Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/4/2010
07:43 PM
Bob Evans
Bob Evans
Commentary
50%
50%

Global CIO: In Age Of Google Hack, Verdasys Redefining Cybersecurity

After a huge victory protecting Ferrari's racing secrets, Verdasys is racking up big wins among large enterprises seeking new approaches.

Some of the details are available on a company presentation, which describes how Verdasys's tools nailed to the wall a rival racing team that had stolen, with the help of a Ferrari insider, a 780-page dossier containing Ferrari's next-generation plans.

Based on the forensic-type evidence Verdasys produced, the rival racing team was fined $100 million along with other sanctions. The Verdasys technology allowed Ferrari to show unequivocally that the design dossier was printed at a Ferrari office; the date and time the dossier was printed; the printer that was used; the identity of the Ferrari employee who printed it; and assurance that no other Ferrari employee, contractor or partner printed the dossier or any sub-portion of it.

Not shown on that slide were a few other details I was able to find about the enormous value Ferrari realized from its engagement with Verdasys: the contract covers not just the standard Ferrari enterprise but also 20 race tracks around the globe; Ferrari was able to eliminate about $2 million in alternative security expenses that it had been incurring at racetracks; and Ferrari was able to save at least $2 million more from administrative staff cuts it was able to make.

Here's how Ferrari CIO Antonio Calabrese described Verdasys's product: "Digital Guardian helps protect our leadership position and heavy investment in R&D that is essential to winning."

In another case study, a global healthcare provider saved "more than $3.5 million on a single application-logging project with an estimated payback period (ROI) of 2 months," according to a Forrester report.

One final example: Cigna CISO Craig Shumard said a Verdasys tool for cross-application data protection "will literally save companies like ours countless dollars in application-development and reprogramming costs."

In my conversation with Stamos, he gave significant credit to a partnership his company has formed with HBGary, creator of the Digital DNA product that recognizes the digital fingerprints of various pieces of malware.

"With Zeus malware targeting the financial industry, existing tools have 30% efficacy. But with the ability to check digital fingerprints, that goes up to 98%," Stamos said "Since we added HBGary's Digital DNA product to our infrastructure, we and can get reports continuously as they happen instead of having to try to figure out retrospectively what happened."

Ah yes, the retrospective approach: too many companies are relying on that, Stamos said, and with the stakes clearly soaring and the lifeblood of their enterprises—their intellectual property—at stake, the same-old same-old approaches just won't work.

"Customers are, unfortunately, usually most attentive after some type of incident has occurred. Then a lot of companies look at traditional approaches and pick someone, like an appliance, and hope that takes care of the problem," Stamos said.

"But that won't help with intellectual property—securing credit-card numbers or Social Security numbers is very very different from securing complex data sets like IP and designs, and those other types of products just aren't appropriate for that level of protection."

RECOMMENDED READING:

Global CIO: Cisco TelePresence Shaping Next-Gen Hotels

Global CIO: AstraZeneca Saves Millions With BDNA

Global CIO: SuccessFactors Is The Future Of Business Software

Global CIO: Oracle Needs More Than Ellison's Talk To Beat IBM's Systems

Global CIO: GoodData Helps Enterasys Master The Cloud

GlobalCIO Bob Evans is senior VP and director of InformationWeek's Global CIO unit.

To find out more about Bob Evans, please visit his page.

For more Global CIO perspectives, check out Global CIO,
or write to Bob at [email protected].

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
CVE-2020-25791
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVE-2020-25792
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVE-2020-25793
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.