Author Topic: Guardium-Israeli MOSSAD-Ptech, BAH Black Ops Cyber Conference in 48 hours  (Read 12630 times)

0 Members and 1 Guest are viewing this topic.

Anti_Illuminati

  • Guest

Amit Yoran

The Department of Homeland Security is charged with securing the government's nonmilitary networks, and cybersecurity experts said the Obama administration will have to better define the extent of this military support to Homeland Security. "It's a fine line" between providing needed technical expertise to support federal agencies improving their own security and deeper, more invasive programs, said Amit Yoran, a former senior cybersecurity official at the Homeland Security Department.

Years earlier the Israeli Michael Goff working for PTech, an arab owned software company that developes key enterprise software for many government institutions like Norad and FAA, using his secure channel with another Israeli Amit Yoran, somehow manages to give Israeli army computer programmers access to this critical computer code. It was due to this manipulation that the hijackings on 9/11 remained unnoticed by the flight controller of Norad. Once this was in place the planes could be taken over by remote control and flown into the World Trade Center.

The hijacking of airliners by remote control had been tested as a dress rehearsel for 9/11 on the Egypt Air flight 990 that crashed into the Atlantic on october 31, 1999.
________________________________________________________________________
http://www.guardium.com/index.php/prprint/380

Nation’s Former Cyber Security Chief Joins Guardium Board of Directors
Amit Yoran to Provide Insight and Guidance to the Leading Database Security Company


WALTHAM, MA, June 16, 2005 – Guardium, Inc., a leading provider of database security solutions, today announced that Amit Yoran, a renowned expert in cyber security, has joined its board of directors. Mr. Yoran, who formerly served as the Bush Administration’s cyber security chief, will provide invaluable guidance into the security risks facing global enterprises and ways in which Guardium can help companies mitigate critical data security exposure.

“Databases and the information they store represent very critical corporate assets. They also rank among the most vulnerable and frequent cause of significant business disruption,” said Amit Yoran, President of Yoran Associates. “I am pleased to join Guardium’s board of directors because their database security solutions provide innovative, effective ways to safeguard the data stores typically considered an organization’s crown jewels. These types of solutions are and will increasingly be a fundamental and critical component of every information protection strategy.”

“We are extremely pleased that Amit Yoran, an internationally distinguished cyber security leader and visionary, is joining Guardium’s board of directors,” said Ram Metser, President and CEO of Guardium. “We are gratified he is joining based on his strong belief in our direction and solutions, and we are confident that Mr. Yoran will contribute significantly to our continued high growth.”

Mr. Yoran is President of Yoran Associates, a firm providing advisory services to global enterprises on technology strategies for addressing business exposure. Working with the Secretary of Homeland Security, Mr. Yoran was appointed by President Bush as the Administration’s cyber chief, responsible for coordinating national cyber security activities. Mr. Yoran previously served as CEO of Riptech until its acquisition by the Symantec Corporation, where he served as Vice President of Worldwide Managed Security Services.

About Guardium
Headquartered in Waltham, MA, Guardium (http://www.guardium.com) develops and delivers innovative database security solutions that remove complexity, and provide visibility and effective controls over database access activities of IBM, Oracle, Microsoft, and Sybase environments. Guardium’s family of non-intrusive, robust applications addresses key database security concerns that include database security assessment, access policy control and enforcement, auditing, and regulatory compliance. Guardium’s growing customer base includes some of the world’s most technically advanced organizations representing a wide range of industries. Financial services, telecommunications, media, manufacturing, healthcare, and government organizations trust Guardium’s solutions to protect their mission critical data and handle their compliance challenges. Guardium investors include the Cedar Fund, Veritas Venture Partners, and StageOne Ventures.

--------------------------------------------------------------------------------

Copyright © 2006 Guardium. All rights reserved. Information in this document is subject to change without notice. Guardium, SQL Guard, Safeguarding Databases, SQL HealthGuard, SQL AuditGuard, SQL PolicyGuard, SQL RemoteGuard, and SQL Guard Security Suite are trademarks of Guardium, Inc. All other trademarks and trade names are the property of their respective companies. Copying and redistribution of this material is expressly permitted by the copyright owner.

Press Contacts:
Corinne Sheen or Adam Parken
Corporate Ink
617-969-9192
________________________________________________________________________
Excerpt:

http://news.cnet.com/8301-13578_3-10009603-38.html

August 7, 2008 5:00 AM PDT
'Cybersecurity commission' to proffer advice to next president

LAS VEGAS--Transitions between presidential administrations are typically influence-peddling, power-consolidating, appointee-vetting exercises run by Washington insiders. Perhaps that's why the quintessential Washington think tank, the Center for Strategic and International Studies, is trying to insert itself into the process.

The private organization, which has close ties to the U.S. military and counts Henry Kissinger on its payroll, has gathered about 35 people and awarded them the official-sounding title of "Commission on Cyber Security for the 44th Presidency." Adding to the formality are some closed-to-the-public meetings and ex-officio members from federal agencies, congressional offices, and the nebulous "intelligence community."

One panelist said that the FBI's "InfraGard" information-sharing relationships with the private sector shouldn't change.

"We're not recommending to do away with InfraGard," said Jerry Dixon, director of analysis at the Team Cymru research firm, a former Homeland Security official, and a commission member. "That's something that the executive departments have set up... We're certainly not recommending to do away with those different partnerships because they belong to the different departments."

The CSIS panel is composed mostly of industry, government, and ex-government types. Among the other members: Mary Ann Davidson, Oracle's chief security officer; Doug Maughan, a Homeland Security program manager; Will Pelgrin of New York's cybersecurity office; Phil Reitinger, a Microsoft security strategist; and Amit Yoran, chairman of NetWitness and a former Homeland Security official.

The commission plans to publish the final report in "early November" and, perhaps, an earlier draft for public comment.

"It has to be elevated to the highest echelons of this government and internationally," Tom Kellermann, a vice president at Core Security Technologies, a former World Bank security official, and a commission member, said, referring to cybersecurity topics. "We're losing the war. It's essential. That's the key theme of the recommendations that will come out."

http://www.bloomberg.com/apps/news?pid=newsarchive&sid=arSqdOLQVK9g#

Louie, who was based in San Francisco during the dot-com heyday, went on to build the flight-simulation game F-16 Fighting Falcon. In-Q-Tel tapped him in 1999 when he was head of toymaker Hasbro Inc.'s interactive unit. Louie quit in December 2005. He says he had started to sound more like a federal employee than a techie. The CIA awarded him the Seal Medallion, an award that recognizes the contributions of nonagency personnel, the next year.

In a world rocked by the Sept. 11 attacks and the U.S. invasion of Iraq, In-Q-Tel's board sought a leader with better counterterrorism credentials. It hired Amit Yoran, 37, former director of the Department of Homeland Security's national cybersecurity division, which is charged with protecting the U.S. from Internet-based threats.

Entrepreneur/Executive

Yoran left four months later, in April 2006. He joined Herndon, Virginia-based NetWitness Corp., an Internet security startup, that November. In-Q-Tel then approached Mark Frantz, one of its managing general partners, who'd joined from buyout firm Carlyle Group. He declined and quit two months after Yoran, leaving the spy fund to Interim Chief Financial Officer Scott Yancey until Darby took over.

Amit Yoran, CEO, Yoran Associates
                                
Amit Yoran is president and CEO of Yoran Associates and currently serves as an independent director and advisor to several early stage security technology companies and large corporations. He was appointed by President Bush as the Administration's cyber chief, responsible for coordinating the national activities in cyber security. Working with the Secretary of Homeland Security, Mr. Yoran coordinated among federal departments, law enforcement and intelligence efforts, as well as direct interaction with many leading IT and IT security companies. These efforts were particularly focused on protection of the 13 critical infrastructures of the United States. Prior to joining the Bush Administration, Mr. Yoran was the Vice President of Worldwide Managed Security Services at the Symantec Corporation. Mr. Yoran was the co- founder of Riptech, a market leading IT security company, and served as its CEO until the company was acquired by Symantec. He previously served an officer in the US Air Force as the Director of Vulnerability Programs for the Department of Defense's Computer Emergency Response Team. Mr. Yoran received a Master of Science degree from the George Washington University and Bachelor of Science from the United States Military Academy at West Point.[/color]

See this post:  BAH - WARGAMING *ALERT* - INTERNET FALSE FLAG - Preemptively Exposed

http://forum.prisonplanet.com/index.php?topic=87140.msg506510#msg506510
________________________________________________________________________
http://www.guardium.com/index.php/pr/724

Guardium Hosts Executive Cybersecurity Seminar on Best Practices for Database Security, Privacy & Compliance

Leading Data Protection Experts Highlight Pressing Government Issues Including Cybersecurity and Emerging Threats

WALTHAM, Mass. (June 2, 2009) - Guardium, the database security company, is hosting a “Best Practices for Data Security, Privacy & Compliance” seminar, featuring Gartner’s John Pescatore, Booz Allen Hamilton’s Andy Singer and Guardium CTO Ron Ben Natan, Ph.D. The seminar will be held on June 16th from 8 a.m. to 12 p.m. at the Ritz Carlton, Pentagon City in Arlington, VA.

According to a recent report from IBM, SQL injection attacks jumped 134% in 2008, increasing from an average of a few thousand per day in 2007 to 450,000 attacks per day.  The report also states that China has now surpassed Russia and the U.S as the country hosting the most malicious Websites.

And a data breach study by Verizon Business Services revealed that more electronic records were breached in 2008 than in the previous four years combined. In addition, the study found that database servers accounted for 75% of all records breached, while end-user devices such as laptops and USB drives accounted for only 0.01%.

Protecting against cyberattacks, breaches, fraud and insider threats has heightened the need for federal agencies and contractors to carefully review their security programs against the FISMA-mandated NIST 800-53 standard and comply with the OMB M-06-16 directive ("Protection of Sensitive Agency Information"), in order to secure Personally Identifiable Information (PII) and other sensitive data such as financial data and classified information.  At the same time, agencies and contractors are looking to streamline their data security infrastructures with automated and centralized controls for complex, heterogeneous and highly-distributed environments.

This executive seminar will include the following cybersecurity experts:

    *

      John Pescatore, Gartner Vice President and Research Fellow, who has 28 years of experience in computer, network and information security.  John will discuss the federal government’s role in stimulating progress towards higher levels of cybersecurity; new and emerging threats such as SQL injection and privileged insider breaches; best practices for improving vulnerability management to reduce risks; and the security implications of cloud computing.

      Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems, where he started and managed security consulting groups. His previous experience includes 11 years with GTE, as well as employment with NSA and the U.S. Secret Service.  John has a BSEE from the University of Connecticut and is an NSA-certified Cryptologic Engineer.
    *

      Andy Singer, Principal at Booz Allen Hamilton, who recently retired as the Navy rear admiral holding positions as the director for intelligence in the Pacific and deputy of Naval Network Warfare Command, after spending 31 years in the Navy.  Andy will describe why traditional “fortress approaches” (such as firewalls and IDS/IPS systems) are no longer sufficient to protect against 21st-century attackers who can easily bypass perimeter defenses; best practices for implementing NIST 800-53 controls for critical database infrastructures; and a new way of thinking about cybersecurity that focuses on a “megacommunity” approach in which government, business and civil society collaborate to advance shared vital interests.

      Mr. Singer also worked at Spawar Systems Center Charleston, NETWARCOM and was Vice Commander at the Naval Network Warfare Command.  He has an MS in Security Strategy from the National War College.
    *

      Ron Ben Natan, Ph.D. and Guardium CTO, who has more than 20 years of experience developing enterprise applications and security technology for blue-chip companies.  Ron will discuss best practices for database security and compliance; how to leverage the latest technologies for database activity monitoring (DAM) and logging, vulnerability assessment, data discovery and configuration change control; and how to reduce the cost and complexity of compliance with automated controls and workflow processes.

      Prior to Guardium, Dr. Ben Natan worked for Merrill Lynch, J.P. Morgan, Intel and AT&T Bell Laboratories. Ron has also served as a consultant in data security and distributed systems for Phillip Morris, Miller Beer, HSBC, HP, Applied Materials and the Swiss Armed Forces.  He is an expert on distributed application environments, application security, and database security, and has authored 12 technical books including HOWTO Secure and Audit Oracle 10g and 11g (CRC Press, 2009) and Implementing Database Security and Auditing (Elsevier Digital Press, 2005), the standard texts in the field.

In this session, attendees will hear how key government agencies such as the FTC and Washington Metropolitan Transit Authority (WMTA), and private sector organizations including 3 of the top 4 U.S. banks, have implemented granular access controls and real-time monitoring to track all access to sensitive data - across all DBMS platforms and applications - without impacting performance or changing databases or applications.  You’ll also learn best practices for hardening your database environments and mitigating risk.


WHAT:   Executive seminar: “Best Practices for Database Security, Privacy & Compliance”
WHO:   John Pescatore, Vice President and Research Fellow, Gartner
Andy Singer, Principal, Booz Allen Hamilton
Ron Ben Natan, Ph. D., Guardium CTO and author of the newly published book: HOWTO Secure and Audit Oracle 10g and 11g, the definitive guide for database security and risk management professionals
WHEN:   Tuesday, June 16th, 2009
8:00 a.m. - 12:00 p.m.
WHERE:    Ritz Carlton, Pentagon City in Arlington, VA.
WHO SHOULD ATTEND:    C-level executives and day-to-day practitioners involved with IT security, risk management and compliance, governance and privacy, database administration and enterprise application architectures.

Register today to qualify for complimentary admission to “Best Practices for Data Security, Privacy & Compliance” and get strategic insights delivered by the most respected data security and compliance experts.

About Guardium
Guardium, the database security company, delivers the most widely-used solution for preventing information leaks from the data center and ensuring the integrity of enterprise data.

The company’s enterprise security platform is now installed in more than 450 data centers worldwide, including top government agencies; 3 of the top 4 global banks; 3 of the top 5 insurers; 2 of the top 3 global retailers; 15 of the world’s top telcos; 2 of the world’s favorite beverage brands; the most recognized name in PCs; a top 3 auto maker; a top 3 aerospace company; and a leading supplier of business intelligence software.

The company has partnerships with Oracle, Microsoft, IBM, BMC, EMC, Accenture, McAfee and ArcSight, with Cisco as a strategic investor, and is a member of IBM’s prestigious Data Governance Council and the PCI Security Standards Council.

Founded in 2002, Guardium was the first company to address the core data security gap by delivering a scalable enterprise platform that both protects databases in real-time and automates the entire compliance auditing process.

Guardium is a trademark of Guardium, Inc.

###

Media Contacts:
George Robertson
Corporate Ink
617.969.9192

Anti_Illuminati

  • Guest
So, why is John Pescatore a big deal?  Read on...

http://www.guardium.com/htmlemails/200905_seminar_invite/speakers.html



Featuring John Pescatore, vice president and Research Fellow, Gartner

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 28 years of experience in computer, network and information security. John is Gartner's lead analyst on all Internet-facing security issues, covering a broad range of enterprise-critical areas. He also provides thought leadership in wireless security, ways to develop software without vulnerabilities, and trustable computing platforms.

Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems, where he started and managed security consulting groups. His previous experience includes 11 years with GTE, as well as employment with NSA and the U.S. Secret Service. John has a BSEE from the University of Connecticut and is an NSA-certified Cryptologic Engineer.
________________________________________________________________________
http://www.net-security.org/news.php?id=2844

http://searchsecurity.techtarget.com/news/interview/0,289202,sid14_gci905234,00.html

Gartner: Pescatore comments on state of enterprise security

By Michael S. Mimoso, SearchSecurity.com News Editor
09 Jun 2003 | SearchSecurity.com

WASHINGTON, D.C. -- Formerly with the National Security Agency and Secret Service, Gartner Inc. vice president John Pescatore has the perspective and experience to comment on just about everything related to IT security. In this interview, conducted during the Gartner IT Security Summit, Pescatore lends his two cents on security spending, trends, cyberterrorism, government's role in security and what enterprises need to do safely stay afloat.

Spending on security in the enterprise is either on the rise or flat, according to most accounts. What are companies spending money on?

Pescatore: If you look at the total spending on security, it's definitely going up strongly. We look at it as a percent of the IT budget. So, in 2001, the industry average was 3.3% of the IT budget toward security. In 2002, it went up to 4.3%. We're projecting for this year, 5.4%. Some segments, such as government, are going to grow faster. Government is going to grow faster than anybody because of the [Department of Homeland Security]. Places like universities are also bumping their budgets up because they're getting killed by places like the recording industry for piracy. The interesting thing for 2003, it's the first year ever that, when the CIO looks at the pie chart of where his money went, security will have its own label on the chart. It won't be lumped in with 'other.'

Now, what are they spending it on? In the IT security side, we're seeing a lot of firewall refresh. For example, in 1999 [and] 2000, with all the Y2K money, a lot of people upgraded Windows, NT, Solaris and got a new firewall. Now they're all replacing those and getting a firewall appliance. Because of Code Red, Nimda and Slammer, we see expenditures on antiviral going up. Spending on security audits and services like penetration testing [have] definitely gone up. So what we've seen with the economy, the growth in security spending has been on the keep-the-bad-guys-out side, traditional firewall, antivirus, vulnerability assessment tools and services. The good-guy-in side, like authentication, PKI, access control, that kind of spending has been flat to down, namely because companies aren't spending on new applications, because the whole IT world has been in a slump.

The third area of spending has been on the keep-the-wheels-on side, where you manage all your security stuff. There's been strong growth there this year. Tools that help enterprises manage firewalls, antivirus [and] intrusion detection, and help make sense of all the data, that's been a strong spend area.

In what areas has spending slowed down?

Pescatore: Intrusion detection. Most companies have said, 'This isn't helping me. It's just drowning me in false alarms.' PKI has experienced a slowdown with many of those companies up for sale.

At the RSA Conference, you predicted this would be the decade of security hardware. Can you explain what you meant?

Pescatore: We see a lot of discrete security functions: firewalls, intrusion detection, gateway-side antivirus, vulnerability assessment, even URL blocking. These are functions that look at stuff on the network and make decisions on what to do. That might be five different boxes an enterprise would have to manage. We're seeing this move toward network security platforms, which is fewer boxes, and that reduces the cost of ownership.

Then we saw some innovative companies start to build these ASICs [application-specific integrated circuits] and network-security processors that said 'There's some common processing going on in these boxes. Let's put it in hardware.' Put all the repetitive, heavy-lifting stuff in hardware so that I go much faster. We've seen three different architectures come out for small, medium enterprises (100 MB and less), large enterprises (100 MB to a gigabyte per second) and carrier-class (1 gigabyte per second and above).

In the large enterprise space, you'll have a blade approach where, instead of throwing a box at a problem, plug in a new appliance in a blade so that I can scale on one box, as opposed to multiple boxes. Above that, this is where the ASIC-based approach is for the top, large enterprises and carrier class. What we mean by hardware is the ability to do repetitive, network-stack processing, parsing of XML and decrypting Secure Sockets Layer (SSL). That's gotta be done in hardware to get to the speeds needed by the large enterprise and carrier classes. That's where the innovation is. With software, we'll see some innovation with algorithms for doing behavior-based or anomaly-based attack detection, but most of the innovation is at wire speeds.

As you talk to clients today, as compared to, say, 12 to 24 months ago, how has the conversation changed? What kinds of issues or questions are they raising?
Pescatore: Pre dot-com crash, very different security questions. Since the bubble burst, how much has changed? In that time, I think we've definitely seen disillusionment with intrusion detection. Two years ago, people were asking us, 'Which IDS is better? Cisco, ISS or Enterysys?' Now they are asking, 'Should I really do this?' That's changed.

We're seeing a lot more willingness to change user behavior. In the dot-com days, you couldn't hire people fast enough; we couldn't annoy users that much. If we put some onerous security in front of the user, the VP would complain, and the CIO would say 'What are you? Nuts?' Now that the economy is tougher and people can't change jobs as well, we're seeing enterprises be willing to block attachments, force users to go to Windows 2000, lock into their PCs.

The security group has a lot more power now and, because of that, we're seeing them trying to centralize security management more. The danger is that, when the economy comes back, if the security guys are not used to moving quickly, they'll be left behind again.

What has matured during that time frame?

Pescatore: We've definitely seen maturity in several spaces: firewall and antiviral, for example. But maturity doesn't mean commodity quite yet in those areas. There's still room for new guys to come along and blow the incumbents away.

When the National Strategy to Secure Cyberspace was released, it was criticized for its lack of mandates, or 'teeth.' Do you agree? Should it have had more 'teeth'?
Pescatore: No. Gartner came out with the first take, saying it did exactly what it should have done. Private industry will make the Internet more secure. Regulations, at best, will not hurt and, at worst, cause tremendous problems.

An example I always use: Back in 1995, Sen. Sam Nunn formed a committee to investigate the possibility of a digital Pearl Harbor. He used that term in 1995. If the government had dictated things back then, it would have said things like 'You better not let strong crypto get out because the bad guys are going to have it.' We would have been mandated 40-bit crypto be built in everywhere. If the government had passed regulations, Amazon.com would be taking orders by fax. It would never have taken off.

The government cannot legislate security in. You can't put a hierarchal solution on a distributed problem. The major people complaining are the security vendors. It was going to be like Christmas if the government mandated everybody needs a personal firewall.

What should government do then?

Pescatore: What [Richard] Clarke and [Howard] Schmidt came up with did a pretty good job of doing what we said, which is that government should use its market power. You want to make the Internet more secure? Every government agency should be buying denial-of-service protection with their Internet connectivity. Every government agency should make sure that every employee and every vendor who works for the government has a personal firewall installed on their PC. That drives the market more so than some government regulation. The government should be a model citizen on this. It should be the most secure industry segment, the most secure piece of critical infrastructure. And it's not today. It's not!

We need to see the government's strategy for securing the government's sector of cyberspace. Putting more pressure on the other critical segments, like telecoms, power and energy, and transportation to improve cybersecurity, is a good thing. But those critical infrastructures first better worry about physical security, because that's what terrorists do. They blow things up. They attack physically to cause terror. Blue screens of death don't cause terror.

How big of a deal is the departure of both Richard Clarke and Howard Schmidt as national cybersecurity advisor?

Pescatore: Richard Clarke is not an operational guy. He survived from Bush Sr., to Clinton, to Bush Jr. No one does that without being an experienced political bureaucrat. He was definitely good for raising visibility but, as the Department of Homeland Security moved to operational, he's not the guy.

Howard Schmidt, when he took the job, I wrote that this was a great thing. The most attacked domain name in the world is Microsoft.com [Schmidt was the former chief security officer at Microsoft Corp.], and he had experience defending that. The heavy lifting is going to be done by private industry. The government side will have two aspects. One is the moral suasion side: talking, keeping visibility up. The other is the bureaucratic in-fighting side of a brand new department trying to gain control. And Howard wasn't either of those guys. I think Richard Clarke could have stayed around to be the external face inside the government, but he's going to make a lot more from lucrative speaking fees.

Where a lot of the squawking has been is the talk about not burying it four layers down, that it needs to be at the president's level. I think that's totally wrong. You know what the most effective thing we have in critical infrastructure security is? It's been there for 15 years and it's called NSTAC [National Security Telecommunications Advisory Committee]. They were formed to make sure the U.S. telephone system could react if the government had concerns. They touch on cybersecurity and domain name security, and it's done very quietly -- an industry-government partnership. That's been most effective. I think it is appropriate to have it within Homeland Security, not [at] some presidential level.

So we don't need a recognizable name to lead the way?

Pescatore: No, I don't think so. We tend to mistake light for heat, if you know what I mean. If we hear the noise, and Richard Clarke is out squawking every week, you think something is getting done -- whereas it's time for heavy lifting. There's enough press coverage of every security incident. It's not like people don't hear about security incidents. Know what a good indicator is? Look at Symantec's stock price. It's going up and up. Know why? Consumer antiviral purchases are going up and up. There's awareness. Now the issue is: How do we make it easier for businesses to reach the next level of security? Evangelism can never hurt, but if I had to pick evangelism or implementation right now, I'd pick implementation.

What should the enterprise take away from the talk about cyberterrorism?

Pescatore: Terrorism is a real threat. We're going to get hit again. I worked for the Secret Service years ago, and the biggest thing we used to worry about was the Radio Shack criminal, the one who gets his technology at Radio Shack. You cannot plan for al Qaeda-type events. You have to protect against the most likely type of threat and hope they go bother somebody else.

As far as what the typical enterprise should do, there's a lot of simple things you need to make sure you're doing right.

Everyone has antiviral and firewalls, but how often do you update antivirus signatures? How often do you test if your firewall policy is what it should be? No. 1 thing, the way any cyberattack works, the bad guys check for vulnerabilities and then they attack. You need to check for vulnerabilities before the bad guys. If hackers are rattling your doorknobs, if they're open, the hacker is going to come in. You should rattle your doorknobs first, [do] more frequent vulnerability assessments to block those attacks. Doesn't matter if it's a terrorist, pimply faced 14-year-old or a cybercriminal trying to steal credit card numbers or medical records, they're all going to come in the same way.

Sixty-five percent of attacks exploit misconfigured systems, and only 30% exploit known vulnerabilities where there's a patch out. Only 5% exploit things we didn't know where there was a problem. Address the 65% and check that things are configured right and you've just eliminated two-thirds of your problem. Focus on patch management and forcing software vendors to write better software and you've got the other 30% taken care of. Then, later on, worry about the 5% of evil geniuses who are attacking us with zero-day attacks.

Anti_Illuminati

  • Guest
Guardium news and Events
http://www.guardium.com/index.php/t1a/

http://www.guardium.com/index.php/t1/245/

About Guardium

More Global 1000 organizations trust Guardium to secure their critical enterprise data than any other technology provider.

The fact is, we provide the simplest, most robust solution for safeguarding financial and ERP information, customer and cardholder data, and intellectual property stored in enterprise systems such as Oracle E-Business Suite, PeopleSoft, Siebel, SAP, Business Objects, and in-house applications.

Our solution also optimizes operational efficiency by automating and centralizing compliance controls across heterogeneous and distributed data center environments.

Why Guardium [like, "Why Ptech"]


A Pioneer in Data Security

Founded in 2002, Guardium was the first company to address the core data security gap by delivering a scalable enterprise security platform that both protects databases in real-time and automates the entire compliance auditing process.  Our achievements have been recognized by industry analysts and other experts—but true recognition comes from our customers.

Leadership

Guardium’s experienced management team brings decades of business, technical, and project management expertise to the development, deployment, and support of market-leading products.

Investors

Recognized by Forrester as “a Leader across the board,” Guardium delivers the most widely-used solution for ensuring the integrity of enterprise data and preventing information leaks from the data center. 

Careers

At Guardium, we look forward to Mondays.  That’s because working at Guardium means being at the forefront of a rapidly-growing industry.  Each member of our team plays an important role in safeguarding critical data for the world’s largest organizations.  Our people enjoy a fresh and challenging work environment with excellent opportunities for advancement. 
________________________________________________________________________
http://www.guardium.com/index.php/t2/250/

Leadership

Guardium’s experienced management team brings decades of business, technical, and project management expertise to the development, deployment, and support of market-leading products.

Ram Metser – CEO
Ron Bennatan – CTO
David Valovcin – VP, International Sales
Paul Resten– VP, North American Sales
Boaz Barkai – Head of Customer Services & Support
Phil Neray – VP, Marketing
Mike Castricone – VP, Finance and Administration
Upesh Patel – VP, Business Development
Martin Pejko - VP, Global Channels
Roy Barr – Director, Business Development

Biographies

Ram Metser – CEO
Ram Metser has extensive entrepreneurial and executive management experience, having worked in a broad range of technology-based organizations.

Prior to joining Guardium, Ram served as vice president of Nokia (NYSE:NOK) and general manager of Nokia Intelligent Applications. He was also the co-founder and CEO of Telekol Corporation.  Under Ram’s leadership, Telekol grew to become a leading supplier of intelligent communications software and systems for the enterprise, and was acquired by Nokia. Previously, Ram fulfilled various executive advisory roles with technology start-ups.

Ram holds a bachelor’s degree in management and a master’s degree in business administration from the University of Massachusetts.

Ron Bennatan, Ph.D. – CTO
Dr. Ron Bennatan commands more than 20 years of experience developing enterprise applications and security technology for blue-chip companies.

Prior to Guardium, he worked for companies such as Merrill Lynch, J.P. Morgan, Intel and AT&T Bell Laboratories.  Ron has also served as a consultant in data security and distributed systems for Phillip Morris, Miller Beer, HSBC, HP, Applied Materials and the Swiss Armed Forces.

An IBM GOLD consultant with a Ph.D. in computer science, Ron is an expert on distributed application environments, application security, and database security, and has authored 12 technical books including HOWTO Secure and Audit Oracle 10g and 11g (CRC Press, 2009) and Implementing Database Security and Auditing (Elsevier Digital Press, 2005), the standard texts in the field.

David Valovcin – VP, International Sales
David Valovcin brings more than 20 years of direct, channel, and international sales and management experience to Guardium.

David previously served as vice president of worldwide sales for several Boston-area startups.  He drove exponential sales growth for Courion Corporation and helped Pegasystems Inc. go public using his business development and sales management skills as vice president of sales for the Americas.  Prior, David held sales management and international operations positions for companies in the security software and IT infrastructure markets.  A frequent speaker at industry events, David has also managed the design and implementation of best-of-breed solutions for leading global organizations.

David received a B.S. in business administration from American International College, with study abroad at the Université de Fribourg, Switzerland.

Paul Resten – VP, North American Sales
With more than 25 years of sales management experience, Paul Resten has built strong technology sales organizations that have sold into a variety of vertical markets.  His extensive sales, marketing, and entrepreneurial expertise has helped him maintain a successful track record of managing both direct and channel organizations.

Prior to joining Guardium, Paul worked for Courion Corporation, where he assumed the management of their North American sales force in 2000. Previously, Paul spent more than 22 years at Motorola, Inc. in a variety of sales leadership roles, including director of business development.

Paul is a graduate of Bryant University and holds a B.S. in business.

Boaz Barkai – Head of Customer Services & Support
Boaz Barkai brings more than 17 years of experience and has a proven track record of managing services organizations and delivering enterprise-class services to organizations worldwide.

He leads Guardium’s Customer Services & Support organization, which is responsible for providing professional services, technical support and training to Guardium customers and partners worldwide.  At Guardium, he started the Professional Services team and most recently served as Director of Professional Services.

During his career, Boaz has successfully implemented complex, multi-year, large-scale deployments for enterprise organizations such as Verizon, Bell Atlantic and Southwestern Bell.  Prior to Guardium, he held a range of technical and managerial positions at Amdocs.  Boaz holds a B.S. degree in computer science.

Phil Neray – VP, Marketing
Phil Neray brings more than 20 years of experience in successfully introducing advanced technology to mainstream users and organizations.
Phil was previously senior director of worldwide strategic marketing for Symantec’s Application and Infrastructure Management business unit.  He joined Symantec in 2004 as a result of its acquisition of ON Technology, a developer of enterprise security and configuration management solutions.  During his tenure as vice president of marketing at ON Technology, Phil played a critical role in growing the company’s revenue by more than 700%.

Phil has held senior marketing roles at Alias Research, a 3D special effects software company for film, video games, and the Web (acquired by Silicon Graphics), and Alliant Computer Systems, which works with network-based, parallel UNIX supercomputers.  He has also served as a product manager for UNIX-based graphics workstations and embedded computing systems at Digital Equipment Corp.  Phil started his career as a field operations engineer with Schlumberger Ltd. on remote oil rigs in South America.

Phil holds a bachelor’s degree in electrical engineering (honors) from McGill University, where he graduated with distinction.

Mike Castricone – VP, Finance and Administration
Mike Castricone possesses more than 14 years of financial and administrative experience.
Prior to joining Guardium, Mike served as a controller for Nokia Networks.  He also served as a controller for Telekol Corporation, where he managed financial operations, IT, and human resource functions.

Mike holds a B.S. in interdisciplinary mathematics from the University of New Hampshire and a master’s degree in accountancy from Bentley College. He is a licensed Certified Public Accountant.

Upesh Patel – VP, Business Development
Upesh Patel commands 20 years of technology experience, including more than a decade spent on security and compliance.  He is responsible for managing and expanding relationships with Guardium’s technology partners to provide customers with the most advanced and interoperable solution.

Prior to joining Guardium, Upesh was vice president of product partnerships for Network Intelligence (now part of RSA, The Security Division of EMC), a leading security information and event management (SIEM) company.  There he drove partnership and technology integration activities with top security and infrastructure companies including Cisco, Microsoft, Check Point Software, RSA, and Juniper Networks. Previously, Upesh managed business development for Check Point Software, where he spearheaded the award-winning OPSEC (Open Platform for Security) Alliance Initiative.  He has also worked at the Santa Cruz Operation (SCO) managing key strategic partnerships and the company’s ISV developer program.

Upesh received a B.S. with honors in computer science from the University of Kent in Canterbury, UK.

Martin Pejko - VP, Global Channels
Martin W. Pejko has acquired more than 25 years of experience in the technology industry.  Prior to joining Guardium, Martin served as vice president of global channel sales at Network Intelligence (acquired by EMC in 2006).  He has held senior business development and legal counsel positions with companies such as Cisco Systems, Quantum Bridge Communications (acquired by Motorola), and GeoTel communications (acquired by Cisco).  Martin is also a former consultant for Lotus Development and BBN Corporation.

Martin holds a bachelor’s degree in economics from Colby College and a law degree from Northeastern University.

Roy Barr – Director, Business Development
Roy Barr has extensive experience in sales and business development, with a proven record of building sales, channels, customer management, and OEM relations.
Prior to joining Guardium, Roy served as director of business development at Nokia Intelligent Applications.  He was also a cofounder and the director of business development of Telekol Corporation.  At Telekol, Roy was responsible for creating sales and developing channels, territories, and OEM relations.

Roy holds a B.A. in political science from Bar-Ilan University and an M.A. in international political economy from the London School of Economics.

Anti_Illuminati

  • Guest
http://findarticles.com/p/articles/mi_m0EIN/is_2005_August_12/ai_n14891711/

Oh wow, look at who is going to be protecting us from "Identity Theft":

Guardium Raises $5.5 Million in 3rd Financing Round; Ascent Venture Partners Leads Investment Group to Provide Funding for Guardium's Continued Rapid Growth in Database Security Market
Business Wire ,  August 12, 2005

 WALTHAM, Mass. -- Guardium, Inc., a leader of database security and compliance solutions, today announced it has secured $5.5 million in a third round of financing. The round was led by new investor Ascent Venture Partners and includes existing investors Cedar Fund, Veritas Venture Partners and Stage One Ventures. This raises Guardium's total venture capital investment to date to $15 million.

Guardium also announced that, as part of this funding, Ascent Partner Geoff Oblak is joining its board, which also recently expanded with the addition of Amit Yoran, the Nation's former Cyber Security Chief.

Guardium will use the funding to expand its sales, marketing and customer support teams, in order to accelerate the company's growth in the rapidly expanding market for database security applications including identity theft prevention and regulatory compliance such as Sarbanes Oxley, HIPAA, PCI and GLBA. Congress and private industry continue to drive standards for protecting critical data. The recently published Payment Card Industry (PCI) Data Security Standard (for identity theft prevention), for example, is a mandatory requirement for the entire Payment Card Industry. In addition, regulatory compliance continues to be a key security initiative among corporations. (According to Nemertes Research, 63% of corporations view compliance as critical and are allocating up to 60% of their security budget for meeting these regulations.)

In the last year alone, Guardium has grown its employees by 60%, quadrupled its customer base and completed more than 100 product installations of its SQL Guard solution for diverse global enterprises, ranging from the financial services and manufacturing to energy and media industries.

"We identified database security and its application for regulatory compliance and identity theft prevention initiatives as an attractive market for investment," said Geoff Oblak, Partner, Ascent Venture Partners. "Through our extensive due diligence, we determined that Guardium provides the leading solutions customers need in this high-growth market, and we are thrilled to join their investment team."

Over the past 20 years, Ascent Ventures has focused on emerging information technology sectors such as IT security and has built extensive networks and deep knowledge of these sectors.

"Ascent has a very successful track record of investing in security and software companies," said Ram Metser, CEO, Guardium, Inc. "We are gratified by Ascent's recognition of Guardium's market leadership and we look forward to utilizing their deep industry knowledge to contribute to our continued growth."

About Ascent Venture Partners

Since 1985, Ascent Venture Partners has been dedicated to partnering with seasoned management teams to build successful technology companies. Focused on the New England and Mid-Atlantic regions, investments are sized from $2 to $8 million. Ascent is an active investor, offering strategic advice, leveraging its broad network and working patiently with portfolio companies to overcome challenges. Ascent has raised four venture funds totaling $400 million and has invested in over 80 companies. Ascent is currently investing out of the firm's fourth fund, a $140 million fund launched in 2004. For more information visit www.ascentvp.com.

About Guardium

Headquartered in Waltham, MA, Guardium (www.guardium.com) develops and delivers innovative database security solutions that remove complexity, and provide visibility and effective controls over database access activities of IBM, Oracle, Microsoft, and Sybase environments. Guardium's family of non-intrusive, robust applications addresses key database security concerns that include database security assessment, access policy control and enforcement, auditing, and regulatory compliance. Guardium's growing customer base includes some of the world's most technically advanced organizations representing a wide range of industries. Financial services, telecommunications, media, manufacturing, healthcare, and government organizations trust Guardium's solutions to protect their mission critical data and handle their compliance challenges. Guardium investors include the Cedar Fund, Ascent Ventures, Veritas Venture Partners, and StageOne Ventures.

Copyright (C) 2005 Guardium. All rights reserved. Information in this document is subject to change without notice. Guardium, SQL Guard, Safeguarding Databases, SQL HealthGuard, SQL AuditGuard, SQL PolicyGuard, SQL RemoteGuard, and SQL Guard Security Suite are trademarks of Guardium, Inc. All other trademarks and trade names are the property of their respective companies. Copying and redistribution of this material is expressly permitted by the copyright owner.
__________________________________________________________
http://www.guardium.com/index.php/pr/36

Guardium Closes Strategic Investment Round, Adds Cisco as Investor

Cisco Invests in Guardium’s Network-Based Platform for Protecting Sensitive Corporate Information

WALTHAM, Mass. (May 15, 2006) – Guardium, the database security company, today announced a strategic investment by Cisco Systems Inc., the worldwide leader in networking for the Internet.

Guardium’s network-based technology protects sensitive information stored in critical systems such as Oracle, PeopleSoft, SAP, Siebel and custom enterprise applications. In addition, the Guardium solution enhances operational efficiency by providing a unified set of policy-based controls for heterogeneous, multi-vendor database infrastructures.

Cisco’s investment will allow Guardium to grow its leadership position in real-time database security and auditing. Guardium’s customer base currently includes major organizations in financial services, energy, manufacturing, telecommunications, pharmaceuticals, media, retail and government.

“We are pleased about this relationship between Cisco and Guardium,” said Charles Kim, Information Security Officer, ING Investment Management. “Both companies provide important components of our critical data infrastructure. Guardium’s innovative network-based technology monitors, protects and audits access to key information assets at ING Investment Management.”

The Guardium solution supports a vision of adaptive, network-based security with application-layer intelligence for preventing unauthorized or malicious access to the corporate data center. This high-performance network continuously responds to security events as they take place, rather than later, when an organization may have already suffered damage. With the growth of Web-based applications and service-oriented architectures (SOA), it is now even more important to find new ways to protect confidential corporate information from both insiders and outsiders.

“Database activity monitoring and auditing is one of the most promising new categories of data security,” wrote Rich Mogull, Gartner research vice president, in Best Practices and Compliance with Data Security (October 2005). “These standalone appliances enforce separation of duties by segregating audit from administrative functions, and they allow alerting based on specific database activity. For example, if a database administrator runs a select query on the credit card field, or creates a new database user, a security administrator is notified. Thresholds for sensitive data can be set to detect if someone that normally accesses particular data starts accessing an unusual volume of that data.”

“We are pleased to be supported by a global leader in networking technology,” said Ram Metser, Guardium CEO. “This will allow us to significantly broaden our reach. We can now help even more enterprises safeguard their critical information, and save time and money while implementing key compliance and IT governance initiatives.”

Cisco’s investment occurred as part of a Series C strategic round totaling $6.3 million, which was led by Cedar Fund and Ascent Venture Partners, with additional participation from all existing equity investors including Stage One Ventures and Veritas Venture Partners. The latest round brings the total equity investment in the company to $21 million. The new funds will support rapid sales growth and accelerated product development initiatives.

“Guardium’s solution addresses a key data security problem for corporations in a unique and robust way,” said Nimrod Schwartz, Cedar Fund partner. “The company’s success in winning big deals with major customers has not gone unnoticed, and we are delighted to welcome Cisco as a new and strategic investor in the company.”

Geoff Oblak, Partner, Ascent Ventures, added, “Guardium developed the world’s first solution for both database security and compliance monitoring, and has continuously enhanced its offering based on real-world feedback from top IT organizations worldwide. We are pleased by the company’s record of customer success and growth.”

About Guardium
Guardium, the database security company, develops the most widely-used network solution for database security and auditing. By securing sensitive corporate information such as financial/ERP and personal identity data in real-time — and automating change controls and compliance reporting — Guardium protects the world’s best-known brands while reducing the cost of IT governance and compliance.

Customers include: a top five U.S. bank; a top ten European financial services institution; a global consumer products manufacturer with over 100,000 employees; one of the largest North American oil and gas companies; and other companies worldwide in financial services, energy, manufacturing, telecommunications, pharmaceuticals, media and entertainment, and government.

Named “Hot Pick” by Information Security magazine, Guardium’s family of network appliances continuously monitor and prevent unauthorized access to databases. Guardium’s patent-pending technology performs deep packet inspection on all network traffic and detailed SQL linguistic analysis to detect or block specific commands based on policies. Unlike traditional log-based or DBMS-resident approaches, Guardium’s technology provides fine-grained database activity monitoring without impacting the performance or stability of key production applications, while supporting the separation of duties required by auditors.

The Guardium software suite includes specialized modules for SOX, PCI, Basel II and data privacy laws. A centralized multi-tier architecture provides scalability for large and distributed enterprises.

Guardium’s partners include IBM, EMC, HP, Microsoft, Oracle and Sybase, and the company is a member of IBM’s prestigious Data Governance Council. For more information, please visit http://www.guardium.com or call 781.487.9400.

Anti_Illuminati

  • Guest
Bump.  Hey Alex, you might want to start talking about the fact that the flu pandemic is part of a MULTI-SPECTRUM false flag which INCLUDES staged Cyber attacks blaming the American people on attacking govt. networks (i.e. "retaliation", "fed up with the govt.") to further brainwash the police to make them really think Americans are terrorists.  The propaganda psy-ops against protesters against the Federal Reserve will later include patsies or just outright fake news being put out about that same anger being directed against govt. computer networks (the subconscious conditioning has been set with Marine ONE, and the Joint Strike Fighter program being false flag hacked into.  This is in their cards as stated in huge numbers of their own internal documents and IT MUST GET PREEPMTIVELY DISCREDITED ON A MASS SCALE SO THAT THEY CANNOT PULL IT OFF.

luckee1

  • Guest
Quote
Guardium will use the funding to expand its sales, marketing and customer support teams, in order to accelerate the company's growth in the rapidly expanding market for database security applications including identity theft prevention and regulatory compliance such as Sarbanes Oxley, HIPAA, PCI and GLBA. Congress and private industry continue to drive standards for protecting critical data. The recently published Payment Card Industry (PCI) Data Security Standard (for identity theft prevention), for example, is a mandatory requirement for the entire Payment Card Industry. In addition, regulatory compliance continues to be a key security initiative among corporations. (According to Nemertes Research, 63% of corporations view compliance as critical and are allocating up to 60% of their security budget for meeting these regulations.)

This is just like the mafia!  We have to buy protection.  Reminds me of the old Chicago Mob/Police relationships.  The people/businesses would be attacked by a gangster then the mob would come in and offer protection from harm and police raids.  The fact our government is contracting this is at tax payer expense is reprehensible/egregious/treacherous (I cannot find the right word for it but there is profanity involved)!

Anti-Illuminati,
How do WE regular people who aren't as astute as you are in this topic, get the word out?  I know you definitely have a targeted audience.  It is not like we have a The Obama Deception of corporate/govt computer related DVD to pass out.  I mean like the IT guy at my job; How do I inform him of what you are talking about?