expert opinion

A matter of trust

Who can you trust?  When you select a company like Metadigm as your preferred security solution provider, you are entrusting the choice, support and management of your security infrastructure to them. We realise it's a big decision.

Big decisions are not made easily, and so Metadigm's ethos is to build a relationship with you based on "Trust", whether you are seeking advice from us for the first time or have been a client for many years.

Did you know that Metadigm:

Because Trust is so important to any relationship we have with you, we invite you to experience our network security services before you decide to work with us.

Try our "Ask An Expert" service, ask us for a product evaluation or come along to one of our regular Security Seminars around the country.

We look forward to talking to you.

Back to top >

seminars | learn and lunch

Have you been to a Metadigm Security Seminar yet? Metadigm showcases leading edge solutions and technologies as well as its own technical skills and knowledge at regular free roadshow events around the UK. During the morning, which is rounded off with a buffet lunch, you'll hear from our Security Specialists, guest speakers from leading technology vendors and industry experts on the latest thinking about a range of network security, end point security and WAN optimisation issues.

The next series of events will focus on Riverbed's WAN Acceleration solutions.

As a useful complement to Metadigm's Security Seminar series, the forthcoming series of events will focus on Riverbed's WAN Acceleration solutions. Using a mix of seminar style presentation and live technology demonstrations, we will show you how you can speed up data transfer across your existing WAN links, without having to buy more bandwidth.

As businesses get ready to ride out the economic downturn and the inevitable pressure to cut spending, IT Managers need to make sure they can deliver tangible ROI on the IT budget.

At these seminars, Metadigm demonstrates how you can squeeze incredible performance improvements out of your existing wide area network by accelerating applications across the WAN and optimising and reducing traffic.

You will see a live demonstration and have the chance to get down to the technical nuts and bolts of how this is possible.

In partnership with Riverbed, the undisputed global leader in Wide-area Data Services (WDS), Metadigm offers 14 day 'Try Before you Buy' evaluations of Riverbed's Steelhead WAN acceleration appliances. This scheme lets you find out the benefits for yourself on your own network - with no risk or cost to your business.

Register NOW for a WAN Acceleration seminar near you.

Back to top >

security landscape | market update

What's going on in security?

In this month's round up we report on new penalties for 'reckless or knowing misuse of data, Lumension's new enforceable CD/DVD encryption technology, a new range of Riverbed WAN acceleration appliances, Check Point's upcoming release of R70 Endpoint security and Aladdin's eSafe 'gold medal' certification award from West Coast Labs.

UK Justice Minister announces new powers for Information Commissioner >
Lumension Announces extension of Sanctuary Endpoint Protection Suite to include CD/DVD media to protect endpoints >
Riverbed annouces next evolution of Steelhead Appliances >
Check Point releases Endpoint Security R70 >
Aladdin eSafe receives Premium Checkmark Anti-Spam Certification from West Coast Labs >

Back to top >

UK Justice Minister announces new powers for Information Commissioner

The seemingly endless stream of embarrassing data losses is that of the personal details of 5000 justice staff, including prison officers. This time it was computer hard drive which was reportedly 'mislaid' by an employee of EDS, who in April 2008 acquired UK security reseller Vistorm.

The breach, which according to the Prison Officer's Association could cost the UK tax payer millions of pounds as a result of prison officers having to "move prisons, move homes and relocate their families", comes just weeks after the details of thousands of criminals were lost - on a USB memory stick.

Justice Minister Michael Wills said that there had been too many incidents of data loss in the private sector and public sector, and it "has to stop". He also added that he is giving the Information Commissioner powers to levy new penalties for reckless or knowing misuse of data.

There is no excuse for this type of data loss.  Encryption technology for laptops, USB drives, CDs, DVDs and other forms of portable storage media is available, affordable, easily deployed and managed. It's not a matter of special 'processes' to manage data; it's purely a matter of ensuring the right technology is in place to prevent its loss. Find out more at www.metadigm.co.uk/solutions/endpoint

Lumension Announces extension of Sanctuary Endpoint Protection Suite to include CD/DVD media to protect endpoints

Organisations of all kinds can now enforce encryption of data when stored to CDs and DVDs. Lumension Security's Sanctuary Device Control product now encrypts CD and DVD media, in addition to devices and removable media.

Data breach remains the leading cause of financial loss for organizations, costing an average of approximately £100 per record, according to a 2007 study by the Ponemon Institute. The average data breach could cost upwards of £3 million per incident with potential for lost business opportunity to the tune of £60 per leaked customer record.

In order to prevent accidental and malicious loss of confidential data, Sanctuary provides complete control over endpoints and clear visibility into where data is stored and where it is going.

To enforce portable media usage policies, the Sanctuary suite allows administrators to require storage device encryption using built-in Sanctuary technology.

Organisations in both public and private sector need to ensure that no confidential data can leave their premises and that no malware can infect the network via rogue virus-carrying devices or applications. By controlling the use of CD and DVD media, and enforcing the encryption data stored to these media, organisations can now reduce the risk of data loss and theft even further without affecting end user productivity.
Find out more at www.metadigm.co.uk/partners/lumension/devicecontrol

Riverbed announces next evolution of Steelhead Appliances

Is your WAN optimised? Riverbed has announced availability of its new Steelhead appliance models which provide greater scalability with more connections, more bandwidth capacity, and larger data stores.

More and more organizations across private and public sector are looking to WAN optimization solutions to speed up applications and data transfers between offices and other distributed locations.

For larger enterprises, the new Steelhead appliances provide high availability features on 1U models such as RAID, redundant power supplies, and on-board bypass ports. Upgradeable licensing means that customers can scale up later while protecting their Steelhead investment today.

WAN Optimisation is now one of the fastest growing solution areas in networking, alongside virtualization and end point security. It makes sense to optimize your WAN links because you can save money on repeated annual line rental costs for higher bandwidth leased lines.  See our Solution Spotlight section for more on WAN Optimisation or visit www.metadigm.co.uk/solutions/wanacceleration

Check Point releases Endpoint Security R70

Check Point continues to make a major impact in the field of endpoint security. The company is calling Endpoint Security R70 "the first single agent for endpoint security". It includes personal firewall, network access control (NAC), program control, remote access, antivirus, anti-spyware, full disk encryption and media encryption with port protection.

Check Point state that the key benefit of Endpoint Security R70 is the ability to "secure desktops, laptops and other resources with one, comprehensive endpoint security solution".

Rather than having to deploy and manage multiple solutions to mitigate each type of endpoint risk, Check Point Endpoint Security provides customers a single easy-to-manage endpoint security solution, easing the burden on security administrators.

In keeping with Check Point's traditional strength of unified management and control, the combined endpoint security solution can be managed centrally through one console.

For more information including a white paper go to www.metadigm.co.uk/partners/checkpoint/endpointsecurity/overview

Aladdin eSafe Receives Premium Checkmark Anti-Spam Certification from West Coast Labs

West Coast Labs has awarded Aladdin eSafe with the Checkmark Premium Level Anti-Spam Certification for its email filtering and Anti-Spam capabilities. The minimum requirement for this certification is 97% spam catch rate, but eSafe achieved a 99%+ spam catch rate.

In its report, West Coast Labs cited several positive conclusions from its rigorous test scenarios:

• eSafe performed exceptionally well in all aspects of testing during the course of the anti-spam and URL filtering, and so the solution has been awarded the Premium Level Anti-Spam Certification.
• Overall, the solution performed extremely well, achieving a 99 percent cumulative [spam] detection rate.
• Thanks to the wide range of settings available, the administrator can fine-tune eSafe to a high degree.

Checkmark is a leading independent expert, and the award of Premium Anti-Spam Certification confirms the quality of eSafe's Web and email security solution.  Additional Checkmark Certifications for eSafe include Premium URL Filtering, Anti-Trojan, Anti-Spyware Gateway and Anti-Virus Gateway. Download the full West Coast Labs eSafe Report here

Back to top >

solution spotlight | WAN optimisation

WAN Optimisation, also known variously as "WAN Acceleration", "Application Acceleration" and "Wide-area Data Services" (WDS) - is a hugely popular subject at the moment.  But still, many people ask 'what is it?' or 'why do I need it?'

The answer is simple. Optimising your WAN can save you money, make your network users happier and make your distributed operations, applications and offices run more efficiently.  It's all about speed.

If you have more than a couple of offices or other types of operational centres or sites regionally, nationally or globally, you probably periodically review the performance of your WAN links. No doubt you deliberate on whether or not to invest in upgrading the speed of your leased line connections in order to improve the speed of key applications like email, and transfer of files between sites.

It's not uncommon to look at increasing line speed by buying more bandwidth, and if you do, you'll need to compare the costs and services of competing network providers.

However, in most cases, a one off investment in WAN Optimisation is a more viable and ultimately more economical alternative to the incremental and repeat cost of leased lines.

WAN Optimisation appliances, such as those on offer from Riverbed, can deliver LAN-like access to files and applications across your WAN, without the cost of extra bandwidth.

How fast?

Riverbed Steelhead appliances typically accelerate the performance of all applications running over TCP by 5 to 50 times and in some cases by up to 100 times. At the same time, your bandwidth utilization will typically drop by 65% to 95%.
The graph to the right shows the typical increase in speed of key application types, delivered by Riverbed appliances.

How does it work?

Find out for yourself with the Metadigm "Try Before You Buy" scheme.

Back to top >

vendor viewpoint | Check Point

Six Steps to Securing Endpoints

Securing corporate endpoints is increasingly important in today's business environment. As threats to endpoint devices continue to grow, long gone are the days when all you had to worry about were viruses and malware. Today, securing endpoint devices means accounting for new types of issues such as USB devices, outdated patches, more covert malware that includes rootkits, unauthorized programs, and threats involving remote endpoints like credential hijacking. Complicating matters is the increasing mobility of endpoint devices. Executives fly here. Managers drive there. Everyone is on the go, necessitating a security strategy that keeps mobile devices locked down and mobile data protected. Industry analysts estimate that between 1,500 to 3,000 laptops are stolen each day. And the number of companies reporting stolen laptops containing sensitive data increased 81 percent from 2005 to 2006, according to the Ponemon Institute 2006 study on data breaches. These figures do not even consider laptops lost in airports, taxis, or elsewhere.

While threats continue to increase, so do the number of endpoint security applications and management consoles used to stop them. It is not unusual for a typical enterprise PC to run separate security agents for antivirus, desktop firewall, anti-spyware, and file or disk encryption software, each centrally managed by a single-purpose console. The multi-agent approach makes it costly and time consuming for administrators to update, monitor, test, and manage security policy for these applications, including all the required software and signature updates. In addition, multiple agents can consume excessive CPU and memory resources, creating unpredictable or degraded system performance, often disrupting employee productivity and generating an abundance of low-priority helpdesk calls.

There is a better way. By adopting technology that takes a centralized, unified approach to addressing critical endpoint security needs, businesses can ensure control of their endpoints once and for all. Here are six endpoint security essentials for companies to shore up their defenses:

1. Mitigate malware

According to Kaspersky Labs, nearly 20,000 new malware outbreaks were reported from January to July 2007. Potentially, that means 20,000 new, hard-to-find endpoint security problems. These problems aren't limited to viruses, rootkits, and proxies. Distributed denial of service attacks fall into this category, too. The best ways to limit these destructive processes are to block attacks with heuristic and behavioral-based antivirus and anti-spyware, complemented by effective program control, which is important to mitigating malware because not only can it block known malicious programs running on endpoint PCs, but it also can help control programs such as peer-to-peer file sharing applications that are increasingly targeted to compromise endpoint systems. However, controlling programs is often more easily said than done. With hundreds of thousands of programs on the Internet that could wind up on corporate PCs, defining and enforcing a security policy regarding which programs to allow or deny can be very time consuming. Therefore, an essential function of program control is the ability to automate most policy decisions, so IT staff does not have to spend time researching programs. Ideally, this is done via a knowledge base of known good and known malicious programs from which a best-practices policy on whether they should be allowed or denied can immediately be applied.

2. Protect data

With workers constantly on the go, lost equipment is an inevitable reality that should drive companies to deploy full-disk encryption and keep endpoint data locked down and secure. This practice not only secures corporate secrets, it keeps sensitive information completely protected in the event of loss. And this is even more important today with strong personal privacy laws now requiring disclosure of security breaches when personal information is breached. If a laptop is lost or stolen with a fully encrypted drive, companies can avoid disclosure of the breach, as well as damage related to corporate reputation if the news makes the headlines. Encrypting hard drives is not enough, though. Enterprises must also consider threats posed by removable media such as USB flash drives, iPods, and Bluetooth devices. First, these devices can carry viruses or other malware. Second, they can be an easy way for sensitive data to leak outside the business if not properly protected. Some of the best practices for endpoint security are to apply policy for both: controlling device access, scanning the content of allowed devices to ensure there are no viruses present, and encrypting data on these devices so the data remains protected.

3. Enforce endpoint policy compliance

Even if you have the best technologies to mitigate malware and secure data, endpoints can still be compromised if virus signatures or service patches are out of date. That's where network access control (NAC) comes in. This technology helps secure networked endpoints prior to allowing them network access. It does this by including preadmission endpoint security policy checks for endpoint devices to ensure that they meet the predefined security policy, such as having current antivirus software or the latest patches. If protection is adequate, access is granted. If not, the technology quarantines endpoints and facilitates remediation to help install the proper updates.

4. Enable secure remote access

With computing devices more mobile than ever, it's critical to lock down the connections by which users are logging into the corporate network. The very best endpoint security solutions incorporate this kind of secure remote access effortlessly-through the same interface with which users log in. The best approach here is a remote access agent-users log in once, and everything they do from then on occurs in a secure space. Storing credentials in this agent also makes it easy for users to access sites with different connectivity requirements. And there are other reasons to consider a solution that offers a remote access agent with essential endpoint security functions:

• Minimizing overall agent footprint, including CPU and memory utilization, to help ensure endpoint systems run smoothly
• Eliminating duplicate management tasks and engineering test cycles associated with software updates - standard for two or more agents
• Ensuring interoperability between remote access and NAC functions, helping streamline policy checks for remote users authenticating through a gateway

5. Streamline security management

On the back end, it's important to centralize endpoint security management so that administrators can use one console to configure endpoints, administer policies, monitor performance, and analyze data from the network as a whole. This isn't only about making life easier for administrators, it's also about reducing maintenance costs of managing and updating a multi-agent solution. Unification also helps improve security audit support by unifying, standardizing, and automating reporting functions. In best-case scenarios, administrators can even deploy baseline security policies using predefined policy templates.

6. Minimize end-user impact

Finally, even the most hardened and efficient endpoint security solutions shouldn't sap bandwidth or processing power from other important end-user functions. With this in mind, the best strategies embrace centralized agents with small footprints and low memory utilization. Transparency in other areas is also important - ideally, an endpoint security solution should be so silent in its protection that users dont even see an icon in their system trays. For users, the bottom line is functionality and ease-of-use. For administrators, security should be paramount.

The Check Point approach

Back to top >

support news

Extended support hours

Metadigm has recently extended its Support Helpesk hours by 2 hours per day to 8am - 6pm, Monday to Friday. The extended hours mean that clients with European offices now have access to Metadigm's Security Engineers from the start of their working day. The Remote Support Service includes:

• Telephone and email support
  
• Fault resolution
  
• Remote diagnosis
  
• Remote remediation or configuration changes
  
• Supply of patches, updates and upgrades
  
• Problem escalation to manufacturer

Our Support Services currently extend to client sites across Europe, Middle East, Asia, Africa and North and South America. Find out how Metadigm can help support your business >

24x7 Support cover

To supplement its office hours (08:00 - 18:00) Remote Support and Management Services, Metadigm provides optional cover for critical problems on a 24x7 basis, which gives clients access to Metadigm Security Engineers 24 hours a day.  Contact us to find out more >

FREE Security Systems Health Check

Metadigm's Security Systems Health Check service is designed to help you ensure that your security software licenses are up to date. If you pay a subscription on your security software, you are entitled to new version upgrades, updates and fixes as and when they are released*. If you are not sure whether you have the latest versions of your products, or just want to make sure that your systems are operating optimally with the latest versions.  Contact one of our Network Security Specialists to find out more >

*Depending on the nature of your subscription

Back to top >

diary dates | WAN acceleration seminars

25/09/2008: Duxford more
16/10/2008: London more
13/11/2008: Birmingham more
11/12/2008: Manchester more

Back to top >