April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
In the most far-reaching innovation announcement in its 25-year history, NetApp (NASDAQ:NTAP) today introduced new hybrid cloud offerings that give customers unprecedented ability to use data for competitive advantage.
A photo accompanying this announcement is available at http://www.globenewswire.com/NewsRoom/AttachmentNg/f9f92f7b-6cba-49d9-a791-342604ddf10e
The announcements expand the company’s Data Fabric solutions and services portfolio to include the industry’s first enterprise-scale hyper converged solution (HCI), new consumption purchase models, improved all-flash capabilities, and hybrid cloud offerings that simplify moving data to and from the public cloud.
With digital transformation at the top of their agendas, global business leaders need new ways to harness their most valuable asset — their data. Time, skill, and budget gaps pose traditional challenges, but organizations must also contend with exploding volumes of data that are much more distributed, dynamic, and diverse.
NetApp’s hybrid cloud innovations allow customers to break down barriers to transformation by helping them to unify data across the widest range of cloud and on-premises environments. When data is at the heart of transformation, organizations are empowered to create more customer touchpoints, foster greater innovation, and optimize operations.
“Organizations that understand how to derive the full value from their data will see their digital transformations drive greater competitive advantage in the shortest amount of time,” said Simon Robinson, Research vice president, at 451 Research. “To succeed, customers need to change their mindsets on data management, to liberate themselves from data siloes and seek approaches that unite data no matter where it resides. NetApp’s expanded portfolio, with its new HCI, hybrid cloud, and consumption model solutions, provides the means to maximize the impact of data, no matter where it lives, and create new value across the organization.”
“The organizations that are defining the future recognize that unleashing the full potential of their data is essential for effective digital transformation and long-term competitive advantage,” said George Kurian, NetApp chief executive officer. “NetApp is uniquely capable of helping customers to unify their data to achieve success in the digital era. Today’s announcements of enterprise-scale HCI and new hybrid cloud software and services extend our Data Fabric architecture and leadership in providing hybrid cloud data services that simplify management of applications and data across clouds and on-premises environments.”
“Datalink helps clients ensure their application workloads are aligned to the right platform to optimize business value. We have long partnered with NetApp due to our shared vision of data management as the foundation of on-premises, hybrid, and cloud platforms using NetApp’s Data Fabric,” said Chief Architect Jason Anderson, Datalink, an Insight company. “The SolidFire underpinning for NetApp HCI has proven itself in our lab testing and in numerous client deployments to have the stability, scale, performance, and guaranteed quality of service needed for a truly enterprise-grade HCI platform. We are excited by NetApp’s entry into the HCI market and look forward to leveraging NetApp HCI as a catalyst to transform and optimize IT to achieve intended business outcomes.”
Next-generation Data Center Solutions simplify, accelerate, and scale application deployment:
NetApp HCI delivers world’s first enterprise-scale hyper converged solution. Customers can break free from the limits of first-generation HCI with NetApp HCI. This solution delivers on the full promise of HCI, allowing customers to run multiple applications with guaranteed performance and benefit from unmatched flexibility, scale, automation, and integration with the Data Fabric. Built on SolidFire® innovation, NetApp HCI gives enterprises, mid-sized businesses, and service providers the confidence to easily consolidate all workloads, scale in ways that won’t strand resources, and deliver the performance required by next-generation applications. With NetApp HCI, organizations can unleash the complete power of their infrastructure with the ability to simplify management and independently scale compute and storage resources. NetApp HCI features integrations with partner solutions including those from Commvault, Intel, MongoDB Enterprise, Veeam, and VMware.
ONTAP® Select software-defined storage (SDS) optimized for new use cases. New features have been added to NetApp ONTAP Select, SDS software which delivers the value of NetApp’s proven data management platform on commodity servers. A new remote office/branch office solution addresses the space and cost constraints of remote offices and ruggedized deployments with a 2-node, high availability configuration and broader support for VMware vSphere licenses. Additionally, customers can deploy enterprise NAS services in more diverse storage environments, including VMware vSAN, with external storage arrays, and when deploying the new NetApp HCI offering. ONTAP Select is also available on IBM Bluemix infrastructure as a service for an in-cloud offering. Customers can try ONTAP Select via a 90-day evaluation.
Hybrid Cloud Solutions offer freedom of choice in how to deploy IT resources:
NetApp OnDemand consumption model brings cloud-like flexibility to on-premises environments. This new technology service delivery model simplifies purchase and management of data storage capacity. It marries NetApp on-premises infrastructure with the flexibility of a usage-based consumption model and the economic agility benefits of public cloud, with customers paying monthly for capacity consumed. The infrastructure is NetApp owned, customer managed, providing organizations with control and governance of their data management environment. When bundled with NetApp managed services, NetApp or NetApp partners can provide a complete data management as a service experience.
OnCommand® Insight (OCI) adds new functions to ease hybrid cloud migration. OCI is pioneering software that provides hybrid IT infrastructure monitoring and analytics across the Data Fabric. It offers a single means for organizations that are embracing the cloud to manage and improve their multi-vendor hybrid infrastructure. OCI enables faster troubleshooting as well as optimization of resource usage, cost awareness, and capacity and performance forecasting. Customers can plan for migrations to the cloud by understanding the resources that applications are consuming on-premises, and can then monitor performance and capacity data of those applications once they are living in the cloud.
Data Center Modernization Solutions improve performance and efficiencies:
New NetApp ONTAP software boosts all-flash performance, efficiency, cloud data movement to modernize operations. The industry’s leading data management software now brings new levels of performance, efficiency, and cloud capabilities to NetApp All Flash FAS (AFF) arrays, the world’s fastest and most cloud-connected all-flash arrays. The availability of the FabricPool feature, demonstrated at Insight 2016, delivers automatic and transparent tiering of inactive data to the cloud, further optimizing on-premises flash and reducing overall storage costs by up to 40%. Expanded inline deduplication across multiple pools of storage increases storage efficiency by as much as 30%, building on NetApp’s leading data reduction technologies. New performance controls, including Quality of Service minimum and intelligent data placement, provide consistent performance for business-critical applications.
NextCredit Program offers best future-proof assurance program in the industry. With NextCredit, NetApp introduces the industry’s most flexible future credit program. Customers who purchase eligible AFF A Series models and associated support contracts, upon exercising the renewal terms, will receive a flexible, fixed dollar credit toward future purchase of NetApp products. These credits let customers upgrade or build out their Data Fabric with new technologies and capabilities, including cloud and SaaS-based solutions, as they become available. It can be used in multiple ways, from AFF controller upgrades, to new nodes in a Data Fabric cluster, to licenses for ONTAP Cloud so customers can easily connect with public cloud resources.
Insights on NetApp HCI Enterprise-scale Solution
NetApp HCI is the first enterprise-scale hyper converged infrastructure solution to provide compute, storage and networking in agile, scalable, easy to manage 4-node building blocks. It is designed on the foundation of SolidFire all-flash storage to deliver guaranteed performance, automation, and mature integrated efficiency, replication, data protection, and high availability services.
Customers can confidently deploy NetApp HCI from the edge to the core of the data center. They can expect to be up and running in less than 30 minutes and to have more than 90% of their traditional performance-related problems be eliminated. The VMware vCenter plug-in provides full control of the entire infrastructure through an intuitive user interface.
NetApp HCI is planned to be generally available in the fourth quarter of 2017. The company has provided early access to the innovations of NetApp HCI to a number of technology partners that are integrating with the solution. Their perspectives include:
Commvault, Ralph Nimergood, vice president, Alliances and Channels: “We are delighted to share the same vision as NetApp in supporting our customers as they transform and deliver hybrid IT services to their business and customers through today’s unveiling of NetApp HCI. Integrating with NetApp HCI provides customers a clear path to accelerate deployment and realize the potential value stored in their most strategic asset — their data. We look forward to supporting NetApp HCI as it comes to market and through our Commvault Data Platform, giving customers peace of mind knowing their data is always protected, accessible, and ready to use, anywhere, anytime — in the cloud or on-premises.”
Intel Corporation, Jennifer Huffstetler, senior director, Datacenter & Storage Products: “Intel and NetApp share a commitment to enterprise computing and a passion for helping customers identify and easily deploy the Intel Xeon processors and networking technologies that will best ensure customer success in the data-driven future. Our platform technology contributions to NetApp’s new enterprise-scale HCI will help give organizations a better way to guarantee quality of service. We expect NetApp HCI will create opportunities that customers never imagined, providing a path to scalable hybrid cloud deployments in their IT data center transformation journey.”
MongoDB, Alan Chhabra, vice president, Worldwide Partners: “MongoDB is the most popular modern database, used by innovators to build mission-critical applications and to power their giant ideas. NetApp HCI introduces the benefits of enterprise-scale hyper converged infrastructures and gives customers a new approach to consolidating traditional and next-generation apps. We are pleased to have MongoDB Enterprise be part of this new wave of innovation in data management.”
Veeam, Andy Vandeveld, vice president, Global Alliances: “Users, whether at home, work or school, want a seamless digital experience and anything less is unacceptable. Enterprises are having to re-think their IT strategies and service models, and Availability is of paramount importance. We welcome the opportunity to further our relationship with NetApp on the introduction of NetApp HCI. Our Availability capabilities, teamed with this new class of enterprise-scale HCI, targets the growing need to mitigate risk, save time, and dramatically reduce capital and operational costs, while always supporting customers’ current and future business goals.”
VMware, Mark Lohmeyer, vice president, Products, Cloud Platform Business Unit: “For 15 years, VMware and NetApp have partnered on new capabilities to modernize the data center and make it easier for enterprises to unleash the true power of their infrastructure. NetApp’s new HCI solution builds on this strong partnership, which has served mutual customers well, from evangelizing virtualization to navigating the path to the software-defined data center and the hybrid cloud. The NetApp solution will include VMware vSphere, enabling mutual customers to continue to take advantage of our proven collaboration.”
Read the announcement overview blog.
Learn more about NetApp HCI.
Explore cloud consumption options with our eBook.
NetApp is the data authority for hybrid cloud. We provide a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with our partners, we empower global organizations to unleash the full potential of their data to expand customer touchpoints, foster greater innovation, and optimize their operations. For more information, visit www.netapp.com. #DataDriven
NETAPP, the NETAPP logo, and the marks listed at www.netapp.com/TM are trademarks of NetApp, Inc. Other company and product names may be trademarks of their respective owners.
By: Steve Curren, Director of the Division of Resilience in ASPR’s Office of Emergency Management
The Health Care Industry Cybersecurity Task Force’s report contains valuable recommendations to help improve cybersecurity.
Health records possess a wealth of critical information, and the ability of healthcare professionals to quickly access them can be vital to ensuring positive patient outcomes. However, these records also contain information that is valuable to cyber criminals.
Data gathered by the healthcare industry for the good of their patients also are targeted by nefarious people for fraud, intentional disruption, data ransoming, corporate espionage, and financial crimes. All of these cyber threats are capable of triggering emergencies with the potential to impact patient care and public health as we saw with the recent ransomware incident that struck hospitals, clinics, and other systems across the globe.
The federal government takes these threats very seriously. That is why HHS focused in two primary areas of cybersecurity during the recent global ransomware attack: protection of HHS systems and coordination with our private sector partners to help protect their systems as well.
More broadly, HHS has led a strategy to enhance cybersecurity within the Department and in the healthcare and public health sector. Through our Healthcare and Public Health Critical Infrastructure Protection partnership and via grants to the National Health Information Sharing and Analysis Center, HHS is improving the process for sharing information about cyberthreats and partnering with other government agencies and the healthcare and public health sector on cybersecurity activities, including cybersecurity risk management and preparedness. HHS is also in the process of establishing new mechanisms to drive healthcare-relevant cyber indicators, briefings, and actionable intelligence to and from a wide variety of stakeholders, both public and private.
Last year HHS established the Health Care Industry Cybersecurity Task Force following the passage of the Cybersecurity Act of 2015. The Task Force was composed of government and private industry leaders who are innovators in technology and leaders in healthcare cybersecurity. The Task Force held public meetings and consulted with other experts over the past year in order to develop recommendations to address the growing challenge posed by cyberattacks.
Today, the Task Force issued their findings to Congress that demonstrate the urgency and complexity of the ever-changing cybersecurity risks facing the healthcare industry. Their report emphasizes that healthcare cybersecurity issues are patient safety issues, and calls for a collaborative public and private sector effort to protect our healthcare systems and patients from cyber threats.
Today, much of healthcare is delivered by smaller practices and rural hospitals that may not have the resources to protect against these threats. Unfortunately, these organizations often do not possess the infrastructure to identify and track threats, lack the technical capacity to analyze the threat data they receive in order to quickly translate it into actionable information, and lack the capability to act on that information.
The Office of the Assistant Secretary for Preparedness and Response understands that healthcare facilities are facing these challenges right now and we have developed a collection of peer-reviewed resources on cybersecurity to help healthcare industry stakeholders better protect against, mitigate, respond to, and recover from cyber threats, in order to better defend patient safety and operational continuity.
As called for by the Cybersecurity Information Sharing Act of 2015 the HHS Secretary is sharing educational materials on cybersecurity, including the Task Force’s report and appendix, with industry stakeholders to improve preparedness for and response to cybersecurity threats. The Health Care Industry Cybersecurity Task Force’s report - PDF contains valuable recommendations to help improve cybersecurity throughout the healthcare sector that ultimately could better protect patient care and public health.
GeoComm is pleased to announce the release of GeoComm GIS Data Hub, a GIS data management solution providing GIS data insights to help 9-1-1 authorities achieve public safety grade GIS data. GIS Data Hub validates and reports on GIS data quality for 9-1-1, Next Generation 9-1-1(NG9-1-1) and Computer Aided Dispatch (CAD) mapping. The GIS Data Hub:
Provides GIS data insights through rigorous quality control and reporting processes
Transforms disparate GIS datasets into a common schema
Aggregates GIS datasets into a seamless coverage area
Provides map data packages formatted to meet 9-1-1 mapping, CAD, or NG9-1-1 system requirements
Providing GIS data insights, GIS Data Hub is a pathway to the GIS data improvements needed for reliable public safety grade GIS data. It quickly validates GIS and related data against industry standards through actionable reporting. GIS Data Hub is available on-demand and with varying subscription accesses based on usage and the needs of your jurisdiction.
GIS Data Hub is the foundational piece of public safety GIS systems, helping users meet obligated GIS requirements for NG9-1-1. In addition, this GIS data management solution, empowers users and assists with common challenges experienced by:
Local, regional, and state 9-1-1 authorities and GIS administrators
Local GIS Data Maintainers
CAD or PSAP Mapping Agencies
“We are excited to release this ground-breaking software that helps simplify GIS data lifecycle management by transforming, validating, reporting, aggregating, and packaging GIS related data for use within public safety systems. GIS Data Hub supports 9-1-1 agencies goals of understanding where their data needs to be improved to meet industry standards, but more importantly make their GIS content actionable and valuable for use within their systems,” Greg Spadorcio, Director of GIS Data Management Solutions.
Providing actionable quality GIS data, GIS Data Hub is a powerful tool designed to supercharge your GIS validation process and quality control checks. Stop by GeoComm’s booth number 427 at the 2017 NENA Conference or visit www.geo-comm.com to learn more.
About GeoComm: GeoComm was founded in 1995 to provide county governments with turnkey emergency 9-1-1 development services. Over the subsequent 21 years, the company has grown to serve local, regional, statewide, and military agencies in forty-nine states, helping to keep more than 100 million people safe. Today, GeoComm has a national reputation as a leading provider of public safety GIS systems that route emergency calls to the appropriate call center, map the caller’s location on call taker or dispatcher maps, and guide emergency responders to the scene of the accident on mobile displays within police, fire and ambulance vehicles. Our NG9-1-1 GIS solutions provide GIS data quality control, transformation, and aggregation services as well NG9-1-1 system emergency call routing. To learn more about GeoComm, please visit www.geo-comm.com
Netwrix professionals will present the new capabilities of Netwrix Auditor 9.0 and explain how to gain visibility into user behavior and mitigate cyber risks
London, UK May 31 Netwrix Corporation, provider of a visibility platform for data security and risk mitigation, announced today that Netwrix is exhibiting at the Infosecurity Europe in London, UK. Netwrix experts will run live demos of the upgraded Netwrix Auditor 9.0 and speak about how to gain visibility into user behavior, comply with the new GDPR regulation and mitigate the risk of ransomware attacks.
DATE: 6-8 June 2017
LOCATION: Olympia, London,
Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security analytics to detect anomalies in user behavior and investigate threat patterns before a data breach occurs.
Learn how you can improve your security posture, prepare for GDPR with less effort and expense, and protect sensitive data against data exfiltration and ransomware directly from the Netwrix team:
Peter Smith, security and risk expert
Russell McDermott, security and risk expert
Duncan Innes, security and risk expert
Nikki Simpson, security and risk expert
To learn more about the event, please visit: http://www.infosecurityeurope.com
About Netwrix Corporation
Netwrix Corporation was the first vendor to introduce a visibility and governance platform for hybrid cloud security. More than 160,000 IT departments worldwide rely on Netwrix to detect insider threats on premises and in the cloud, pass compliance audits with less effort and expense, and increase productivity of IT security and operations teams. Founded in 2006, Netwrix has earned more than 100 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S. For more information, visit www.netwrix.com
To learn more about DLT’s partner portfolio visit: http://www.dlt.com/government-products.
About DLT Solutions
DLT is a leading technology partner to the federal, state and local government, education, utilities and healthcare markets. For more than 25 years, the company’s dedication to helping the public sector make smart technology choices and simplify their technology procurements ensures its customers have the best options for Cybersecurity, Cloud, Application Lifecycle, Digital Design, IT Consolidation and IT Management solutions. The DLT advantage includes strategic partnerships with industry leading and emerging technology companies - including Amazon Web Services, Autodesk, ForeScout, Google, Informatica, McAfee, Oracle, Quest Software, Red Hat, SolarWinds, Symantec and Veritas – whose products and services can be easily procured through DLT by leveraging its broad portfolio of government IT contracts including, GSA, SEWP V, U.S. Communities and Texas DIR. To learn more, visit DLT’s Resource Center, call 800.262.4358 or email [email protected]. Also on LinkedIn and Twitter (@DLTSolutions).
Dear Friends and Colleagues, please see my updated consulting and advisory profile below and attached:
Topics of expertise include Cybersecurity & Homeland Security, Emerging Technologies such as Smart Cities, Artificial Intelligence, Quantum Computing, Big Data, Internet of Thing, Government Relations, Marketing and Branding: “How to do business in Washington DC”
Chuck was recently named by LinkedIn as a “Top Person you should be following on Tech issues” out of 500 million members, and has won the “Cybersecurity Marketer of the Year” at the Cybersecurity Excellence Awards from in both 2016 and 2017.
At Government Security News, we are pleased to mention that Chuck has been the Chief Judge for the Government Security News annual Homeland Security Awards for four years.
Chuck also serves as Chairman of CompTIA’s New and Emerging Technology Committee, and serves on Boards to several prominent public and private companies and organizations. He is a subject Matter Expert to The Homeland Defense and Security Information Analysis Center (HDIAC), a Department of Defense (DoD) sponsored organization through the Defense Technical Information Center (DTIC). He is a former Technology Partnership Advisor to the Bill and Melinda Gates Foundation. Chuck has served in government at the Department of Homeland Security at the Science & Technology Directorate, at VOA, and also for 7 years on the Hill as a Senior Advisor to the late Senator Arlen Specter. He is also former Adjunct Faculty at Johns Hopkins University, and received his MA in International Relations from the University of Chicago. Chuck is widely published on the subjects of innovation, public/private partnerships, emerging technologies, and issues of homeland security and cybersecurity.
Chuck’s Specialized Consulting Services cover: Digital Influencer outreach (Social Media, Public Relations), Corporate Blogging, Business Development, Strategic Marketing, expertise in doing business with Fedeal, State and Local Government, as well as a Cheat Sheet for the C-suite and participating in Federal News Radio Interviiews.
Please accept my personal thanks for your participation in the USTRANSCOM Senior Leader Cyber Security Roundtable. The discussions throughout the day were thought-provoking and insightful. Based on this event, we will be able to more clearly identify, assess and mitigate risk to our joint war fighting mission.
BeyondTrust, the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, announced today several of its privileged access management and vulnerability management solutions completed the Common Criteria certification. Common Criteria is an internationally recognized computer security standard that includes stringent review and testing. Achievement of this certification helps to assure that government agencies and global enterprises can confidently procure and use BeyondTrust’s best-of-breed solutions to reduce data breach risks and address compliance requirements without the added cost and complexity of additional product testing.
Joining BeyondTrust’s PowerBroker for Unix & Linux are the following Common Criteria Certification recipients:
Common Criteria, which is also an ISO standard (ISO 15408) is the foundation for the widest-available mutual international recognition of secure IT products. Its goals include improving the availability of security-enhanced IT products and supporting more efficient procurement of solutions.
The DXC Security Testing and Certification Laboratories conducted the testing of BeyondTrust’s IT Risk Management Framework and granted the Common Criteria certificate (# 383-4-412) that became effective on May 8, 2017. BeyondTrust solutions achieved certification using the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4.
“Enterprises around the globe depend on the Common Criteria Certification to ensure the solutions they select perform securely and as promised,” said Brad Hibbert, chief technology officer, BeyondTrust. “With Common Criteria certification, organizations can be even more confident that BeyondTrust solutions will help secure their environments against insider threats and prevent unauthorized access to critical information systems.”
Enterprises and governments around the world can rely on BeyondTrust solutions to give IT organizations control over internal and external risks. The company provides a unique, unified platform combining privileged access management and vulnerability management solutions, enabling IT professionals and security experts to work together with greater control and enhanced efficiency.
“Businesses around the globe are very focused on improving efficiency, cost savings and security in all information technology procurements,” added Hibbert. “Devoting time and resources to independent testing solutions adds unnecessary complexity and costs to the selection process. Utilizing Common Criteria certified vendors help them more effectively secure and modernize their IT systems.”
For more information on the Common Criteria Arrangement, visit: https://www.commoncriteriaportal.org/.
BeyondTrust is a global cyber security software company that helps organizations prevent cyber-attacks and unauthorized data access due to privilege abuse. Our solutions give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Access Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your company goes. BeyondTrust’s security solutions are trusted by over 4,000 customers worldwide, including half of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com.
The WannaCry Ransomware outbreak was a confluence of perfectly timed events which allowed cyber criminals to attack nearly 300,000 outdated Windows Operating Systems across the globe.
While it’s easy to point fingers and tell enterprises to “just patch,” what this attack highlighted is the fact that many of the affected organizations had also not disabled Server Message Block (SMB) v.1, were openly connected to the internet and weren't maintaining proper backups of critical data—all fundamental security operations.
At Cyber Security World, taking place on June 28-29, 2017 in Denver, Colorado, sessions will cover:
How to manage those pesky basics during “When the Levee Breaks: Fixing the Foundations of Your Information Security Program Before the Flood.”
Best practices for scoping out early warning signs of a security event in “Identifying Abnormal Activity to Improve Incident Response Time.”
And of course, attend “Dealing with Ransomware. How not to be a victim, and what to do when you become one” to prepare your organization for the next major ransomware attack.
Cybersecurity experts all agree its coming. Will you be ready?
To register today for Cyber Security World, click here or call our Customer Service Department at 508-879-7999.
Haven't had a chance to check out the full agenda? Click here to view our full line-up of breakout sessions.
Crowd Research Partners with the support of ERPScan, a leading business application security provider, released the ERP Cybersecurity survey 2017. The research revealed that there is a lack of awareness and security measures taken by enterprises, even though the majority of cybersecurity professionals anticipate the growing number of attacks on ERP systems.
The survey of 1900+ cybersecurity experts demonstrates that ERP Security has hit the list of topics organizations are concerned about, with 89% of security professionals expecting the number of cyberattacks against ERP systems to grow. Moreover, 33% of them anticipate a significant increase.
Cybersecurity experts consider attacks on this key software as a costly risk - an average damage of an SAP security breach is estimated at $5m. Fraud is viewed as the threat bringing the greatest financial loss, a third of organizations polled assesses the damage of fraudulent actions at more than $10m.
Still, the statistics show that there is a lot of work left to go in the field of ERP Security awareness. One in three respondents hasn't heard about any SAP Security incident, which happen annually. Only worrisome 4% know about an episode with the direst consequences – USIS data breach started with an SAP vulnerability, which resulted in the company's bankruptcy. Alarmingly, the results were gained by surveying among people who are engaged in ERP Security.
The lack of awareness is one of the reasons why enterprises are falling behind on securing ERP systems. One of three respondents hasn't taken any ERP Security initiative yet and is going to address this area this year.
"The result of the survey are not surprising. Most enterprises are still unprepared for any attacks, including ones against ERP systems. ERP systems store and manage essential business information and processes. Taking into account the recent ransomware attacks and its costs to organizations, we can imagine how huge the impact could be if hackers target SAP. CISOs should include this area in their list of top priorities if haven't done it yet," commented Alexander Polyakov, CTO at ERPScan.
The report covers numerous topics related to ERP Security (risks, awareness, trends, improvements, etc). Respondents were selected from various roles and companies of different sizes and industries (Technology, Software&Internet, Government, Financial Services, Healthcare, Pharmaceuticals, Manufacturing Telecommunications, etc).
Download the ERP Cybersecurity 2017 Report to learn the key findings and practical takeaways.
Register for the "SAP Security - How to Protect Your Most Critical ERP Platform" webinar, to hear directly from the researchers and start building a defense strategy for your ERP system.
ERPScan is the most credible Business Application Cybersecurity provider. The company operates globally and enables large Oil&Gas, Financial, Retail, and other organizations to secure their mission-critical processes. Named an 'Emerging Vendor' in Security by CRN and distinguished by 40+ awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities.
ERPScan's mission is to close the gap between technical and business security and provide solutions for CISOs to secure SAP and Oracle ERP systems. Our clients are large enterprises, Fortune 2000 companies, and managed service providers
The National Cybersecurity Center of Excellence (NCCoE) is pleased to announce the release of a new draft project description: Secure Inter-Domain Routing: Route Hijacks
Since the creation of the internet, the Border Gateway Protocol (BGP) has been the default routing protocol to route traffic among organizations (Internet Service Providers (ISPs) and Autonomous Systems (ASes)). While the BGP protocol performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in security allows the protocol to be exploited. As a result, attacks against internet routing functions are a significant and systemic threat to internet-based information systems. The consequences of these attacks can: (1) deny access to internet services; (2) detour internet traffic to permit eavesdropping and to facilitate on-path attacks on endpoints (sites); (3) misdeliver internet network traffic to malicious endpoints; (4) undermine IP address-based reputation and filtering systems; and (5) cause routing instability in the internet.
To improve the security of inter-domain routing traffic exchange, NIST has begun development of a Special Publication (SP 800-189 – in preparation) that provides security recommendations for the use of Inter-Domain protocols and routing technologies. These recommendations aim to protect the integrity of internet traffic exchange. Implementing BGP Route Origin Validation (ROV) based upon the Resource Public Key Infrastructure (RPKI) can mitigate accidental and malicious attacks associated with route hijacking. The NCCoE understands that organizations and individuals have internet performance expectations, requirements, and the need to protect against malicious cyber attacks. It is expected that eventual wide-scale deployment of RPKI-based ROV will significantly enhance the overall security and robustness of the internet.
We value and welcome your input. Please submit your comments on the Secure Inter-Domain Routing project description draft by Thursday, June 29, 2017.
After the project description is finalized, NCCoE cybersecurity experts will collaborate with Internet Service Provider (ISP) and Autonomous System (AS) organizations as well as vendors of cybersecurity technologies to develop a reference design addressing this challenge. The project will result in a NIST Cybersecurity Practice Guide (SP 1800 series) that will detail an approach that can be used by organizations to improve their cybersecurity.
Interested in joining our Community of Interest to guide this project as it moves forward? Send us an email at [email protected].