, Inc. (NYSE: CUDA)

Barracuda (NYSE: CUDA) provides cloud-connected security and storage solutions that simplify IT. These powerful, easy-to-use and affordable solutions are trusted by more than 150,000 organizations worldwide and are delivered in appliance, virtual appliance, cloud and hybrid deployments. Barracuda’s customer-centric business model focuses on delivering high-value, subscription-based IT solutions that provide end-to-end network and data security. For additional information, please visit barracuda.com.

New Authenticator Features Dual-Line Display, Navigation Buttons, and a Longer Battery Life 

OAKBROOK TERRACE, IL, September 05, 2014 - VASCO Data Security International, Inc. (NASDAQ: VDSI), a global leader in authentication, electronic signatures, and identity management, announced the launch of DIGIPASS® 310, its newest hardware authenticator that provides One Time Passwords and electronic signatures. Two-factor authentication is used by banks and other organizations to secure access to valuable assets and to protect financial transactions from hacking attacks. 

The DIGIPASS 310 comes in a slim design that fits inside of a wallet. It features a dual-line graphical display so that the transaction amount and account number may be confirmed before an online or mobile banking customer electronically signs a transaction. This helps protect against Man-in-the-Middle attacks, a type of banking fraud where the transaction data is altered by a hacker. 

“Attacks on online banking continue to grow in sophistication and frequency, so banks must respond with more secure solutions that defeat the newest attacks,” said Jan Valcke, President and COO of VASCO. “It is very important to VASCO and our customers to be able to provide enhanced online security while making the process easier for users.”

Recent high-profile breaches and reports that Russian hackers have amassed 1.2 Billion username and password combinations has driven increased interest in Two-factor authentication using One Time Passwords. With a one time password, the login password expires after 30 seconds and cannot be used or guessed by hackers.

This new DIGIPASS 310 supports up to four applications from the same device and includes navigation buttons to scroll through different menu items. The device offers one-time password, Challenge/Response, and electronic signing functions. It also has a magnifier feature that allows the user to display the one time password in a larger font size by using both lines of the display instead of one. The DIGIPASS 310 allows banks and other organizations to economically deploy a high-performance Two-factor authentication solution to reduce fraud and account takeover.

About VASCO

VASCO is the world leader in providing Two-factor authentication and digital signature solutions to financial institutions. More than half of the Top 100 global banks rely on VASCO solutions to enhance security, protect mobile applications, and meet regulatory requirements. VASCO also secures access to data and applications in the cloud, and provides tools for application developers to easily integrate security functions into their web-based and mobile applications. VASCO enables more than 10,000 customers in 100 countries to secure access, manage identities, verify transactions, and protect assets across financial, enterprise, E-commerce, government and healthcare markets. 

UserInsight and Nexpose Connect with Leading Security Information and Event Management Solution so Security Professionals can Quickly Detect and Investigate Threats and Attacks

Boston, MA - September 9, 2014 - Rapid7, a leading provider of security analytics software and services, today announced that its innovative incident detection and response solution, Rapid7 UserInsight, is now interoperable with HP ArcSight ESM. The combination of these two advanced technologies enables security operations professionals to detect, investigate, and respond to security threats targeting a company’s users more quickly and effectively.

Data collected and correlated from HP ArcSight can now be easily fed into Rapid7 UserInsight to detect and investigate compromised credentials, phishing attacks, and suspicious behavior. UserInsight can feed these alerts back to HP ArcSight ESM for further correlation and visibility leveraging HP ArcSight as the single pane of glass for security activities in a company’s Security Operations Center (SOC).

Compromised credentials are the most common attack vectors according to the Verizon Data Breach Investigations Report 20141. With credentials, attackers can pose as genuine users and move laterally through the network, and this has traditionally been very difficult to detect. In addition, malicious insiders pose a similar challenge to detection. UserInsight addresses these challenges, giving users greater confidence in their network security in an easy-to-deploy technology that integrates with their existing Security Information and Event Management solution.

This interoperability builds on the existing technology partnership between Rapid7 Nexpose and HP ArcSight. Vulnerability data from Nexpose scans feeds into HP ArcSight ESM so users can create alerts, raise alarms, or take other operational actions when attacks are happening on assets affected by vulnerabilities. This provides more insight into the current risk state of an organization's infrastructure.

"In the current threat environment, detecting and reacting to security incidents quickly to minimize impact is just as important as reducing the likelihood of them happening in the first place," said Lee Weiner, senior vice president of products and engineering at Rapid7. "The interoperability of Rapid7’s solutions with HP ArcSight ESM enables security professionals to do both faster and more effectively."

Both technologies will be showcased at HP's annual enterprise security user conference, HP Protect, taking place this week from September 8-11 in Washington, D.C. Visit Rapid7’s booth #522 to learn more. These capabilities are available immediately to HP ArcSight and Rapid7 UserInsight or Nexpose customers.

About Rapid7 UserInsight

Rapid7 UserInsight helps security professionals quickly and easily detect and investigate incidents. Only UserInsight can combine context from users, endpoints, mobile, and cloud services with advanced detection techniques, such as honeypots, to help security teams respond to these types of attacks. UserInsight works by automatically detecting breaches and lateral movement inside the network perimeter. By creating a baseline of “typical” behavior for each user, UserInsight can identify unusual or suspicious behavior. This enables it to detect user account compromises with high accuracy and adds needed user context to any investigation. When a compromise is detected, UserInsight simplifies incident investigation because of its unique capability to easily show the relationship between incidents, users and assets. Security teams get a comprehensive view into user activity before and after any possible incident without the need to manually correlate logs. Incident responders can quickly identify other users who may have been impacted by the same attack.

About Rapid7 Nexpose

Rapid7 Nexpose is the only vulnerability management solution that analyzes risk across vulnerabilities, configurations, and controls with awareness of the threat landscape across the modern network. Users can efficiently manage vulnerabilities found in operating systems, Web applications, and databases, as well as identifying misconfiguration issues, all in one solution with over 52,000 vulnerabilities and 130,000 vulnerability checks. The unique Metasploit integration, RealRiskTM score, and contextual business intelligence make Nexpose the most effective vulnerability management solution for finding the “who, what, and where” of your risk, and driving prioritized remediation. Use Nexpose to improve your overall risk posture and comply with regulations, including security requirements for PCI, CIS, HIPAA, HITECH Act, FISMA (including SCAP Compliance), Sarbanes-Oxley (SOX), and NERC CIP.

About Rapid7

Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

Subcategories

Follow us on Facebook

SFbBox by afl odds
You are here: Home News