Finalist for the SC Magazine Awards 2016 Europe

Shortlisted for the Best SME Security solution category

Penta Security Systems Inc, a global information security company headquartered in Seoul, has been named as a finalist for the SC Awards 2016 Europe for outstanding industry leadership in information security. Cloudbric is one of five total finalists being recognized in the Best SME Security Solution category. The category acknowledges superior services that help customers address the most pressing cyber-security threats. The winners will be announced at the SC Magazine Awards Europe ceremony to be held in London on Tuesday 7th June at a stunning new central London venue on the Riverside of the Thames, Old Billingsgate.

SC Magazine Awards Europe

The SC Magazine Awards Europe is the information security industry’s most prominent recognition. Winners in the Threat Solution categories are decided by an expert panel of judges. They are hand-picked by SC Magazine UK’s editorial team. Breadth of knowledge and experience in the information security industry are crucial. The awards honor both the cyber-security professionals working in the trenches. Additionally the products and services that help protect today’s corporate world from a myriad of ever-changing threats are considered.

“Penta Security’s website protection solution represents some of the most innovative and effective security technologies on the market today,” said Tony Morbin, Editor in chief SC Magazine UK. “As attackers develop and deploy new approaches to compromising sensitive information, companies are challenged to keep pace. Cloudbric was named an SC Award finalist for its efforts to raise the bar for the security industry.”

security solution cloudbric

What is Cloudbric?

Cloudbric is an elite full service website security solution specifically designed for small to mid-sized businesses. Penta Security Systems has found most SMEs do not have the proper resources to counteract malicious web attacks. Most attacks target sensitive customer data. Therefore, Penta Security launched Cloudbric in early 2015 to better serve the SMB market. Cloudbric offers a free enterprise level security package regardless of business size. TJ Jung, VP of Product & Technology for Cloudbric, said:

“Unlike mainstream security vendors that prefer to charge website owners per premium security feature, Cloudbric provides a full suite of website security features, such as web application firewall, CDN, SSL, DDoS protection, as a set standard.”


About Penta Security Systems

Penta Security is a global information security firm headquartered in Seoul, South Korea. It specializes in web application security, database encryption, as well as access management. With over 19 years of IT security expertise, Penta Security blocks more than 108,000,000 web attacks per month. Recognized by Frost & Sullivan, Penta Security Systems is the number one Web Application Firewall vendor in the APAC Region based on market share. For more information about Penta Security and Cloudbric, please visit http://www.pentasecurity.com/en and http://www.cloudbric.com or contact Cloudbric at support@cloudbric.com.


About SC Magazine UK

SC Magazine UK provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine UK enables IT security pros to make the right security decisions for their companies. Besides the quarterly print magazine, special Spotlight editions and daily website, the brand’s portfolio includes the SC Congress and Expo series (London, Amsterdam, New York, Chicago, Toronto), SC Awards, Roundtables, Webinars and SC Magazine Newswire.

DB Encryption 101: How to Implement

Recently, as information security needs have increased rapidly, various security techniques and strategies have drawn attention. Encryption is one approach that’s attracted the most attention. Penta Security was Korea’s first to develop a DB encryption product so we often get these types of questions:

I think a lot of these questions come out of fear or confusion about encryption. The reality is that these questions might be an issue if you’re not implementing encryption properly – but when you follow the correct procedures, then a lot of your concerns will dissipate.

For any implementation of database encryption, the pre-evaluation process is crucial. After all, there are hundreds of solutions out there, but which one do you pick? Especially if you’re implementing encryption for a corporate environment, you need to be detailed to get the most bang for your buck.

Applying a DB encryption solution should follow this process:

  • Product Selection
  • Policymaking
  • Impact analysis
  • Application
  • Testing
  • Query optimization

Product Selection for DB Encryption Solutions

Choosing the appropriate product or solution can be crucial. There are a variety of domestic or international encryption products, but the important part is to research the capabilities of the solution to ensure that it’s able to match the compliance laws.

Think of it this way – You walk into a store, ask for a pair of black shoes, the clerk hands you a box that has the label “COLOR: Black”, you give them money and walk out with the box. Realistic? Of course not. Not every pair of black shoes is going to match your environment. Maybe you’re going to play a sport, or maybe a black-tie wedding. Just like that, not all DB encryption methods are compatible with any given DB environment.  It’s important to consider which server and DB management environment you choose to use.

Policy-making for DB Security

Establishing a structure for your encryption/decryption privileges and accessing control authorities for users once the product has been implemented is the next step. Which users will be able to view the data? Which can perform the functions? Specify separate roles between administrators as well – either the server administrator or the database manager should be the sole person in charge of managing the encryption solution.

Having clearly outlined authority roles isn’t just important in the corporate world, it matters also for safe data management.

Analyzing DB Environment Impact

So what’s the impact of the DB system once it’s been implemented? You need to take into consideration the type of data, which data needs encryption, and in which format it should be organized. Once evaluated, the next step is to assess the impact of the business system servers that will require encrypted query requests. If the necessary queries to be sent from the business system servers to the DB server are researched in advance, this process doesn’t have to be complicated. But if not, query optimization could be long and arduous.

Fully understanding which requests are going to originate from the systems’ applications will likely require cooperation from a business systems developer.  Even with the cooperation of a systems developer, it may not always be possible to analyze complex business system expressions. In that case, you may need to analyze the queries travelling to and from the business servers and DB server and discover their nature by using an induction formula. Induction formula analysis tools are included in many encryption solutions, and separate stand-alone products exist as well. Purchasing an encryption solution already equipped with the tools to collect and analyze these expressions will assist in this step.

Application to Pre-existing Data

Most encryption solutions come equipped with tools for encrypting pre-existing data on the DB server. These solutions let stored data become encrypted.

Testing and Optimization of DB Encryption

By utilizing the queries which access saved data within your database, you can test the potential results. This checks whether the data has been properly encrypted and whether that data will be decryupted properly if it’s needed during a search request. As you test, you can alter the query slightly to access the information – this can cause slight to moderate processing degradation, but it’s possible to reduce the effect of degradation through query optimization.

Qutomatic query optimization tools exist which analyze the interaction between the DB server and business system application. These tools can detect which queries are needed and by automatically identifying where changes are necessary, the optimization process is simplified and performance degradation is largely avoided.

Monitoring

After the solution implementation is completed, you can monitor whether the encryption and decryption process is operating correctly, the interaction between the business system and DB server is running smoothly, and whether access policies are working properly. If the service experiences degradation, then it might be necessary to implement query optimization again.


There we go – safely store your personal data

Using the process mentioned above takes into consideration the necessary elements of a DB server environment. But following this process is the most comprehensive way to make sure that your personal data will be safely stored.


Disclaimer: Parts of this blog post were published on this website in 2013. The original posts have been combined and added onto this blog post in March 2016. 

clouds

Cloud Trends…or Cloud Threats?

“Cloud” is a term that’s thrown around quite often in the IT world. But are we talking enough about cloud threats?

Even if you’re not familiar with technology, you probably own at least one device that’s essential to your every-day responsibilities. Your immediate thought? Probably your smart phone.

Mobile technology affects every corner of our lives. Before smart phones, cell phones were mainly for calling, texting, and maybe a few other novelties . But within the past few years, people are becoming accustomed to smart phone technology. In fact, most would agree that using your cell phone for just calling and texting could be “old-fashioned.”

What’s the reason behind this change? Advancements in hardware and communication technologies are givens, but development in cloud computing is also a major contributor. Cloud computing has allowed users to produce, store, share, and utilize content more conveniently. This in turn increased the value of technologies aiming to provide convenience because suddenly, data isn’t just sitting thereit’s portable. No need to carry around all of your devices to be productive in your workload.

But this is no win-win mentality. Because due to its rapid growth and development, the cloud is becoming a target for hackers, and many are concerned about the state of safety and security in the cloud.

Cloud Threats

The Cloud Security Alliance (CSA) is an organization that’s dedicated to raising awareness and spreading knowledge about cloud threats and security. Every year, CSA releases a “Top Threats” list of the cloud threats to be on the lookout for – here’s their full list for 2016, but for the purposes of this blog post, let’s take a look at two in particular: Data Loss and Abuse and Nefarious Use of Cloud Services.

cloud computing can be done from a phone but dark and dangerous sometimes

Data Loss

Many people who have multiple devices tend to store their data in the cloud, but it’s not always 100% safe. An accidental deletion, a physical catastrophe, a malicious attack… all of these could lead to the permanent loss of your data unless you as a consumer takes the measures to back the data up. When you’re signing up with a cloud data storage provider, make sure to read the fine print. Although your data could have been lost, depending on the provider, the responsibility might not be on the provider’s shoulders but on yours.

Reviewing the provisions and understanding the conditions is important for any contract. However, especially when sensitive information is at stake, this is not a step you want to skip. More and more consumers are putting risky information into cloud storage while assuring themselves that this is the safest way to go. Although this is partially true, this doesn’t mean that there is no action necessary.

Abuse and Nefarious Use of Cloud Services

While this sounds like a extravagant title, the summarized version: there will always be people who want to use your data for unethical purposes. Whether it’s through the guise of free cloud trials or maybe just a poorly designed cloud service, not all providers are created equal. Malicious hackers may try to use the cloud to launch DDoS attacks, spam and phishing scams, or defacement.

So be prudent when choosing a provider. They should include controls and monitoring so you can see how the cloud workload is doing. A cloud provider shouldn’t have anything to hide, and should be reputable.

So we’re doomed? 

Not at all. Cloud computing is a great development – we can access any kind of information from virtually anywhere in the world. It’s permeated different markets and services and has users ranging from people like you and me, to SMBs or startups, to large enterprises and government entities. It’s affordable, accessible, and maintenance is fairly easy.

But like any service (tangible or virtual), we need to make sure we know what we’re getting into, and take precautions for cloud threats as necessary. Just because you can’t see it, doesn’t mean someone isn’t after it.

For more information on products or services pertaining to web security, check out our products page or leave us a comment – we’d love to continue this conversation with you.

Honored at 2016 Cyber Defense Magazine Awards

Penta Security’s WAPPLES and MyDiamo Win at the 4th annual awards

On February 29th, 2016, it was announced that Penta Security would be honored with two awards by Cyber Defense Magazine (CDM). CDM is one of the industry’s leading electronic information security magazines. It is also the official media partner of the RSA® Conference 2016. Penta Security’s WAPPLES was chosen as the Hot Company in Web Application Security for 2016. MyDiamo was awarded the Editor’s Choice in Data Leakage Prevention for 2016.

Cyber Defense Magazine

Cyber Defense Magazine, along with a panel of leading independent information security experts, performs thorough research and review of potential award nominees for various security categories. The panel is also recognized for multiple cyber security related certifications, such as Certified Information Systems Security Professional (CISSP), Founding Member of the Department of Homeland Security (FMDHS), and Certified Ethical Hacking (CEH).

WAPPLES

Penta Security was honored for their Web Application Firewall (WAF), WAPPLES, which is powered by a patented Logic Based Analysis Engine. This detection technology enables WAPPLES to intelligently detect and filter web attacks at a higher accuracy rate with lower false positives than other industry competitors. WAPPLES is currently the number one Web Application Firewall in the APAC region based on market share. Additionally, WAPPLES technology also powers other cloud based solutions from Penta Security. Some of these include WAPPLES V-Series, which can be customized for any virtual or cloud infrastructure, and Cloudbric, a cloud based WAF service targeted for small and medium businesses.

“We’re thrilled to recognize next-generation innovation in the information security marketplace and that’s why Penta Security has earned this award from Cyber Defense Magazine. Some of the best INFOSEC defenses come from these kinds of forward thinking players who think outside of the box,” said Pierluigi Paganini, Editor-in-Chief, Cyber Defense Magazine.

MyDiamo Recognition

Additionally, recognition was given to Penta Security’s MyDiamo, an engine-level encryption software for open source databases. OSS DBs include MySQL, MariaDB, and PerconaDB. From 2013 to present, MyDiamo has been downloaded over 2,000 times. It has become a leading open source database encryption software.

“The recognition of MyDiamo and WAPPLES from Cyber Defense Magazine further validates our company as an innovator. It is a great endorsement, and shows that we can provide quality products for maximum security,” said Duk Soo Kim, Penta Security’s Head of Product Planning.

For more information on Penta Security or Cloudbric web security services please visit www.pentasecurity.com/en and www.cloudbric.com. For potential partnership inquiries, please send an email to info@pentasecurity.com or info@cloudbric.com.