> news










Jacadis and Ohio Dominican University receive 2008 Campus Technology Innovator Award
Columbus OH, July 7, 2008
Jacadis and Ohio Dominican University have been recognized as one of Campus Technology’s 2008 Innovators to be featured in the August issue of Campus Technology magazine. The editors of Campus Technology thoroughly reviewed and selected 14 innovative campus technology initiatives in diverse categories from just under 300 remarkable case studies. The nomination they accepted was for the school’s information security renovation project.

Join us at the Campus Technology Conference and Expo at the Westin Waterfront Hotel in Boston, July 28-31. Among the events at this week long higher education oriented trade show will be a presentation of the Innovator 2008 awards.

Jacadis Debunks Common Internet Security Myth:
We are secure because we have never been hacked"
Columbus OH, July 1, 2008
Companies often have the necessary information technology infrastructure tools already in place to maintain a secure network, but typically fail to deploy them properly. These basic tools - such as logs and system alerts - are typically not turned on or are not monitored, according to Doug Davidson, principal, Jacadis.

"While computer viruses continue to regularly make headlines, a false sense of security is still prevalent among many corporations," Davidson said. "Without the proper process controls, a company's technology infrastructure is exposed to heightened risk."

"We often hear, "We are secure because we have never been hacked," Davidson said. "Our response: 'How do you know?' Computer break-ins are not like fires. There is not always smoke. On the other hand, there are tools that allow the suspicious activity on a computer network to be tracked. Changes in 'normal' behavior or other anomalies are signs that something is amiss." In the examples that follow, Davidson said, each client asserted that they were "secure":
  • A company's web server had been taken over as an electronic drop spot for stolen DVDs and software. System log files showed this illegal activity had been occurring undiscovered for almost two years.
  • About to double its bandwidth to the Internet, a public organization discovered that over 50% of its rapidly growing Internet use was caused by employees downloading MP3 music. In a surprising twist, Kazaa, the tool used to search for and download files, was allowing thousands of Internet outsiders to download music from the organization.
  • A well known retailer provides access to its product catalog through an active online commerce site. Their privacy policy claimed customer information was secure. But further inspection showed that customer information was exposed to even casual explorers of the web site

"When companies say 'we are secure because we have never been hacked,' they really mean 'we have not noticed any harm, so we assume we are o.k.,'" Davidson said.

To combat this assumption, Jacadis recommends a renewed effort toward maintaining visibility over the network, including:

  • Use logging features, such as syslog, on infrastructure devices and application servers to baseline normal behavior. If you can't prevent the break-in, at least be certain that you can determine what happened.
  • Investigate excessive failures, errors, or alerts found in log files. You won't always discover a break-in, but you're sure to spot potential configuration issues or imminent hardware/software failures.
  • Regularly assess your network for vulnerabilities through a formal vulnerability assessment.
  • Add policy, procedural, and technical controls that increase your visibility and ability to respond to potential threats.

Jacadis LLC is an information security consulting organization that helps companies identify, prioritize and manage their security weaknesses and threats. More information can be found at http://www.jacadis.com.

Prism Microsystems and Jacadis partner to deliver managed services to Enterprises for Security Information and Event Log Management

Columbia MD, June 23, 2008

Prism Microsystems, an innovator in integrated Security Information and Event Log Management (SIEM) and Change Management technology, today announced a partnership agreement with Jacadis, a premier provider of specialized information security services and solutions including security assessments, vulnerability management and remediation, and governance and compliance.

Powered by EventTracker, Prism’s software-based solution offering both real-time log management and change monitoring capabilities, this agreement will enable Jacadis to provide customers with complete security visibility into their IT infrastructures extending from the network perimeter to the application layer for effective mitigation of security breaches and confident compliance.

While regulatory mandates such as Sarbanes-Oxley (SOX) and the Payment Card Industry Data Security Standard (PCI-DSS) are driving the need for the consolidation, analysis, reporting and regular review of log data, increasingly organizations are taking proactive measures to prevent malicious attacks on critical IT systems. A combination of Log Management and Change Monitoring provides a multi-layered defense and is imperative for enterprises to protect themselves in the current threatscape.

“We are extremely pleased to be working with Jacadis, who has tremendous experience in the SIEM and Log Management market”, said Steve Lafferty, VP of Marketing at Prism Microsystems. “The combination of our SIEM offering and Jacadis’ expertise is significant for enterprises looking to improve their security while investing minimal staff and resources.”

“A lot of our customers had been requesting a software-based security monitoring solution as opposed to an appliance-based model, because of superior scalability, flexibility and ease of use associated with the prior,” said Doug Davidson, [insert title] at Jacadis. “Prism’s EventTracker solution enhances our existing security services by allowing us to collect, analyze, correlate, store and report on all log data in real-time from multiple customer sites. Since it is software based, we are able to easily scale to different sized implementations in a cost-effective manner.”

Under the terms of the agreement, Jacadis will manage and support EventTracker implementations at various Jacadis client locations across North America.

> email info@jacadis.com   > phone 614.819.0151   > fax 614.819.0155
> mail 3535 Fishinger Road, Suite 210, Columbus, OH 43026

© 2001 - 2009 Jacadis LLC - all rights reserved