Why is it a big deal for Windows 7 anyway?

According to Wireless Security expert, AirTight Networks, there are a few reasons why Windows7 Virtual AP is something the security administrators should be worried about.

The Operating System provides for it:

Now that this feature is provided as a part of your daily use software, user’s perception of threat from it will all but disappear.

Earlier to Windows7, a specialized operating system or at least additional software needed to be installed before users could create a soft AP; this is a large barrier for most people; or at least it forced users to think twice. In case of most enterprise assets, installing additional software would be restricted in any case. True; you can still use features like Active Directory Group Policies to prevent laptop users from turning on the soft AP, but setting up group policies is cumbersome and complicated; and in this specific case administrators will have to prohibit the use of entire ‘net’ set of commands.

The Need to Connect:

Users now have a complete zoo of devices that need to connect to each other. Smart phones, cameras, music players, gaming consoles, etc. all come with built in WiFi. If the Laptop can also function as an AP, it is so much more convenient than installing a physical AP. Also, remember this network travels with the Laptop! And if the laptop has 3G connectivity, the soft AP is even more ‘needed’ as all the other devices can get to the internet – even on the go!

And when these laptops come into the enterprise, it is almost given that that the soft AP will continue to function.

Simultaneous operation:

One huge difference between the earlier soft AP implementations and the one provided with Windows7 is that in earlier cases the operation was limited to one operation at a time. When the card was configured as a soft AP, it could not operate as a client and vice-versa.

With Windows7 as both operations (AP and client) can operate simultaneously, users do not have to bother with switching the mode of operation and hence it is all the more likely that home or on the road configuration will continue to operate even when the laptop is in the enterprise environment.

Read more about the post at AirTight's blog here: http://blog.airtightnetworks.com/windows7-virtual-ap-why-is-it-a-big-deal-now/#more-1089

Read from our earlier post on what is a Soft AP. http://www.blog.acw-group.com.sg/2009/11/are-you-getting-hit-on-soft-spots-in.html

What is your Virtualization Strategy?

ACW launches Virtualization in 3D campaign to add in Storage Virtualization as an added dimension to your Virtualization Strategy

DataCore provides the storage virtualization software necessary to tackle storage-related challenges inherent in every virtualization project.

Failing to address these challenges independently of the brands and models of storage equipment selected will undermine any attempts at a virtual infrastructure.

DataCore™ storage virtualization software is as important, financially and operationally, to a successful virtual infrastructure project as are the server and desktop virtualization aspects.

Get your Complimentary Whitepaper Downloads on the following topics:

1. An IDC Viewpoint - Removing Storage-Related Barriers to Server and Desktop Virtualization
- What makes server, desktop, and storage virtualization attractive?
- Key Considerations When Choosing a Storage Virtualization Software Solution
- What are the Challenges to Implementing Virtualization?

2. Just Enough Space, Just-in-Time
- DataCore answers "Virtual Capacity"

Click here to begin your download or visit http://www.acw-group.com.sg/datacore3D

Ease of Deployment Drives Adoption of ForeScout CounterACT

Despite the recession and analyst predictions of slowed NAC adoption, ForeScout closed the fourth quarter and 2009 fiscal year on December 31 with double digit growth, significantly increasing its market share in the network access control products market. Its fourth year of steady gains, ForeScout is second only to Cisco in a market which analyst firm Frost and Sullivan predicts will grow to $295.8 million by 2015.

Throughout 2009 ForeScout received a number of positive reviews and accolades from the press. ForeScout received awards from InfoWorld, SC Magazine, Info Security Products Guide and Government Security News.

Demand for ForeScout Driven by Increasing Need for Economical and Easy-to-Implement solutions designed to reinforce desktop security and protect sensitive data.

Organizations are finding that the money they have poured into desktop security tools -- such as antivirus, encryption, data loss prevention, and patch management - is often wasted because those systems are not fully deployed, not active, or not up-to-date. ForeScout CounterACT can provide real-time visibility into every device on the network, both known and unknown, can identify gaps in protection, and can automatically correct endpoint security problems.

Eighty percent of ForeScout's new and existing customers are Cisco shops who have chosen ForeScout CounterACT over Cisco NAC because ForeScout CounterACT is more cost effective and easier to deploy and manage. ForeScout has provided these organizations with a solution that leverages and augments existing infrastructure, rather than needlessly replacing, upgrading or reconfiguring the existing network.

“Our customers and prospects are always looking at ways to reduce costs while improving productivity and security. The recession accentuated this trend,” said Gord Boyce, President and CEO of ForeScout. “ForeScout's success in tough economic times is because we enable both productivity and security.”

During 2009 ForeScout added 150 new customers in a variety of vertical markets including manufacturing, financial, government, telecom, transportation and healthcare. This represented a significant increase in ForeScout already extensive customer base.

Providing real-time visibility into every device on the network, both known and unknown, CounterACT can detect whether existing security tools such as antivirus, encryption, data loss prevention, and patch management are completely deployed or non-operational. Once this is determined CounterACT will automatically remediate security deficiencies by updating antivirus, installing and/or activating DLP agents. The result is better security and greater ROI on a company's existing security investments.

Join TalariaX at The 6th Banking and Finance Technology Forum Asia

TalariaX, the leading SMS technology provider will be showcasing the latest SMS technology that increase productivity and improve workflow processes and efficiencies at The 6th Banking and Finance Technology Forum Asia - Singapore.

The 6th Banking & Finance Technology Forum Asia - Singapore
4-5 March 2010 (Thu & Fri)
The Marina Mandarin Singapore Hotel

Synopsis
At Banking & Finance Technology Forum, senior-level bank executives will gather to network, learn and share the best practices and strategies that are helping them lead their organizations out of the downturn and into the future of banking. Participants have access to the innovative and successful leaders who are redefining the ways banks interact with their customers, finding more transparent and effective ways to manage risk, and achieving much more efficient, productive and profitable operational and transactional processes.

FORECAST on the roadmap ahead for maximum optimization of IT investments
BUILD an evolving, business-oriented SOA architecture in a changing business environment
CAPITALIZE on the enormous potential of key growth of multiple banking channels
STRATEGIZE on the future of Green IT in your company
MEASURE the ROI of your banking IT investments
DISCOVER the latest banking technology trends in the market
ADOPT the latest social networking tools to stay ahead in customer servicing and retention

Find out more about the event at the event website at http://www.euro-events.com/conf/2010/bftf/sg/main.asp

See you there!

Is Asia Ready for IT Security Governance?

Terry was in Asia recently and having met the regional partners and held discussion on IT security regulations specific to web applications and databases. He was able to give some insights to how ready Asia is. For IT Security Governance.

There was no surprise that PCI was at the top of the list followed by SOX for some international companies, primarily American, and then a short list of ISO and country specific regulations.

Question: "Will SecureSphere support the legislation?"
Each partner had a different local requirement usually still being defined or just about to become officially enforced. In each case Terry was confronted by the partners with the same question,

Answer:
If the legislation requires web application security and/or monitoring, and/or defines requirements for securing and/or monitoring database and data access, the answer is 'yes'. The reality that I have experienced so far has been that while there are various data security regulations, they all typically require the same fundamental output. Data privacy regulations, regardless of the industry or country, at a minimum, require complying organizations to restrict and/or monitor (audit) who has access to, and to what degree they have access to, the data that must be regulated.

Why?
This, of course, is quite easy for SecureSphere since it has the ability to secure and monitor (audit) any aspect of database and application activity. All that is required of the administrator is to know what elements of data access should be monitored to comply with the regulation and to configure SecureSphere to secure and/or monitor that activity.
Of course, SecureSphere is pre-configured with the most common regulations, but as I say, it can be easily configured to meet even the most obscure legislation.

Conclusion
There are some regulations in development for various countries, but they have yet to be ratified. Additionally, some countries have existing regulations, but have yet to include IT data to the requirements and are still very much focused on the 'paper' books rather than electronic data. Having worked extensively in various locations around the globe, it's always interesting to see the considerable differences from region to region and country to country.

To see the full post on Imperva's blog:
http://blog.imperva.com/2010/02/asia-it-security-governance.html