Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

HONG KONG, CHINA – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software and solutions, today announced it will host its second annual Capture the Flag (CTF) cybersecurity competition for engineers. Following the company's successful, first-ever CTF for the security community in the Asia-Pacific region, the 2016 event will be hosted for engineers worldwide.

Trend Micro CTF 2016 will test players' technical knowledge in various categories, such as targeted attacks, Internet of Things (IoT), Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA), which are all becoming increasingly important in the cybersecurity space1. The competition comprises an online qualifying event and finals held in Tokyo, Japan.

"Trend Micro aims to create a world safe for exchanging digital information, and expert events, such as this, are one way we work toward this goal," said Eva Chen, CEO for Trend Micro. "Challenging engineers from across the globe to stretch their cybersecurity knowledge in these specific, relevant areas will help bolster the security community as a whole."

The online qualifier will be played in a "Jeopardy" format in which players will compete by solving challenges in various categories. The top ten teams from the online qualifier will advance to compete in the final, which will be played in an "attack and defense" format. The final winning team will be awarded JPY1,000,000 (approximately US$9,800), plus Zero Day Initiative Rewards Program 2 points.

Trend Micro CTF 2016 Online Qualifier
Dates: July 30-31, 2016 (Game starts at 13:00 (JST, 4:00 UTC), July 30, 2016)
Requirements: Participants must be at least 20 years old
Format: Jeopardy
Venue: Online
Team registration: From July 15, 2016 (JST)

Trend Micro CTF 2016 Final
Dates: November 19-20, 2016 (JST)
Requirements: The top ten teams from the online event will qualify. Each team may have a maximum of four players.
Format: Attack and Defense (additional details to be announced following online qualifier)
Venue: Shinjuku NS Building, Tokyo, Japan

Prizes:
First Place Team: US$9,800 per team, a one-time bonus of US$2,000, automatic qualification for HITCON CTF 2016 Final in Taiwan
Second Place Team: US$3,000 per team
Third Place Team: US$2,000 per team

To register for the online qualifier, please visit: http://www.go-tm.jp/ctf2016_en

For more information about the event, please visit: http://www.go-tm.jp/ctf2016_en

About Trend Micro
Trend Micro Incorporated, a global leader in cyber security solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 5,000 employees in over 50 countries and the world's most advanced global threat intelligence, Trend Micro enables organizations to secure their journey to the cloud. For more information, visit www.trendmicro.com.

1 Challenge format and categories may be subject to change.

U.S. Patent No. 9,244,627 B2 Attracts Attention to Ongoing Industry Data Breach and Sanitization Challenges

KANSAS CITY, Mo. – Synetic Technologies, Inc. (Synetic), a global leader in secure IT Asset Disposition (ITAD) and value recovery services, has been granted U.S. Patent No. 9,244,627 B2 for a scalable enterprise data erasure system and method for the sorting, tracking and certified erasure of a plurality of data storage devices through use of enterprise hardware and software designed for data storage. The Virtual Data Annihilator platform sets a new standard for transparency in the ITAD industry by addressing the ongoing challenges of data security breaches caused by improper and unverified disposal processes.

Verizon's 2016 Data Breach Investigations Report found that residual data on reused hardware was a common cause of company data breaches. For companies handling sensitive information, this can lead to expensive legal issues.

Ron Helmer, CEO of Synetic, said, "When companies sell old hardware for value recovery, it is imperative that data be completely wiped from the system before it is reused. Many companies entrust this process to third party value recovery services, but without a transparent verification process, confidential client information and other sensitive data may still be at risk."

Data sanitization remains the preferred method for organizations seeking to recover maximum value from their off-network IT assets. While organizations can perform their own data sanitization, it often comes with a greater financial cost and security risk.

Helmer added, "To this point, most ITAD firms have leveraged third party software solutions to sanitize data, which include licensing fees per use. While the end result is the same with Virtual Data Annihilator, owning the platform allows us to deliver these same services cost effectively at scale, which delivers our clients greater value. Virtual Data Annihilator is infinitely scalable, and deployable onsite, allowing us to tailor data destruction programs to meet the data security needs of any client."

Synetic's patented Virtual Data Annihilator platform securely sanitizes data storage devices and produces searchable log files of the entire sanitization process to certify complete data erasure. The erasure system complies with both the DoD 5220.22-M and more recent NIST SP 800-88 Revision 1 standards. Synetic also designed a separate system, QCC, which automates the testing of sectors from drives wiped by the Virtual Data Annihilator and exceeds NIST 800-88 recommended standards for sectors checked. Additionally, Synetic provides notarized certificates of data destruction to its clients, which are available via the Synetic client portal.

"One of Synetic's well-known technology clients had a strict security requirement to shred all drives onsite, but through education, due diligence and verification, this client changed their information security stance on shredding, leveraging the Virtual Data Annihilator sanitization platform instead," Helmer explained. "We now wipe all drives for this client, which has significantly increased their value recovery from decommissioned assets."

Synetic offers a full suite of ITAD services to Fortune-listed leaders in healthcare, finance, technology, education and retail. ITAD services include certified data destruction; secured transport, testing and refurbishing of IT assets; remarketing; R2 certified e-waste recycling; and comprehensive reporting. Synetic offers both virtual and physical data destruction under the Data Annihilator brand.

For a limited time, Synetic is offering free Google Cardboard Virtual Reality Viewers to celebrate the Virtual Data Annihilator patent. Details are available at www.sti3.com/vr.

Rubrik r300/r500 Series and Pure Storage FlashArray//m Solution for Mission Critical Applications Sets New Bar for Management Simplicity, Resiliency and Performance With Over 250 TB/Hour Throughput per Appliance

PALO ALTO, Calif. – Rubrik, the world's first Converged Data Management company, today announced breakthrough performance for a solution comprised of the Rubrik r300/r500 Series and the Pure Storage FlashArray//m family. Rubrik's Converged Data Management software powers the Company's r300/r500 Series appliances, which deliver automated backup, instant recovery, unlimited replication, and data archival at infinite scale.

"Rubrik and Pure Storage share the vision of radically simplifying data center infrastructure, and the user experience around backup and storage," said Bipul Sinha, CEO of Rubrik. "For our growing number of joint enterprise customers this solution underscores our position as the leader in simplicity, resiliency and performance for Tier 1 workloads."

"For business critical workloads Pure Storage and Rubrik are a natural fit," says Matt Kixmoeller, VP Products at Pure Storage. "Both the FlashArray//m and r300/r500 Series were designed to work out-of-the-box, while enabling predictable performance and eliminating management complexity. We deliver a compelling value proposition for accelerating and protecting mission critical applications."

Customers using Rubrik and Pure Storage to protect and run their workloads, have achieved:

  • Faster time-to-value, from months to hours;
  • Reductions in time spent managing storage and backup, from hours to minutes;
  • Data center footprint efficiencies of 70% or more;
  • Dramatic reductions in application latencies, RPO and RTO;
  • Over 250 TB/hour throughput per Brik (based on logical capacity).

Customers who have deployed the Rubrik and Pure Storage solution include: ExponentHR, Castilleja School, Red Hawk Casino, Phreesia, and Wabash among others. Rubrik and Pure Storage intend to continue their technical collaboration and deepen product integration, to extend the unique capabilities and value of the joint solution.

"Like Pure, Rubrik came to the table with a truly revolutionary, enterprise-grade product. Rubrik offers a trusted converged backup solution for our production workloads and eliminates our backup pain," says Brandon Mason, Director of Data Center Operations, Phreesia.

"The Pure and Rubrik joint solution just works," adds Misha Vyazmensky, CTO, ExponentHR. "The simplicity of the user experience and the reliability of Pure Storage and Rubrik have enabled us to significantly reduce time managing infrastructure while reducing our capex footprint by 70% or more in some cases."

Additional Customer Quotes
"Pure and Rubrik both exemplify the simplicity of how IT system should be designed without the management complexity. They just work."
Terry Young, Senior Network and Systems Administrator, Castilleja School

"Pure and Rubrik wipe away storage and backup management complexity, resulting in massive operational savings. We trust Pure and Rubrik to run and backup our highly transactional applications."
Jacob Warren, Systems Administrator, Red Hawk Casino

Resources to Learn More
Analysts: "Get Gartner's Take on Pure Storage and Rubrik" Pure Storage is a leader in the Magic Quadrant for Solid State Arrays and Rubrik was recently named a Gartner Cool Vendor in Storage Technologies
Solution Brief: Unmatched Performance. Unrivalled Simplicity. Breakthrough Savings.
Blog: If I Could Build Anything (Data Center Edition)
On-demand Webinar: Your Dream Data Center: Geek Out with Pure and Rubrik
On-demand Webinar: How Rubrik and Pure Solve the 5 Key Challenges to Virtualizing Tier 1 Apps

About Rubrik
Rubrik provides the industry's first Converged Data Management appliance, delivering automated backup, instant recovery, unlimited replication, and data archival at infinite scale. Rubrik is built by key engineers behind Google, Facebook, VMware, and Data Domain.

Headquartered in Palo Alto, CA, Rubrik has raised over $51 million from Greylock Partners, Lightspeed Venture Partners and enterprise IT luminaries, including John W. Thompson (Microsoft Chairman, Symantec Former CEO), Frank Slootman (ServiceNow CEO, Data Domain Former CEO), and Mark Leslie (Leslie Ventures, Veritas Founding CEO). Rubrik has been named to Gartner's Cool Vendors in Storage Technologies, 2016. For more information, visit http://www.rubrik.com and follow @rubrikInc on Twitter.

Rubrik is a trademark of Rubrik, Inc. All other trademarks and registered trademarks are property of their respective owners.

Orchestration Extends Malware Detection to Cloud Environments for Improved Security Posture in Hybrid Environments

WALTHAM, Mass. – CloudLock®, the leading Cloud Access Security Broker (CASB) and Cloud Cybersecurity Platform, today announced its expanded cybersecurity orchestration ecosystem, delivering advanced malware detection capabilities through integrations with OPSWAT and VMRay to complement the company's existing integration with the threat emulation capabilities of Check Point. The first-of-its-kind integration unifies protection against malware and the growing volume of ransomware across hybrid cloud environments.

"The threat landscape -- particularly for malware -- is evolving as more organizations shift workloads to the cloud and adopt online business productivity and operations applications," said John Amaral, Head of Product Delivery at CloudLock. "By extending the power of CloudLock's cloud-native, multi-mode CASB through integrations with leading providers, our mutual customers gain powerful insight and threat mitigation capabilities to secure environments from the growing barrage of malware."

With a 30x increase in connected cloud apps over the past two years combined with the increasing volume of malware and ransomware headlines (i.e., Medstar Health) over recent weeks tells a disturbing story about the evolving nature of this threat vector and the resulting damage to the organization's productivity, safety, reputation, and bottom line. CloudLock is uniquely positioned to thwart ransomware attacks on cloud infrastructure through an API-driven, cloud-native approach to cloud cybersecurity. By performing extended analysis across an organization's disparate cloud environments, the CloudLock Cybersecurity Orchestrator™ allows customers to identify and remediate instances of malware that would otherwise go unnoticed, with support for Amazon S3, Dropbox, Box, Google Apps, and Office 365.

CloudLock further helps security analysts by enabling proactive, automated cross-platform response actions to mitigate risk and provide deep security intelligence. CloudLock integrates with customers' established security operations workflows via APIs and out-of-box integrations to drive policy-based threat mitigation and remediation. In addition to identifying malware through integration, CloudLock can detect anomalous activity within monitored cloud environments indicative of malware infection, such as user logins from suspicious locations or risky data sharing practices, for additional threat protection beyond initial malware identification.

Malware Orchestration Ecosystem Launch Partner Quotes:
"With CloudLock's CASB and Cloud Cybersecurity Platform and OPSWAT's Metadefender, enterprises can now enforce secure data flows to and from cloud applications. Metadefender provides the best prevention and detection of known and unknown threats by combining dozens of anti-malware engines with heuristics and data sanitization," said Benny Czarny, CEO, OPSWAT.

"Enterprises want frictionless interoperability and total visibility across their security solutions whether on-premise or in the cloud. The seamless integration between VMRay Analyzer and CloudLock's CASB platform combines advanced automated threat analysis and detection with comprehensive cloud security. This is a real step forward facilitating for enterprises automating of malware detection and blocking in hybrid cloud environments. We're honored and excited to be a launch partner with CloudLock on this initiative," said Chad Loeven, VP of Sales and Marketing at VMRay.

About CloudLock
CloudLock is the cloud-native CASB and Cloud Cybersecurity Platform that helps organizations securely leverage cloud apps they buy and build. CloudLock delivers security visibility and control for SaaS, IaaS, PaaS and IDaaS environments across the entire enterprise in seconds. Founded by Israeli Elite Cybersecurity Military Intelligence experts, the company delivers actionable cybersecurity intelligence through its data scientist-led CyberLab and crowdsourced security analytics across billions of data points daily. CloudLock has been recognized by Inc. Magazine as the fastest growing security product company in the U.S. and by Glassdoor as one of the top 3 best places to work in the U.S. Learn more at www.cloudlock.com.

These documents will help enhance public safety, prevent financial loss and maintain operational continuity during extreme weather situations.

Regroup Mass Notification, the award-winning leader in emergency and day-to-day communication technology, has made available a set of highly-valued resources to help organizations, businesses and government agencies better prepare for natural disasters.

The free disaster preparedness bundle covers a wide variety of topics relating to some of the most common natural disasters, along with ways on how to prepare for them. Topics covered in this series include:

  • Coordinating response efforts with internal and external response teams
  • Preparedness and communication strategies that can be combined with existing protocols to create a plan that meets specific needs
  • Viable methods for enhancing emergency communications to facilitate a more effective response that can in turn save lives

“Here at Regroup, we work hard to provide organizations with informative resources on preparing for disaster situations, as well as best practices for emergency mass communication,” said Joe DiPasquale, CEO of Regroup.  “We know that insightful resources combined with a powerful mass communication platform like Regroup will go a long way on the road to preparedness.”

The decision to make this valuable set of disaster preparedness guides available is a direct result of recent events across the United States relating to natural disasters, such as flash floods, wildfires, tornadoes, as well as seasonal events like the beginning of hurricane season.

This disaster preparedness guides provided by Regroup can be downloaded at: http://1.regroup.com/disaster-preparedness-bundle/

To learn more about how Regroup’s Emergency Notification System can provide rapid communications during a crisis, as well as streamline day-to-day communications, call 1-855-REGROUP or email inquiries(at)regroup(dot)com.

Charleston, W.Va.– In the face of disaster, the people of West Virginia have come together with courage and compassion to ask “How can I help?”

The main needs now are cash donations and volunteers.

Although there has been an outpouring of financial support already to help flood survivors more is needed. Cash donations enable nonprofit organizations to purchase what disaster survivors need most. Buying the items from local businesses helps the economy recover. No gift is too small.

West Virginians and people from throughout the nation have donated thousands of hours of labor to help the many affected folks who are elderly, disabled, living on fixed incomes or otherwise overwhelmed by the flood’s after effects. But more volunteers are needed.

There are many organizations that need donations and are looking for volunteers and at least two comprehensive groups focused on West Virginia flood recovery. The West Virginia Chapter of  National Voluntary Organizations Active in Disasters (WVVOAD) represents dozens of faith-based, community, nonprofit and non-governmental organizations active in flood response and recovery. wvflood is a new website updated by Volunteer West Virginia, the state’s Commission for National and Community Service, in partnership with WV VOAD with the support of the Office of Governor Earl Ray Tomblin. Anyone who can make a cash donation or volunteer may do so at the WVVOAD or wvflood websites.

Unfortunately, disasters tend to attract con artists who will take advantage of well meaning people. Donate to legitimate national or local organizations. Beware of solicitations to help survivors from people or groups who may sound sincere but you haven’t verified. If you are unsure or uncomfortable about the intentions of anyone you encounter, please contact local law enforcement. If you suspect fraud please call the West Virginia consumer protection hotline 800-368-8808.

Finally, be ready to stick around  for the long haul. The work of recovery lasts a lot longer than the media attention. There will be a need for donations and volunteers to help West Virginia recover for many months, even years, to come.

Even if you’re not ready to take any action at this time, you may find recovery information and survivors can find out about and ask for assistance by visiting either of the websites:

#wvflood http://wvflood.com/about/Pages/default.aspx

or VOAD https://wvvoad.communityos.org/cms/

Additional information on West Virginia’s disaster recovery can be found by visiting fema.gov/disaster/4273, twitter.com/femaregion3, twitter.com/FEMA and fema.gov/blog.

The National Crime Agency has published its ‘Cyber Crime Assessment 2016’, outlining the immediate threat to UK businesses from cyber crime. This is the first cyber crime assessment produced jointly by the NCA and industry partners.

The NCA reports that the accelerating pace of technology and criminal cyber capability currently outpaces the UK’s collective response to cyber crime, calling for stronger collaborative working between government, law enforcement and, crucially, business to reduce vulnerabilities and prevent crime.

The assessment shows that cyber crime activity is growing fast and evolving, with the threats from distributed denial of service (DDoS) and ransomware attacks increasing significantly in 2015.

...

http://www.continuitycentral.com/index.php/news/technology/1261-uk-national-crime-agency-publishes-cyber-crime-report

One of the most common concerns raised by business continuity managers is the difficulty of getting senior management support. In this article Brad Law MBCI, provides five ideas for making progress in this tricky area.

It seems nowadays that most of our working hours are spent in meetings, writing emails, calling back those voicemails and working on that endless proposal that you know is already 15 slides too long. So the last thing on your mind is trying to convince your boss that a resilient and concise business continuity plan is something 'we should focus on this quarter' and, let’s face it, they're thinking the same thing too. However, maybe it's time to ponder how you and your boss would cope without a task orientated, simple to use, business continuity plan. Below are my five tips on where to start and how to finish that conversation:

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/1260-five-tips-for-convincing-your-ceo-to-focus-on-business-continuity

Wednesday, 13 July 2016 00:00

Global Risk Report 2016

By Ben J. Carnevale

Given the continuity and compliance objectives of this website, it is not too often that we don’t have the topics of global risk, risk management and risk mitigation discussed in this blog.  And, this posting will be no exception to that pattern.

This posting intends to provide an additional lens of insight into the world of perceived risks present in the global environment of the world in which we work, play and live.

This posting will offer a great reference source reading about global risk, how it might affect your company’s long term strategic growth and planning process or perhaps, even influence how your purchasing team builds its global supply base to support its platform of building faster, better and cheaper into this year’s purchasing plan and strategy.

With so many doing so much self-directed research on search engines and social media to help address problems and identify solutions, in many cases as much of 70% of the decision-making process is now over before potential clients are ready for a conversation with a data center’s executive- or sales team.

Today’s data centers face a very different buyer’s journey where the traditional marketing and sales playbooks have been severely disrupted.

Why? People got tired of being interrupted by obnoxious marketers and sales reps. So fed up that it’s fueled massive changes in consumer preferences that have powered selective-consumption platforms like iTunes, Netflix, SiriusXM, and TiVo.

...

http://www.datacenterknowledge.com/archives/2016/07/12/are-data-centers-and-msps-like-oil-and-water-or-peanut-butter-and-jelly/