 |
 |
|
 |
>
news |
 |
|
 |
|
NEWS & ANNOUNCEMENTS |
|
Jacadis and Ohio
Dominican University receive 2008 Campus Technology Innovator Award |
Columbus OH, July
7, 2008 |
Jacadis
and Ohio Dominican University have been recognized as one of Campus
Technology’s 2008 Innovators to be featured in the August issue of
Campus Technology magazine. The editors of Campus Technology
thoroughly reviewed and selected 14 innovative campus technology
initiatives in diverse categories from just under 300 remarkable
case studies. The nomination they accepted was for the school’s
information security renovation project.
Join us at the
Campus Technology
Conference and Expo at the Westin Waterfront Hotel in Boston,
July 28-31. Among the events
at this week long higher education oriented trade show will be a
presentation of the Innovator 2008 awards. |
|
Jacadis Debunks
Common Internet Security Myth:
"We
are secure because we have never been hacked" |
Columbus OH, July
1, 2008 |
Companies often have the necessary
information technology infrastructure tools already in place to
maintain a secure network, but typically fail to deploy them
properly. These basic tools - such as logs and system alerts - are
typically not turned on or are not monitored, according to Doug
Davidson, principal, Jacadis.
"While computer viruses continue to regularly make headlines, a
false sense of security is still prevalent among many corporations,"
Davidson said. "Without the proper process controls, a company's
technology infrastructure is exposed to heightened risk."
"We often hear, "We are secure because we have never been hacked,"
Davidson said. "Our response: 'How do you know?' Computer break-ins
are not like fires. There is not always smoke. On the other hand,
there are tools that allow the suspicious activity on a computer
network to be tracked. Changes in 'normal' behavior or other
anomalies are signs that something is amiss." In the examples that
follow, Davidson said, each client asserted that they were "secure":
- A company's web server had
been taken over as an electronic drop spot for stolen DVDs and
software. System log files showed this illegal activity had been
occurring undiscovered for almost two years.
- About to double its bandwidth
to the Internet, a public organization discovered that over 50%
of its rapidly growing Internet use was caused by employees
downloading MP3 music. In a surprising twist, Kazaa, the tool
used to search for and download files, was allowing thousands of
Internet outsiders to download music from the organization.
- A well known retailer provides
access to its product catalog through an active online commerce
site. Their privacy policy claimed customer information was
secure. But further inspection showed that customer information
was exposed to even casual explorers of the web site
"When companies say 'we are secure
because we have never been hacked,' they really mean 'we have not
noticed any harm, so we assume we are o.k.,'" Davidson said.
To combat this assumption, Jacadis recommends a renewed effort
toward maintaining visibility over the network, including:
- Use logging features, such as
syslog, on infrastructure devices and application servers to
baseline normal behavior. If you can't prevent the break-in, at
least be certain that you can determine what happened.
- Investigate excessive
failures, errors, or alerts found in log files. You won't always
discover a break-in, but you're sure to spot potential
configuration issues or imminent hardware/software failures.
- Regularly assess your network
for vulnerabilities through a formal vulnerability assessment.
- Add policy, procedural, and
technical controls that increase your visibility and ability to
respond to potential threats.
Jacadis LLC is an information
security consulting organization that helps companies identify,
prioritize and manage their security weaknesses and threats. More
information can be found at
http://www.jacadis.com. |
|
Prism Microsystems and
Jacadis partner to deliver managed services to Enterprises for
Security Information and Event Log Management |
Columbia MD,
June 23, 2008 |
Prism
Microsystems, an innovator in integrated Security Information and
Event Log Management (SIEM) and Change Management technology, today
announced a partnership agreement with Jacadis, a premier provider
of specialized information security services and solutions including
security assessments, vulnerability management and remediation, and
governance and compliance.
Powered by
EventTracker, Prism’s software-based solution offering both
real-time log management and change monitoring capabilities, this
agreement will enable Jacadis to provide customers with complete
security visibility into their IT infrastructures extending from the
network perimeter to the application layer for effective mitigation
of security breaches and confident compliance.
While regulatory
mandates such as Sarbanes-Oxley (SOX) and the Payment Card Industry
Data Security Standard (PCI-DSS) are driving the need for the
consolidation, analysis, reporting and regular review of log data,
increasingly organizations are taking proactive measures to prevent
malicious attacks on critical IT systems. A combination of Log
Management and Change Monitoring provides a multi-layered defense
and is imperative for enterprises to protect themselves in the
current threatscape.
“We are extremely
pleased to be working with Jacadis, who has tremendous experience in
the SIEM and Log Management market”, said Steve Lafferty, VP of
Marketing at Prism Microsystems. “The combination of our SIEM
offering and Jacadis’ expertise is significant for enterprises
looking to improve their security while investing minimal staff and
resources.”
“A lot of our
customers had been requesting a software-based security monitoring
solution as opposed to an appliance-based model, because of superior
scalability, flexibility and ease of use associated with the prior,”
said Doug Davidson, [insert title] at Jacadis. “Prism’s EventTracker
solution enhances our existing security services by allowing us to
collect, analyze, correlate, store and report on all log data in
real-time from multiple customer sites. Since it is software based,
we are able to easily scale to different sized implementations in a
cost-effective manner.”
Under the terms
of the agreement, Jacadis will manage and support EventTracker
implementations at various Jacadis client locations across North
America.
|
|
|
> email
info@jacadis.com
> phone
614.819.0151 > fax
614.819.0155
> mail
3535 Fishinger Road, Suite 210, Columbus, OH 43026
© 2001 - 2009 Jacadis LLC - all
rights reserved |
|
| |