Features Category

Loading...

malwaresecurity solutionsphishing

Guardian Digital Email Solutions Against Phishing And Malware Threats

With email-related attacks becoming increasingly prevalent and serious, securing your business email accounts is more important than ever before. . With the wide selection of email security solutions that are currently available, selecting the best option may seem a bit overwhelming. If you are in the process of choosing a company to protect your email accounts from the latest and most serious threats, Guardian Digital , the open source email security company, hopes to make this choice a bit simpler by answering some frequently asked questions pertaining to email security and email-related attacks. Guardian Digital Answers Common Email Security Questions What components/characteristics should I look for when choosing an email security solution? How do these qualities make a solution effective at protecting against email-related threats? An effective email security solution recognizes that the email threat landscape is anything but stagnant, and that email-related threats are constantly evolving to become more targeted and sophisticated, making them increasingly difficult to detect. Technologies like Machine Learning, Big Data and heuristics techniques should be used to identify both new and known threats. It is crucial to choose an email security provider that adheres to the latest security standards, which include implementing the highest level of encryption to protect sensitive information from unauthorized parties. What are currently the most common and most serious email-related threats? How could these threats potentially affect my business? Phishing, malware, ransomware, and spam email are some of today’s most serious and most prevalent email-related threats. Phishing attacks can result in significant financial damage, and can be very difficult to detect and stop. Spam is another serious threat that impacts all email users, and can result in a significant decrease in worker productivity. Malware and ransomware attacks can have catastrophic consequences for organizations. SMBs are themost popular targets for ransomware attacks and 60% shut down within 6 months of an attack. (US National Cyber Security Alliance) Be Aware of Common Shortcomings in Anti-Phishing Defenses 40% of companies report that their email security falls short in protecting against phishing, and 13% have no system in place at all. What is a cloud email security solution and what role does it play in securing email accounts? A cloud email security solution is essential in protecting your email accounts from today’s dangerous array of email-related attacks and preventing data loss due to leakage of sensitive information. Guardian Digital EnGarde Cloud Email Security uses multi-layered detection and encryption to filter email and to secure private information from attackers and unauthorized parties. Guardian Digital’s cloud-based solution also provides additional email filtration that results in the highly accurate identification, quarantine and elimination of spam. What are the advantages of choosing Guardian Digital to secure my email accounts? Guardian Digital uses a purpose-built operating system that is designed to be highly secure, unlike many companies that take a “bolted-on” approach to security. The comprehensive, customizable security that Guardian Digital provides is multi-tiered and uses advanced security technologies coupled with expert, ongoing system management and support to protect your email from even the stealthiest attacks. For more information on Guardian Digital and the services we offer, please visit https://guardiandigital.com/ . If you have additional questions related to email security or email-related threats, please reach out to us on social media: Twitter | Facebook | LinkedIn . With the wide selection of email security solutions that are currently available, selecting the best. email-related, attacks, becoming, increasingly, prevalent, serious, securing, business, email. . Brittany Day

Jun 20, 2022 •

Brittany Day

cyber threatsmalwaresecurity solutions

Protecting Email Accounts Against Growing Cyber Threats

Cyber threats are more sophisticated and dangerous than ever before! Are you securing your email accounts with a solution that is capable of preventing these advanced attacks? . As technology continues to become more advanced and prevalent in society, cyber attacks of every variety are a greater risk to both organizations and individuals. Cyber crime is becoming an increasingly large global business that threatens everyone. Business cyber crime increased by 63% in 2017 (Office for National Statistics). As defenses improve, cyber threats are evolving to become more sophisticated and harder to detect and stop. For instance, phishing attacks have become highly targeted and often utilize advanced social engineering technologies to appear legitimate. Targeted spear phishing emails and BEC scams can have devastating consequences for businesses. Moreover, zero-day attacks are becoming increasingly common. Because email is an extremely popular vector for various types of cyber attacks, it is crucial that businesses and individuals educate themselves on how to best protect their email accounts from attackers, and that they invest in technology that will most effectively prevent successful attacks. Phishing attacks have become both more common and more serious than they were in the past. Phishing is the top attack vector for cyber criminals and an average of 135 million phishing attacks are attempted each day (ZDNet). Phishing attacks can have dangerous consequences. Recently, a phishing scam compromised personal health information of 1.4 million UnityPoint Health patients (Health IT Security). Preventing highly targeted and sophisticated phishing attacks requires an email security solution that exceeds the protection that standard email filters and regular spam and virus solutions provide. Guardian Digital recognizes this and has designed an advanced gateway that authenticates every email delivered using DMARC, DKIM and SPF. In addition, state-of-the-art heuristic technologies recognize malicious code andaccurately identify and block highly targeted spear phishing attempts. Guardian Digital’s unrivaled secure email gateway significantly reduces the risk that a dangerous phishing attack poses to your business or personal email account. Similar to phishing, business email compromise (often referred to as BEC) is a prevalent email-related threat that can have devastating consequences for organizations of all sizes. BEC encompasses various types of scams including CEO fraud, data theft, account compromise, attorney impersonation and the Bogus Invoice Scheme. Business email compromise continues to become both more common and costly and has generated losses of $5.3 billion worldwide (InfoSec Institute). Guardian Digital’s advanced threat protection prevents all types of BEC scams using deep scanning to identify these low-volume, highly targeted attacks that are often missed by conventional security solutions. Malware is another cyber threat that everyone should be concerned about. It is usually delivered via a phishing email, and is designed to either gain access or cause damage to a computer or network without the victim detecting it. New malware with evolving capabilities is emerging constantly. Data indicates that in 2017 a new malware specimen emerged every 4.2 seconds on average (G DATA Security Blog). Accurately detecting and blocking malware requires advanced technologies that go beyond what many companies offer. Guardian Digital prevents harmful malware from reaching the inbox using real-time scanning of broad file types and Big Data techniques. Machine learning analyzes email content in real-time for suspicious behavior. With Guardian Digital’s secure email gateway, no obscure malware variant will be able to harm you or your business. Companies and individuals are more likely than ever before to be impacted by a serious cyber attack. Threats of various types are evolving to become more sophisticated and complex and more difficult detect and prevent. Are you protecting your email accounts withthe most effective email security solution on the market? Guardian Digital has exceptional customer support and would love to discuss a customized threat protection plan with you. Prioritize the security of your email now before it’s too late! . With the progression of technology, cyber threats become increasingly sophisticated. Safeguard your email using robust measures to combat contemporary risks.. Email Security,Cyber Threats,Phishing Prevention,Malware Protection,BEC Protection. . Brittany Day

Aug 07, 2018 •

Brittany Day

security advisorynetwork protectionsecurity solutions

Interview With Dave Wreski on Guardian Digital's Unique Security Approach

LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian Digital, Inc. and respected author of various hardened security and Linux publications, to talk about how Guardian Digital is changing the face of IT security today.. LinuxSecurity.com: We are interviewing Dave Wreski, founder and CEO of Guardian Digital, Inc. Guardian Digital is perhaps best known for their hardened Linux solution EnGarde Secure Linux. EnGarde is touted as the premier secure, open-source platform for its comprehensive array of general purpose services, such as web, FTP, email, DNS, IDS, routing, VPN, firewalling, and much more. In contrast to most Linux distributions, which try to be everything to everyone, EnGarde is focused exclusively on being an extremely secure, powerfully functional, multi-purpose server. This dedicated focus is unique in the notoriously feature-oriented open-source community. LS: Your company, Guardian Digital, has been featured on our site numerous times. You, personally, have also been so kind as to share your security expertise with our readers. Can you explain a bit about your company and the offerings you provide? Dave Wreski: Guardian Digital is dedicated to providing enterprise and small business customers with inherently secure business-critical Internet solutions. We provide everything from web services to email to intrusion detection to VPN services to proxy caching all designed with security as the primary concern. Recognizing the fact that network security can no longer be an afterthought, our solutions provide embedded security at every level of design, providing the bulletproof security corporations need without sacrificing the functionality they desire. LS: What is the problem with today's network security solutions as you see it? How does Guardian Digital solve these problems? DW: A large part of the problem with effective network security is the complex architecture of applications. As technology evolves and the availability of features expand, proprietaryand open source software solutions are inundated with often unnecessary features resulting in convoluted and hard to secure systems. We, on the other hand, provide hardened out-of-the-box solutions that integrate security and productivity features into a cohesive and easily maintainable system. We achieve this goal by focusing on user and system security in each application and by keeping unnecessary complexity to a minimum. LS: I notice that you have chosen Linux as the basis of your system. Can you tell us why? DW: We are strong believers in open source design model and are proud to be active members of the open source community. The innate benefits of the open source method form the foundation for each of our secure solutions. Open source software is transparent, and does not rely on obscuring the source code as a security measure. Our developers, in collaboration with the thousands of open source developers throughout the world, identify and patch vulnerabilities much quicker then closed source counterparts and as a result, we are able to consistently ensure the infallible security our solutions provide. In addition, the availability of source code allows us to customize each of our solutions to fit the individual needs of our customers, providing the utmost reliability and security. For example, we have modified the basic Linux 2.4 kernel to incorporate OpenWall stack protection. Because of this, we are largely immune to many of the buffer overflow attacks that plague the largest Linux distributions. LS: What, in your opinion, distinguishes EnGarde from other open-source solutions out there? DW: There are several areas; I believe that set us apart from anyone else in the market. Our concentration on integrating embedded security, powerful functionality and simplified maintenance into each solution is an enormous differentiator for us. I believe strongly that EnGarde is, quite simply, the most secure Linux server platform available today. It would take considerable work for eventhe most experienced Linux administrator to render any other Linux distribution as securely functional as EnGarde is right out-of-the box, and that includes those that claim to be "secure"! This is a fundamental issue of design; where other distributions simply try adding a coating of security on top of an existing Linux platform and calling it a "secure solution", where EnGarde actually integrates engineered security into each business-specific solution. In contrast to most Linux distributions, EnGarde is also quite minimalist. It does not claim to be anything more then an extremely secure hardened server. This makes it much easier to keep it secure. It also incorporates a myriad of security features that others have not really integrated or configured, even if they offer packages that theoretically allow it to be done, which usually involves a lot of work and expertise. These include memory protection, Mandatory Access Control, intrusion detection, exquisite logging, secure-by-default settings for all available services, a minimum of listening ports, and strict control of applications' permissions and user privileges, quick and reliable patching - EnGarde embodies all of these principles. Others may incorporate a few of these features as well, but we are the only ones I know of that have them all, and that includes the other so-called "hardened" Linux installations. We're not impressed by the simple fact of packages existing for many of these things on other platforms because simply installing them without taking the time to fully integrate them, as we have, can often mean that you may be drawn into a false sense of confidence in your security. Many of these things do require some real expertise to use properly. LS: Many people would say that there is a tradeoff between security and functionality. Can you comment on this? DW: Unfortunately, that is a common misconception among users. While you can render an unpatched Windows machine secure by turning it off and locking it in your closet,it is not going to do anything for you. We design our products to encompass every possible security measures in order to minimize the security impact of added functionality. In fact, while EnGarde is most well-known as being a secure a server, it is also able to provide our customers with more then just security. Securely running all of the traditional web and email services, EnGarde is capable of doing it more smoothly and with greater functionality than would normally be available simply by downloading and installing the packages as they otherwise exist. This is especially true in our Secure Mail Suite, a modular extension to the EnGarde system. We can ironically combine greater functionality with greater security by focusing exclusively on services, as opposed to user-level applications, such as you might find on a workstation. Moreover, you can have all the theoretical security and functionality in the universe; but if the system is too difficult to use, it doesn't matter. To busy IT professionals, there is often no real difference between very arcane functionality and no functionality at all. A well designed system should be intuitive; it should require the least possible knowledge and experience of the user, and above all, should consistently perform as it is expected to. To back-up that theory, Guardian Digital solutions afford users ease of use and simplified administration. Utilizing a remotely accessible web interface, over a secure SSL channel, provides effortless administration and maintenance for all Guardian Digital solutions. The WebTool is something we are very proud of. We have worked very hard to make administering EnGarde exceptionally easy -- so easy, in fact, that it is one of the features that sets us apart. LS: What are the advantages of offering a lightweight distribution? By choosing a select set of packages, generally by best-of-breed, we can concentrate on integration. While other distributions may want to throw a lot of options at the user; it takes anenormous amount of work to make all of the components operate together properly. For example installing a random MTA (Mail Transport Agent), amavisd, and spam and virus checking programs into an existing system and get them all working together smoothly is a very difficult and time consuming task. EnGarde alleviates situations like these, by handling application integration behind the scenes, meaning everything is configured to work seamlessly together. Many of our customers tell us that this is one of the greatest things about EnGarde. They are not interested in having a lot of 'choice' so much as they are interested in efficiency, functionality, and quick, easy access. You can take an EnGarde install CD to a new computer and have a hardened web server running in twenty minutes. LS: You've emphasized that EnGarde is very secure. Can you tell us specifically what technologies you use to keep EnGarde servers secure? DW: EnGarde is engineered to be secure, that is, robust security features are available at every level of design. Of course, we use secure services, such as SSL-tunneled IMAP and POP for mail. But the platform itself is also hardened. Besides the kernel memory protection I talked about before, we also watch over the important system files with Tripwire and Snort, two industry-standard open source intrusion detection tools. For further security, we have also weaved LIDS (Linux Intrusion Detection System) into EnGarde. LIDS is not really intrusion detection, by the way; tripwire provides host-level intrusion detection for EnGarde. LIDS provides Mandatory Access Control, which means that the power of the 'root' user is contained by roles. Even if someone manages to get root access to your server, there is little they can do unless they know the password to unlock LIDS. They cannot otherwise touch your system files, configuration, or auditing. Like Tripwire, this application is not included hoping administrators knows how to implement it; configuration is taken care of foryou and EnGarde employs it from the first install, which is a definite contrast to all other distributions. For additional security, we have developed a very sophisticated graphical auditing and reporting system accessible to the web administration interface. This module reports system activity for both for events on the server itself and other the network. Incorporating pre-configured mrtg, administrators can monitor network traffic patterns for suspicious or potentially malicious activity. Graphical reports are sent to administrators providing the resources they need to ensure system effectiveness, pinpoint potential issues, and identify unlawful use. The refined auditing system will also automatically log suspicious user activities, and automatically alert the administrator as soon as these events occur. LS: Patching is a major concern in security circles. In this age of zero-day attacks, how do you keep your systems patched? DW: The past has shown that our products tend to need fewer patches than most of our competitors due to the hardened security of EnGarde. However, no one is completely immune to every attack and when we do need to implement a security patch for an open- source package; we are often amongst the first to do so. To make patch-management as simple as possible, we have developed a sophisticated patch-management system, Guardian Digital Secure Network (GDSN). Using this single web interface, an administrator can easily patch their EnGarde system with a simple click of the mouse. GDSN keeps track of dependencies for you, which also solves one of the biggest hassles of system maintenance today. LS: What are some developments Guardian Digital has recently released? DW: A few months back, we released the very first open source intrusion detection and prevention system. It was a very successful release and in the short amount of time it has been available it has proven to be a critical security tool and a product organizations really needed. We also recentlyreleased the next-generation of our secure email system, Secure Mail Suite. Through months of planning and development, we have created the most complete email system of its kind. It's very powerful, has an intuitive interface, and of course, secure. LS: What does the future hold for Guardian Digital? DW: The future is very bright. We are consistently working with our customers and the open source community to continue to develop the most technologically advanced security and productivity applications and customer-friendly service offerings that will further protect corporate networks from the ever-changing barrage of Internet security attacks. LS: Dave, thank you so much for your time. We wish you and your company the best of luck! For more information, please visit https://guardiandigital.com/ . Dave Wreski highlights Guardian Digital's role in transforming Linux security through user-friendly interfaces and robust configurations, enhancing cyber defense and operational efficiency. Guardian Digital, EnGarde, Secure Linux, IT Security Solutions. . Brittany Day

Jul 21, 2004 •

Brittany Day

forensic methodologydata analysissecurity solutions

Comprehensive Guide to Network Forensics Best Practices and Methodologies

Proper methodology for computer forensics would involve a laundry-list of actions and thought processes that an investigator needs to consider in order to have the basics covered.. Customized Scripts Also of note is the topic of scripting to perform investigations on a large scale network. Brought up as a possible solution to utilizing a forensic toolkit, customized scripts, coded by the IT sys. admin., have been talked about as a good alternative. While properly coded scripts are of great use to investigators in gathering data from unattended areas of the network, they are a compliment to, and not a fix for a good forensic solution. Fowler adds, The nice thing about using Perl scripts is that it automates many log and data collection activities that may otherwise be forgotten due to limited time on the part of the system administrator. Tedious tasks such as collecting, analyzing, and storing log files from a number of locations can often be overlooked. A properly created Perl script can free up a system administrator so he/she can concentrate their investigative efforts in areas of the network or system that sometimes forego attention due to time constraints. Methodology The process behind most analytical tasks is based on a generally accepted checklist of duties and/or considerations to perform such a task. Proper methodology for computer forensics would involve a laundry-list of actions and thought processes that an investigator needs to consider in order to have the basics covered. While one would think forensics methodology would come naturally to most high level sys. admins., its not that simple. Which part of training methodology deserves special attention and what should one already know and be practicing? Fowler explains, The question of training methodology is a great one. We are hearing from investigators that testify during investigations. The consensus is that the focus on the product used, is of less concern than the methodology used during the investigation itself. When trainingLaw Enforcement students, they are often seasoned veterans with years of experience dealing with issues such as evidence handling and investigative best practices. The transition to the computer forensic mindset is usually a painless one given that they possess the basic knowledge and can apply it to most investigations. IT professionals present an additional challenge. Although they have years of knowledge dealing with computers and networked systems, frequently the methods of protecting items of evidentiary value and utilizing accepted evidence gathering practices have not been a part of their training. I have always said, Give me an investigator and I can train him in the technical issues in my class. Taking an IT professional and giving him the investigative mindset needed is something that cannot be covered in a 4 to 5 day class. What we can teach is sound forensic methodology that they can use while gaining the required investigative experience they need. What Is Needed? Fowler continues, One of the chief questions I get asked when teaching our corporate investigations course, is if I can provide a checklist of items that need to be completed in order to let the investigator know that the investigation is finished. The short answer is No. There is no checklist or special script that an investigator can run that will log in your evidence, examine the drive, chronicle the items of evidentiary value and write your reports. Each case worked will have its own set of idiosyncrasies and areas that require in-depth review. This is what separates an investigator, the compulsion to dig deeper until he is satisfied that he knows everything there is to know about the case. Time on your hands? Should an IT examiner have excess time on their hands, they could conduct a network investigation utilizing several types of forensic utilities to do the job of a comprehensive toolkit. There is the option of shareware, specialized forensic components, log files, scripting and much more available forconsideration. In reality, todays IT administrator already does the job of ten people and needs a solution that is customizable, expandable, upgradeable, and can adhere to industry best practices and legal protocols. Thats a tall order indeed. There are solutions out there that can perform at this level, and some are considered costly when not measured against immediate ROI and performance metrics. One should not gauge a forensic solution by its cost alone but rather by the accumulated cost of procuring multiple utilities, time constraints on the administrators, possible data loss of the company, inadequate reporting that may not be upheld in a court of law, and immeasurable loss due to employee misconduct and policy violations. I revisit the argument of how secure do you want to be? This is a question best asked around a conference table with all the big players present. Human Resources, CFO, CSO, CEO, CIO, VP of Engineering, VP of Sales, and of course IT. All of these critical functions are directly affected by the efficiency of a good forensic solution. Instead of asking, How much does it cost? One should be asking How much is our company worth to us? There are solutions that are definitely good enough. Think about it. When questioning Mike Fowler about the pros and cons of using Guidances solution as opposed to various solutions on the market, he replied, Remember, I was a customer of Guidances (having been in Law Enforcement conducting investigations) long before I came on board. A comprehensive enterprise solution offers comprehensive one-stop shopping in conducting drive examinations, ease of use, and the best customer service in the industry! Summary Computer forensics are being injected into the corporate world to fulfill a large gap in IT capabilities and a greater need for comprehensive security. There are many common misconceptions about what the technology can and cannot do. Single solutions and cutting edge tools can accomplish their goals at the hands of trainedexaminers employing investigative mindsets and utilizing proper methodologies. There is no quick fix forensic solution, there are brilliant tools on the market that are well worth a companys time and energy to explore. The cost in dollars is dwarfed overall by the multiple uses for enterprise forensics and their total, almost immeasurable ROI. While not at all magic, complete enterprise forensic solutions are efficient, comprehensive, and always ahead of the game. *Guidance Software is the world's largest provider of computer and enterprise forensic investigation solutions and training. Founded in 1997 and headquartered in Pasadena, CA, Guidance Software, Inc., has offices and training facilities in California, Virginia and the United Kingdom. More than 8,000 corporate and government investigators employ EnCase software, while more than 2,300 investigators attend Guidance Software's forensic methodology training annually. Validated by numerous courts and awarded several industry awards, EnCase software is considered the standard in forensic tools /products/cybersecurity-cloud . Melisa LaBancz is a freelance journalist in the San Francisco Bay Area who has spent the past several years writing unique pieces about the security industry. With a special fascination for encryption technology and computer forensics, she has called upon the industry's best to assist in the quest for layman's terms and a trailer park understanding. Her day job consists of being a security export analyst and a security PR consultant to some of the nation's most cutting edge security vendors. When not feverish over worldwide security conferences, she can be found photographing random glass and steel architecture, antagonizing her garden into growing and finishing off her Japanese half sleeves. In an effort to articulate complex topics for a wider variety of readers, Melisa is known to rely on her belief in comparative nonsense to build her case and has developed strong relationships among the industry'sbest known thought leaders. A few selected pieces: Super! Ultra! Jumbo! Privacy as the New Multi-Purpose Word Do It Yourself Security: Cutting Our Umbilical Dependence on the Consultant Community Fire and Brimstone in 21st Century Security . Delve into sophisticated strategies and instruments designed to enhance network forensic analyses within extensive operational frameworks.. Network Forensics, IT Investigations, Forensic Methodology, Custom Scripts, Enterprise Solutions. . Brittany Day

Mar 21, 2003 •

Brittany Day

security solutionsaccess managementembedded systems

Secure Computing: Linux Security Insights And Type Enforcement Overview

In this interview, two principals from Secure Computing, Inc. offer their thoughts on the state of Linux and security, its place in the data center as a secure platform for business, and their work with the National Security Agency to create a Type Enforced version of Linux. . R ecently I had a conversation with Carr Biggerstaff, Senior Vice President of Marketing, and Thomas Haigh, Vice President and Chief Technologist for Secure Computing, Inc. about their work with Linux and security. Carr has worked as the senior IT executive for both services and manufacturing companies, a consulting manager with Arthur Andersen, the senior technical marketing manager for emerging technologies in the Enterprise Server Group at Intel and the vice president of a sales and marketing agency. Thomas is responsible for the development of product evolution strategies and technology roadmaps across the company's product divisions. Prior to his current position, Haigh was Vice President and Director of Research at Secure, where he focused on developing acquisition plans, and planning and implementing contract and independent research and development programs. LinuxSecurity.com: Would you give us a brief overview and background of Secure Computing? Tom Haigh: We started out as an R&D center at Honeywell in the mid 80s. At that time we were focused on operating systems security and database systems security doing research for the Dept of Defense and the Air Force. Our main contract was to develop an A1 level operating system for the NSA. There was a series of contracts culminating in a system that was actually fielded a multi-level guard called the Secure Network Server . It was to be placed between two networks of differing classification levels and filtered the traffic between them. And it was on this series of contracts that we developed the type enforcement. Because we had been working on a secure network guard, it was natural to go build a firewall. So wetook that same technology that we developed on that contract and rolled it forward into our Sidewinder firewall. The type enforcement is there; the strong mail filtering is there. We went public in 1989, and in 1995 acquired four companies. We refocused ourselves on e-business opportunities. The mission of our company is to be recognized as the leading provider of safe-secure extranets for e-business. LinuxSecurity.com: And your firewall is a primary piece of that? Tom Haigh: I think it would be overstating to say that it is the primary piece. Basically the products we have are great components for this. SafeWord has grown into an access management product. It does authentication and authorization. So it controls what each user is authorized to do on the system or through the firewall. Then it does the audit as well so you can hold each user accountable. In the old days a firewall was all you needed. You let email in and outsiders out and let insiders do anything they want. As we move more toward e-business, now we are letting an awful lot of outsiders in as well. All your partners are coming in. You have to know who your partners are, and when they're on the inside. That's when access management becomes crucial. Carr Biggerstaff: It's a lot more than access management. Because in e-business in particular, those customers and suppliers are being granted access to business applications that are traditionally internal applications. And so the trick now is not just to provide firewall functionality which keeps unknown and untrusted people out or VPN type of gateway capability which lets people in and have an encrypted protected session but more importantly to escort them, if you will, to the few applications that they are allowed to use. If I'm a supplier of yours I am may be able to come in and check my inventory levels, etc, for replenishment, but I shouldn't be able to go all over your manufacturing system, for example. So that's the accessmanagement piece of it that becomes so important, particularly important in business-to-business segment of the market, which is the market segment that is expanding so dramatically, and where the revenue dollars are being generated. As opposed to the consumer-to-business dot-com stock. LinuxSecurity.com: Do you view Linux as being a viable platform for developing security products? Carr Biggerstaff: Linux is not only very important for us, but we've been doing work on the Linux platform for some time now. The only other comment I'd make is the thing that people need to remember about Linux is that it represents not only a platform in the traditional computing space, but also for embedded systems. LinuxSecurity.com: What are the most important topics or issues in your industry, and why? Carr Biggerstaff: The most important topics that we have to deal with today is the full-disclosure of issues surrounding security today. I talk to people and Tom talk to people all the time from the commercial and government sector and nobody talks about their security problems. Nobody shares the information as to how it happened, what happened, etc, and in fact if they say anything at all they tend to whitewash it. They do so for a couple of different reasons. One is the obvious - they don't want to talk about their dirty laundry. Two is that they don't want law enforcement activity in many cases. Three they don't want insurance issues. But, as I said earlier, that is going to change. It needs to change because we have an education issue in the industry. If we don't better understand as vendors of security solutions, if we don't better understand what is going wrong, we can't provide the product. Another issue that weighs heavily, at least for me, is that as security vendors, the security industry itself doesn't do a good job of disclosing all the vulnerabilities. There is, for example, a perception, which our market fuels that a firewall is it. The reality isthat very few people understand that a firewall in front of a web server, which is arguably coming with a de-facto, ubiquitous access method for e-commerce and e-business and everything else, it's a web server. Very few people will sit down and tell a customer "No, you don't understand, if you put a firewall in front of a web server, and you open up a port in that firewall to let http traffic through, then you run the risk of that web server being compromised." And it happens all the time. You can't successfully screen out the malicious code in the http connection. So there needs to be a little more honesty on the part of everybody in order to fix what I think is going to be a growing problem. Just because of the law of large numbers effect, as we go from letting a few hundred people into our systems across the public Internet to letting thousands of people into our system, the odds say the probabilities are there that we are going to have more and more breaches, whether they are insider breaches or from unknown intruders, and the only way we are going to scale our solutions to solve these problems is to have more honesty in the industry. And that will come if customers and suppliers, vendors like ourselves, begin to mature a little bit and recognize that like every other business solution we've had to deploy over the past 25 years. So we'll get better at telling each other what we need to know, but that's a key issue. LinuxSecurity.com: You've touched on the SideWinder firewall. Would you like to talk a bit further about it, and explain your Type Enforcement Technology? Tom Haigh: Absolutely. The SideWinder firewall is an application layer gateway. At this point it's actually become a hybrid. We give users the ability to enforce security at the application layer, not just at the IP layer. The Type Enforcement Technology is one of the really important features in there. There is a paper published this past week that is available now on our TypeEnforcement Technology. We've made a number of modifications to the operating system kernel and wherever access is enforced, we have to add hooks to Type Enforcement access control. So basically rather than go checking the Unix ACLs, the NT ACLs, you've got to go check the type enforcement Domain Definition Tables, Type Enforcement Tables for now. What the type enforcement does is compartmentalize the applications that run above the operating system. So each application runs in it's own compartment. Think about the hold of a ship - if one compartment is compromised, the ship doesn't go down, the damage is contained to one space. And with type enforcement the same thing happens. We build walls between the application and walls between the operating system itself. So if a hostile user or more likely these days malicious code gets in, causes a compromise in one subsystem, that compromise can't spill over into other subsystems. It's very very powerful. If a user manages to mount an HTTP overrun attack, or a stack overrun attack of any sort, they can't use that to break out of the application they're in and get down into the operating system to gain root access to take over the entire system. We've absolutely eliminated that. And what's really powerful about that is that the last collated data I've seen for 1998, CERT documented 13 major firewall attacks, 9 of them were stack-overrun attacks. So with this mechanism we're eliminating a very high percentage of the firewall attacks. That in itself is important. That's a huge discriminator. LinuxSecurity.com: Recently it was announced that Secure Computing has been awarded a sole source contract by the National Security Agency to develop a Secure Linux operating system. What is the status of this project? What applications will it be suitable for? Will the changes be released to the open source community? Tom Haigh: The work we are doing with NSA is to implement Type Enforcement in Linux. We are in development on thisright now, and we expect to deliver it this summer. The objective here is to release all of this to the open source community, and for us, that's crucial because we of course would really like to make SideWinder available on Linux as well as the BSD version we have today. As Carr said, with embedded Linux beginning to appear, and the growth of firewall appliances there's a real nice match there. Since NSA has not authorized us to make the code public yet, we have to keep it on the shelf for right now. We see Linux with Type Enforcement as suitable for a broad range of applications. Certainly for a firewall, but once we have a version we can distribute, then we would like to get SafeWord running on that as well. And beyond that, we've implemented some prototype e-commerce suites in a Type Enforce environment as well. Basically taking Netscape Enterprise server and protecting it with Type Enforcement. Then putting some of the back office and supporting services around it. So we see this ultimately as being suitable for a wide variety of e-business applications. PC Week had their 'PC Hack' where they had a Linux server, but with Type Enforcement technology on it, it wouldn't have been broken into. Because of NSA's restrictions on the code, I can only describe the changes in fairly general terms. Basically, we have to modify each kernel entry point by adding a hook to make a Type Enforcement check. Then we have to modify a small number of modules to make the checks. We estimate that there are changes to less than 5% of the base Linux code. There are actually two technical teams working on this project, our team and a team at NSA. The two teams have worked together for over six years now, adding security mechanisms like Type Enforcement to a number of experimental operating systems, most notably Mach. The NSA team began their work last fall, before we signed the contract with NSA, so they developed the majority of the code. All in all, it has been a good partnership, a winfor us, a win for the government, and once NSA approves release of the code, a win for the Linux community. LinuxSecurity.com: How do you expect the marketplace to change over the next two to three years? Carr Biggerstaff: I'll tell you, and as you'll hear from both of us, the biggest deployment trend in the industry today worldwide is e-business, or business-to-business. When you look at revenues generated in e-business systems, they all track amazingly identically. The trends are all focused on doing e-business because there are very tangible benefits to them. What's interesting about that model is that if you take yourself out two to three years, and you think about what an e-business system really is, where I've got customers and suppliers that have a protected, private communications link into my back office system, such as manufacturing, accounting, inventory, whatever, and they are being granted access just as if they were an employee of my company, when you think about that model, and you overlay something like Forrester says over the next couple of years the average number of discrete e-business links (customer to supplier, or supplier to customer) is going to be something like 700. You think about that, you've got hundreds of people, if not thousands, that are going to be operating in each other's systems as if they were employees. From a security point of view, what we always think of are insiders. We think there's somebody who's already inside, who has been granted the rights and privileges to be in our proprietary information systems and 99.9% are normal people who are going to do normal things, but there's always a bad apple. If you go and look at the FBI statistics and reports that they've put out annually, and what private industry reports are put out, the biggest risk from our data security point of view for years has been the insider. LinuxSecurity.com: And it's probably one of the least recognized threats, too. Carr Biggerstaff: It's because we've weaned ourselves from it over the past decade. When Tom and I got into this business, it was host terminal computing and we didn't really have Internet to speak of. Back when Tom was hardening operating systems for Honeywell and before that, our concern was the insider because we never let outsiders into our system. And then along comes client-server computing, and in particular the Internet, then bang! People are being granted access whether they are remote employees from home or from a hotel room, EDI-connected partners, little by little they are being granted access. And now that trend is growing exponentially. You used to just let remote access for employees and a few partners through an EDI or proprietary EDI solutions. We're now talking about letting larger and larger numbers of customers and suppliers in across the public Internet to do business in our arguably most valuable asset today in any business. So that's an issue for us. And we've been worrying about that now for about 18 years as a company. We started back in the days of guarding against the insider and we've survived and lived through the different changes in security, but that's never left our mind. We continue to architect solutions that are designed to protect against the insider as much as the outsider. And I think that's the biggest single trend we'll see in security segment of the industry besides the obvious, which is more people using more systems means more security breaches. We will continue to see more and more reports of systems that have been breached. As people become desensitized, the reporting will become better. Today not a lot of people report breaches, but over the next three years people will become more forthcoming about being breached, what happened, and getting help to solve the problem. We'll have more information, you'll see more information, you'll see more security problems surface. That said, the biggest issue that people will have to deal with would be insider orientedissues because they will have a bunch of "insiders" in their system. And it's going to be real tough to deal with them unless they intelligently manage that access, and I think that's the key thing that we see coming. LinuxSecurity.com: How do you think your industry will change in the future? What new products can we look forward to seeing from your company? Carr Biggerstaff: What you will see from our company pretty quickly is the ability to provide the next layer of access management and protection. Today we stop everything at the perimeter, at the boundary of the business, at the extranet, for example. But as we talk more about the insider situation and the proliferation of "insiders" it's going to become important to protect the individual hosts themselves from access. We're in the process of putting together a product that we'll be announcing the next quarter. I'll let Tom address the other points - those are the key points from my perspective. I think the biggest - it may seem simple to state it this way, but probably the biggest issues that our industry and information technology industry is going to face more than anything else is going to deal with scale. The fact that more and more users are going to be connected to your systems than ever before, and you're going to be connected to more and more people's different systems than ever before by a variety of different devices. It introduces a level of complexity and sophistication that we've never dealt with. It's always been pretty easy. First it was host terminal within our own business, then it was client-server within our own business. Then we added the Internet. And now we're talking about people getting to you by phone, PDA, and they can get in your systems, looking at your data, making decisions in your software, by buying things, selling things, whatever. And that's going to introduce an opportunity for all of us in the industry to either put-up or shut-up. When it comes to providing theapplications and capabilities to provide a healthy environment. That's going to be the ultimate challenge for all the companies. A single-point solution isn't going to do it. You can't just put a firewall on the edge of the network. If you go and look at Gartner and Forrester and all those guys you're going to begin to see a trend as they move away from the firewall as being essential but not enough. They're talking now about access management and access control. The challenge is letting the right people in to do precisely what they're allowed to do, no more, no less. And that's a huge shift that's going to a challenge for us all. We've been looking at this for at least two years. Tom Haigh: To elaborate on what Carr had to say... It's not just the number of users; it's the kinds of things they're doing as well. When everyone was doing email and accessing static web pages, security policies were pretty simple. We didn't think they were, but in retrospect they were pretty simple. So now we've got a whole lot more users. Some of them are true employees of the enterprise, and others are partners of various flavors, and each of them needs to do certain things to get their jobs accomplished. But then there are other things that they shouldn't be able to do. So the problem is not just one of one dimension - we've got growth in multiple dimensions. A combinatoric explosion of possibilities that have to be controlled. And so the ability to manage this security fabric on a point-by-point basis just isn't going to cut it anymore. Customers are going to have think holistically. How do they secure the enterprise? And we have to start giving them the tools they need to do that. It has to be an integrated set of tools. LinuxSecurity.com: Can you describe SafeWord and SmartFilter in a bit more detail? Are there plans to port these to run on Linux? Tom Haigh: Both of these already do in fact run on Linux. SmartFilter is a web-filtering product that runs as a plug-into standard proxy servers. It controls where people inside the enterprise can go and surf on the Internet. So what we do is, we've got a service where we categorize sites on the Internet into one of 27 categories. Things like sports, entertainment, sites with sexual content, job search sites, sites with violent content, that sort of thing. The enterprise can enable and disable these categories on a 24x7 basis. Corporate bandwidth is precious, particularly during working hours, so this product gives the ability to keep this bandwidth available during working hours. Another reason for this software is to provide a non-hostile work environment. Some clown downloading images from playboy.com, this becomes an uncomfortable work environment. The latest Computer Security Institute and FBI survey they do every year shows 79% of companies identify improper use of the Internet being a major problem for them. LinuxSecurity.com: So does the corporation have the ability to add specific URLs to the list? Or is it updated weekly, or? Tom Haigh: Both are possible. The enterprise can add URLs to the list of prescribed sites. We've got about a half a million sites on there now. Customers can also send us other sites to check out, and we do that. It turns out that 80% of Internet accesses go to a relatively small number of sites, so we've got pretty good coverage. LinuxSecurity.com: The opponents of products such as yours say there are an infinite amount of illicit sites, and it may be better off going the other way around, excluding everything and including a select few that people are interested in going to. You don't find that in your experience? Tom Haigh: The problem with that is there are going to be the specific sites that individuals have to get to in order to do their job. It's much more of a maintenance hassle. This eliminates that maintenance hassle for them. Our product has a couple of notable features. One, it runs on the server, not on thedesktop, so it's not something that an individual user can go in and reconfigure to get rid of the restriction. The other thing about it is that it can be configured in a 'hard deny' mode and there are also some softer modes. One way to do this is to configure SmartFilter so that it runs very slowly when a user attempts to access a non-work related site. Another is to configure SmarFilter to coach a user, suggesting to him that the selected url may not be work related and asking the user to confirm that he wants to go to the site. LinuxSecurity.com: Is there work being done on developing intelligence in that it can detect specific keywords or things of that nature? Or even keywords in the URL itself? Tom Haigh: We've got some automated tools to help us with the classification service. But we have not put those into the system to do filtering in real-time. The reason is that it is easier to do a fast lookup, so it's better to use those tools in the background to populate the categories than to try to do this in real-time. SafeWord is a much more complex product. It does user authentication and authorization. So SafeWord maintains a user database and in that database you talk about what authentication methods the user uses; it could be a fixed password, or it can be a dynamic password, such as one-time password-generating tokens. We have our own, and we also support other people's tokens. Also associated with that is the ability to assign specific access rules to that user on a specific system. So when you authenticate, you authenticate to a firewall or to a web server, or to a database server, and what we can do is download specific access rules for that user or we can simply download a 'role' or a 'group' for that user and then use that as an index into access rules that are already hosted on that system, which is my preferred way to do it. So we bind a user to a role, or set of roles that state that "This user is authorized to play these roles" and thenthe web server or the firewall has it's group ACLs and it simply maps the role to a group that states that this user is a reseller, for example, which controls which web pages to allow him access to. SafeWord also has audit capabilities. What's really interesting is what's going on behind the scenes. We have the ability to replicate the user database on multiple copies of the SafeWord server. So that means if one SafeWord server dies, the others keep going - the enterprise keeps going and people can still authenticate. Pushing behind that, we have the ability to have multiple clusters of replicated servers, so we could have a cluster of three servers in California handling authentication for the California users, and a cluster of servers in London handling authentication for the European users, and these are all fully replicated. We have the ability to proxy authentication requests among the clusters. So, if I ordinarily work here in Minnesota, use the SafeWord servers in California for authentication, and I go to London or anywhere in Europe, when I do my authentication it goes to the servers in London, but those automatically point it back to the California servers. So this gives us reliability and scalability that we need. Our largest customer is a financial institution that has 400,000 SafeWord users authenticating 400 billion dollars of transactions per day! We recently released SafeWord Plus, which adds support for public key-based authentication as well as very easy user enrollment and something we call a virtual smartcard. The virtual smartcard provides smart card functions and strength of security without having to install smartcard readers on everyone's desktop. SafeWord Plus is a new product, and will be available on Linux in a future release. LinuxSecurity.com: Are you currently working on any other security products for Linux market? Tom Haigh: Not right now. We currently have two of our four products running on Linux now. The plan is to move theother products to Linux as opportunity presents itself.. LinuxSecurity.com: Do you think Linux has a place in the data center as a secure platform for commerce in the state that it's currently in? Tom Haigh: Yeah, I do, and I think that with the enhancements that are going on in the Linux community, it will become even more attractive. So yes, I think there's definitely a place for it in the data center. I think a lot of security vendors are going to be moving to Linux for their security products. Certainly we are, and there are already vendors that have implemented their products on Linux. There are some firewall appliances that run on Linux now. I think there will be growth in this area. The growth in Linux security products will parallel the growth of Linux server market in general. As more and more Linux servers are used in the data centers, it's going to have to be secured, and security means a number a different things. A lot of times people say "secure web server", and people think it supports SSL. There's a lot more to a secure web server than that in our opinion. The SSL is the first piece. The next piece is good forms of authentication, something more than passwords. Once you've got the secure authentication, you've got the secure communications; you've got to worry about authorization inside the system. How do you control what users do, how do you control what code might end up there. How do you control whether someone can install a CGI script, and what it does. Being able to host stuff for two competitors on the same server and keep them from hacking each other is a good canonical example that I think Linux with Type Enforcement can do. When Carr talked about when all the outsiders become insiders, being allowed legitimate access through the firewall into the corporation, it's not just the users themselves, it's the code of theirs that might also be permitted access. Such programs are JavaScript, Visual Basic, and all the other horrible things. Youhave to ask how you are going to control that. This is another great use for Type Enforcement. LinuxSecurity.com: Thank you all for your time, and we sure appreciate the opportunity to speak with you. We look forward to hearing of new developments on the port of Type Enforcement to Linux in the future! . An in-depth dialogue featuring executives from SafeNet Systems, delving into the intricacies of Unix defense mechanisms and their advancements in Role-Based Access Control.. Linux Security Solutions, Type Enforcement Technology, Access Management Solutions. . Brittany Day

Jul 26, 2000 •

Brittany Day

Stay Ahead With Linux Security Features

Refine features

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Top Linux Vulnerability Scanners in 2026: A Guide to Open-Source Security Tools

How Linux Pentesting Improves Network Security

Understanding Log Management and Analysis Tools for Linux Systems

What is Nmap? How To Use It Effectively for Network Security

Explore Latest Linux Security features

Guardian Digital Email Solutions Against Phishing And Malware Threats

Protecting Email Accounts Against Growing Cyber Threats

Interview With Dave Wreski on Guardian Digital's Unique Security Approach

Comprehensive Guide to Network Forensics Best Practices and Methodologies

Secure Computing: Linux Security Insights And Type Enforcement Overview

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Top Linux Vulnerability Scanners in 2026: A Guide to Open-Source Security Tools

How Linux Pentesting Improves Network Security

Understanding Log Management and Analysis Tools for Linux Systems

What is Nmap? How To Use It Effectively for Network Security

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Ahead With Linux Security Features

Refine features

Topics

Authors

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Explore Latest Linux Security features

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!