MediaFirst PR - Atlanta - InfoSec

Gideon Technologies’ SecureFusion Named PCI Compliance Hot Product by EverythingChannel & ChannelWeb

Mon, 30 Nov 2009 06:00:00 +0000

Atlanta, GA — November 30, 2009 — Gideon Technologies, the leading provider of information security solutions that help automate, prioritize, and measure IT risk against policy and compliance objectives, announces being named a Top 20 Hot Compliance Product by EverythingChannel and ChannelWeb. Gideon was selected because customers can quickly and easily validate security and compliance with Graham Leach Bliley (GLB), Federal Reserve, Sarbanes-Oxley (SOX), and Payment Card Industry (PCI) regulations, and other standards required for banks and financial service providers.

According to ChannelWeb, “As if they needed more stress, organizations of all sizes are facing regularly evolving and increasingly stringent compliance regulations from the Payment Card Industry, as well as Sarbanes-Oxley, HIPAA and others. These security compliance products are on the ‘Hot List’ because they can make the audit process a little less excruciating.”

“We are pleased to be named a ‘Hot PCI Compliance Product’ by EverythingChannel and ChannelWeb,” said Ken Halley, CEO and co-founder, Gideon Technologies. “SecureFusion simplifies and integrates network discovery, baseline configuration management, vulnerability management, and enables continuous monitoring and reporting for enterprise risks and regulatory PCI compliance. Multiple financial institutions use SecureFusion to validate compliance, gain efficiency, and manage risk.”

SecureFusion collects independent measurements of all network nodes - workstations, servers and network devices - assets for a comparison against IT policy. Both vulnerability and configuration management processes are built on a foundation of accurate network discovery and IT visibility. SecureFusion discovery capabilities provide continuous monitoring of the entire enterprise IT footprint to ensure that all IT assets -- including rogue networks and hosts -- are incorporated into the process.

“Many of our banking and finance customers were using multiple solutions and platforms for IT security before implementing our solution, which made enterprise-wide reporting extremely difficult,” add Halley. “The lack of an easy-to-use, comprehensive solution for asset discovery, vulnerability management, and configuration management proved a considerable drain on IT resources. SecureFusion gives them the ability to continuously visualize all IT assets, prioritize risk accordingly, and measure remediation efforts for a complete, accurate, and repeatable risk assessment process.”

About Gideon Technologies

Gideon Technologies develops network security and compliance solutions that give a clear view into IT assets and risk.

SecureFusion™ provides real-time visualization of every network-attached asset along with risk profile, enabling metrics and prioritization for remediation or mitigation. The solution provides private and public sector organizations with actionable data to compare against corporate and government standards or guidelines. SecureFusion has been validated by leading standards bodies, such as NIST, the National Institute of Standards & Technology, which establishes guidelines and checklists for the security configuration of operating systems and applications, such as the Federal Desktop Core Configuration (FDCC). SecureFusion has been validated for FDCC scanning and additional Secure Content Automation Protocol (SCAP) capabilities, establishing SecureFusion™ as the leading standards-based platform for supporting enterprise IT Governance Risk and Compliance (GRC) initiatives.

The SecureFusion suite is comprised of integrated modules for Asset Discovery, Configuration Management, Policy Management, and Vulnerability Management that feed data into the SecureFusion Portal, a service-oriented architecture (SOA) interface to identify, manage, and measure information security (infosec) risks. Gideon Technologies also offers External Perimeter Monitoring Service for continuous security monitoring of an organization's Internet points-of-presence and Internet-accessible systems.

For more information, please find us on the Web at http://www.GideonTechnologies.com, by telephone at (678) 317-4300, or via email: sales@gideontechnologies.com.

“Know your assets. Know your risk.”

###

Gideon Technologies’ SecureFusion Selected for Government-Wide Acquisition of IT Security Solutions via GSA SmartBUY Program Award

Tue, 21 Jul 2009 20:22:44 +0000

http://xmlns.com/foaf/0.1/" rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" user="http://mediafirst.net/rdf/schema/user#" vocabulary="http://mediafirst.net/rdf/schema/vocabulary#">SecureFusion, NIST SCAP Validated, Chosen for Situational Awareness and Incident Response Contract Award Atlanta, GA — June 15, 2009 — Gideon Technologies, the leading provider of information security solutions that help prioritize and measure IT risk against policy and compliance objectives, announces that its flagship product, SecureFusion™, has been selected as one of the preferred information security solutions for the General Services Administration (GSA) SmartBUY initiative in partnership with the Department of Homeland Security (DHS). DHS managed the Information Systems Security (ISS) LOB (Line of Business) Interagency Working Group, which developed the underlying requirements for the security tools/products for Situational Awareness and Incident Response (SAIR). Gideon Technologies’ SecureFusion has been selected for all three available functional categories under SAIR, namely Baseline Configuration Management, Network Mapping/Discovery, and Vulnerability Scanning and Assessment. “SecureFusion cost effectively and efficiently helps government agencies automate and meet cyber-security and IT compliance mandates that protect the government’s information against an ever-increasing amount of security breaches and threats,” said Ken Halley, CEO of Gideon Technologies. “Our proven track record of providing vulnerability assessments, security policy management, and configuration management has been demonstrated by our ongoing work with numerous government agencies, including recent deployments at the U.S. Department of Health and Human Services (HHS), U.S. Department of Treasury, and other public sector enterprises. SecureFusion offers unparalleled discovery, continuous monitoring, assessment of all IT assets for ensuring compliance, improving situational awareness, and demonstrating best security practices.” “Security professionals in the federal and public sector markets must have a holistic view of their IT assets and understand the importance of each IT resource, and its security posture in real time so they can fully assess the threats they face and the impact a security event would have,” said Kevin Lancaster, Managing Partner, The Winvale Group. “SecureFusion exceeds at these requirements, plus it has been validated through NIST’s VNVLAP Validation program as Secure Content Automation Protocol (SCAP) Validated for numerous capabilities, which is a major benefit for helping government entities automate and achieve compliance with the Federal Desktop Core Configuration (FDCC) OMB mandate.” SecureFusion provides a platform for network & host discovery, host and network configuration auditing and continuous monitoring, as well as vulnerability scanning. National Institute of Standards and Technology (NIST) SCAP validated, SecureFusion discovers every asset connected to the network, scans systems for compliance with baseline configuration standards and vulnerabilities, and provides a centralized portal for continuous measurement and reporting. SecureFusion will be made available to all U.S. Executive Agencies, including the Department of Defense (DoD), authorized state and local government entities, and authorized contractors under a 5-year SmartBUY Blanket Purchase Agreement (BPA) made with The Winvale Group. The Winvale Group, a leading government consultancy based in Washington, DC, will expedite the purchase, acquisition, and implementation of SecureFusion throughout government entities utilizing the SmartBUY agreement. SecureFusion performs configuration checks on the system required to implement the Federal Desktop Core Configuration (FDCC) and/or NIST SP 800-53 standards for the desktop, servers, and other network components as mandated by the Office of Management and Budgets (OMB). SecureFusion uses the Secure Content Automation Protocol (SCAP) to enable automated network/asset discovery and inventory, configuration management, vulnerability management, and policy compliance evaluation in accordance with these standards, streamlining security operations and protecting investments. This SmartBUY award for SCAP-validated tools supports OMB’s policy memoranda M-07-18 Ensuring New Acquisitions Include Common Security Configurations, M-08-05 Implementation of Trusted Internet Connections (TIC), and M-08-22 Guidance on FDCC. About Gideon Technologies Gideon Technologies develops network security and compliance solutions that give a clear view into IT assets and risk. SecureFusion™ provides real-time visualization of every network-attached asset along with risk profile, enabling metrics and prioritization for remediation or mitigation. The solution provides private and public sector organizations with actionable data to compare against corporate and government standards or guidelines. SecureFusion has been validated by leading standards bodies, such as NIST, the National Institute of Standards & Technology, which establishes guidelines and checklists for the security configuration of operating systems and applications, such as the Federal Desktop Core Configuration (FDCC). SecureFusion has been validated for FDCC scanning and additional Secure Content Automation Protocol (SCAP) capabilities, establishing SecureFusion™ as the leading standards-based platform for supporting enterprise IT Governance Risk and Compliance (GRC) initiatives. The SecureFusion suite is comprised of integrated modules for Asset Discovery, Configuration Management, Policy Management, and Vulnerability Management that feed data into the SecureFusion Portal, a service-oriented architecture (SOA) interface to identify, manage, and measure information security (infosec) risks. Gideon Technologies also offers External Perimeter Monitoring Service for continuous security monitoring of an organization's Internet points-of-presence and Internet-accessible systems. For more information, please find us on the Web at http://www.GideonTechnologies.com, by telephone at (678) 317-4300, or via email: fedsales@gideontechnologies.com. “Know your assets. Know your risk.” About The Winvale Group The Winvale Group partners with technology manufacturers in effort to bring its public sector clients best-in-class technology solutions. Located on Pennsylvania Avenue in the heart of Washington DC, The Winvale Group is one of the nation’s fastest growing information technology solution providers in the United States. Supporting this assertion is Winvale’s recent recognition as one of the “Top 100 Companies in Washington DC” by Inc. Magazine and its selection as one of the “Five on Fire” by SmartCEO Magazine for both 2008 and 2009. The Winvale Group's value-added reseller services are designed to help you reach government customers quickly by allowing you to place your products and services on our existing procurement vehicles. In most cases we can have you up and running on our procurement vehicles in a matter of weeks. Winvale currently holds the following GSA Schedule Contracts: Schedule 70- Information Technology, Schedule 84- Total Solutions for Law Enforcement, Schedule 58I- Professional Audio & Visual. For more information, please visit us on the web at http://www.winvale.com, by telephone at (202) 296-5505, or via email: sales@winvale.com ###

Information Security Magazine

Sun, 01 Mar 2009 17:59:09 +0000

PBS&J Selects Gideon Technologies' SecureFusion(TM) To Establish Comprehensive Information Security Program

jimcaruso — Wed, 25 Feb 2009 05:00:00 +0000

http://xmlns.com/foaf/0.1/" rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" user="http://mediafirst.net/rdf/schema/user#" vocabulary="http://mediafirst.net/rdf/schema/vocabulary#">E-Discovery Process Eliminates Rogue Assets & Improves Visibility

ATLANTA, GA -- February 25, 2009 -- Gideon Technologies, the leading provider of information security solutions that help you prioritize and measure IT risk against policy and compliance objectives, announces that PBS&J, an architecture/engineering/construction firm, recently selected SecureFusion(TM) to build a solid information security program for the company. SecureFusion was used to assess the current enterprise security landscape, reduce rogue assets, maintain an approved applications list, and manage configuration standards and security policies.

"When I started at PBS&J, I was charged with building a comprehensive information security program, but before I could begin, I needed a complete and current picture of the network," said Devon Chalmers, technology operation security director at PBS&J. "Having successfully deployed SecureFusion at a previous position in a large regional bank, I was positive it would deliver accurate and continuous asset discovery, vulnerability, configuration, and policy management. SecureFusion helped us visualize the enterprise IT landscape, manage vulnerability remediation, and capture configuration details for all assets."

"As any Chief Information Security Officer knows within most companies there are diverse network environments, lack of complete visibility, and discrete teams within IT that complicate the e-discovery process," said Kenneth Halley, CEO of Gideon Technologies. "SecureFusion establishes sound policy, corrects outstanding issues, and reduces overall risk."

The SecureFusion software suite consists of asset discovery and vulnerability, configuration, and policy management capabilities. It continuously visualizes all IT assets, prioritizes risk, and measures remediation efforts for the most complete and accurate risk assessment process. SecureFusion presents an executive dashboard with a single view of IT risk metrics that includes prioritization and workflow as well as dynamic, comprehensive reporting.

Using SecureFusion's continuous discovery scanning process, PBS&J quickly found rogue assets on the network, various pieces of unknown hardware, and captured all applications installed on each computer, giving the firm a solid starting point for building their IT security program. Each of the 10,000 applications were reviewed and categorized. All non-approved applications were also categorized, enabling automatic and continuous review of the environment against rogue applications for rapid remediation of associated security and licensing risks.

PBS&J maintains mobile business units used at a moment's notice in the wake of natural disasters and other emergencies. The company's anytime, anywhere service capability keeps the network in flux and requires extra vigilance on the part of IT security. SecureFusion notifies the team when a mobile office site with network access is set up, ensuring that security policies are maintained despite a constantly shifting perimeter.

SecureFusion's vulnerability and configuration management functions provide a continuous auditing process for measuring and ensuring compliance with security standards. The centralized, service-oriented architecture (SOA)-based SecureFusion Portal contains all of PBS&J's IT asset and configuration data, making it easily accessible by different groups. The portal view can be altered by departmental role, so that security teams readily find vulnerability information, while network operations can focus on asset configuration details. "With SecureFusion, we have been able to build efficiencies, streamline processes, and meet the company's growth initiatives in a secure manner," added Devon Chalmers.

About Gideon Technologies

Gideon Technologies develops network security and compliance solutions that give a clear view into IT assets and risk. SecureFusion(TM) provides real-time visualization of every network-attached asset along with risk profile, enabling metrics and prioritization for remediation or mitigation. The solution provides private and public sector organizations with actionable data to compare against corporate and government standards or guidelines. Secure Fusion(TM) has been validated by leading standards bodies, such as NIST, the National Institute of Standards & Technology, which establishes guidelines and checklists for the security configuration of operating systems and applications, such as the Federal Desktop Core Configuration (FDCC). SecureFusion(TM) has been validated for FDCC scanning and additional Secure Content Automation Protocol (SCAP) capabilities, establishing SecureFusion(TM) as the leading standards-based platform for supporting enterprise IT Governance Risk and Compliance (GRC) initiatives. The SecureFusion suite is comprised of integrated modules for Asset Discovery, Vulnerability Management, Configuration Management, and Policy Management that feed data into the SecureFusion Portal, a service-oriented architecture (SOA) interface to identify, manage, and measure information security (infosec) risks. Gideon Technologies also offers External Perimeter Monitoring Service for continuous security monitoring of an organization's Internet points-of-presence and Internet-accessible systems. For more information, please find us on the Web at http://www.GideonTechnologies.com or by telephone at (770) 783-5270. "Know your assets. Know your risk."

Attrition.org Data Loss Archive and Database (DLDOS) Should Scare Anyone

jimcaruso — Tue, 13 Mar 2007 04:00:00 +0000

Breaches of personal privacy and infomation loss are well documented and archived at Attrition.org Data Loss Archive and Database (DLDOS) at http://attrition.org/dataloss/. I mentioned this in a recent post, but it deserves its own. ----- URL: http://attrition.org/dataloss/

Performance Implications of Whole Disk Encryption

jimcaruso — Tue, 13 Mar 2007 04:00:00 +0000

Recently, the Inforwarrior list sent me a notice of Seagate announcing a hard disk that offers full-time, whole disk encryption. For the right need, this seems a solid product that will perform better than software encryption. Here (2nd URL) is another article on that device.

I've always been concerned with rapid response time, so the current rush to encryption may cause it to be overused, with negative performance implications for most users.

This (3rd URL) article is solid in covering encryption and notes well the performance hit. So much personal information has been carelessly lost and stored on laptops against company or government policy that it is beyond my comprehension that managements, regulators, and lawmakers have not taken effective action.

Then I find an article entitled "Laptop Encryption: Compliance without sacrificing performance, now that’s magic!" that is without merit.

This wasn't supposed to be about breaches of personal privacy and information loss, but here is the one, Attrition.org Data Loss Archive and Database (DLDOS) at http://attrition.org/dataloss/ ----- URL: http://news.com.com/Seagate+ships+hard+drives+with+encryption/2100-1029_3-61 66180.html ----- URL: http://www.crn.com/it-channel/196513300 ----- URL: http://searchstorage.techtarget.com/originalContent/0,289142,sid5_gci1173496,00.html ----- URL: http://attrition.org/dataloss/

Jim's Favorite InfoSec Maillists

jimcaruso — Mon, 24 Jul 2006 04:00:00 +0000

Okay, since I blogged the top software, I need to mention my favorite 2 mail lists:

Infowarrior mailing list https://attrition.org/mailman/listinfo/infowarrior via http://www.infowarrior.org/ and

ISN: InfoSec News http://attrition.org/security/lists.html

Many thanks to the organizers - and many contributors. -----

URL: https://attrition.org/mailman/listinfo/infowarrior -----

URL: http://www.infowarrior.org/ ----- URL: http://attrition.org/security/lists.html

Top 100 InfoSec Tools

jimcaruso — Sat, 24 Jun 2006 04:00:00 +0000

Find the top 100 information security tools at: http://sectools.org/ This is a great list that includes apps for many platforms, ports to additional OS, and a link to each of the top 100 as well as alternatives in the same category. If you sell InfoSec hardware, software, or services this Web site is a worthy candidate for your advertising dollars. ----- URL: http://sectools.org/