Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/4/2010
07:43 PM
Bob Evans
Bob Evans
Commentary
50%
50%

Global CIO: In Age Of Google Hack, Verdasys Redefining Cybersecurity

After a huge victory protecting Ferrari's racing secrets, Verdasys is racking up big wins among large enterprises seeking new approaches.

Some of the details are available on a company presentation, which describes how Verdasys's tools nailed to the wall a rival racing team that had stolen, with the help of a Ferrari insider, a 780-page dossier containing Ferrari's next-generation plans.

Based on the forensic-type evidence Verdasys produced, the rival racing team was fined $100 million along with other sanctions. The Verdasys technology allowed Ferrari to show unequivocally that the design dossier was printed at a Ferrari office; the date and time the dossier was printed; the printer that was used; the identity of the Ferrari employee who printed it; and assurance that no other Ferrari employee, contractor or partner printed the dossier or any sub-portion of it.

Not shown on that slide were a few other details I was able to find about the enormous value Ferrari realized from its engagement with Verdasys: the contract covers not just the standard Ferrari enterprise but also 20 race tracks around the globe; Ferrari was able to eliminate about $2 million in alternative security expenses that it had been incurring at racetracks; and Ferrari was able to save at least $2 million more from administrative staff cuts it was able to make.

Here's how Ferrari CIO Antonio Calabrese described Verdasys's product: "Digital Guardian helps protect our leadership position and heavy investment in R&D that is essential to winning."

In another case study, a global healthcare provider saved "more than $3.5 million on a single application-logging project with an estimated payback period (ROI) of 2 months," according to a Forrester report.

One final example: Cigna CISO Craig Shumard said a Verdasys tool for cross-application data protection "will literally save companies like ours countless dollars in application-development and reprogramming costs."

In my conversation with Stamos, he gave significant credit to a partnership his company has formed with HBGary, creator of the Digital DNA product that recognizes the digital fingerprints of various pieces of malware.

"With Zeus malware targeting the financial industry, existing tools have 30% efficacy. But with the ability to check digital fingerprints, that goes up to 98%," Stamos said "Since we added HBGary's Digital DNA product to our infrastructure, we and can get reports continuously as they happen instead of having to try to figure out retrospectively what happened."

Ah yes, the retrospective approach: too many companies are relying on that, Stamos said, and with the stakes clearly soaring and the lifeblood of their enterprises—their intellectual property—at stake, the same-old same-old approaches just won't work.

"Customers are, unfortunately, usually most attentive after some type of incident has occurred. Then a lot of companies look at traditional approaches and pick someone, like an appliance, and hope that takes care of the problem," Stamos said.

"But that won't help with intellectual property—securing credit-card numbers or Social Security numbers is very very different from securing complex data sets like IP and designs, and those other types of products just aren't appropriate for that level of protection."

RECOMMENDED READING:

Global CIO: Cisco TelePresence Shaping Next-Gen Hotels

Global CIO: AstraZeneca Saves Millions With BDNA

Global CIO: SuccessFactors Is The Future Of Business Software

Global CIO: Oracle Needs More Than Ellison's Talk To Beat IBM's Systems

Global CIO: GoodData Helps Enterasys Master The Cloud

GlobalCIO Bob Evans is senior VP and director of InformationWeek's Global CIO unit.

To find out more about Bob Evans, please visit his page.

For more Global CIO perspectives, check out Global CIO,
or write to Bob at [email protected].

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5226
PUBLISHED: 2020-01-24
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapp...
CVE-2019-1517
PUBLISHED: 2020-01-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-1518
PUBLISHED: 2020-01-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-1519
PUBLISHED: 2020-01-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-1520
PUBLISHED: 2020-01-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.