全球領先MSSP(安全委外營運服務供應商),一致選用IMPERVA解決方案提供服務

    近日三大全球領先安全委外營運服務供應商,包括:Savvis, VeriSign, SecureWorks陸續發表使用Imperva SecureSphere WAF網站應用程式防火牆,來保護該公司之客戶所代管之系統,並協助保護包括敏感性金融資料、人事資料、以及客戶信用卡資料。

服務包括:

O 定義並防護攻擊:提供動態白名單以及持續更新的特徵碼服務
O 監控應用系統行為:提供潛在攻擊事件分析以及多重攻擊事件分析
O 網站結構模型:使用Imperva Dynamic Profiling提供客戶網站運作結構服務
O 追蹤敏感性資料:協助定義敏感性資料,並追蹤是否有如卡號等資料外洩
O 提供客戶客製化報表
O 協助客戶通過PCI DSS規範
O 以月費方式涵擴所有服務費用

『網站應用系統是被攻擊增長最快速的類型』SecureWorks產品管理協理認為:『從我們超過兩千個客戶的狀況來分析,80%的攻擊事件是針對網站應用系統而來,所以我們提供最新的網站應用程式防火牆技術,有效保護我們的客戶防範包括SQL Injection, XSS, Session Hijacking等攻擊』
Imperva以其榮獲各項大獎、完整的報表系統、持續不斷更新之技術、以及不影響在線系統的架構及運作等優勢下,滿足所有客戶對於網站應用程式防火牆的需求,詳細產品訊息,請與亞利安科技聯絡。
廠商:亞利安科技,電話:(02)27992800。

雲端運算服務廠商Savvis使用IMPERVA Secure Sphere WAF提供服務

Savvis Locks Down the Cloud for the Enterprise

SAN FRANCISCO–(BUSINESS WIRE)–Building on the recent launch of its Cloud Compute solution, Savvis, Inc. (NASDAQ: SVVS – News), a global leader in outsourced managed computing and network infrastructure for IT applications, today announced a new addition to its flagship Cloud Compute and Virtualized Utility Compute offerings – the Savvis Managed Web Application Firewall (WAF) Service.

* he new service addresses the many challenges associated with securing virtualized web applications commonly used within global enterprises’ cloud computing environments.
* Savvis’ WAF service provides protection against Internet-based malware infection, a significant threat to web commerce. Recent studies indicate that a majority of all web-based malware is found on legitimate websites that have been compromised. Savvis’ WAF Service is specifically designed to mitigate these threats. It is available for individual enterprises and sits in front of the Savvis Cloud computing environment.
* Today’s announcement underscores Savvis’ commitment to delivering enterprise-class cloud computing solutions and supporting mission-critical business applications for many of the world’s top companies, including 40 of the top 100 companies on the Fortune 500.

Quotes

“As security vulnerabilities and threats proliferate, organizations are increasingly looking for innovative security solutions that will enable them to adapt to new emerging technology solutions and protect their online applications to prevent data loss and help them meet their regulatory requirements,” said Irida Xheneti, Security Services Research Analyst at IDC.

“In today’s evolving business landscape and changing economic environment, enterprise customers are increasingly looking for new ways to optimize their IT infrastructure spend,” said Chris Richter, Vice President of Security Services for Savvis. “Cloud computing solutions offer some very compelling cost benefits and are paving the way for an entirely new generation of data centers, but companies also demand solutions for keeping their data secure. The Managed WAF Service is a significant addition to our portfolio of security offerings for our cloud computing platform.”

Savvis WAF service details

Savvis’ Web Application Firewall Service leverages Imperva’sc leading SecureSpherec technology. Designed to help organizations protect sensitive financial, human resources and customer credit card data from application-based attacks, the service can:

* Accurately detect and block malicious web requests. The service combines a dynamic white list policy model with up-to-date application signatures, session tracking and correlation rules for precise attack detection.
* Monitor application activity and notify customers of potential attack activity. Imperva’s Correlated Attack Validation technology can correlate violations across security layers and over time to accurately identify the most complex attacks.
* Automatically learn the structure, elements, and expected usage of protected applications through Imperva’s Dynamic Profiling technology.
* Help prevent data leakage – SecureSphere can inspect outbound traffic to identify possible leaks of sensitive data such as cardholder data and social security numbers.
* Provide robust reporting of web application firewall activity through Savvis’ SavvisStation web-based management portal.
* Provide customers with a tool that helps them address their Payment Card Industry (PCI) Data Security Standard (DSS) obligations, including requirement 6.6, which mandates that companies must either deploy a web application firewall, or follow a methodology that involves regular application-vulnerability assessments and remediation, for their public-facing web applications.
* Bundle hardware and maintenance costs into an all-inclusive monthly service.

About Savvis Cloud Compute

Savvis Cloud Compute is a new virtual data center hosting and private cloud computing solution providing enterprises with an opportunity to minimize costs and increase business efficiencies without sacrificing security or performance. With an advanced customer portal, Savvis Cloud Compute gives customers the ability to purchase fractional compute resources on demand by the “instance” for a “right-sized computing” fit with flexible month-to-month business terms. This is especially important for enterprises that have substantial fluctuations in web traffic and computing requirements.

About Savvis

Savvis, Inc. (NASDAQ:SVVS – News) is an outsourcing provider of managed computing and network infrastructure for IT applications. By outsourcing to Savvis, enterprises can focus on their core business while Savvis ensures the quality of their IT infrastructure. Leading IT organizations around the world select Savvis to help them improve their service levels, reduce capital expense and deal with the rising costs of bandwidth, energy, real estate, staff and expertise. As a pioneer in utility computing, Savvis understands and harnesses the latest advances in technology like virtualization, cloud computing and support process automation. For more information about Savvis, visit www.savvis.net

Savvis Forward-Looking Statements

This document may contain forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Actual results may differ materially from Savvis’ expectations. Certain factors that could affect actual results are set forth as risk factors in Savvis’ SEC reports and filings, including its annual report on Form 10-K and all subsequent filings as well as the risk that potential product cost and performance benefits may not be realized for any particular customer. Savvis assumes no obligation to update or supplement forward-looking statements.

資料來源:Yahoo

加密是確保安全的最佳良方

一套完整的加密系統,並不像一般人想像的那麼容易,「事實上,我們每個專案都是5年以上長期的專案,」Thales資訊安全部東北亞區總經理朱偉年表示:

「加解密設備並不是放著就可以,後續還有軟硬體更新維護等問題,因此為了確保安全性,多半都會以長期專案進行。」
密碼學是一門專業學問,密碼專家與駭客間的鬥法是無止盡的,因此需要不斷編撰設計新的演算法與密碼本,才能夠抵擋各式各樣試圖破解密碼的方式。
也因為此項資安解決方案的特殊性,讓大多數企業在導入加密解決方案時,會傾向以委外方式,不過這也會引起另一種疑慮:加密委外安全嗎?便有政府官員認為臺灣應該發展自己的加解密技術,以確保自身資安系統的安全性。
「這項疑慮是許多人共有的想法,」朱偉年認為,「特別是牽涉到可以直接接觸機密資料的解決方案,更是會讓人擔心委外時可能的風險。」資安廠商最難的就是如何建立企業對該產品或解決方案的信心,不但需要長時間的努力,還需要更多成果呈現,才能讓越來越多企業瞭解並接受。

加密還需硬體搭配以發揮成效
加密的方式分為硬體加密與軟體加密,但許多人會認為硬體加密價格較高,且後續維護較為麻煩,為了成本與管理上的便利性,有許多企業會選擇軟體式加密。
無論如何,加密是一定要靠軟體運算及比對才能執行成功,那為什麼又需要有硬體式加密設備呢?「這是基於3點原因考量,」朱偉年回答:「首要要求就是效能、依次則為穩定性與安全性。」
硬體式加密設備是經過特殊設計的架構,因此能夠全力發揮加解密的效能,效能自然比軟體更高;而專屬硬體則可以減少因為零組件失靈而導致的故障發生,讓穩定性更高;最後就是經過特別設計的安全外殼,可以避免外力入侵甚至破壞,確保內藏的加密晶片與諸多資料的安全性,朱偉年也舉例,「部分客戶有特殊要求,甚至會在非法破壞外殼時,自動銷毀內部資訊!」
而過去硬體式設備在更新時,必須要連同更換內部加密晶片,才能達到升級的功效。「一個人提著一個鐵製的公事包,而公事包直接鎖在手腕上,藉此確保運送過程的安全,這就是一般人對硬體式加密設備在維護時的印象,」朱偉年解釋,「但Thales的硬體式加密設備 (HSM)已經突破這點限制,能用更方便且安全的方式更新維護。」
現在Thales新一代的硬體式加密設備,已經不需要專人長途跋涉以更換內部晶片,藉由身分認證與設備認證的雙重保障,以及新的晶片設計,可以讓用戶透過集中管理機制,從遠端派送各種軟體更新套件,不需要更換內部晶片,也能夠讓設備隨時保持在最安全的狀態。「對於某些需要定期更新加密金鑰的產業而言,這樣的更新方式可以大幅縮短所需的時間,同時節省人力與經費,」朱偉年表示,「提供集中管理機制,更能夠讓企業充分掌握各項設備的狀態,以最短的時間處理各項設備狀況。」

法律規範會影響資安架構
在資訊安全領域中的技術已經達到成熟階段,各項新的資安技術只是讓強度更高、效能更好,但是要如何規劃資安架構並解決問題,這並不是技術所能夠解決的。「技術在某方面而言,只能解決資安問題中的一小部分,」朱偉年認為,「其實對於資安相關廠商來說,更重要的是在該領域所會發生的問題及經驗。」
一家好的資安廠商,除了推出良好的資安設備之外,同時應該還要有良好的經驗為輔。「經驗與技術其實是相輔相成的,」朱偉民表示,「沒有好的經驗,就沒辦法將技術發展到最佳狀態;而有好的技術卻沒有經驗,就沒有辦法規劃出最佳的解決方案。」特別是高度要求架構完整性的資訊安全解決方案而言,有任何一點小疏失都有可能造成大災難。
不過除了經驗之外,法律規範也是影響資訊安全的一大主因。「國際上逐漸重視資料外洩方面的法律規範,」朱偉年表示,「像是美國、日本或歐洲國家,都對於資料外洩及內部管控等方面訂定相關規則,促使企業正視因為資料外洩引起的各項企業危機。」
但在臺灣,由於法律規範的部分欠缺,導致企業並不會太積極主動去瞭解並面對相關問題。「事實上光靠設備並不足夠,」朱偉民認為,「除了設備本身的功能之外,設備的管理與維護也相當重要,但更重要的是人的使用態度。如果以不當或是隨意的態度使用這些產品,再好的產品也沒辦法避免資安危機。」

感謝超過70%的金融客戶使用 Thales HSM

全球最大安全技術提供商Thales e-Security,透過內建之交易指令,滿足金融交易HSM所有需求,獨立加密器硬體作業,真正的亂碼化設備規格:

    * Visa/MasterCard/AE信用卡發卡/收單/驗證預設規格
    * EMV 3.1.1, EMV 4.0, EMV 4.1完全符合標準
    * ATM, POS, EFTPOS, Corporate banking, card issuing, funds transfer, stock/share trading交易
    * 完全支援FISC一代、二代金融卡
    * RSA Public Key Support
    * Europay Security Platform
    * TR-31 Key Management
    * 加密器本身Ethernet/Async/SNA/ESCON介面支援
    * 真正跨所有主機平台架構

IMPERVA與全球領先弱點掃描廠商整合以保護網站應用系統

網站應用系統之安全風險及程式修補時程一直技術人員最苦惱的問題。全球網路應用程式防火牆(Web Application Firewall)領導廠商IMPERVA,以其榮獲多項國際大獎之WAF產品線,透過其OpenSphere整合技術,與全球各領先弱點掃描系統進行合作,可將弱點掃瞄系統之分析報告,直接整合於 IMPERVA WAF 政策管理中,在第一時間由 IMPERVA WAF 負責防禦伺服器被發現之漏洞,完美保護貴公司之網站應用系統安全,並符合國際規範PCI中之要求。

目前已發表與四家廠商完成整合工作,並在未來將陸續發表各合作夥伴之名單:

  • HP SPI WebInspect
  • IBM Watchfire AppScan
  • Cenzic Hailstorm
  • NT OBJECTives NTOSpider

亞利安科技與國內各弱點掃瞄服務廠商進行合作,以延伸客戶對於網站應用程式安全的要求,詳細合作訊息,請與亞利安科技聯絡