Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/4/2010
07:43 PM
Bob Evans
Bob Evans
Commentary
50%
50%

Global CIO: In Age Of Google Hack, Verdasys Redefining Cybersecurity

After a huge victory protecting Ferrari's racing secrets, Verdasys is racking up big wins among large enterprises seeking new approaches.

Some of the details are available on a company presentation, which describes how Verdasys's tools nailed to the wall a rival racing team that had stolen, with the help of a Ferrari insider, a 780-page dossier containing Ferrari's next-generation plans.

Based on the forensic-type evidence Verdasys produced, the rival racing team was fined $100 million along with other sanctions. The Verdasys technology allowed Ferrari to show unequivocally that the design dossier was printed at a Ferrari office; the date and time the dossier was printed; the printer that was used; the identity of the Ferrari employee who printed it; and assurance that no other Ferrari employee, contractor or partner printed the dossier or any sub-portion of it.

Not shown on that slide were a few other details I was able to find about the enormous value Ferrari realized from its engagement with Verdasys: the contract covers not just the standard Ferrari enterprise but also 20 race tracks around the globe; Ferrari was able to eliminate about $2 million in alternative security expenses that it had been incurring at racetracks; and Ferrari was able to save at least $2 million more from administrative staff cuts it was able to make.

Here's how Ferrari CIO Antonio Calabrese described Verdasys's product: "Digital Guardian helps protect our leadership position and heavy investment in R&D that is essential to winning."

In another case study, a global healthcare provider saved "more than $3.5 million on a single application-logging project with an estimated payback period (ROI) of 2 months," according to a Forrester report.

One final example: Cigna CISO Craig Shumard said a Verdasys tool for cross-application data protection "will literally save companies like ours countless dollars in application-development and reprogramming costs."

In my conversation with Stamos, he gave significant credit to a partnership his company has formed with HBGary, creator of the Digital DNA product that recognizes the digital fingerprints of various pieces of malware.

"With Zeus malware targeting the financial industry, existing tools have 30% efficacy. But with the ability to check digital fingerprints, that goes up to 98%," Stamos said "Since we added HBGary's Digital DNA product to our infrastructure, we and can get reports continuously as they happen instead of having to try to figure out retrospectively what happened."

Ah yes, the retrospective approach: too many companies are relying on that, Stamos said, and with the stakes clearly soaring and the lifeblood of their enterprises—their intellectual property—at stake, the same-old same-old approaches just won't work.

"Customers are, unfortunately, usually most attentive after some type of incident has occurred. Then a lot of companies look at traditional approaches and pick someone, like an appliance, and hope that takes care of the problem," Stamos said.

"But that won't help with intellectual property—securing credit-card numbers or Social Security numbers is very very different from securing complex data sets like IP and designs, and those other types of products just aren't appropriate for that level of protection."

RECOMMENDED READING:

Global CIO: Cisco TelePresence Shaping Next-Gen Hotels

Global CIO: AstraZeneca Saves Millions With BDNA

Global CIO: SuccessFactors Is The Future Of Business Software

Global CIO: Oracle Needs More Than Ellison's Talk To Beat IBM's Systems

Global CIO: GoodData Helps Enterasys Master The Cloud

GlobalCIO Bob Evans is senior VP and director of InformationWeek's Global CIO unit.

To find out more about Bob Evans, please visit his page.

For more Global CIO perspectives, check out Global CIO,
or write to Bob at [email protected].

 

Recommended Reading:

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1448
PUBLISHED: 2020-07-14
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.
CVE-2020-1449
PUBLISHED: 2020-07-14
A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.
CVE-2020-1450
PUBLISHED: 2020-07-14
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1451, CVE-2020-1456.
CVE-2020-1451
PUBLISHED: 2020-07-14
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1456.
CVE-2020-1454
PUBLISHED: 2020-07-14
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Re...