Did Google take a cheap shot at IE?
Filed under: Defense Technology, Internet Security, cloud computing, data security
Last week Google threatened to pull out of China after Google internal systems were infiltrated by hackers. In the aftermath of the news, there has been extensive media coverage of the challenges of doing business in China and Microsoft’s Internet Explorer has received most of the blame for the security lapse.
Google Founders Larry Page and Sergey Brin
Amichai Shulman of the data security company Imperva in Israel has been paying close attention to the security breach and after first suggesting last week that the likely attack methods “were sending mail containing malware to Google employees” or “through a vulnerability in Google’s web servers” strongly questions a claim by McAfee that Internet Explorer had a major role in the attack.
Shulman’s skepticism is based on three main points. The first is that it is unlikely that Google employees would be using IE and not Chrome which is Google’s browser. The second is that the sophistication of the attack requires network and not browser vulnerabilities:
“To execute an attack this sophisticated, it likely occurred as a result of spear phishing Google employees to gain access to Google users credentials. A hacker would have to jump through many hoops inside an internal network. This requires network—not browser—vulnerabilities so that the attacker can communicate with malware inside Google’s internal network.”
Shulman’s third point is that despite the likeliness of the problem being network weaknesses, countries, including France and Germany, are now recommending that citizens use other browsers instead of Internet Explorer.
Considering these three points, Shulman asks the interesting question, “Could this be a clever way to boost Google Chrome downloads?”
Guardium and 9 Israel-related Headlines, Week of November 29, 2009
Filed under: Cleantech, Company Briefs, Data Storage, Environment, Information Technology, Mergers and Acquisitions, Uncategorized, cloud computing, data security
During the week of November 29, 2009 the biggest headline was IBM’s acquisition of database security and compliance company, Guardium. Dune was purchased by Broadcom and VMware is planning to double its workforce in Israel. For these stories and more, check below for this week’s 9 Israel-related headlines.
Cleantech
1. Capstone and Israel’s HelioFocus Get Grants To Fire Up Solar Powered Micro-Turbines
Investment
2. Broadcom To Acquire Dune For $178 Million
3. IBM buys database security firm Guardium
Information Technology
4. Thanks to Israel, ‘the Cloud’ will be safer
5. VMware doubles Israeli R&D workforce
5. Red Bend Software Named One of the Most Important Companies in M2M for 2010
Miscellaneous
7. Israeli firm Emblaze sues Apple claiming iPhone streaming ‘patent infringement’
8. Israeli tech firms are coming back home
Else and 9 Israel-related technology headlines, Week of November 22, 2009
Filed under: Cleantech, Company Briefs, Environment, Information Technology, Mergers and Acquisitions, Uncategorized, cloud computing, data security
During the week of November 22, 2009, Else, formerly Emblaze Mobile, revealed the first Linux-based smartphone. A possible iPhone killer, the device focuses on the user-experience first. SupportSpace announced it raised $10 million in funding and IBM acquired database security start-up, Guardium.For these stories and more, check below.
Cleantech
1. Preparing for Copenhagen: What can Israel expect?
2. US-Israel $3.3 m. energy cooperation
Investments and M&A
3. IBM to buy start-up Guardium for $225 million: report
4. SupportSpace Raises $10 Million Series B
Information Technology
5. Emblaze Mobile launch First Else Linux-based phone
6. Check Point Software focuses on virtualization and data centres
Miscellaneous
7. Six cities that beat the Big Apple?
8. Tonight in Tel Aviv: Twitter’s Biz Stone talks about the triumph of humanity
9. IBM wooed Guardium for almost a year
Smartphone security trends in 2010
Filed under: Data Storage, Internet Security, Mobile Web, Uncategorized, data security
Using their own independent studies, VeriSign and Israel-based Discertix both recently released the smartphone security trends they expect to see in 2010.
According to VeriSign CTO, Kenneth Silva, who recently spoke in Seoul about the likely mobile device threats in 2010,
“An attack on the mobile device operating system will affect the phone contacts, mobile banking log-ins and passwords and any other valuable information stored on the device”
Smartphone sales are expected to beat PC sales for the first time in 2011.
The opportunities for cyber criminals to penetrate mobile devices are the results of:
- More phone applications needing updates which can pose an opening for phishing scams
- An increase in jail broken phones, which compromises the operating system as an example.
Silva explains that these vulnerabilities can lead to “deliberate Denial of Service attacks, extortion, and corporate espionage as threats for 2010″ and has as such become a national priority for several countries including Israel, the U.S. and the U.K
Research by Discretix, an embedded security solutions company, indicates that smartphones already make up 25% of the market and might reach 40% market share in the next 5 years.
In addition to finding the same threats posed by applications and an open OS that VeriSign did, Discretix has also listed:
- Some of the new OSs (e.g. Android) are open source, missing the traditional safeguards and closed environment of other real time operating systems
- Also the devices are multi-use with massive storage capacity, moving data and applications freely between the enterprise and the home
Despite the seriousness of these threats, a survey conducted by security software firm Trend Micro that was released in August 2009 indicated that 44% of mobile phone users considered Web surfing on a smartphone to be “as safe, if not safer, than doing so on their PC” and “only 23 percent of smartphone owners use security software already installed on their smartphones.”
Discretix was one of the fastest growing Israeli companies in 2008 and 2009 according to Deloitte Brightman Almagor Zohar and will deliver Open Mobile Alliance DRM capabilities to HTC Windows Mobile and Google Android handsets.
IBM and 11 Israel-related Headlines, Week of September 6, 2009
Filed under: Advertising, Cleantech, Company Briefs, Environment, Uncategorized, cloud computing, data security, virtualization
During the week of September 6, 2009, IQWind was named a top 100 cleantech company and Tufin Technologies, among other security companies, found that phishing scams are increasing again with the end of summer. IBM Israel played a major role in developing SAPIR, a video and photo search technology that the company claims is better than the methods used by Google and Yahoo. For more on these stories and the rest of this week’s 11 technology headlines, see below.
Cleantech
1. Bechtel to Build Solar Plant in California
2. Israel-based SolarEdge looking for PV system partners in Taiwan
3. IQwind Ltd. Named a Global Cleantech 100Clean Technology Company
Information Technology
4. IBM, European Researchers Develop Multimedia Search Tool
5. As summer ends, phishing season is on the horizon
6. Behavioral Targeting Cozies Up To Video Ads
7. Xeround pushes database virtualisation as integration tool
8. Visual WebGui: Reaching for the top cloud
Miscellaneous
9. Did Israel’s Mossad snatch a Russian arms shipment to Iran?
11. Diagnosing lung cancer through a simple exhale
Tufin on the rise
Filed under: IT management, Information Technology, Software, Uncategorized, Video, data security
Tufin Technologies, which provides Security Lifecycle Management solutions, has really picked up steam since the beginning of the year. The company, which is five years old, has won three awards in recent weeks and recently attended the RSA conference (the largest infosec conference of its kind) in San Francisco, where the above video was recorded.
Last week it announced that its flagship product, SecureTrack, was named Best Enterprise Security Solution by SC Magazine UK, and received an honorable mention as the Best Security Management Solution.
According to Tufin’s Website,
“Tufin’s Security Lifecycle Management solutions automate policy management for leading firewall and networking vendors including Check Point Software, Juniper, Cisco, Fortinet, F5 and BlueCoat, resulting in more manageable, efficient and cost effective security operations. Its flagship product SecureTrack, helps security operations teams to control and manage policy changes, analyze risks, and ensure business continuity. With SecureTrack, managers easily understand the big picture and align operations with corporate and Government security standards.”
Tufin also made InformationWeek’s Startup 50 list of young companies recognized for delivering innovative, high value, enterprise ready solutions and was named best Security Lifecycle Management Solution by InfoSecurity Products Guide.
In addition to SecureTrack, the company offers SecureChange Workflow and the newly-released (at the RSA conference), Tufin Open Platform (TOP).
13 Israel-related headlines from the week of April 19, 2009
Filed under: Cleantech, Company Briefs, Environment, Information Technology, Uncategorized, VC, cloud computing, data security
During the week of April 19, 2009, sinkhole and solar farm technologies were hot topics in cleantech. In Information Technology, it was a big week for Israeli information security companies such as Check Point, AlgoSec, Commtouch and others, who were present at the annual RSA Conference on security. For links to these stories and more, you can find the 13 Israel-related headlines from the week of April 19, 2009 below.
Cleantech and Environment
1. We have the technology to monitor sinkholes
2. Israel solar farm to supply hot water
Investments and Economy
3. Israeli entrepreneurs see U.S. economy as early warning system
4. International credit crunch shifts Israeli business focus in China
5. VC crunch continues: BlueRun Ventures falls short of $300M target
Information Technology
6. Commtouch Unveils New Security Center Web Site
7. A conversation with Check Point’s Gil Schwed
8. Cryptography Experts Warn Of Cloud Security Risks
9. PeerTV announces MX 3.0 Content Management Tool
10. AlgoSec Releases FireFlow(TM) Into Public Availability
Miscellaneous
11. Israel Consults on Possible 3G Spectrum Auction
12. Most Israeli students stumped by high school math
Sentrigo Enters Database Vulnerability Assessment Market
Filed under: Data Storage, IT management, Partnerships, Uncategorized, Video, data security
Sentrigo, an Israel-based database security software company, announced last week that it has become the sole distributor of Repscan by Red-Database-Security, “the only 360-degree database vulnerability assessment and security scanning software available for Oracle databases.”
The move helps Sentrigo solidify its hold on the database security market by complementing its Hedgehog database activity monitoring software with software that monitors and identifies Oracle database weaknesses and vulnerablities. In specific, Repscan can “detect insecure PL/SQL code and forensic traces; database modifications; insecure system configuration settings; and weak, shared and default passwords.”
Some main Repscan features include:
- Report-driven penetration testing
- Altered data detection (privileged and user tables)
- Forensic trace discovery from common security and hacker tools
- Automatic conversion of the weaknesses found by Repscan into protection rules and policies in the Sentrigo Hedgehog Database Security Suite
According to Sentrigo’s website, Hedgehog Enterprise
“is for organizations that require breach prevention, end-user identification, virtual patching, integration with your existing security infrastructure, IT governance and operate with enterprise-wide database deployment.”
The software also
“provides full visibility into all database activity including local privileged access, protects the database in real-time with actionable alerts and prevention capabilities, and allows enterprises to enforce security policy and comply with regulatory requirements, such as PCI DSS, Sarbanes-Oxley, SAS 70 and HIPAA.”
As an aside, Oracle is currently in talks to purchase Sun Microsystems for over $7 billion and enter the hardware market.
10 Israeli infosec companies at the 2009 RSA Conference
Filed under: Data Storage, IT management, Industry pulse, Information Technology, Internet Security, Uncategorized, cloud computing, data security, virtualization
The 2009 RSA Conference kicked off yesterday in San Francisco. As the conference is the biggest annual information security one in the world and Israel is a leader in the field, several Israeli companies are present this year as sponsors, exhibitors, speakers and attendees. Some of the companies exhibiting and attending include:
- Check Point Software Technologies
- Tufin Technologies
- Safend, Inc
- Imperva
- Radware Inc
- Aladdin Knowledge Systems
- AlgoSec
- Cyber-Ark Software, Inc
- Promisec
- Commtouch
Hot topics expected to be discussed in depth throughout the conference are cloud computing security, conficker worm and the conflict between national security concerns online and the protection of citizen’s rights.
Though reports indicate that overall attendance at the conference this year is significantly lower than in previous years due to the state of the economy and companies cutting back, it is unclear how this has impacted participation and attendance among Israeli companies compared to past years.
Gartner names Varonis “Cool Vendor” for Risk Management and Compliance
Filed under: IT management, Information Technology, SOA Governance, Uncategorized, data security
Last month, Varonis Systems Inc., a data governance solutions provider, was selected as a “Cool Vendor” in the March 2009 “Cool Vendors in Risk Management and Compliance, 2009” report by research company, Gartner Inc.
According to Varonis’ announcement,
“Varonis’ Data Governance Suite provides IT administrators and data owners with the intelligence they need to control access to valuable business data by enabling complete visibility to all file and folder access. The software automatically builds permissions management workflow policies by generating recommendations about whose access to company data should be revoked or allowed, empowering data owners to sign off on access rights to their files and mitigate the risks of data misuse. Varonis allows organizations to ensure that data is only being accessed by those with business need – something that proves to be critical as companies increasingly seek data protection to prevent insider breaches or data loss.”
The news from earlier today about the MySpace data breach is a good reminder of how important and necessary data governance solutions such as what’s offered Varonis and other companies still are.
Company Facts
Founded in 2005.
R&D office in Herzliyya, Israel.
Yaki Faitelson, CEO and Co-Founder.
Ohad Korkus, VP of Engineering, CTO and Co-Founder.
Products: Varonis Data Governance Suite (Varonis DatAdvantage and Varonis DataPrivilege).
Website: www.varonis.com
Customers: Large financial institutions, health care services organizations as well as leading energy, technology and manufacturing firms. Specific customers include, DSM, CondeNast Publications, MoMA and SanDisk.
Share/Subscribe to II2
