|
The growing range of software and application threats and the need to adhere to regulatory controls has caused the volume of patches and software updates to increase. Organizations need to have software protection controls as part of their risk-management strategy. Facilities should include automated vulnerability detection and patch-management deployment to ensure that service delivery is addressed securely and efficiently. Secunia Corporate Software Inspector (CSI) incorporates these security-managemen…
Technology Audits - published 16/08/2010 - Andy Kellett, Karthik Balakrishnan
|
|
For file transfer, organizations have traditionally used FTP software, home-grown proprietary methods, and physical data exchanges using a CD/DVD. These mechanisms lack security, reliability, the ability to work within an automated process, and do not track data exchanges. Consequently a range of managed file-transfer products has appeared. At one end are the focused MFT products that support a specific type of interaction such as application-to-application or B2B. At the other end are MFT products capab…
Technology Audits - published 23/07/2010 - Graham Titterington, Karthik Balakrishnan
|
|
The use that is made of identity and access management (IAM) technology within the public and private sector is growing in line with the threat environment. Most organizations understand the need to maintain control over who is allowed to access their information assets. They recognize the negative impact that not having the proper identity management controls in place can have on the organization and its reputation. They also appreciate that industry regulators have the power to extract fines and impose…
White Papers - published 23/07/2010 - Andy Kellett
|
|
Collaboration between organizations requires them to exchange information regularly. This information is often of commercial value or a sensitive nature. Organizations need to be able to protect the information in transit, audit information flows, control how information is used by the recipient and, in some cases, revoke information access rights if the information appears to have been put at risk. These concerns can also apply to information flows within an organization.
Technology Audits - published 19/07/2010 - Graham Titterington, Karthik Balakrishnan
|
|
Provisioning the correct access rights for privileged users across growing and often complex operating environments is a time-consuming effort in its own right. Growth in the use of virtual servers and ever-changing business and compliance requirements, have made it even tougher for organizations to maintain effective control over privileged accounts and to manage user-access permissions. These issues are driving the requirement for privileged access-management solutions such as FoxT’s ServerControl prod…
Technology Audits - published 08/07/2010 - Andy Kellett, Karthik Balakrishnan
|
|
Losing data from unsecured laptops and other mobile devices is not acceptable. In the public sector, the impact of losing citizen or operationally secret data can be disastrous; for the private sector, it can lead to brand damage and financial loss. The use of software disk encryption helps to address many of the required protection issues, but even here the facilities need to be first class. Stonewood, and Eclypt range of hard-disk encryption devices, provides strong data protection that has little or n…
Technology Audits - published 23/06/2010 - Andy Kellett, Somak Roy
|
|
Fiserv is a leading player in the fraud-detection and AML sector. The company’s anti-fraud and compliance solutions are used by over three-quarters of the top banks in the US and Canada, by many of the leading banks in the UK and Ireland, and by all the leading Australian banks. The strength of its Financial Crime Risk Management platform is, in Ovum’s opinion, upheld by the breadth of the overall solution, and further product integration work is ongoing.
Technology Audits - published 23/06/2010 - Andy Kellett
|
|
The use of mobile devices to interact with financial, government, and commercial systems is still limited, but is about to see significant large-scale growth. The demand is coming from the business and user communities and is being driven by the functional capabilities of the mobile devices, ease of use for users, and cost benefits to business. There is tough competition among service providers in the banking sector to provide better authentication and customer management solutions for their online, phon…
Technology Audits - published 11/06/2010 - Andy Kellett, Karthik Balakrishnan, Nishant Singh
|
|
The identity and access management market is highly competitive, as one would expect from a sector that includes large IAM and infrastructure providers such as Oracle, Sun, IBM, and CA. In response, Entrust provides an impressive portfolio of identity-based authentication, access control, and user protection products.
The latest releases of the Entrust IdentityGuard, GetAccess, and TransactionGuard platforms provide an extensive and integrated range of identity management, risk-based authentication, acc…
Technology Audits - published 08/06/2010 - Andy Kellett, Karthik Balakrishnan, Nishant Singh
|
|
Software change and configuration management (SCCM) processes are inextricably linked to the business of software development, insofar as even the smallest of development shops require and have deployed SCCM tools in their environments. The ability to effectively manage change across the development lifecycle has a significant impact on the outcome of development projects. AccuRev SCM can offer:
Technology Audits - published 27/05/2010 - Chandranshu Singh, Michael Azoff
|
|
The identity and access management function faces a number of challenges. Most large enterprises have deployed many packaged and homegrown applications that have their own access management components (with their own role definition and entitlements) and possibly an overarching provisioning system.
Technology Audits - published 27/05/2010 - Graham Titterington, Somak Roy
|
|
Evidian IAM Suite (version 8) is a fully featured identity and access management offering. Its core components cover the key user and systems control areas of role management, identity management, and access management. Within the solution, Evidian adopts a workflow-driven, policy-based approach to address how its identity-centric access control facilities are delivered. It then continues to retain all elements of user and usage control as the requirement extends to managing federated relationships with …
Technology Audits - published 27/05/2010 - Andy Kellett
|
|
McAfee DLP 9 is the latest release of the company’s unified data loss prevention (DLP) solution. The product covers the key data control and management areas of discovery, monitoring, and protection, and is deployed to protect confidential data wherever it is located or stored. The strength of the solution is in its ability to work with data on corporate networks, in transit, and on central storage systems and endpoint devices. This is a fully featured DLP product suitable for both public and private-sec…
Technology Audits - published 20/05/2010 - Andy Kellett
|
|
ZL Unified Archive from ZL Technologies is an integrated archive facility that is capable of managing both structured and unstructured data. The product is designed to operate as a fully-functional content management platform. It is a highly-scalable, platform agnostic, data collection and management repository that has the capacity to address the data storage, records management, electronic discovery and regulatory compliance needs of very large organizations. At the core of the solution is ZL Technolog…
Technology Audits - published 22/04/2010 - Andy Kellett
|
|
Enterprise IT security functions have traditionally used several separately purchased stand-alone threat-prevention and remediation applications. This makes management an expensive and resource-intensive task. Fortinet’s FortiGate UTM appliance cuts this cost by providing a tightly integrated portfolio of gateway security functions configured and managed through a single management console.
Technology Audits - published 22/04/2010 - Graham Titterington, Karthik Balakrishnan, Nishant Singh
|
|
Mail-SeCure is an email-protection and management product that is suitable for organizations of all sizes. Its perimeter security engines focus on the identification and removal of email-related threats. As well as the expected anti-spam and anti-virus filters, Mail-SeCure uses a credibility-of-source approach to the front-end removal of spam and associated malware threats and also addresses the need for outbound data protection.
Technology Audits - published 15/04/2010 - Andy Kellett
|
|
Imperva’s SecureSphere Data Security Suite combines web and database security to provide a comprehensive risk-management framework that defines and controls external and internal user and application access protection while continuously monitoring and auditing the infrastructure for violations. SecureSphere Data Security Suite brings together a portfolio of Imperva products including its SecureSphere web application firewall (WAF), its SecureSphere database firewalls, its database-discovery and assessmen…
Technology Audits - published 12/04/2010 - Andy Kellett, Karthik Balakrishnan, Nishant Singh
|
|
AppGate with its Security Server solution is a focused enterprise-protection provider in the application gateway security marketplace, which is becoming a growing and dynamic sector. The company’s approach to protecting business assets is to ensure that only authorized users are allowed access to corporate applications and their content. Ovum believes that AppGate’s approach, though to some extent one-dimensional, is more streamlined than many of its competitors and represents a corporate-protection appr…
Technology Audits - published 08/04/2010 - Andy Kellett, Karthik Balakrishnan, Nishant Singh
|
|
M86 Security is an established global provider of secure email and Web-protection solutions. The company’s core product portfolio, which includes Secure Web Gateway Appliance, WebMarshal, and MailMarshal, was significantly strengthened by M86’s March 2009 purchase of Avinti (advanced behaviour-based malware detection) and most recently through its high-profile acquisition of Finjan (enterprise-level secure Web gateway protection). Using its extended product set, M86 Security is able to correlate and prov…
Technology Audits - published 26/02/2010 - Andy Kellett
|
|
IronKey Enterprise is a secure, encryption-based management solution for the protection of data that is copied to USB flash drives. Operating as removable storage devices, IronKey secure USB drives serve as encrypted repositories for passwords and the data that they protect. In operational use, IronKey Enterprise provides a number of security features that make it virtually impossible for a user to unlock and decrypt a device that they are not authorised to use. The product is FIPS 140-2 Level 3 complian…
Technology Audits - published 26/02/2010 - Andy Kellett, Karthik Balakrishnan, Somak Roy
|
|
Safend Data Protection Suite (DPS) from Safend is a well-integrated portfolio of endpoint security products designed to protect organisations’ confidential information from loss or theft by monitoring, detecting, and restricting data transfers to or from Windows-based computers. All digital files are prone to loss or theft as a result of either benign or malignant behaviour, but facilities within successive Microsoft operating systems lack granularity and operational flexibility, leading organisations to…
Technology Audits - published 01/02/2010 - Alan Rodger, Richard Edwards
|
|
SailPoint IdentityIQ is a risk-based identity-governance solution for managing user access to critical business systems and the data that they contain. Its distinctive risk-based approach addresses regulatory compliance issues and streamlines role and access management processes. Using a single-repository approach, IdentityIQ consolidates all identity and access data into a single location, and also delivers extensive reporting services that are tailored to meet the needs of business users. Associated ca…
Technology Audits - published 21/01/2010 - Somak Roy
|
|
EventTracker, from Prism Microsystems, is a software solution that combines log, change, and event management in a single product that provides log collection, event analysis, some remediation, archival, and reporting covering server and network elements, as well as some desktop activity monitoring. Its data correlation engine enables real-time monitoring and rule-based alerting of events to IT administrators and users. Ovum is particularly impressed with the reporting features, which include pre-built, …
Technology Audits - published 21/01/2010 - Alan Rodger, Karthik Balakrishnan, Somak Roy
|
|
The Aveksa Access Governance Platform, which comprises of Aveksa Compliance Manager, Aveksa Role Manager, and Aveksa Access Request and Change Manager, is an access control automation and management solution that focuses on delivering a business as well as a process-centric approach to controlling and managing access to corporate information resources. The product set is tasked with improving the way that organisations deliver and manage user access. It achieves this by bringing together and maintaining …
Technology Audits - published 04/01/2010 - Andy Kellett
|
|
IBM Data Security Services (DSS) utilises technologies from Fidelis Security Systems (for network Data Loss Prevention or DLP) and Verdasys (for endpoint DLP), in conjunction with advisory, implementation, and ongoing management services to deliver an integrated network and endpoint data loss prevention solution. Fidelis XPS enables monitoring of all network ports and internal traffic for sensitive data, and the solution’s policy engine allows organisations to implement granular policies governing the tr…
Technology Audits - published 14/12/2009 - Alan Rodger
|
