- Email: [email protected]
Hewlett Packard security strategy
September 7999
Network Security
cations, financial and other areas. He added that the data from all monitoring would be provided to the FBI. According to the document, “information gathered about network security breaches would fall within one of the plans’ three ‘pillars’ - the Department of Defense computer network, other federal networks and private sector networks.” The document also stated that “trained, experienced analysts will have to step in to determine the nature of any suspected security breaches,” ‘The most serious concern about this is that it could move us closer to a surveillance society”, said Ed Black, president of the Computer and Communications Industry Association. “It’s critical that if they do this, they should not retain any of the information that is gathered .” John Tritak, director of the Clinton administration’s Critical Infrastructure Assurance Office, said the FIDNET plan had not been approved by President Clinton and was still undergoing legal the Justice review by Department and the White House’s chief counsellor for privacy, Peter Swire. “This legal review is still under way”, Tritak said. “It’s very likely, or should I say possible, that the implementation of any of the features in that program will be shaped and determined by those reviews.” US Senator Robert Bennett, chairman of the US Senate’s Special Committee on the Year 2000 problem, said that Congress has yet to receive the FIDNET plan that was leaked to the press.
6
Hewlett Packard security strategy
from the server on which the HP vulnerability assessment and instruction package will operate.
Barbara Gengler
“We are committed to offering products and services to help enterprise-network managers and network operators meet the challenges of deploying and operating multi-services networks”, said Mortimer. ‘As more service providers offer Webhosting and as enterprise networks become more missioncritical than ever, security becomes paramount.”
Hewlett Packard said that at the end of August it will deliver products resulting from its recent acquisition of a start-up company that develops vulnerability assessment technology for enterprise networks. Adding security products to its range of test and measurement solutions, HP acquired Security Force Software in early August. The Security Force acquisition is the latest expansion of HP’s portfolio of communications test systems for enterprise and public networks. HP also expanded its capabilities to include voice and facsimile testing with the April acquisition of Telegra, a developer of facsimile-protocol testing systems and equipment. Bill Mortimer, general manager of HP’s Network Systems Test Division said that HP will launch the first of a series of products next week called SF Protect, for vulnerability assessment of Windows NT 4.0, resulting from the acquisition of Security Force. “Our advantage is we are the only company that provides one button to fix these security issues”, he said. The tool will also restrict employees unauthorized to access certain information as welt as who has access to what kinds of information. Mortimer explained that SF Protect will be available in three configurations. The software can be loaded on to the server itself, running on a portable PC that connects the IT manager to the network and, later this year, an appliance a piece of dedicated hardware separate
He added that the acquisition of Security Force Software, along with HP’s ongoing investment and alliances, will help HP provide the products and services required to secure networks world wide. Security Force Software has been developing a product line that includes system security scanning, security testing, incident investigation, host and network-based intrusion detection and security management. HP said Security Force Software is a provider of vulnerability scanning and intrusion detection security products that target security consuttants and systems administrators responsible for enterprise networks. With the acquisition of Security Force, HP will add security to its communications test systems for enterprise and public networks. “We are excited to be part of HP’s expanding portfolio of solutions”, said Craig Anderson, president and chief executive officer of Security Force. ‘As part of the Network Systems Test Division, we can provide more companies with security technology and help customers discover the financial and
0 1999 Elsevier
Science
Ltd
September 7999
operational benefits secure network.”
Net work Security
of having a
Financial terms of the acquisition were not disclosed. Security Force employees will join HP’s Network Systems Test Division. Earlier this month, HP launched the HP Telegra line of test and analysis systems, following its acquisition of Telegra. Three new products for the integration of the conventional telephony services, voice and fax, into IP telephony networks were recently introduced. Two products will address end-to-end fax testing, allowing fax networks device manufacturers, fax service companies, network operators and telephony carriers to test fax systems across conventional and IP-based networks. A third product will help HP customers handle the IP centric test requirements. HP recently announced it will call its test and measurement organization Agilent Technologies. Earlier this year, HP said it would spin off the division that will focus on high-growth sectors, such as communications and life sciences, and will encompass the test and measurement, components, chemical-analysis and medical businesses.
E-commerce security study Barbara Gengler A new study establishes that companies that indulge in Internet E-commerce encounter far more information security breaches than those that do not conduct E-commerce; almost twice as many.
0 1999 Elsevier
Science
Ltd
Given the rush to enable E-business functions and the relative youth of intrusion detection technologies, it may come as no surprise that hackers/crackers top the list of the single most pressing concerns to infosecurity professionals. Companies conducting business online are 57% more likely to proprietary experience a information leak and 24% more likely to experience a hacking-related breech, according to a survey published in Information Security Magazine, www.infosecuritymag.com. The study reported that overall the number of companies hit by an unauthorized access, hacking/cracking increased nearly 92% from 1997 to 1998. Of the companies surveyed, 77% experienced a virus outbreak and 52% experienced an employee access breach in the last year. Andrew Briney, editor-in-chief of Information Security, pointed out that employee access abuses continue to be the most common security breach, but “it’s clear that the growth of Ebusiness has intensified the threat of computer attacks from outside the company’s walls,” The study also reveals statistics on infosecurity software and hardware use, organizational budgets for security, the use and effectiveness of infosecurity policies and salary and personnel issues which affect professionals engaged in securing their companies data, communications and technology. For example, companies suffered an average loss of $256 000 to security breaches last year. Of the 745 companies polled in the survey, 91 quantified their
financial losses for a total of $23.3 million. The number one security priority of survey respondents was protecting their companies against such attacks, More than one in five, or 21%, said “preventing hackers/crackers” was the single most pressing security in their concern company. “The internal threat has been the highest threat for so many years that it’s almost a knee-jerk reaction at this stage”, said Harry DeMaio, president of Deloitte & Touche Security Services. “But as more and more remote users gain increased access to the system, the origin of the threat is changing.” “The inside threat will never drop out of sight”, DeMio said. ‘But from an E-business standpoint, intrusion prevention is still at an immature state, from both a technology and an administration perspective. The increase in vulnerabilities is helped along by the fact that not all of the pieces are there right now.” Preventing malicious code and viruses was the next highest priority, considering that viruses infected three out of every four companies in the survey. Secure remote access and E-mail messaging also scored high on the list of top priorities. The study additionally reported that more than 85% of all respondents said security has improved at their company over the last two years and 95% are confident that it will improve even more by 2001. Of companies surveyed, 99% held a security awareness/training program for staff during the last year, The study, conducted in May, was jointly sponsored by ICSA and
Network Security
cations, financial and other areas. He added that the data from all monitoring would be provided to the FBI. According to the document, “information gathered about network security breaches would fall within one of the plans’ three ‘pillars’ - the Department of Defense computer network, other federal networks and private sector networks.” The document also stated that “trained, experienced analysts will have to step in to determine the nature of any suspected security breaches,” ‘The most serious concern about this is that it could move us closer to a surveillance society”, said Ed Black, president of the Computer and Communications Industry Association. “It’s critical that if they do this, they should not retain any of the information that is gathered .” John Tritak, director of the Clinton administration’s Critical Infrastructure Assurance Office, said the FIDNET plan had not been approved by President Clinton and was still undergoing legal the Justice review by Department and the White House’s chief counsellor for privacy, Peter Swire. “This legal review is still under way”, Tritak said. “It’s very likely, or should I say possible, that the implementation of any of the features in that program will be shaped and determined by those reviews.” US Senator Robert Bennett, chairman of the US Senate’s Special Committee on the Year 2000 problem, said that Congress has yet to receive the FIDNET plan that was leaked to the press.
6
Hewlett Packard security strategy
from the server on which the HP vulnerability assessment and instruction package will operate.
Barbara Gengler
“We are committed to offering products and services to help enterprise-network managers and network operators meet the challenges of deploying and operating multi-services networks”, said Mortimer. ‘As more service providers offer Webhosting and as enterprise networks become more missioncritical than ever, security becomes paramount.”
Hewlett Packard said that at the end of August it will deliver products resulting from its recent acquisition of a start-up company that develops vulnerability assessment technology for enterprise networks. Adding security products to its range of test and measurement solutions, HP acquired Security Force Software in early August. The Security Force acquisition is the latest expansion of HP’s portfolio of communications test systems for enterprise and public networks. HP also expanded its capabilities to include voice and facsimile testing with the April acquisition of Telegra, a developer of facsimile-protocol testing systems and equipment. Bill Mortimer, general manager of HP’s Network Systems Test Division said that HP will launch the first of a series of products next week called SF Protect, for vulnerability assessment of Windows NT 4.0, resulting from the acquisition of Security Force. “Our advantage is we are the only company that provides one button to fix these security issues”, he said. The tool will also restrict employees unauthorized to access certain information as welt as who has access to what kinds of information. Mortimer explained that SF Protect will be available in three configurations. The software can be loaded on to the server itself, running on a portable PC that connects the IT manager to the network and, later this year, an appliance a piece of dedicated hardware separate
He added that the acquisition of Security Force Software, along with HP’s ongoing investment and alliances, will help HP provide the products and services required to secure networks world wide. Security Force Software has been developing a product line that includes system security scanning, security testing, incident investigation, host and network-based intrusion detection and security management. HP said Security Force Software is a provider of vulnerability scanning and intrusion detection security products that target security consuttants and systems administrators responsible for enterprise networks. With the acquisition of Security Force, HP will add security to its communications test systems for enterprise and public networks. “We are excited to be part of HP’s expanding portfolio of solutions”, said Craig Anderson, president and chief executive officer of Security Force. ‘As part of the Network Systems Test Division, we can provide more companies with security technology and help customers discover the financial and
0 1999 Elsevier
Science
Ltd
September 7999
operational benefits secure network.”
Net work Security
of having a
Financial terms of the acquisition were not disclosed. Security Force employees will join HP’s Network Systems Test Division. Earlier this month, HP launched the HP Telegra line of test and analysis systems, following its acquisition of Telegra. Three new products for the integration of the conventional telephony services, voice and fax, into IP telephony networks were recently introduced. Two products will address end-to-end fax testing, allowing fax networks device manufacturers, fax service companies, network operators and telephony carriers to test fax systems across conventional and IP-based networks. A third product will help HP customers handle the IP centric test requirements. HP recently announced it will call its test and measurement organization Agilent Technologies. Earlier this year, HP said it would spin off the division that will focus on high-growth sectors, such as communications and life sciences, and will encompass the test and measurement, components, chemical-analysis and medical businesses.
E-commerce security study Barbara Gengler A new study establishes that companies that indulge in Internet E-commerce encounter far more information security breaches than those that do not conduct E-commerce; almost twice as many.
0 1999 Elsevier
Science
Ltd
Given the rush to enable E-business functions and the relative youth of intrusion detection technologies, it may come as no surprise that hackers/crackers top the list of the single most pressing concerns to infosecurity professionals. Companies conducting business online are 57% more likely to proprietary experience a information leak and 24% more likely to experience a hacking-related breech, according to a survey published in Information Security Magazine, www.infosecuritymag.com. The study reported that overall the number of companies hit by an unauthorized access, hacking/cracking increased nearly 92% from 1997 to 1998. Of the companies surveyed, 77% experienced a virus outbreak and 52% experienced an employee access breach in the last year. Andrew Briney, editor-in-chief of Information Security, pointed out that employee access abuses continue to be the most common security breach, but “it’s clear that the growth of Ebusiness has intensified the threat of computer attacks from outside the company’s walls,” The study also reveals statistics on infosecurity software and hardware use, organizational budgets for security, the use and effectiveness of infosecurity policies and salary and personnel issues which affect professionals engaged in securing their companies data, communications and technology. For example, companies suffered an average loss of $256 000 to security breaches last year. Of the 745 companies polled in the survey, 91 quantified their
financial losses for a total of $23.3 million. The number one security priority of survey respondents was protecting their companies against such attacks, More than one in five, or 21%, said “preventing hackers/crackers” was the single most pressing security in their concern company. “The internal threat has been the highest threat for so many years that it’s almost a knee-jerk reaction at this stage”, said Harry DeMaio, president of Deloitte & Touche Security Services. “But as more and more remote users gain increased access to the system, the origin of the threat is changing.” “The inside threat will never drop out of sight”, DeMio said. ‘But from an E-business standpoint, intrusion prevention is still at an immature state, from both a technology and an administration perspective. The increase in vulnerabilities is helped along by the fact that not all of the pieces are there right now.” Preventing malicious code and viruses was the next highest priority, considering that viruses infected three out of every four companies in the survey. Secure remote access and E-mail messaging also scored high on the list of top priorities. The study additionally reported that more than 85% of all respondents said security has improved at their company over the last two years and 95% are confident that it will improve even more by 2001. Of companies surveyed, 99% held a security awareness/training program for staff during the last year, The study, conducted in May, was jointly sponsored by ICSA and