Feeds:
Posts
Comments

Archive for January, 2013

Military Level Compliance Auditing

Paws Studio is the compliance auditing tool for workstations and servers which enables organizations to produce intelligent compliance reports.  It includes pre-defined policies for industry standards such as PCI, NERC, STIG and NSA and is fully automatable & customizable.
Titania’s latest release includes exciting new features which solve many of the issues associated with STIG (Security Technical Implementation Guide) audits

The STIG Converter has been inspired by feedback from our military customers. Organisations wanting to check their workstations and servers against the STIG compliance policy can now self-update the STIG definition file within Paws Studio using only the XCCDF & OVAL documents. Our programming team provides regular updates to the pre-defined policies, but this option gives organisations the security of knowing they are checking against the most up to date information possible.

The Manual Checking function has been updated so that reports are now able to produce a fuller view of compliance policies. Manual checks allow you to include the physical security aspects of compliance rather than just being able to assess registry checks against your compliance requirements. Now you can add a title, description and fix for physical security issues which are included in compliance policies, such as locking doors and disposing of documents. These will then appear in your compliance report, providing the organisation with a more thorough overview of your compliance status.

Plus you can still benefit from the classic features of the software:

With Paws Studio you can:

1.       Perform compliance audits through either remote network auditing or manual access to the audit data in secure environments
2.       Produce advanced and easy to action reports with comprehensive summaries
3.       Audit against pre-defined policies such as PCI, NSA, STIG and NERC
4.       Define your own customised policy to suit your organisation
5.       Write it into your current processes as it is fully scriptable

Feel free to contact E-SPIN and discuss on your audit compliance requirement.

Advertisements

Read Full Post »

Cybersecurity

In year of 2013, will absolutely reinforce the fact that traditional security measures are no longer effective in thwarting advanced cyberattacks. “Organizations and security providers need to evolve toward more proactive real-time defenses that stop advanced threats and data theft.”

Here are the top trends they should be paying attention to.

  • Active cyber defence measures-There will be an increased use of active cyber defence measures, especially in Government. For example, organisations under Distributed Denial of Service (DDOS) attack might take offensive measures against the attacker such as automatically shutting down a connection.Active defence takes on another level of sophistication within an IT organisation by dint of the fact that the company will have to have the rigor and structure in place to implement processes that will automatically shut down threats based on pre-defined business rules.Although products to protect against cyber attack have been available for years to automatically block or shut down traffic based on certain characteristics, organisations have been reluctant to use this capability.
  • Actionable Intelligence and The Insider Threat Enterprises such as financial services organisations will put greater emphasis on actionable information to help them identify who their attackers are.Expect to see more eCrimes perpetrated by insiders. This will lead to a greater use of behavioural analysis systems that sit on the network learning what is normal behaviour and what are anomalies.The Insider Threat should also prompt more intelligent use of physical access control.
  • Cloud-based Botnets — The ability to create vast, virtual computing resources will further convince cyber criminals to look for ways to co-opt cloud-based infrastructure for their own ends. One possible example is for attackers to use stolen credit card information to purchase cloud computing resources and create dangerous clusters of temporary virtual attack systems.
  • Search History Poisoning — Cyber criminals will continue to manipulate search engine algorithms and other automated mechanisms that control what information is presented to Internet users. Moving beyond typical search-engine poisoning, researchers believe that manipulating users’ search histories may be a next step in ways that attackers use legitimate resources for illegitimate gains.

Read Full Post »