InfoSec show preview
Written by Neil Ainger
Protecting your IT environment has never been more important with lots of new mobile payment applications and web-based offerings coming on to the financial services market, all of which are potentially vulnerable to attack unless appropriate security procedures are taken. The InfoSecurity Europe 2010 show at London's Earls Court on 27-29 April will showcase the latest threats, solutions and trends that you should know about, helping you to 'fight, the good fight'. Neil Ainger previews the event
The latest fraud figures from the UK Cards Association (UKCA) show that plastic fraud losses fell by more than a quarter last year to £440 million. Encouraging news indeed, brought about by chip and PIN, more sophisticated behavioural software at banks and schemes like Verified by Visa, but it wasn't all hunky dory - attacks against online bank accounts rose 14 per cent to £59.7 million. Criminals seem to be looking for new ways to defraud financial services customers; phishing attacks also saw a resurgence, rising by 16 per cent. The latest CIFAS UK fraud prevention service 2009 report, which questions its 260 plus membership, made up of banks retailers and others, about the prevalence of ID fraud also showed a rise last year, up by nearly a third, with the report highlighting criminal gangs, using collusive staff, as a particular threat.
As we all know, no protective measures are safe for long either. Just look at the recent case where researchers at the Cambridge University computing lab broke into the chip and PIN system, exposing vulnerabilities there once again. That's why keeping up to date with the latest threats, trends and countermeasures, such as access control solutions, customer authentication and so forth, is a key consideration for chief information security officers (CISOs) and other security professionals at financial institutions. The InfoSecurity Europe show will feature more than 200 exhibitors displaying their latest wares and 10,000 visitors, many of whom will be there for the education programme, which has many industry specific speakers, such as Travelex's CISO James Gay; Carl Froggert, a senior vice president at Citi; and Michael Paisley, head of information security and resilience at Santander. Marcus Alldrick, CISO at Lloyd's of London, and Stephen Bonner, information risk manager at Barclays (both of whom have appeared at FST IT security events), will also be presenting - respectively, on data and the end user.
The keynote speaker is Jonathan Bamford, assistant commissioner at the UK Information Commissioner's Office who will talk about the stronger enforcement (i.e. £500,000 fine) for data breaches introduced on 6 April and how he hopes this will encourage better data protection processes. Chris Potter, a partner at PricewaterhouseCoopers (PwC), will also once again report on the amount of data leaks in his annual Security Breaches Survey. The Business Strategy and Technical theatres will run numerous presentations covering social engineering; malware, virtualised data centres, and how to secure computing devices in an increasingly mobile world. Over 60 free seminars are available, exploring the key issues facing organisations today and the best technologies and policies to address them. In addition, the security workshop streams running each day and staffed by members of professional trade bodies, such as ISACA, ISC2, the ISF and BCS, will provide a short introduction to various themes like creating a third party security standard and governance, and then allow visitors to set the agenda. The 'free discussion' events should be stimulating.
• FST Magazine will be at stand M80 at InfoSecurity Europe
2010; come and visit us.
LanDesk, Stand E30 LanDesk seeks to deliver security and process management solutions to help IT teams at banks, insurers and others to automate and simplify the management of desktops, servers, and mobile devices. At the InfoSec show, Andy Baldin, vice president, EMEA, will be on stand to discuss various aspects of security, including anti virus systems; end point security; internet/ network security; intrusion prevention; and patch management.
PGP Corporation, Stand J30 The encryption specialist will be discussing its global comparative study into the cost of a data breach, which estimates that each piece of lost information in the financial services sector costs £86. Executives will be on stand to discuss the firm's recent announcements, including the acquisition of TC TrustCenter and ChosenSecurity. PGP will also host a seminar on 28th April at 10am examining the data protection challenges of tomorrow and providing a best practice guide to enterprise key management.
FireID, Stand N80 The FireID Authentication Platform for Banks provides transaction verification, authentication for mobile and online banking channels, and virtual private network (VPN) access for bank use. Using something the end-user already has, a mobile phone, FireID protects financial transactions against threats, such as man-in-the-browser attacks, and ensures that only legitimate payments are made. The FireID Platform eliminates the need for traditional token solutions by generating secure one-time passwords (OTP) on end users mobile phones, with no network connectivity required, to provide strong security for sensitive financial transactions.
Ipswitch Inc, Stand H105 Available for viewing will be file transfer software MoveIt and Ws_Ftp, which enable organisations to move valuable data around safely. The products currently deliver managed file transfer solutions to over 40 million users, from individuals up through SMEs to enterprise-level corporations. The new Ad Hoc Transfer module, which enables secure person-to-person file sharing using the convenience of a web browser or Microsoft Outlook, will also be on display. Former Gartner analyst, Frank Kenney, now vice president at Ipswitch, will also be on hand to discuss the topic of data breaches.
Redstone Managed Solutions, Stand G82 A paper entitled 'How To Exploit Cloud Computing Without Security Risks' will be presented by the company on 28 April, 12.40pm in the Business Strategy Theatre at InfoSecurity 2010. It outlines the best ways of exploiting cloud computing for business improvement and how to measure and mitigate the risks this approach poses to your organisation. A risk analysis model on cloud computing will be unveiled looking at what measures need to be taken to avoid the usual security threats and numerous products can be viewed on stand.
Cisco, Stand F15 At InfoSec this year Cisco is showcasing AnyConnect Secure Mobility, a new security architecture, which it says will enable business users to ensure information is accessible from any device and location with a high degree of ease and security. The expansion of Cisco TrustSec, which provides businesses with granular control over policy to maximise protection, will also be demonstrated by stand representatives, as will new additions to the Cisco IronPort web security appliance family and ScanSafe technologies.
IronKey, Stand J40 The new Trusted Computing Platform, available for viewing, helps protect financial services firms from sophisticated malware attacks, which are currently targeting online corporate banking transactions. It enables employees and corporate end user customers to run an entire desktop, including the operating system, specific applications and files, directly from a secure portable USB device, thereby preventing a criminal take over. IronKey's encrypted USB device can be centrally managed so the IT department will retain control of what can be accessed and can also encompass the latest desktop virtualisation technology. The system is particularly aimed at mobile workers and claims investigators in the field.
ExactTrak, Stand J45 Another USB memory stick and managed services monitoring capability with integrated AES 265 encryption, GPS and GSM, can be seen here. In addition, to a maximum of 16GB of user memory, the GPS and GSM combination gives users control of where their data is accessed, who is using it and the ability to remotely delete information if it gets lost. In conjunction with the monitoring platform, the GPS module provides real-time location details of the Security Guardian unit.
Thales, Stand F35 At the show this year Thales is a launching a 'dummies guide' to PCI DSS. The payment data security requirements have been on the agenda for a while now, but as they continue to evolve and affect more types of financial organisations, the guide will provide advice to businesses on how best to comply, particularly around protecting cardholder data. Thales will also be releasing research on PCI DSS compliance levels at the event.
Imperva, Stand D34 As the threat landscape evolves, hackers are becoming more industrialised and well resourced. Sophisticated, state-sponsored attacks are even a possibility these days, taking advantage of large-scale automation capabilities, such as a network of bots. Effective mitigation of such attacks must be automated too and timely, adapting to continuously shifting attack locations and techniques. At InfoSecurity Europe 2010, Imperva will showcase their new product in this area - the ThreatRadar. It's an add-on security service for the Imperva SecureSphere Web Application Firewall (WAF), which provides an automated defence. By integrating credible, timely information on known attack sources it can stop traffic from malicious sources.
ElcomSoft, Stand K54 Unveiled at InfoSec, the iPhone Password Breaker is a tool that enables forensic access to password protected backups for iPhone 2G, 3G, 3GS, and iPod Touch first, second, and third generation devices, enabling vital data to be retrieved. The new tool recovers the original plain-text password that protects encrypted backups containing address books, call logs, SMS archives, calendars, camera snapshots, voice mail and email account settings, applications, web browsing history and cache. The system can run various password recovery attacks, trying thousands passwords per second. It supports multi-core computer processing units, extended CPU instructions, and acceleration using GPU cards. The commercial version supports both NVIDIA and ATI video chips that accelerate the recovery process enormously. Whereas the beta version is limited to wordlist-based attacks only, the full version will support an advanced dictionary attack with customisable permutations. The iPhone Password Breaker also supports Windows XP, Windows Server 2003, 2008, and Vista or Windows 7 with x32 and x64 architectures.
Astaro, Stand J25 The unified threat management (UTM) provider will be displaying its Astaro Red system, which can secure remote offices or assist home workers. It can be centrally configured via the Astaro Security Gateway located at headquarters, which automatically distributes configuration details to the appliance. By forwarding all traffic to the central ASG, Astaro Red provides complete UTM security even for the smallest remote office, eliminating the need for expensive site visits and maintenance. The firm will also be previewing its upcoming WiFi management solution, as well as a cloud-based email archiving service in London on 27-29 April.
St. Bernard Software, Stand K45 The iPrism 6.4 web gateway appliance is a hybrid remote filtering platform that St. Bernard asserts does not require a VPN to be effective. Using a combination of iPrism Remote Filtering Client (for both Windows and Macs) and a powerful data centre cloud service, iPrism Remote Filtering delivers comprehensive internet security to all off-premise users, as the vendor hopes to demonstrate on 27-29 April.
Panda Security, Stand M70 Specialist cloud-based security products will be available to view on stand, including the Panda Cloud Protection offering; a security service hosted by the vendor that it says offers uninterrupted, hands-off protection for endpoints and email, and allows companies to reduce security investment on hardware, software and IT personnel down to an affordable service fee, leaving infrastructure and solution maintenance in the cloud. In addition, the firm will be part of the Discussion Den conference stream, discussing Securing the Cloud vs. Security Services in the Cloud.
Lumension, Stand H50 The company will be showcasing its risk manager and endpoint management security suite at the show. The former is designed to help firms demonstrate continuous compliance and improve their security posture by automating audit workflows and harmonising controls with policy requirements. Via its partnership with Network Frontiers' Unified Compliance Framework, Lumension says it can extend support to over 420 regulatory requirements with 26,320 citations mapped to over 2,500 harmonised controls, including the Financial Reporting Council, Combined Code on Corporate Governance, UK Data Protection Act, and ITIL Planning to Implement Service Management.
The endpoint suite with Wake-On-LAN functionality delivers a distributed relay-based architecture that provides IT managers at financial institutions with full schedule control over maintenance windows, enabling optimised remote management and configuration of endpoints during and outside business hours. Firms can 'wake up' powered down machines during off hours, apply required patches and policies and allow affected machines to power down according to centrally managed policies, ensuring critical system updates get through.
CryptoCard, Co-located at Stand G20 The vendor helps financial services companies mitigate the risk of identity theft by using appropriate authentication to secure digital identities. Internal staff can work from anywhere and carry out their web-based business securely, or end users can log-on to access accounts. New authentication software, SMS, phone and grid authentication tokens will be on display at Earls Court, alongside a cloud-based authentication platform.
Wick Hill, Stand G20 Reseller and installation expert, Wick Hill will be displaying various offerings from vendors like CheckPoint, CryptoCard, Kaspersky, WatchGuard, Barracuda, Vasco, Netgear, ArcSight, and Open Text, among others, alongside convergence solutions from telco partners Samsung and Oak. Foremost among the options will be the first UK exhibition appearance for WatchGuard's new Extensible Content Security (XCS) solution, which provides in-depth data loss prevention for the email and web channels. The latest version of Checkpoint's modular software blades and full disk encryption for PCs and laptops will also be on show, together with Netgear's recently launched ProSecure unified threat management (UTM) offering.
Mimecast, Stand G101 Mimecast will highlight the importance of mobile continuity in messaging environments to boost productivity and revenue regardless of location. The company will demonstrate how unstructured data contained on email can be effectively archived and managed regardless of the mobile devices they are distributed through. The vendor's continuity service can provide a seamless experience to the user in the event of an outage.
The company's Software-as-a-Service solution also provides organisations with a secure email archiving environment and continuity strategy in the cloud. It can be seamlessly integrated with on-premise Exchange, deployed in just a few hours and deliver immediate value to any organisation. Financial institutions can search up to 10 years of emails, more than enough for most regulations. The threat of errant internal and external emails can also be reduced with its Data Leak Prevention capability, which will on display, and can ensure almost 100 per cent uptime with a strong Service Level Agreement.