Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/26/2007
02:07 AM
50%
50%

GFI Launches Storage Device Scanner

GFI launches free, online portable storage device scanner

LONDON -- GFI Software, an international developer of network security, content security and messaging software, announced today the release of EndPointScan, an industry-first, free online service that allows you to check what devices are or have been connected to computers on your network and by whom. Using this diagnostic tool, you can identify those areas where the use of portable storage devices could pose a risk to the integrity of the company's systems and data.

The uncontrolled use of portable mass storage devices - USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods, digital cameras - coupled with data theft techniques such as 'pod slurping', are a major threat to network security and could lead to security breaches, data theft, viruses and other malware being uploaded to a company's network. Earlier this year, for example, a scientist who worked with DuPont was arrested after he had copied $400 million worth of commercially-sensitive information from the network. This is why it is vital for you to know what devices have been or are currently in use on your company's network and to be in a position to take action where the risk of a breach is high.

Security companies, including GFI Software, have long warned of the risks of portable storage devices and how vital it is that companies do something about it. Knowing what devices are on your network and the threat they pose is the first step towards minimizing these risks and this is what EndPointScan, an industry-first diagnostic tool, is designed to do.

Unfortunately, many businesses are unaware of or ignore the threat until something actually happens. According to research conducted on behalf of GFI Software, 35 per cent of 370 UK companies surveyed said they considered portable devices to be a massive risk to their company's security. However, 83 per cent of employers said they provided devices such as USB sticks, PDAs and Blackberrys to their staff. It is even more worrying to note that even though 51 per cent said they know who uses these devices at the office, 71 per cent do not log what files are transferred to and from the network. For all they know sensitive and confidential data could have easily been stolen from the network!

"Over the past few months, we have strived to create awareness on this issue and the launch of this utility is aimed at helping administrators to examine device usage on their network and act accordingly to reduce possible future risks. We have made it a point to keep the utility as simple as possible and easy to use," Andre Muscat, director, network security products at GFI, said. "Our main message is that the cost to take the necessary action to manage risk is much less than the costs involved reacting to a particular incident. We believe that an endpoint security solution such as GFI's EndPointSecurity product is a must in today's highly networked corporate environment," he added.

GFI Software Ltd.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19719
PUBLISHED: 2019-12-11
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
CVE-2019-19720
PUBLISHED: 2019-12-11
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
CVE-2019-19707
PUBLISHED: 2019-12-11
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
CVE-2019-19708
PUBLISHED: 2019-12-11
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVE-2019-19709
PUBLISHED: 2019-12-11
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.