Take care of backup and current software – Computerworld

Small companies can not afford to create the march of the security department. From what you should start?

Any organization that intends to build their environment in a safe, should start from the basic issues. First you need to take care of the backup copy. The organization should implement a policy of performing backups, make sure to be reliable. The effectiveness of backup should be tested in practice, making sure that the most important information from this backup, you can play, if needed. The recovery process needs to go even in the event of a fire that destroyed the corporate office. That means backups to a remote location. In one way or another – a copy must be done to be able to use it. These are the basics, so that the company can still work.

See also:

What is the next step?

The second stage is the process of updating the software. The company must be sure that the process works system and application updates and fixes are made. The process must include not only the workstations and client systems in the office. It must also apply to smartphones, tablets, servers or routers. Make sure that they work for the latest operating systems and applications, with all available security updates on any device. Only when both the company solve basic problems can think of safety equipment such as virus protection, firewalls and intrusion detection systems and prevention network. This is not the most important – important are the basics, such as backups and updating.

These are the basics, but small companies often simply do not know how to go about it.

For all the policies are necessary, for example. perform backups. Must be written, tested and observed. This applies to all aspects of security in the organization. Assumptions security policy must cover all.

What is the next step? How does an organization that already has implemented the base, has to deal with the threats?

The company must monitor your network, both the movement and the attached devices, and detect any changes. The company wants to detect deviation from the norm, and therefore needs to know the condition called normal. Monitoring should be pointed out that a normal day, at a given time we have this kind of network traffic, the amount of data passing to and from the locations in the network. When a company has a pattern of normal traffic, can detect anomalies, deviations from the pattern. On the basis of these findings it can be concluded about the possible events. Then you will be wondering why this laptop sends to China in the chair. 2. in the night – and this is not normal. The detection of anomalies similar to the time it is impossible to have a normal pattern by network activity.

How can then detect malicious software, which is now a real scourge?

This is a known problem. Malware analyze more than 25 years and we know how to do it.

Is it that simple?

In theory, a simple problem, but in practice Detection is difficult because the attackers have access to all the weapons that we can use. When someone prepares today malware, first retrieves all available anti-virus programs. After writing malware attackers check them before deployment, making sure it will not be detected. If the antivirus software detects the virus, developers begin to change the code in a way that was not detected. The attackers have almost unlimited time to search and bypassing security measures in companies. Meanwhile, we who care about security companies, we do not have unlimited time to detect and block malware threats. A clash between virus writers and defenders is not fair, because the attackers have access to the tools used in the defense.

What in that case would you recommend to companies doomed to an unequal battle?

First of all, you need to act. Security specialist cleaner is like – his actions do not see until it is. You might be wondering why so much money is going to clean up, since everything is clean. When you reduce the budget, it turns out that here and there begins to be dirty. The same applies to safety. It is said, hey, we do not have problems with viruses, then why do we need anti-virus? If it does not, the problems with malware appear.

How to solve problems with the budget?

Budgeting is not easy. There can be no common sense in protecting information through the firewall for $ 1 million, if the same information is worth 0.5 million. The process begins with an assessment of the value of their resources and assess risks. You must specify from whom the company needs to defend itself, and how the organization stands out from the others. Who is the enemy? With what risks we face? Who will be the aggressor? These questions need to ask anyone before begin considering a defense strategy. First, you need to assess the risk.

The software determines the competitiveness – Inwestycje.pl

IT Solutions determine the competitiveness of the financial market, especially in the face of competition from smaller, specialized finance companies and the growing role of digital channels to communicate with customers. Cooperation with technology companies and software companies are forming an increasingly important area of ​​banking.

Related software makes financial firms offer gets better, both in terms of cost and quality of our services. According to the company Balazs Fejes Epam Systems banks must recognize that the basis of their continued success in business is IT.

 – In case the quality of service customers expect from banks, the bar has been raised very high. This implies an increase in the share of digital channels and changes in the client’s needs and preferences. In addition, a number of scandals in the financial markets that have taken place since the crisis, meant that consumers are increasingly skeptical about the services provided by banks and the values ​​they bring – says the expert.

But the changes may mean great opportunities. Recent years have been a period of uncertainty rash of new clients and companies offering financial services at low cost. – New players directly offer customers a range of traditional banking products such as cash loans, currency exchange, financial management, payments, or trading in shares – says Balazs Fejes.

In this way, serious competition for banks become technology companies proposing excellent and efficient service, as well as some vendors, particularly in the areas of financial market require greater discretion. – This is just one of many areas where the owner of the traditional relations between the bank-client becomes firm, providing application and an interface with which a client has an active contact. As we grow deeper relationships between customers and technology companies, banks may be increasingly excluded from the game, and their role can be reduced to the role of providing services and supports transactions become increasingly less visible to the customer – says Balazs Fejes.


 They are efficient, creative and have the infrastructure needed to provide high-quality investment advice at a cost a fraction of the cost of traditional services companies. Supporting investors carrying smaller investments, private banks who and companies involved in asset management, would not receive individualized counseling, software developers do not need to employ a large number of professionals to provide financial advice. – They assume that this market segment is not dependent on personal contact with the customer, so they treat software as a range of products, focusing in its operations on the aspect of technology and trying to ensure the highest level of user satisfaction with the offered software package – says the expert.

What’s in this situation can do the banks? According to an expert from Epam Systems can work with technology companies and companies making up the software, may offer its technology under the brand distributor. They can also reduce the risk of competition through acquisitions. – Those who do not acknowledge the fact that software and technology is the future, will be behind and lose their competitiveness. Mark, are increasingly dominated by software for banks reality – sums Balazs Fejes.

 Source: Epam Systems

 [QNT]

 

FinSpy – hunt for the Trojans – Computer World

For years, Gamma Group (today FinFisher) is under fire
 because of its spy software FinSpy.
 The findings of Reporters Without Borders, Privacy International
 and organizations dealing with human rights that
  in recent years, the company sold its system
 inwigilacyjny not only the German Federal Office
 Kryminalnemu (BKA), but also a totalitarian countries
 and applying torture .

Now the hacker attack unearthed secret documents,
 which cast a nasty suspicion: Is vendors
 Gamma cooperate with anti-virus? Computer World takes
 lead.

Hacker provides transparency

pebbles, which caused an avalanche, was an attack on a web server
 Gamma at the beginning of August. Hacker hiding under a pseudonym
 “Phineas Fisher” stole secret documents of the company, published it on
 Twitter and handed WikiLeaks website.

 (Click image to enlarge it)

Published documents are striking. The materials
 published by Wikileaks as Spyfiles4 is a list
 customers, and its countries like Bahrain, Qatar,
 Mongolia, Pakistan, Singapore and Vietnam . Gamma
 previously denied the supplied software
 spyware to countries where it is alleged rights violations
 man. The Munich branch of the company is not responsible for
 PC World editors question.

“You can also read relationship with the world’s most important conference
 DEF CON 22 hacker

In the case of lying on the Gulf of Bahrain documents
 Wikileaks reveal unpleasant details: table provides
 of detailed information about opponents of the government spying
 on the Gulf monarchies, calculated under surveillance equipment
 and shows the operation of spyware. Bahrain, according to the
 organizations dealing with the protection of human rights is a country
 employing torture . And according to the arrangements of
 Watch Bahrain FinSpy being followed by the opposition in the country
 Persian Gulf are actually in custody.

WikiLeaks next secret documents
 Gamma also published FinSpy spy program. Above
 shows the control panel will spy software.

Spyfiles4 raises a lot of nasty suspicion

In the shared package was also Wikileaks
 Test table dated 4 April 2014. It cites
 all popular antivirus programs in the world
 and document the tests for detection of spyware Trojan
 Gamma. Scary – according to the table, in the current
 time, only one security program is able to detect
 Gamma Trojan This raises the question: Are the programs are not
 just effective enough to recognize FinSpy? Or maybe
 are deliberately blind because antivirus vendors
 cooperate with spyware companies such as Gamma?

Maik Morgenstern, CTO AV-Test: “Gamma
 optimizes spy programs until the software
 Safety will not be able to detect them! “

Computer World FinSpy checks

Computer World decided to check out this heavy suspicion.
 Editors Security Centre lucky, because a hacker Phineas
 Fisher is dispersed in mid-September and Wikileaks
 FinSpy Trojan released version! Computer World immediately
 into action and analyzed the software together
 with independent experts from AV-Test.

The result: the analysis of the code shows that it is actually
 about the “state of the Trojan”. His potential inwigilacyjny
 is scary . The program connects to the camera
 and microphones infected devices and creates screenshots
 OSD. FinSpy keyboard entries and read this
 it can capture passwords. Sends the recordings of the conversations
 Skype and chat to secret server, it can be deleted,
 change, and download files and smuggle to
 the infected machine’s own figures. Trojan can even
 restore deleted files.

FinSpy in recognition test

From the World Computer analysis shows one thing, that the discovery
 WikiLeaks is not the current generation of Trojan, but his version
 four years ago. It also contains some modules.
 Missing for example, the function by which administered FinSpy
 security software against a harmless program
 thereby preventing the unmasking. Despite this
 Computer World AV checks with experts from Magdeburg, or
 popular antivirus programs detect spy
 software.

As expected, the test antivirus software with
 old pest has not brought a surprise. Only
 four relatively little-known manufacturers – Command, F-Prot,
 QuickHeal and Total Defense – did not know FinSpy .
 All other recognize it by analyzing the code (heuristics)
 or by “APB virus” (signature).

Alarm canceled? Not at all! The information Edward Snowden
 that the NSA which invests millions of dollars in development
 Trojans. It is doubtful that the US software vendors
 protection must be detected. German manufacturers are lighter.
 G-Data spokesman Thorsten Urbanski says plaintext that the company
 had no inquiries from Gamma or state authorities. –
  If you try to influence us, given our clear
 refusal – says Urbanski. Computer World finger on the pulse.
 When they float FinSpy new variants, will also be tested.
 We promise!

“Read also: Chinese do not want Kaspersky and
 Symantec. We know why!

_{Photo: alphaspirit / 123rf.com}

When the business needs of individual software? – INFOR.pl

Individually designed software will almost always be regarded as the best solution, but it is not always absolutely necessary. If our company does not feel any problems with the communication line customers-employees-company-supplier, if the software we use 100% meet our needs, it may be a sign that the solutions that we have fully satisfy our needs. In such a situation there is no need to invest in dedicated software.

However, if the CEO is not able to immediately obtain data on sales or people with various departments after several days of waiting for a simple answer from another department, it may be signal that the processes in the company need to be improved, what often can help you better matched systems. A well-designed program should be in response to specific problems that have emerged in the company.

Imagine a developer creating a group. Often built for each housing estate created a separate company, which aims to reduce business risk. In each such company must keep separate accounts.

Although there are plenty of commercially available accounting programs, each of which focuses on just one company. The Capital Group needs something more – a program that would maintain separate accounts for each company, but at the same time, allow the sharing of costs between certain companies and construction. This is a very specific need and would be hard to find on the market suitable, ready program. In this case, the obvious solution would be custom-made software.

How to choose accounting system

But also quite traditional companies can benefit from the systems’ tailor-made “. An example would be a program supporting the work of the company executing construction works.

Such software can consist of multiple modules. One of them will support the project management module, in other words, the order, which goes to the company. It will allow you to track the progress of the project.

Prior to the adoption of the project to implement the request from the client will go to the module inquiries where prepared and then sent back to the client, is valuation. Data on jobs may be getting directly to the field workers who carry out orders and means that their performance on mobile devices, eg. On tablets. When the order to the service module will verify that the work done is still under warranty or not. In contrast, invoicing module enables customers to easily issuing invoices. By storing all data in the system (for projects, orders, quotes, invoices etc.), we will be able to easily generate reports, tables and statistics. Significantly accelerate the pace of information retrieval, which can be crucial in deciding the management.