Monthly Archives: april 2014

Hewlett-Packard Debuts New Security Metrics Service

30 april 2014

HP’s new patent-pending technology is aimed at making information security information more measurable and understandable.

Modern enterprises today face many security risks, and getting a grasp on the big picture isn’t always easy. Hewlett-Packard is now aiming to help make it easier for organizations to understand their security risks with the new HP Security Metrics Service.

Richard Archdeacon, chief technologist, HP Enterprise Security Services, explained to eWEEK that HP has filed for patent registration for the methodology and framework behind the new service, which is designed to help address a gap in metrics analysis. 

“Most metrics services are typically technology-based and reference the operation of a specific technology,” Archdeacon said. “That’s great for managing one piece of technology, but when you are looking at hundreds of devices and tools in large IT environments, the volume of granular data is mind-boggling.”

In the HP approach, there is a methodology and a framework that together form a system that uses the HP Executive Scorecard  dashboard to aggregate data and apply rigor to align it to specific risks, threats, assets and objectives.

“In short, the system allows business leaders to remove the guess work around information security,” Archdeacon said. “With this tool, they can very quickly see where their real security risks are and make informed decisions to mitigate them.”

HP has multiple security-tracking tools in its portfolio, including the Arcsight SIEM (or security information and event management) technology platform. Archdeacon noted that the HP Security Metrics Service is technology-agnostic.

“We are able to configure the system to harvest data from all technologies from all vendors, even home-grown tools, so the user has a truly comprehensive view into the data that they need,” Archdeacon said.

The HP solution is entirely technology-independent and sits at a level that makes security decisions more meaningful to the business, he said, adding that

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

CommVault Beefs Up Its Channel Program

30 april 2014

CommVault’s MarketBuilder program aims to give additional rebates and margins to partners that commit to reaching new customer and business growth goals.

Looking to bolster its appeal among channel partners, CommVault, a provider of data protection and management software and systems, has broadened  its PartnerAdvantage channel program to include greater rewards for the company’s most loyal partners and a new channel program for service providers.

The new MarketBuilder program is designed provide additional rebates and margins to partners that commit to attaining explicit new customer and business growth goals, said Ralph Nimergood, vice president of worldwide partners and programs.

“MarketBuilder is an invitation-only program,” said Nimergood. “We want to reward partners that choose to go deep and wide with us.”

At the same time, CommVault wants to encourage partners to deliver cloud storage offerings around its data management software and backup and recovery systems, he said.

Having that program is not only critical for expanding CommVault’s reach into emerging alternative channels; it also reflects the fact that CommVault business partners are now managing business models that span everything from reselling products to delivering cloud services, Nimergood said.

Jed Ayres, chief marketing officer for MCPc, a CommVault channel partner, said the expansion of the CommVault program is an example of how smaller vendors are starting to extend their channel programs to make them more appealing to channel partners.

“They’re building a more mature channel,” Ayres said. “They’re now punching above their weight class.”

In addition to expanding the channel program, CommVault has also enhanced its training offerings and refreshed its online portal.

CommVault’s Nimergood said the company has spent the last several months putting the policies and governance in place to run a channel program on a truly global scale.

“We’ve been putting the rigor and adult supervision needed,” says Nimergood. “The channel needs to know there are rules

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

Oracle melds its ‘cloud OS’ with OpenStack in Solaris 11.2 release

30 april 2014

7 elements of radically simple OS migration

Former Unix server customers are continuing the march toward Linux and for many there’s no looking back, but that hasn’t stopped Oracle from continuing development of Solaris Unix – albeit slowly.

On Tuesday, the database giant staged an event in New York to announce Solaris 11.2, which is only the second point release of the former Sun product since Solaris 11 shipped in November 2011, the last being in 2012.

But even though the OS is only getting a minor version-number bump, that doesn’t mean it doesn’t include significant updates, according to the Solaris product director Larry Wake. It’s just that the new stuff shouldn’t break any existing systems.

“In fact, what the dot really means is that we’ve incorporated some noteworthy changes in such a way that we’re not leaving anything, or anyone, behind,” Wake wrote in a blog post last week. “This is Oracle Solaris 11, only more so. The reason that it’s a dot is that there are no concerns for existing ’11’ end users and developers about how to integrate this into their environments.”

At the 2011 launch, Oracle pitched Solaris 11 as “the first cloud OS,” and predictably it’s continuing that theme with the new release. Most of the new features have a cloudy bent, even if Oracle’s increasingly niche OS is more likely to be deployed on private clouds than public ones.

Most significantly, Solaris 11.2 now comes bundled with a complete OpenStack distribution. Oracle joined the OpenStack bandwagon in December and said at the time that it planned to integrate support for the open source cloud tech across multiple products, including Solaris and Oracle Linux.

With OpenStack support Solaris, customers will now be able to manage their Solaris VMs from the same OpenStack dashboard

Bron: The Register Lees het complete artikel hier:

Bug in Microsoft Security Essentials Crashes Windows XP Machines

28 april 2014

Microsoft pushed out a bad update to its Security Essentials software, crashing Windows XP machines and underscoring the fragility of the Windows XP ecosystem.

An update to Microsoft Security Essentials, the software company’s free anti-malware software, crashed Windows XP computers last week, causing business disruptions to customers still relying on the outdated—and, in many cases, now-unsupported—operating system.

The update caused a variety of Microsoft operating systems to restart and then fail to reboot, displaying an arcane “MsMpEng.exe application error” message, according to online posts by affected users.

Many point-of-sale systems, which some businesses are protecting using Microsoft Security Essentials (MSE) as a way to meet the antivirus requirement of the Payment Card Industry PCI), still use Windows XP or related operating systems, including Windows XP Professional for Embedded Systems and Windows Embedded POSReady 2009. Those systems were affected by the update as well, according to one New England value-added reseller with more than 500 clients in the hospitality industry.

While Microsoft corrected the issue within days, the bug crashed at least hundreds of machines. For the New England firm, the issue affected more than 250 machines at 50 customers who relied on the systems, a consultant at the company said on condition of anonymity.

“This affected about one half of our customers running Windows XP,” he told eWEEK. “This brought their business to a 100 percent standstill until we could resolve the situation. In a pinch, the only solution we could determine was to uninstall MS Essentials to get them running their business again.”

While uninstalling Microsoft Security Essentials worked around the issue, it also caused an additional problem: Even though Microsoft later fixed the update, MSE could not be reinstalled on Windows XP computers because the systems are no longer supported by Microsoft, the source said.

The problems came just over a week after Microsoft’s

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

Aardbeving op het Internet: de heartbleed-bug

26 april 2014

Henk Janssen

Technical Consultant HP TippingPoint

Expert van Computable voor het topic Security


De afgelopen dagen werd het Internet getroffen door een beveiligings-aardbeving van ongekende kracht. Voor de ongeoefende volger van beveiligings-bugs zou het probleem nog afgedaan kunnen worden als een fout in een stukje open-source-software en wie gebruikt dat nu voor serieuze toepassingen? Maar waarom haalde dit probleem dan al snel de (inter)nationale pers?

Het ‘foutje’ in kwestie zat niet in zomaar een software-module, het zat (al een jaar of twee) in een module die vele professionele gebruikers van het Internet inzetten zodat we allemaal veilig kunnen communiceren over het niet meer uit onze maatschappij weg te denken data-netwerk.

Communiceren via het Internet willen we allemaal, maar hoe houden we het veilig? We willen zeker weten dat de communicatie niet door iemand anders gelezen kan worden (vertrouwelijkheid), niet onderweg door iemand ongemerkt veranderd kan worden (integriteit) en dat de communicatie-partner is wie hij zegt te zijn (identiteit). Zonder die drie componenten te borgen is veilig communiceren onmogelijk. En laat de heartbleed-bug nu net zijn oorsprong vinden in beveiligings-software die dit veilig-communiceren mogelijk moet maken! Als gevolg van de bug ‘lekken’ er gegevens weg die rechtstreeks de privacy aantasten en alle veilig geachte communicatie mogelijk onveilig maken.

Inmiddels zijn er tegenmaatregelen beschikbaar die het lek dichten, waarmee veel beheerders wereldwijd aan het werk zijn gegaan om de oorzaak van de heartbleed-bug te stoppen. Maar daarmee zijn we er helaas niet. Nog lang niet. Want als het al ongeveer twee jaar mogelijk is om privé-gegevens te verzamelen via dit lek, welke data die je dacht veilig te delen via het Internet is dan mogelijk toch weggelekt? En wat is daarmee gedaan? Ik

Bron: Computable Lees het complete artikel hier:

Paragon Aims to Rewrite the Rules of Partner Programs

25 april 2014

Paragon’s partner program aims to eliminate minimum revenue and tech training requirements, guarantee 30 percent margin protection and streamline sales cycles.

Paragon Software Group, a provider of data protection, backup and disaster recovery (BDR), recently announced a new partner program that is designed to change the way the company, and potentially the industry, looks at partner programs.

Paragon’s Pure Channel Program is similar to other partner programs in that it’s designed to drive revenues for partners by providing strong enablement and demand-generation tools. However, it doesn’t include some of the key standard requirements such as revenue commitments, minimum technical training requirements and contracts, company officials said.

The program, which is focused on the Americas, is based on what Paragon can offer its partners, whether they are value-added resellers (VARs), direct marketing resellers (DMRs), integrators or managed service providers (MSPs). “Rather than differentiate our partners based on the typical revenue commitment and certifications—what they can do for us—we decided to turn it around and based the program elements on what we can offer customers to grow their business profitably and be their most effective vendor on their line card,” said Yudy Vinograd, director of channel sales for Paragon, Irvine, Calif.

Vinograd designed Pure Channel to help partners attach solutions to their line cards, simplify sales cycles and help drive profitable growth. It was designed around helping partners engage more effectively with their customers in the BDR space with simplicity as the guiding design principle, he said.

“It’s all about how we can deliver to a partner and how we are going to work together to deliver to their end customers. That is the foundation of Pure Channel,” said Vinograd.

The initiative is built around Paragon Protect Restore (PPR), the company’s flagship BDR offering, which is optimized for small and midsize business and

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

Sores om de sources

25 april 2014

Ewout Dekkinga

IT Architect Unisys

Expert van Computable voor de topics: Datacenters, Cloud Computing en Systeembeheer


Lange tijd werd open source als te ‘techie’ gezien, maar het is tegenwoordig aan een opmars bezig. Terwijl in 1998 nog maar 10 cprocent van de bedrijven open source gebruikten is dat nu al toegenomen tot 50 procent en Gartner voorspelt dat dit de komende jaren zal groeien tot 95 procent. Niet onlogisch omdat niet alleen het internet grotendeels gebouwd is op open source software maar ook steeds meer cloud-oplossingen hiervan gebruik maken.

De kaarten rond cloud computing zijn nu nog niet geschud en zien we dat zelfs Microsoft open source adopteert. Nu kan dit ook het gevolg zijn doordat meeste websites nog op de combinatie Linux/Apache draaien. Een vos verliest misschien zijn haren maar niet zijn streken, want steeds meer bedrijven participeren in open source om de concurrentie aan te gaan met een dominante marktleider, lange tijd was dit dus Microsoft zelf maar tijden veranderen. En hoewel open source geen groot marketing budget heeft kan het dus zelf ook de marketing zijn, omdat iets standaard wordt als het uiteindelijk breed gedragen wordt.

Argumentum ad hominem

Nu Microsoft na meer dan dertien jaar de ondersteuning van Windows XP stopt wordt er gewezen op open source als alternatief, een stukje guerrilla marketing als ik overweeg dat de Linux kernel zelf een lange staat van dienst heeft, maar de gevorkte distributies met ieder hun eigen voorkeur voor packet manager en grafische desktop niet. Open source staat nog niet gelijk aan open standaard en ook het aangehaalde argument dat het veiliger is lijkt me onlogisch omdat open source uiteindelijk ook

Bron: Computable Lees het complete artikel hier:

Microsoft’s ‘evil open source’ man on life as HP’s top cloud-wrangler

25 april 2014

2013 Cost of Cyber Crime study

He brought Microsoft the open source it had viewed with such dread and now former Redmond man Bill Hilf is challenging the thinking at Hewlett-Packard.

Microsoft plucked Hilf from IBM in 2004 to become its general manager for open source and platform strategy at a time when Microsoft was waging a war on open source, calling it a “cancer”.

IBM, meanwhile, was so enthralled with the stuff it was spray-painting peace signs, hearts and Tuxes on city pavements in San Francisco and Chicago in an “IBM loves Linux guerilla” ad campaign.

“When I first started at Microsoft, open source was truly considered a societal evil,” Hilf reflected on those early days for The Reg.

Since Hilf’s time there, Microsoft now participates in open-source projects, has improved the way open-source code runs on Windows and has even developed software that manages Linux servers.

After ascending to general manager of Windows Azure product management, Hilf left Microsoft in June 2013 to become HP’s vice president of converged cloud products and services. He now oversees the HP enterprise group’s portfolio of products being built and/or integrated for HP’s private, public and managed cloud.

Open wide… but not THAT wide

Things are different at HP: the computer and server maker has been involved in the open-source and Linux movement for a long time – both have helped it shift servers. Before that, HP was an early mover in open systems by backing Unix.

Hilf is preaching to the converted at HP but admits to challenges building a cloud that’s open – founded on OpenStack – but whose bricks are HP’s not inconsiderable non-open-source assets.

“I very rarely have conversations internally with somebody doesn’t understand the dynamics of working with the [open source] community,” Hilf told The Reg in a recent

Bron: The Register Lees het complete artikel hier:

ICT-pact moet nieuw Heartbleed voorkomen

25 april 2014

Een aantal ict-bedrijven slaat de handen ineen om een nieuw Heartbleed te voorkomen. Onder andere Facebook, Microsoft en Google investeren in een fonds dat moet voorkomen dat er opnieuw een dergellijk beveiligingslek kan ontstaan. Het pact moet nieuw leed voorkomen en is omgedoopt tot het Core Infrastructure Initiative. Het initiatief is bekendgemaakt door de Linux Foundation. Bedrijven steken samen ten minste 3,6 miljoen dollar in het fonds.

Naast de genoemde bedrijven hebben ook Amazon Web Services, Dell, Fujitsu, NetApp, RackSpace en VMware hun steun toegezegd. In eerste instantie richt het initiatief zich op verbetering van de fundering van OpenSSL. Het open-source programma dat zich in het middelpunt van de Heartbleed-bug bevond, wordt door 66 procent van de web servers gebruikt en kan worden teruggevonden in duizenden hardware devices en applicaties die aan klantzijde worden gebruikt.

Begin april 2014 werd bekend dat een ernstig beveiligingslek in de OpenSSL-softwarebibliotheek zorgt voor een groot beveiligingsrisico voor websites. Hackers kunnen het ssl/tls-protocol kraken en versleutelde informatie stelen. De fout zit al sinds 2011 in de code, maar nu trekt het OpenSSL-projectteam aan de bel omdat de omvang van het beveiligingsrisico mogelijk groot is. Het lek met de officiële naam CVE-2014-0160 wordt Heartbleed genoemd.

Computable-expert Gert Jan Wolfis legt in het artikel ‘Wat is Heartbleed en hoe bescherm je jezelf?’ de vinger op de zere plek.

Bron: Computable Lees het complete artikel hier:

Why Firms’ Network Security Plans Need Re-evaluation

24 april 2014

The biggest security challenges around the data center for organizations continue to be a lack of visibility into security policies, manual processes and poor management practices, according to a recent survey conducted by AlgoSec, a provider of network security policy management. Many organizations face a big risk of outages, which can negatively affect an enterprise’s profits, productivity and reputation. While the survey finds that involving more people internally and externally in a company’s security management leads to increased IT risk, the number of applications—often more than 500—in data centers makes it impossible not to distribute the responsibility. This can open up significant opportunities for security providers to help organizations solve their biggest security challenges. Solution providers and channel partners can help organizations achieve visibility, alignment and communication across the key stakeholders by helping them examine issues such as what the process looks like, how to enforce it and how to add automation, said AlgoSec. It’s all about getting the right people, as well as the right processes, technology and solutions. Here are 10 key takeaways from the survey that should give security teams food for thought.

Bron: Linux and Unix Nieuws Lees het complete artikel hier: