Information Rights Management Monitor

Inside threat strikes again

2011-11-21T23:48:00.000-08:00

Ministry of Justice in Israel revealed last week of how personal information fell into the hands of unauthorized parties and was leaked over the internet. The leaked information included personal information of more than 9 million Israeli citizens. The leakage occurred during 2007.

It was revealed that this incident of information theft was carried out by an out-sourced contractor. During his work, he had access to the Population Register. He downloaded the information to his personal compute. This information included names, ID numbers, birth and death dates etc' of the entire Israeli population. After he was fired due to other felonies he passed this stolen information to another customer of his and thus the information got out of control, so much so that, a software was developed and distributed online, allowing anyone who downloaded the software to see the information.
" This case illustrates once again that organization's information is actually exposed to everyone, employees ,sub-contractors or anyone with access who can use it at will. “Information centric approach is the only viable solution and approach; attempting to prevent download or movement of such a file cannot be full proof, only persistent protection can ensure authorized use even after the file has been stolen. SmartCipher goes a step further by , for example, limiting the use of the file only to approved computers or locations ” , says Doron Zinger, Covertix newly appointed CEO

This case also puts in question the ability to ensure the confidentiality of the proposed biometric database of Israel’s residents.

Covertix Appoints Doron Zinger as CEO

2011-11-08T00:04:00.000-08:00

Covertix announced today that Doron Zinger has been named as the company’s new CEO. Doron succeeds Alon Samia, who founded Covertix together with Tzach Kaufmann, the company’s CTO, and will continue to advise the company as an active board member.

Doron joins Covertix with the goal of accelerating the company’s global sales and developing strategic partnerships with leading vendors of complimentary solutions.

Doron’s appointment as the new CEO comes at a dynamic point in the company’s growth as the demand for Covertix’s IRM solution is increasing rapidly and the company is penetrating new markets. Covertix is currently growing its enterprise customer base and expanding across Europe.

Doron previously was the COO and Executive Vice President of ECI Telecom, CEO of VocalTec Communications, Venture Partner at Giza Venture Capital and CEO of RiT Technologies. Prior to his appointment as CEO of Covertix, Doron served as a leading management consultant in Israel, advising technology companies at their initial stages of revenue generation on building successful growth strategies and operational plans.

“The recruitment of Doron as CEO is a major accomplishment for Covertix,” said Amos Talmor, Chairman of Covertix. “Doron brings exceptional executive leadership and proven experience that will enable Covertix to capitalize on the market opportunities for IRM solutions and develop into a market leader.”

“Covertix offers a unique approach to file-level security for which there is a clear need and tremendous market potential,” said Doron Zinger, new CEO of Covertix. “I feel confident that I am joining Covertix at the right point in time and look forward to leading the growth of the company.”

Anat Kam Affair - The End?

2011-11-03T02:36:00.000-07:00

Former IDF soldier Anat Kam, who was convicted of illegally possessing classified IDF materials and passing them on to a reporter without authorization, was sentenced to four and a half years in prison and 18 months of probation.

In January of 2010, Kam was indicted for handing Haaretz reporter Uri Blau some or all of more than 2,000 classified army documents that she had stolen during her army service. The documents stolen by Kam contained the plans of military operations and other extremely sensitive information.

"This entire event could have been prevented if the files were protected, using SmartCipher SmartPolicy, utilizing file monitoring and alerts capabilities or good old file level protection" says Alon Samia, CEO and founder of Covertix.

This case illustrates once again that the organization's information is actually exposed and is in danger of misuse by authorized users. SmartCipher could have detected that a worker (Anat Kam) is downloading a large number of files and immediately alerted of the violation. . Further more, once such a suspect was identified, the system could have automatically encrypt only the documents that were exposed ensuring persistent protection.

Protecting the files inside the organization is important but it is definitely not enough!!!

No one is immune - It can happen to Wikileaks too

2011-09-10T23:18:00.000-07:00

No organization today is immune from information abuse – not even Wikileaks!

The German news magazine Spiegel recently published an article about how US State Department cables obtained by Wikileaks were released on the Internet by an insider within the Wikileaks organization. The article titled Accidental Release of US Cables Endangers Sources details an ongoing conflict between two senior members of the Wikileaks organization. This internal conflict between WikiLeaks founder Julian Assange and his former German spokesman Daniel Domscheit-Berg led to a collection of over unedited 250,000 US State Department documents being released on the Internet. Despite the released files having some form of encryption, the sources of these US State Department files have been exposed, meaning that the lives of the informants could be potentially at risk.

“This storyline has information abuse written all over it from every angle,” said Alon Samia, CEO and Co-founder of Covertix. “It clearly demonstrates that sensitive information must be protected at its source – the file in which it is contained.”

Despite the multitude of information and network security mechanism in place, these US State Department files made their way untouched from the US government to Wikileaks.

Covertix Named a 2011 Emerging Technology Vendor

2011-09-07T11:10:00.000-07:00

Covertix included in annual list for its innovative technology and channel approach to information leakage prevention and sensitive data security. The CRN Emerging Technology Vendor list identifies new companies that are leveraging channel strategies to bring innovative and easy-to-use technologies to market.

The vendors that make up the CRN Emerging Technology Vendor list were founded in 2005 or later, have revenue under $1 billion and have an active U.S. channel strategy. Final selection to the Emerging Technology Vendor list was made by the CRN editorial team after a review of submitted information.

“We are currently ramping up our channel recruitment efforts and this recognition from CRN as an Emerging Technology Vendor is a great compliment,” said Alon Samia, CEO and Co-founder of Covertix. “Channel partners are attracted to our IRM solution for our innovative approach for protecting sensitive information at the file level in order to significantly reduce the constant exposure to information abuses faced by every business and organization.”

Cyber threats require focusing information security efforts only on most critical data

2011-08-08T06:33:00.000-07:00

Organizations trying to protect themselves from cyber threats need to abandon the old information security doctrine of protecting all their data and should focus instead on protecting their most critical and valuable data, according to a new report published by the Security for Business Innovation Council (SBIC).

Source: SBIC report

The report titled, When Advanced Persistent Threats Go Mainstream, concludes that for many organizations, tackling cyber threats requires adopting fresh approaches and whole new ways of thinking about information security.

“Confronting APTs (Advanced Persistent Threats) means giving up the idea that it is possible to protect everything. This is no longer realistic,” SBIC said. “Security teams will have to work closely with the business to identify the organization’s most critical information and systems (the ‘crown jewels’) in order to concentrate efforts on protecting these core assets.”

The authors, who based their findings on top information security leaders from 1,000 global enterprises, noted that this required moving away from a perimeter-centric view to a targeted protection approach.

“Focusing on fortifying the perimeter is a losing battle. Today’s organizations are inherently porous. Change the perspective to protecting data throughout its lifecycle across the enterprise and the entire supply chain,” the authors said.

They added that the definition of successful defense had to change from “keeping attackers out” to “sometimes attackers are going to get in; detect them as early as possible and minimize the damage.”

Source: SBIC report

Intellectual property should be protected mainly from insiders

2011-07-27T05:52:00.000-07:00

Insiders are at least three times more likely to steal intellectual property (IP) from their employers than outsiders, according to a study conducted by the Verizon RISK Team with cooperation from the US Secret Service and the Dutch High Tech Crime Unit.

The “2011 Data Breach Investigations Report” indicates that despite the fact that IP was ranked low in the number of records in 2010, it had a much higher financial impact than other sources of data breach.

For many organizations, intellectual property is the basis of their foundation and existence. Intellectual property, such as contracts, RFPs, research papers, product specifications, customer records and more, is shared by various storage devices and data networks, exposing the organization to the risk of intellectual property theft. Since companies need to collaborate with contractors, partners and customers, while at the same time protecting their IP, they must utilize comprehensive security measures.

Protecting the organization’s network alone is not sufficient, as the organization is vulnerable, as the report indicates, to IP theft by employees and partners, and companies should look for tools which provide information and control over how sensitive information is used and by whom.

The report defines internal threats as those originating from within the organization, including company executives, employees, independent contractors, interns, and so on, as well as internal infrastructure.

“Our data shows that external agents target servers and applications and end-user systems most of time. The assets targeted by insiders vary among all types of assets,” the authors concluded.

“We believe this is one of the (many) reasons that insider threat is difficult to control. They have access to a plethora of assets and know where and how to obtain data from them.”

Related Articles
Survey: 20% of global managers admit falling victim to insider threat

Covertix enters UK market, in talks with distributers and VARs

2011-07-21T07:15:00.000-07:00

As part of its overall strategy to expand its European presence, Covertix is currently in talks with British distributors and VARs interested in representing the company in the United Kingdom.

The move follows the successful experience of entering the French market in which Covertix already has several large clients. Covertix is still looking, however, to also find a local distributor in France with special expertise in information and data security.

“It is only natural that after we have successfully entered the French market, we will move on to other European markets,” said Alon Samia, CEO and co-founder of Covertix. "We have decided to focus now on the British market as we see great potential there. I hope that we will soon finalize the appointment of a local distributor or high quality VAR so that British companies will also be able to protect their data by using our technology.”

According to a report published earlier this month by the British Information Commissioner’s Office (ICO) , only 20 percent of businesses contacted accepted an offer to undergo free data protection audits.

The results follow last year’s enhancement of the powers of the ICO to fine organizations up to £500,000 ($813,000) for serious breaches of the Data Protection Act.

Covertix decided to accelerate efforts to expand its European reach after French venture capital fund Kima Ventures, in January 2011, made a strategic investment in Covertix. Since then the company has managed to attract several large French institutions and is now looking to move into other European countries.

In May, Covertix recognized received the 2011 Red Herring Top 100 Europe award presented by the prestigious Red Herring Magazine as one of this year’s most promising private technology ventures coming out of Europe.

Half of IT Indian Outsourcing Service Providers Victims of Inside Threat

2011-07-06T07:14:00.000-07:00

Information technology (IT) service providers in India admit that “insider threat” is becoming a greater concern, according to a survey published last week conducted by the Data Security Council of India (DSCI) and global accounting giant PwC.

The report, titled “The Threat Within,” indicates that most data breach cases in the IT and business process outsourcing (BPO) industry are carried out by inside employees.

The study, which included 13 service providers, shows that more than 50 percent revealed that insiders, who are not working in the IT department and don’t have privileged access, have carried out insider attacks.

It is interesting to note, however, that 89% of service providers resolved insider data breach cases internally and only 22% of service providers initiated legal action against perpetrators.

“The report highlights two disturbing points that are often neglected,” said Tzach Kaufman, CTO and founder of Covertix. “The first is that in the age of outsourcing and collaboration, companies don’t have full control over their own sensitive information. The second is that when a data breach occurs while the information is held by a service provider, the issue might be settled internally without informing the company that it fell victim to the data loss.”

Kaufman added that companies that share information with clients, customers, suppliers and service providers need to protect themselves against the inside threat. This is done by using sophisticated Information Right Management (IRM) solutions to ensure that security policies are kept even when files travel outside of the pre-defined framework of protection.

The survey also indicated that despite the fact that clients require service providers to conduct employee background verification processes, these checks are not standardized as providers are subject to client-driven data.

More than half of the respondents said they believed that social engineering and “someone else’s computer account” was used by insiders. At the same time, 67% of service providers and 75% of their clients believed that unintentional exposure of private and sensitive information was still one of the major challenges in the industry.

IT Security Managers Are Also Human

2011-06-27T00:43:00.000-07:00

A recent survey indicates that even IT security professionals, who are supposed to be highly aware of security policies, carry sensitive data on unprotected mobile devices.

The survey, conducted by European IT Storage manufacture Origin Storage among IT security professionals at Infosecurity Europe, revealed that 41 percent of respondents stored confidential information on portable devices such as a laptop, USB and CD.

The findings indicate that even those who are perceived as security savvy can fail to follow the basic security policies. In the report, 19% of respondents admitted that their organization had suffered a data breach following the loss of portable devices and 54% disclosed that the devices had not been encrypted.

Moreover, 37% confessed that between 81% and 100% of all sensitive data stored on their devices were actually left unprotected.

The worrying figures show how prevalent the “human factor” is, and point to the fact that solutions, which focus on devices (full hard disk encryption, encrypted USB, etc), have failed to solve the problem.

They also indicate that technologies already employed at the DLP (Data Loss Prevention) space are not sufficient. The only viable approach, therefore, is a data-centric solution that protects the data wherever it goes. Instead of protecting the whole system, companies should focus on protecting each document at the file level. That is exactly what IRM (Information Rights Management) does.

The fact that even experts, who are expected to be more cautious, are responsible for such information breaches raises serious considerations about what can be expected from a typical business user. Responsibility for information security needs to start at the file level and should be centrally managed to ensure consistent and continuous protection.

Related Articles
Survey: 20% of global managers admit falling victim to insider threat

10% of IT managers keep access to systems of previous work places

Report: 75% of organizations don't use any DLP security tools

Department of Defense: Security Policy Inapplicable for Corporate World

2011-06-20T01:05:00.000-07:00

The Washington Post recently reported that in the wake of the WikiLeaks affair, the US security establishment has taken steps aimed at preventing future data breaches.

According to the report, the United States Department of Defense (DoD) has decided to:

Disable the “write” capability on most computers in SIPRNet, the military’s secret-level classified network.
Issue 500,000 smart cards with special identity credentials required to log on to SIPRNet.
Work with the Office of the National Counterintelligence Executive to create a formal insider threat program.
Pilot insider threat detection technology developed by the National Security Agency.
Develop an information technology audit to identify suspicious behavior on all Department of Defense information systems.

Obviously, the Department of Defense is not the only organization that is trying to prevent data breaches. The main problem, however, is that other, smaller entities can’t afford to adopt similar measures.

“We’re very aware of the need to share information on behalf of the war-fighter,” Col. Sean Broderick, senior analyst working for the Pentagon chief information officer, told the Post. “Our goal is to deploy tools that ensure people have access to the data they need and appropriately restrict access to data they don’t need.”

This reflects the basic need of many organizations to share confidential information with workers and business partners. Very few large and resourceful bodies, such as the US Department of Defense, can choose to adopt extreme measures such as disabling write capabilities and using smart cards. In reality, most businesses can’t afford such moves because of the costs associated with it and because they fear it will be translated into operational disturbance.

"This is exactly the reason why a growing number of companies have turned to IRM (Information Right Management) solutions, which ensure the authorized usages of information," said Tzach Kaufman, CTO & Founder of Covertix. "By using advanced solutions such as those offered by Covertix, organizations can track and audit information to gain visibility into the process."

This allows organizations to first try to identify who is leaking the information before they move to actually block access to the information.

The bottom line is that organizations of any scale don’t need to have the resources of the US security establishment to ensure that they will be able to safely and easily share information for the benefit of their businesses.

Conclusions from Lockheed Martin Cyber-attack

2011-05-30T00:32:00.000-07:00

The full implications of the cyber-attack on US defense firm Lockheed Martin are still unclear and the extent of the breach has not yet been fully revealed.

It is clear, however, that when trying to avoid a targeted attack it is not enough to protect the overall system and there is a clear need to secure the most critical information separately.

Moreover, organizations should also prepare themselves for a scenario in which vital information is stolen by ensuring that it can't be used if it ends up in the wrong hands.

“Organizations should realize that there is no way to provide absolute protection against such attacks. Cyber-criminals and cyber-terrorists are becoming more sophisticated and it is only a question of time before they succeed,” said Alon Samia, CEO and co-founder of Covertix.

“Institutions that keep sensitive information should, therefore, apply a second line of defense protecting the sensitive data on the file level, ensuring that even if the document is stolen it can’t be used.”

Samia said that by protecting sensitive files with security policies on the file level, the data can be safeguarded even after it left the organization.

“There is a clear need to differentiate between the organization’s general data and specific data that can’t be lost under any circumstances,” Amos Talmor, executive chairman of Covertix, added. “This critical information represents only three to 10 percent of overall data and should be protected separately against unauthorized usage.”

According to Talmor, the critical information should be protected on the file level assuring that no unauthorized user would have access no matter where the file was located.

“The focus should be on the situation in which the file is opened no matter where it is,” he said. “If there is an Information Rights Management system installed, even if an outside targeted attack succeeds, the chances that the hackers will be able to use critical information is almost nonexistent.”

“Lockheed Martin is a clear example that encryption by itself is not enough,” said Samia. “In this case, they have apparently used counterfeit electronic keys to steal information. After they stole it, how do you ensure they won’t be able to use it once it lands on an unauthorized computer or out of the company’s network.”

Covertix Wins 2011 Red Herring Top 100 Europe Award

2011-05-26T01:29:00.000-07:00

Covertix has received the 2011 Red Herring Top 100 Europe award, a prestigious list recognizing this year's most promising private technology ventures coming from Europe.

Red Herring selected Covertix from a pool of hundreds of business startups from across Europe. The nominees were evaluated on both quantitative and qualitative criteria, such as financial performance, technology innovation, quality of management, integration into their respective industries, and execution of strategy.

“Wikileaks and other related scandals demonstrate that existing technological approaches for information leakage prevention provide only limited security coverage and that organizations still need to better protect their sensitive data,” explained Alon Samia, CEO and Co-founder of Covertix. “We are proud to be named a Red Herring Top 100 Europe company and see this award as recognition of the growing importance of Information Rights Management and our innovative approach to solving a problem faced by every organization.”

Previous winners of the Red Herring Top 100 award include technology leaders such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, and Ebay.

Carmel Technologies to represent Covertix in France

2011-05-24T12:27:00.000-07:00

Covertix has entered into a partnership with French IT company Carmel Technologies, which will become Covertix’s reseller in France and will provide support to its local customers.

The move is part of Covertix’s efforts to expand its operations into the growing French market. Since venture capital fund Kima Ventures made a strategic investment in Covertix, the company has significantly increased its activities in the lucrative French market and has acquired a number of large customers. Among others, Covertix is currently implementing its software at one of France’s largest e-commerce companies and has several other local clients.

“We chose Carmel Technologies because they have a proven track record of bringing innovative technologies into the French market,” said Alon Samia, CEO and co-founder of Covertix. “We found them to be very professional and real experts in the field of computer security. The fact that they are currently distributing the products of leading security companies such as Symantec is a clear proof of their strong position in the domestic market.”

“We are very proud to be the first Covertix partner in French territory,” said Alain Takahashi, CEO of Carmel Technologies. “Covertix’s solution is by far the most advanced IRM solution on the market and it has created a lot of interest among our largest customer accounts."

Carmel Technologies specializes in information security and technology integration. The company has an experienced team of security integration consultants and engineers who assist customers in implementing effective security technologies to reduce risk and ensure compliance.

Carmel Technologies is based in Lyon and has more than 200 customers all over France, including 65 percent of the companies included in the large cap CAC 40 French Stock Market index. Carmel is part of Hermitage Technologies Group founded in 1998.

Related Articles
Covertix expands staff; moves to new headquarters

French venture capital fund Kima Ventures invests in Covertix

Covertix Selected as Finalist for 2011 Red Herring Top 100 Europe Award

2011-05-19T03:21:00.000-07:00

Covertix has been selected as a Finalist for the 2011 Red Herring Top 100 Europe award, a prestigious list recognizing this year's most promising private technology ventures coming from Europe.

Finalists for the 2011 Red Herring 100 Europe award are selected based upon their technological innovation, management strength, market size, investor record, customer acquisition, and financial health.

As a Finalist for the Red Herring 100 Europe award, Covertix will be presenting at the Red Herring Europe Forum in Amsterdam, May 23-25, 2011.

“This is a great achievement for our company and we are tremendously pleased to have been selected as a Finalist by Red Herring,” said Alon Samia, CEO and Co-founder of Covertix. “This important recognition highlights our unique approach for helping our customers reduce their exposure to information abuse and securely share proprietary information as need.”

Covertix expands staff; moves to new headquarters

2011-05-12T00:03:00.000-07:00

As part of the ongoing expansion of Covertix activities, the company has enlarged its working staff and moved its headquarters to a new location.

Growing interest in our solutions from clients in Israel and abroad has led Covertix to recruit several more document security experts. As part of the rapid expansion Covertix is witnessing, we have also decided to move our offices to a more spacious location.

“We are very excited that the company is growing,” said Alon Samia, CEO and co-founder of Covertix. “As we anticipate that the market will continue to grow, we have expanded our team and moved our offices. We welcome all to come and visit us at our new premises.”

Covertix headquarters are now located at:
1 Ha’atsmaut St., Beit Yaakobi
P.O. Box 9041
Even Yehuda, 40500
Tel: +972.9.765.7726
Fax: +972.9.771.5166
Email: info@covertix.com

Related Articles
French venture capital fund Kima Ventures invests in Covertix

Survey: 20% of global managers admit falling victim to insider threat

2011-05-03T02:31:00.000-07:00

Twenty percent of global managers admitted that cases of insider sabotage occurred at their workplace, according to the annual report information security company Cyber-Ark Software.

The report, titled “Trust, Security and Passwords,” shows that 16% of global C-level executives believe that competitors may have received highly sensitive information or intellectual property (IP) including customer lists, product information and marketing plans from sources within their own organization.

“Increased awareness that attack vectors can and do originate from both external and internal sources can be attributed in large part to the spectacular external-born breaches that drew headlines in the past year, including the NASDAQ and Gawker breaches," said Adam Bosnian, executive vice president Americas and corporate development, Cyber-Ark Software.

“Regardless of the attack vector, the targets inside an enterprise remain the same – highly sensitive intellectual, financial and customer information.”

He added that privileged accounts were the key tool attackers’ and insiders’ leverage to access and exfiltrate an organization’s sensitive information.

“Security teams need to start with improving the protection of these key internal targets – not simply building bigger walls around the enterprise,” Bosnian concluded.
Nearly half (48%) of all global respondents identified the IT department as the most likely to access sensitive data, with managers being the next most likely (10%), followed by HR (7%).

Related Articles
Survey: Insider attacks cause more damage than outside assault

US to invest $40 million on insider threat and cybersecurity research

Information security predictions for 2011: Data breach threats to expand

Lessons from Renault’s “spy” scandal

2011-04-17T03:54:00.000-07:00

The recent “foreign espionage” case at French carmaker Renault, which turned out to be a hoax based on an internal fraud, demonstrates the need for large organizations to apply advanced tracking tools to monitor their confidential data.

The Renault case illustrates well the need for serious tracking. Applying data protection and encryption is not enough anymore. There is a strong need for surveillance, monitoring, auditing and forensics.

The French car manufacturer’s CEO Carlos Ghosn said last month that Renault had botched an espionage investigation that led the company to fire three senior managers.

If Renault would have used real surveillance, it would have discovered where all the data was and it could have based its actions on real evidence and not on speculation. Having the right information is essential. Companies need the hard evidence to avoid finding themselves in similar situations, where they suspect an information leakage and don’t have any proof to verify their suspicions.

The solution is targeted protection which automatically tags the organization’s most sensitive digital assets. By using targeted protection, designated files can be actively protected or shadowed to monitor usage. The automated targeted protection creates an information-centric protection policy, which ensures continuous protection of the most sensitive and important files.

Security breaches cost U.S. companies an average of $7.2 million

2011-03-24T08:27:00.000-07:00

The average organizational cost of a data breach for an American company rose in 2010 to $7.2 million from $6.8 million in 2009, according to a report published by the Ponemon Institute.

The 2010 Annual Study: U.S. Cost of a Data Breach, which was sponsored by Symantec, indicates that each data breach cost companies an average of $214 per compromised record, compared to $204 in 2009.

The study, which is based on actual data breach experiences of 51 American companies from 15 different industry sectors, indicates that rapid response costs companies 54 percent more per record than companies that moved more slowly.

Malicious or criminal attacks are the most expensive and last year 31% of all cases involved such act at an average cost of $318 per record. At the same time, negligence remains the most common threat. The number of breaches caused by negligence averaged $196 per record. According to Ponemon, this trend reflects the ongoing challenge of ensuring employee and partner compliance with security policies.

The report authors said that encryption and other technologies were gaining ground as post-breach remedies, but training and awareness programs remained the most popular. They noted that both encryption and data loss prevention (DLP) solutions have increased by 17% since 2008.

“We continue to see an increase in the costs to businesses suffering a data breach,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Confronted with both malicious and non-malicious threats from inside and outside the organization, companies must proactively implement policies and technologies to mitigate the risk of costly breaches.”

Francis deSouza, senior vice president Enterprise Security Group, Symantec, added that the results showed that companies with information protection best practices in place could greatly lower their potential data breach costs.

U.S. Citizenship and Immigration Services exposed to Insider Threat

2011-03-21T09:47:00.000-07:00

The U.S. Citizenship and Immigration Services (USCIS) are vulnerable to threats stemming from Insider Threats, the Department of Homeland Security (DHS) said in a special report.

This follows an announcement last month by the DHS that the threat posed by trusted insiders was one of the most pressing dangers to America’s security.

The report, issued by the DHS Office of Inspector General and prepared by the Insider Threat Center of the Software Engineering Institute at Carnegie Mellon University, is titled “Examining Insider Threat Risk at the U.S. Citizenship and Immigration Services.”

The main objective of the assessment was to determine which steps the USCIS had taken to protect its information technology systems and data from threats such as fraud, sabotage and theft of intellectual property.

The authors note that, while the USCIS has made progress in implementing elements of an effective insider threat program, it still needs to improve its security posture.
The research team concluded that insiders could be current or former employees, contractors or business partners who have or had authorized access to their organization’s system and networks. They are familiar with internal policies, procedures and technology and could exploit that knowledge to facilitate attacks and even collude with external attackers.

The authors said that some insiders exploited physical security vulnerabilities. Others were able to gain access to organization facilities outside of normal working hours to steal controlled information or to exact revenge on the organization by sabotaging critical operations.

10% of IT managers keep access to systems of previous work places

2011-02-28T06:39:00.001-08:00

One in 10 IT professionals admits he has accounts from previous jobs through which he can still access systems even after he has left the organization, according to a new survey published by Quest Software.

The report, entitled “The Current State of Identity Management”, shows that American workers and IT professionals believe that multiple passwords, used to access everything from websites to business applications such as HR or CRM systems, make it more difficult for employees to get their jobs done.

The survey, which was conducted by Harris Interactive among 1,000 US recipients, reveals that 52 percent of workers say they have shared their login information with others.

Eighty-eight percent of IT professionals say it is essential that companies move to a more security focused approach to dealing with how users are given access to systems.

Sixty-one percent of respondents said that while companies are strengthening password complexity policies, the need to manage multiple passwords is a burden. The result of password overload is added workplace stress and feelings of frustration when workers can’t access a system due to a lost password.

The survey aimed to explore current concerns and barriers felt by Americans around identity management, and its effect on their ability to manage their personal and professional lives.

Survey: Insider attacks cause more damage than outside assault

2011-02-21T03:35:00.000-08:00

Insider attacks caused by employees or contractors with authorized access to network systems and data are much more costly than those caused by outsiders without authorized access, according to the 2011 CyberSecurity Watch Survey.

The survey, which included more than 607 respondents, including business and government executives, professionals and consultants, indicated that 58 percent of attacks are caused by outsiders and only 21% by insiders. At the same time, however, 33% view the insider attacks to be more costly than outside attacks, compared to 25% in 2010.

The research, conducted by CSO magazine and sponsored by accounting firm Deloitte, further indicated that insider attacks are becoming more sophisticated. A growing number of insiders (22%) are now using rootkits or hacker tools, which are now increasingly automated and readily available, compared to 9% in 2010.

Respondents said that insider attacks cause additional harm to organizations that can be difficult to quantify and recoup. These damages include: harm to an organization’s reputation, critical system disruption and loss of confidential or proprietary information.

The authors noted that the public may not be aware of the number of insider events or the level of the damage caused because 70% of insider incidents are handled internally without legal action.

“Technical defenses against external attacks and leakage of well-formatted data like social security numbers and credit card numbers have become much more effective in recent years,” said Dawn Cappelli, technical manager of the Insider Threat Center at CERT. “It is a much more challenging problem to defend against insiders stealing classified information or trade secrets to which they have authorized access or against technically sophisticated users who want to disrupt operations”.

US to invest $40 million on insider threat and cybersecurity research

2011-02-16T01:55:00.000-08:00

The threat posed by trusted insiders is one of the most pressing dangers to security, the US Department of Homeland Security (DHS) stated as it announced the allocation of $40 million for cybersecurity research in 2011.

In addition to insider threats, the DHS also identified botnets and malware, and research to support the Comprehensive National Cyber Initiative, as key issues requiring extensive study.

The DHS stated that insider threats were the source of numerous losses in many critical infrastructure industries. “Some of the most damaging attacks against the government have been launched by trusted insiders,” the report stated. “Such attacks will become an increasingly serious threat as increased information sharing results in greater access to, and distribution of, sensitive information.”

The report added that mitigation of the insider threat involved a combination of deterrence, prevention and detection, claiming that the damage from a trusted user would ultimately compromise the nation’s ability to protect and defend against future attacks, and to safeguard critical infrastructure assets.

The DHS has acknowledged that procedures to address the insider threat are not consistently and stringently applied because of high cost, low motivation, and limited effectiveness.

“Cyber attacks are increasing in frequency and impact. Even though these attacks have not yet had a significant impact on our nation'’s critical infrastructures, they have demonstrated that extensive vulnerabilities exist in information systems and networks, with the potential for serious damage,” the DHS stated. “The effects of a successful cyber attack might include: serious consequences for major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruption of the response and communications capabilities of first responders.”

Report: Covertix to accelerate pace of acquiring new customers in 2011

2011-01-25T10:05:00.000-08:00

The number of companies applying Covertix' SmartCipher as a solution to secure and monitor confidential documents and sensitive data is expected to significantly increase this year, according to a new report published by The 451 Group.

The report, entitled, Covertix amplifies information rights management focus on monitoring and policy control, said that Covertix had begun to gradually acquire customers and the pace was expected to accelerate in 2011. The new research follows another report by the 451 group on Covertix published last year.

Analyst Steve Coplan noted that Covertix had undergone a marketing overhaul, with a product renaming and a greater concentration on securing, managing and monitoring the flow of information within a business process.

He added that after the recent financial injection from Kima Ventures and angel investors the company had turned its attention to developing in-depth monitoring and reporting for files that have been associated with its agent, as well as automating the process of policy definition derived from contextual parameters such as data source or file metadata classification.

Coplan wrote that the market now realized that data-loss prevention (DLP) could not offer a silver bullet for restricting the flow of file, information or document security, and that enterprise rights management (ERM) was too restrictive or intrusive for file-access controls and monitoring. Organizations were therefore looking for more practical ways of managing and securing shared information outside of an internal corporate network.

The research firm believes that information rights management (IRM) is finally coming into its own, as it has identified several indications that 2011 could be the first year where the market will take on material dimensions.

“We have seen organizations express willingness to compromise on security enforcement if they can have rich, persistent visibility into the flow of information with partners where an existing trust relationship is in place. This is the direction in which Covertix has moved its product,” Coplan wrote. “Organizations are concerned about more tightly integrating the classification and discovery process with policy definitions and monitoring frameworks for the flow of data across domains. We understand the data flow as being multi-dimensional, with identity, data sensitivity, content categorization and transactional context all being evaluated as policy-definition parameters.”

“Covertix’s approach flips on its head the notion that the purpose of file and document security is to lock down a specific file and restrict access, creating operational complexity along the way,” Coplan concluded. “The purpose here is to establish a framework to securely facilitate information exchange that allows for protection – when operationally feasible – and monitoring based on a set of automated policy inheritances.”

Inside threat grows in financial sector data security

2011-01-18T07:02:00.000-08:00

Dozens of news headlines in recent weeks have announced the movement of financial professionals from one firm to another. The end of the fiscal year and the rebound in some world markets seem to have intensified the trend of these departures and new appointments.

But such a trend can be a headache for security managers at financial institutions. With the exit of personnel comes a risk for the leakage or transference of confidential information.

Representing an inside threat, disgruntled employees could take files of sensitive information they have gathered over the years and use it to harm a former employer or reveal business secrets. Or newly hired employees, seeking to give their new place of work a leg up on the competition, could bring along with them information gathered at their former, competing firm.

Such leaks doubled during 2010 to make up 48% of all information breaches, according to a survey conducted by Verizon Wireless in cooperation with the U.S. Secret Service.

According to another survey conducted by Imperva of more than 100 German information technology security managers, 54% of respondents see insiders as the biggest threat to data security.

The danger of the "inside threat" was illustrated well this week, when a Former Swiss banker admitted that he provided WikiLeaks founder, Julian Assange, with data on about 2,000 clients that evaded taxes.

Rudolf Elmer, who headed the Cayman Islands office of Swiss bank Julius Baer, claimed he handed over data on hundreds of offshore bank account holders, including politicians, business people and other “pillars of society”, to WikiLeaks.

But unfortunately most data security systems still focus on outside threats and do not provide ample protection against such inside threats.

Financial institutions, which aim to protect their customers against financial risk, should also make sure they are taking measures against the growing information security risks.

---

This post is based on an article written by Alon Samia, co-founder and CEO of Covertix, published by Globes Financial Daily.

French venture capital fund Kima Ventures invests in Covertix

2011-01-13T07:05:00.000-08:00

French venture capital fund Kima Ventures has made a strategic investment in Covertix, allowing the company to further accelerate its effort to expand its global reach.

Covertix intends to use the funding to enter the growing European market, strengthen its product offering and boost its international sales and marketing outreach.

Kima Ventures is a French-based venture capital fund that focuses on strategic investments in early stage technology companies around the world. Kima Ventures was founded and is managed by prominent European entrepreneurs Xavier Niel, the founder of French communications services providers Iliad and Free, and Jeremie Berrebi, who has founded numerous successful technology and Internet companies.

“It is a critical requirement for any enterprise and organization to share proprietary and confidential information, but the threats of information abuse, theft and loss often disrupt the normal course of business and expose enterprises and organizations to risk with detrimental consequences,” explained Xavier Niel, President and Co-founder at Kima Ventures. “We are very excited about our investment in Covertix as the company offers a clearly superior technological approach compared to the existing alternatives and answers a tangible threat faced by every enterprise and organization.”

“Every day there is a new information leakage scandal being publicized. Yesterday it was Wikileaks and today is Renault – it's a threat that concerns all organizations,” said Alon Samia, CEO and Co-founder of Covertix. “Organizations should not have to worry about their confidential documents being publically disclosed and enterprises should have the business agility to securely share sensitive information internally and externally.”

“We are proud that an investor with the stature of Kima and the track record of its management chose to make a strategic investment in Covertix,” continued Samia. “Kima’s investment is a vote of confidence and provides us with an opportunity to enter new markets. Kima's prominent position in the French and other European markets will allow us to further expand our reach and offerings."

Report: 75% of organizations don't use any DLP security tools

2010-12-26T03:29:00.000-08:00

Fully 75 percent of organizations do not apply any Data Loss Prevention (DLP) technology, according to a new report published by European research company Quocirca.

In the report, analyst By Bob Tarzey writes that the main reason companies do not use DLP technologies is that “they simply have not got around to it. The market is young and the issues it addresses – security, compliance and employee enablement – are fast changing.”

Quocirca said that it was becoming easier for employees to intentionally or accidentally leak data.

“First, there is the range of communications tools that are now available, including email, instant messaging and social networking,” Tarzey wrote. "Second, there is the growing number of mobile devices with huge storage capacity to which personal data and IP can be copied – notebook and netbook PCs, smartphones and memory sticks – all [of which are] regularly lost or stolen.

“It is when data is in use that it is at its most vulnerable,” Tarzey added. “What is needed is the ability to identify the specific information that is in use at various levels (document, paragraph, sentence, word) and the ability to put controls in place. This must include pre-existing data and new data being created.”

He concluded that the research showed that most organizations struggled with a lack of time and resources, too many manual processes and did not have an overall compliance vision.

Quocirca said that most companies did not have what they termed, “full identity and access management” in place.

“This includes being able not only to manage employees, but also [to] understand external workers who increasingly need access to a given organization’s IT systems and some of the sensitive data stored within them,” the report said. “It also includes the management of privileged users who can, if not checked, override the security that applies to normal users.”

Alon Samia, co-founder and CEO of Covertix, said that the report showed the value of applying DLP and Information Rights Management (IRM) technologies to safeguard property and confidential information.

“It clearly shows that those who used our system saw a positive return on investment,” he said. “IRM is the first complimentary offering to traditional DLP, allowing organizations to extend protection to external workers and maintain control even when the data leaves the organization.”

Information security predictions for 2011: Data breach threats to expand

2010-12-20T07:31:00.000-08:00

On the eve of 2011, a number of research and security firms have published predictions for the coming year suggesting that it will bring with it an increase in the number of security threats, including data loss prevention and insider threats.

Security firm Websense released its list of security predictions for 2011, estimating that data loss prevention and up-to-the-minute threat protection will become increasingly more important as organizations work to keep malicious content out and corporate information in.

The other leading threats, according to Websense, are state-sponsored malware attacks, blended threats such as Zeus and SpyEye, corporate data breaches over social media channels and mobile attacks by cybercriminals. “2011 will bring a series of dangerous threats that will strip corporate data and immobilize infrastructure,” said Patrik Runald, senior manager of Security Research, Websense. “Most traditional security methods don’t work. Companies and governance need to constantly evaluate those defenses.”

Another report published by Symantec indicates that organizations are overloaded with information as data grows exponentially. The report added that the exponential level of data growth is impeding organizations’ ability to effectively manage and recover data.

““In 2011, storage administrators must regain control of information, lose their “pack-rat” mentality and categorize what information is most important for retention purposes,” the company concluded.

“Given today’s stagnant and declining IT budgets, it’s imperative that organizations achieve more value from their IT spending,” said Steve Morton, VP, enterprise product marketing, Symantec. “By understanding challenges, risks and threats, organizations can plan and implement strategic technology initiatives.”

In an article in Network World, Dave Kearns quotes Tim Brown, senior VP and chief security architect and Carrie Gates, VP of Research at CA Technologies as saying that the insider threat would continue to grow.

Brown and Gates expect that trend to continue based on the 2010 Verizon Data Breach Investigations Report, which showed that the percentage of breaches attributed to insiders more than doubled over the previous year to 46 percent.

Commenting on the different forecasts, Alon Samia, co-founder and CEO of Covertix, said that “We see Information Rights Management (IRM) as the perfect solution to mitigate insider threat issues and enforcement of separation of duties. We expect that in the future demand will continue to increase.”

Lost laptops cost organizations an average of $6.4 million

2010-12-07T07:42:00.000-08:00

Organizations are suffering an annual average loss of some $6.4 million per organization as a result of stolen or lost laptops, according to a study conducted by Intel Corporation and Ponemon Institute.

The study indicates that each year organizations lose millions of dollars because of the carelessness of employees and contractors entrusted with laptops.

The report, which was titled “The Billion Dollar Lost-Laptop Study,” concluded that while organizations may be aware of the lost laptop problem, they do not understand fully the adverse effect it might be having on their bottom line.

Source: Intel

The study included 329 U.S.-based private and public sector organizations, which reported that in a 12-month period, 86,455 laptops were lost or went missing. The average number of lost laptops per organization was 263 and the total cost was a staggering $2.1 billion.

Another study, conducted last year by Intel and Ponemon Institue, revealed that the average cost value of one lost laptop is $49,246.1. The authors noted that the smallest cost component is the laptop replacement, while the occurrence of a data breach represents 80 percent of expenditures. Other costs include: detection, forensics, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses.

“As the cost of lost data is the major expenditure, it is clear that companies need to pay much more attention to protecting their data,” said Alon Samia, co-founder and CEO of Covertix. “Applying a security layer in a targeted manner is arguably the perfect way to protect companies against the stolen laptop problem, as only a fraction of the hard drive is usually encrypted.”

The report further indicated that the majority of companies with significant amounts of confidential data on their mobile PCs do not take advantage of even basic security practices.

Source: Intel

Samia added that an Information Rights Management (IRM) approach provided an overall solution to protecting sensitive data wherever it goes, even it is moved to other portable device besides laptops.

“With our solution, the SmartCipher, the most sensitive data is protected at any point, and at any time, offline as well as online,” Samia said. “The information is protected and encrypted, so breaking into a stolen laptop or removing the hard drive would not be a threat anymore.”

Microsoft name Covertix as “Start-up of the Day”

2010-07-04T02:38:00.000-07:00

Microsoft BizSpark chose Covertix today as the “Start-up of the Day.“

Following the announcement, Microsoft conducted an interview with Tzach Kaufmann, Covertix co-founder and CTO, who emphasized that the company had gone a long way from an idea on a piece of paper to an alive and kicking innovative enterprise security product recognized by leading analysts.

He added that Covertix's vision was to become the de facto standard for securing enterprise sensitive documents and files within and outside the boundaries of the organization, allowing companies to “own” their data regardless of where it is.

When asked how he conceived the idea for the company, Kaufmann said he was often asked by customers for a solution for information protection which goes beyond the perimeter, business needs required information to flow and so a different approach was needed which goes beyond firewall protection.

He added that in the current environment, which requires better data security, a new breed of security products was required. Positioning IRM, information-centric solutions in a good place to capitalize on the growing need.

Microsoft BizSpark program is designed to help accelerate the success of entrepreneurs and early-stage startups globally. The program, which includes over 35,000 start-ups worldwide, provides fast and easy access to current software development tools and platforms, and a connection to over 2,000 BizSpark Network Partners.

Forrester Research names Covertix as key ERM vendor

2010-06-03T09:16:00.000-07:00

Covertix is one of the leading Enterprise rights management (ERM) vendors according to new research by research company Forrester Research.

Forrester analysts, Brian W. Hill and Andrew Jaquith, have added Covertix to the distinguished list of “key ERM vendors.” The list includes giants such as Adobe Systems, EMC, GigaTrust, Liquid Machines, Microsoft, NextLabs and Oracle.

The report notes that because Enterprise rights management (ERM) products allows data to protect itself via encryption, it is theoretically the perfect security technology for a world where the "dissolving perimeter" is an established fact.

Historically, however, most enterprises don't use ERM on an enterprisewide basis and do not use it to protect documents shared outside company boundaries.

The analysts note that high cost, application rigidity, and integration shortcomings have limited market adoption and that they expect that ERM's appeal will widen in the future.

"Integration with data leak prevention technology, content management infrastructure, and other risk mitigation solutions will drive adoption growth, particularly as enterprises roll out the latest versions of Microsoft Exchange and SharePoint," they concluded.

Amos Talmor and Shlomo Nataf invest in Covertix

2010-03-08T10:15:00.000-08:00

Serial entrepreneurs Amos Talmor and Shlomo Nataf have jointly invested in Covertix and will take active roles in the company’s management.

Following the investment, Talmor will become Covertix chairman of the board while Nataf will become the company's advisory board chairman.

Talmor has extensive management experience in the telecom, IT channels, and commercial sectors. He has been active as an investor, partner and founder in several startups, including, Kenshoo, Elcom-tech, KorAnga and Storwize. Before that, Talmor worked for ECI Telecom where he held several management positions, the last of which was Corporate VP Marketing & Sales.

Nataf is the former senior regional director at NetApp, where he spent 10 years overseeing international projects in Africa, the Middle East, Turkey, Greece, Cyprus and Malta that generated hundreds of millions of dollars in revenue growth for the company. Before NetApp, he worked as the general manager at Ankor Computers, where he represented leading global IT. Before entering the business sector, Nataf served as an officer in the Israeli Air Force for 24 years and held several positions in the electronics and computer field.

“The addition of two veteran experts to the company will provide us with an excellent opportunity to further expand our activities,” said Alon Samia, co-founder and CEO of Covertix. “Both of them bring with them extensive experience in the fields of sales and marketing to midsize and large organizations – Covertix target clients.”

Analyst: Covertix security solutions combines discovery and enforcement capabilities

2010-02-24T02:08:00.000-08:00

Covertix has managed to successfully combine discovery and enforcement capabilities based on its core technology, according to an analysis published by research company 451 Group.

In the report, analyst Steve Coplan said the Covertix solutions enable the foundation for the definition of policies that reflect the appropriate flow of information within the context of a business process.

The report notes that the near-term opportunity for Covertix is to regulate the movement of data deemed sensitive through a specific rule set and to find ways of lowering the risk of sharing information within and across organizations.

The research company estimates that the longer-term opportunity is to enable the process of managing the balance between business process, enforcement and risk mitigation.

“Information Rights Management (IRM) is a piece of the puzzle – and a step toward a more holistic security approach focused on data within a transactional context,” Coplan wrote. “The enduring value of IRM is likely to be the ability to build and refine access and control policies built around a spectrum of content categorizations and identity attribute definitions at the file level – as opposed to locking down a subset of data in a linear fashion.”

Coplan said he believed that much of the initial interest in Covertix’s technology was driven by the desire to document and map who had access to which documents and how information flows within an organization.

He praised Covertix co-founders Alon Samia and Tzach Kaufman saying that they combined expertise in information and enterprise data usage policies with network security and penetration-testing smarts.

Focus: Covertix offers real alternative to traditional information security solutions

2010-01-22T02:23:00.000-08:00

Covertix’s approach to information security may provide an effective adjunct or alternative to traditional IT-empowered security solutions for many companies, according to a report published by Focus.com.

The author, Michael Dortch, principal analyst and managing editor DortchOnIT.com and director of research at Focus, notes that Covertix solutions represent a logical evolution of and potentially significant improvement over traditional approaches to information security.

“Such approaches have largely tended to focus on specific IT infrastructure elements such as networks or servers,” Dortch wrote. “Many have also placed undue burdens on users, forcing them to ‘jump through hoops’ to protect the business information they need to do their jobs.”

He noted that modern security solutions were more user-centric, role-based and process-driven, focused more on securing users and their resources than on securing machines or connections.

“The Covertix approach promises to help to focus security efforts on the information being protected, wherever and by whomever it is being used,” the report said. “Focus believes this ‘document-centric’ approach may be more easily adopted at many organizations.”

The analyst added that the transparent tracking and auditing features of Covertix may also help organizations to improve their overall information security. Those features can help to provide important knowledge about how information is used, where it goes and how and when and where breaches happen.

The report concludes that all buyers “should seek out similar features and benefits in any information security solution under serious consideration.”