Posts

Boy Programming On Computer With Multiple Monitors And Laptop On Desk

7 Ways to Expose Your Website to Hackers

So you want to serve up your website for any hacker to break into. Sure, weirdo…who am I to judge?

Here are 7 things you should not do unless you want your website hacked:

Once again, if you’re a sensible human being you really should never find yourself doing any of these things.

1. Ignore Security Updates

They may be a nuisance, but updates patch up newly discovered bugs in software. Not installing updates and patches makes it a lot easier for hackers to compromise your device or web app. If you want your website hacked, ignore all security patches, plugin updates, and updates for CMS services such as WordPress or Drupal.

2. Use as Many Different Features and Plugins On Your Site As Possible

Plugins introduce many new potential vulnerabilities to your website, similar to how adding more windows makes your submarine less seaworthy. Be sure to load up on file uploaders, video players, ad managers, analytics, and whatever else you can cram in, even if you don’t need any of it.

3. Set a Really Dumb Password

Setting your password as something easy like “123456,” the always-clever “password,” or matching your password to your username saves hackers a lot of time. You can also help by using the same password for your computer, e-mail, FTP access, and Ashley Madison account, so that once one is compromised, all of them exposed.

setting a password to protect website security

4. Mismanage Your Website and Its Contributors

Just let security be someone else’s job, and don’t take any notice. Be sure to give your employees or contributors full admin access to your website, and make sure not to update your passwords after they leave. Sooner or later, something bad will happen.

5. Don’t Put Together a Security Incident Response Plan

No need to prepare for the worst when you’re counting on it. What if your site gets disabled, or deleted, or information is leaked? How do you detect it, how do you respond, and how do you disclose it? Those are questions that should be considered by anyone who doesn’t want to get hacked.

6. Don’t Bother Securing Your Domain With SSL

SSL encrypts communication between a website’s server and a user’s browser, especially useful in protecting online transactions and payments. But it thwarts man-in-the-middle attacks in which a hacker gets between server and browser and can monitor or alter communication. So if you want to endanger your customers’ privacy, forget about HTTPS — HTTP is the way to go!

7. Don’t Use a Web Application Firewall

A web application firewall can protect your site against the worst online threats, including DDoS attack, SQL injection, and cross-site scripting (XSS), so if you want to make it easier for hackers to overrun your website, the last thing you should do is secure it with a web app firewall like Cloudbric, Imperva, or Cloudflare.


 

This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

ddos attack net of thieves over a computer desk

DDoS Top 6: Why Hackers Attack

Lately, it seems like the companies that haven’t had their web and cyber security compromised are in the minority.

Many are hit hard by web vulnerability attacks. Specifically we see an increase in DDoS (Distributed Denial of Service) attacks. With DDoS, the attacker’s main goal is to make your website inaccessible using botnets. Botnets are basically an army of connected devices that are infected with malware. Your website’s server becomes overloaded and exhausted of its available bandwidth because of this army. Much of the time, the attack doesn’t usually even breach your data or go over any security parameters.

So if it’s not to breach your data, why would someone go through the effort to shut down your website? There are a multitude of reasons, but today we’ll look at the top 6 reasons for a Distributed Denial of Service Attack.

1. Some (not-so) friendly competition

As more and more enterprises are taking their storefronts to the cyber world – there is also competition within the cyber world.

In fact, in a recent survey nearly half the responding businesses said that they believed that their competitors were launching DDoS attacks in order to disrupt services. After all, if your competition’s website is down, all the traffic will come to your website instead. Additionally, your competition’s brand image is tarnished, giving positive associations to your company instead.

Even if an entrepreneur may not be skilled in hacking, DDoS attacks are now available for hire, and attacks can be executed for a fairly low price on the dark market.

2. DDoS for Hacktivism

As we’ve noted, DDoS attacks aren’t necessarily about taking data. It can be used to strongly voice an opinion – any opinion. Voicing your opinion on the Web can have a bigger and faster effect than if you were to attend an in-person rally or strike. DDoS is often used to show support or opposition regarding a certain topic. It could be political (see below), but also for/against businesses or banks, ethical concerns, or even an online game.

3. All about politics

A subset of reason #2, DDoS attacks can also happen between countries or governments. The Web is the newest battlefield. DDoS attack victims can be government websites. While the sites could have been attacked by apolitical hackers, many do believe that governments or political parties often attack each other using the DDoS method.

As most governments rely on the Web to communicate and run their country, this has proven to be an effective method to show political opposition.

4. Seeking their revenge

An extremely common reason for DDoS attacks, this situation could apply to businesses, individuals, as well as governments. Not necessarily to give an opinion, attacks are used to seek revenge on your enemy. There’s no need to get your hands dirty at all.

For example, there have been increasing instances of previous employees hiring DDoS attacks on the dark market to seek revenge on their former employers. We’ve previously written on internal data breaches by present or past employees, but this is yet another form of when one person holds a grudge and it affects an entire company.

5. A precursor for something bigger

On New Year’s Eve of 2015, BBC was reportedly attacked with a DDoS attack measuring over 600 Gbps, beating out the previously set record of 334 Gbps. The attackers who claimed responsibility, New World Hacking, said that it was simply “testing.” More recently, the hacking group PoodleCorp took responsibility for shutting down the trending Pokemon Go game using the DDoS attack and they claimed that they were also testing for something on a larger scale.

A hacker may be preparing for something new like the above two cases, or they may be using the attack as a distraction for a larger attack, hoping that they won’t be found out. This is one case where the attack may be used indirectly for a security breach.

6.Some plain ol’ fun?

And lastly, sometimes there’s really no rhyme or reason to why DoS or DDoS attacks happen.

There’s a misconception that there is a specific reason behind all attacks. However, this is simply not the case. Many hackers get an adrenaline rush from hacking into a system or a website, no matter how big or how small it may be.


Therefore, there’s the responsibility as the individual user or as the CIO/CTO of a company to ensure that security measures are being taken. One needs to prepare for an attack because no one is ever exempt from the chances of an attack.

So what are these security measures I speak of? In my opinion, the most essential step you can take is to protect yourself with a WAF (Web Application Firewall). By using WAF services like Cloudbric or a WAF like WAPPLES, you can make sure your website is continuously protected.

For more information on Cloudbric (full service website security provided for free if your website’s bandwidth is under 4GB/month), check out their website and find out more about WAPPLES, the WAF they use for their service.

employee using laptop and coding injection

6 Steps to Create a Secure Website

There are roughly one billion active websites online, or one for every seven people alive right now. How about yours? Is it a secure website?

Every single second, a couple new websites are born into this world. That’s a lot of websites, so how are they being created, and how do you make one? And also, how do you keep your website secure from all the cyber threats out there?

A Secure Website in 6 Steps?

The steps needed for making a website, from registration to design, coding, operation and growth, can be a very long and complex process. Each step has a lot more nuance to it than fits here, but this guide should point you down the right path to setting up a secure website.

1. Choose Your CMS

How are you going to build your site? These days you don’t need to be a computer programmer to put together your own fully functioning website thanks to Content Management Systems (CMS). With CMS solutions like WordPress, Joomla, and Drupal, putting together a website is about as easy as building a house out of Lego. No matter what CMS you choose, there are new exploits that are uncovered almost on a weekly basis. This means you need to stay on top of software updates and patches to keep your site secure.

making a secure website with lego blocks like a house

2. Sign Up for a Web Host

Your domain name is like the street address and the CMS is like the materials you build your site with, but the web host is the actual plot of real estate where your website exists online. Some are free and come with bandwidth limitations or embedded ads, and there are commercial options that run much better. Many hosts also provide server security features which can better protect your uploaded website data. Check if a web host offers Secure File Transfer Protocol (SFTP) which makes uploading files much safer. Many good hosts should also allow for file backup services and have a public security policy showing how well they keep up to date on security upgrades.

3. Design Your Website With Security in Mind

What’s your website going to look like? Hiring a designer is usually worth the money you pay, but if your site is straightforward enough then you don’t need to do anything fancy. These days, simplicity is the golden rule, and minimizing add-ons and plug-ins is recommended for aesthetic, operational, and security concerns. The main thrust of your site should be text-based and presenting your product clearly, with images and design flourishes playing in the backup band. Basically you should focus more on avoiding bad design than embracing great design.

4. Apply a Web Application Firewall (WAF) to Protect Your Site

As soon as your website is online, it is exposed to a rogue’s gallery of cyber threats. Automated bots are out there scanning for vulnerable websites, and newly created sites are an especially tempting target. Adding a web application firewall (WAF) such as Cloudbric, Incapsula, or Cloudflare, will ensure that you have a secure website before the attacks start.

5. Do Business Online Secured by Secure Sockets Layer (SSL)ssl is like a handshake for a secure website coming out of a computer

If you’re going to have users registering on your website, and especially if there will be any kind of transaction, you need to encrypt that connection. Using SSL certificates creates a secure handshake between your website and clients’ devices, ensuring that no third party can covertly slip in between and monitor, hijack, or shut down any transactions taking place. GlobalSign is one good example of a widely available SSL certificate that pairs well with almost every website.

6. Grow as a Responsible, Respected Member of the World Wide Web

So you have a functioning. secure website protected from security threats, and you are engaged in commerce for your business. Now the main duty is to grow and reach more people! Reach out through SNS, set up your site so it can be indexed by search engines, and take advantage of SEO opportunities. The Internet is your oyster. But never lose track of your security needs, and focus on maintaining a reputation characterized by responsibility for cyber security matters.

Once you’ve finished these steps, your website is ready to make its mark on the Internet!


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

Award-Logo-Penta-Security

Asian Cyber Security Vendor of the Year: Honored for 2016

APAC market leader Penta Security Systems Inc. awarded by Frost & Sullivan

frost sullivan cyber security vendor awardSeoul, Korea: On June 15, Penta Security Systems Inc. was awarded the honor of Frost & Sullivan Asian Cyber Security Vendor of the Year. The award was given at this year’s 13th annual Frost & Sullivan Asia Pacific ICT Awards Banquet in Singapore.

Cyber Security Vendor

Frost & Sullivan selected Penta Security Systems after concluding evaluations with a team of 30 analysts and consultants based in the Asian-Pacific region. Analysts examined a variety of indicators including revenue growth, market share, leadership in product innovation, major customer acquisitions, and business and market strategy. Specifically, Frost & Sullivan noted that Penta Security continues to make headway into new industries with its smart car security solution, AutoCrypt. AutoCrypt detects vehicular attacks from external systems utilizing its Application Layer Firewall, and has garnered significant attention with the increase in the news of vulnerabilities in smart cars.

CEO and Founder Seokwoo Lee attended the annual ICT Awards Banquet in Singapore in order to receive the award.

Regarding reception of the award, he stated, “We are honored to receive the Asian Cyber Security Vendor of the Year award. It confirms the 19 years of hard work we have put into development in information security.” He added, “We will continue to pursue excellence and growth in web and data security – not only in APAC, but worldwide.”

Having built relationships globally among enterprises and institutions, Penta Security Systems has grown rapidly along with the rise in demand for web and data security products. In 2015, its web application firewall (WAF) WAPPLES was acknowledged by Frost & Sullivan as the leading WAF in the APAC region in terms of market share.  The top WAF in Korea for three consecutive years, WAPPLES boasts a COCEP™ (Contents Classification and Evaluation Processing) engine, rather than traditional pattern-matching methods utilized by other cyber security vendors.


About Penta Security:

Penta Security Systems Inc. was founded in 1997 by CEO Seokwoo Lee. The company is a market leading provider of web and data security products, solutions, and services in the APAC region. Penta Security protects more than 117,000 websites. Additionally, it blocks more than 108,000,000 web attacks per month. Recognized by Frost & Sullivan, Penta Security Systems is the top Web Application Firewall vendor in the APAC Region based on market share.

For more information on Penta Security, please visit www.pentasecurity.com. For potential partnership inquiries, please send an email to info@pentasecurity.com. For more details on the Asia Pacific ICT Awards, please visit http://www.ict-awards.com/.

Threat Report 2015-2

Web Application Threat Trends: Penta Security Systems Releases Bi-Annual Report

Second half of 2015 sees sharp increases in hacking attempts targeting website vulnerabilities

Seoul, Korea: Penta Security Systems Inc. has released its bi-annual Web Application Threat Report. Data is collected from detection reports gathered and analyzed in the second half of 2015. It is compiled from approximately 1000 separate units of Penta Security’s Web Application Firewall (WAF), WAPPLES. The units are from customers who have consented to the threat report. Penta Security does not release any sensitive customer data. Through this report, customers are able to gain insight on the newest trends in web application threats, and gain assistance in planning accordingly for future attacks.

Web Application Threat Trends:

In the second half of 2015, the threat report found that a significant portion of the attacks were Vulnerability Assessment attacks (roughly 400 million detections). Many were labelled as “Critical” in terms of risk levels. Vulnerability Assessment refers to when attempts are made to determine the vulnerabilities of a web server.

For web attacks corresponding to OWASP (Open Web Application Security Project) Top 10 attacks, Injection was the most prevalent, at 31%. Injection, where malicious codes are inserted in order to attack applications, causes extensive damage despite the comparatively easy execution process. Second, a high detection was measured for Security Misconfiguration at 26%. Security Misconfiguration attacks are when security settings are re-defined and the system is compromised. This can give hackers access to private data.

The report additionally includes the “WAPPLES Black List Top 30,” a list of source IPs from various countries and networks that have been categorized as spam or hacking with high danger levels.

Penta Security’s Head of Planning, Duk Soo Kim, stated:

web application threat trends“When infiltrators to the system succeed in their target, there could be a multitude of issues as a result of attacks: information leakage, defacement, and even complete server malfunction. Our hope is that through our analytical reports, there can be a push for better access control in order to better prepare to face these types of trends head-on, especially for those responsible for server security.”

For the full copy of the web application threat trends report from the second half of 2015, please visit the Reports section of the Penta Security Systems website.


About Penta Security:

Penta Security Systems Inc. (CEO/Founder Seokwoo Lee) is a leading provider in data and cyber security solutions and services. With over 19 years of IT security expertise, Penta Security is recognized by Frost & Sullivan as the top Web Application Firewall vendor in the APAC region based on market share. For more information on Penta Security Web security services, please visit www.pentasecurity.com/en. For potential partnership inquiries, please send an email to info@pentasecurity.com

WAF Market Leader in APAC For Third Consecutive Year

Frost & Sullivan announces Penta Security as the leader among WAF Vendors

Penta Security Systems Inc., a leading Web application and database security vendor, was recently announced to be the market leader among Web Application Firewall (WAF) Vendors in the Asia-Pacific (APAC) region. Selected by Frost & Sullivan, a globally recognized market research and consulting firm in the Frost Industry Quotient (IQ): Asia-Pacific Web Application Firewall Vendors, 2015 report, Penta Security’s WAF solution, WAPPLES, held the largest market share in APAC.

Frost & Sullivan is an North America-based company with more than 50 years of global research and consulting expertise. Each year, they publish the Frost IQ report, which presents an objective assessment of the IT industry.

WAF Market Vendors

As mentioned before,  Penta Security was reported as having the highest market share percentage in APAC. This places them ahead of China-based information security vendor NSFOCUS and more well-known vendors such as Imperva and F5 Networks. The report highlighted a few of the key factors that contributed to the dominance of WAPPLES in the APAC WAF market. WAPPLES runs on the superior performance of Penta Security’s proprietary logic analysis based engine, which attributes to its position as the long-running market share leader in Korea.

Penta Security also maintains strong relationships with its partners. It reaches out through regular seminars, technical support, and continued efforts to satisfy the needs of its customers. The benefiting results provide a deep insight into market demands.

waf on virtual appliance with cd and box

Penta Security leveraged its experience from building an extensive network of partnerships domestically as a foundation for establishing its regional network of international partners. WAPPLES offers deployment through a dynamic array of high-performance WAPPLES appliances or the WAPPLES V-Series, a virtual version of WAPPLES for the cloud. The intuitive WAPPLES Management System simplifies WAF management and provides robust web protection. In addition, customers are able to have a better grasp of the cyber security threat landscape with access to both the WAPPLES Management Portal as well the web attack trend reports published every year in Korean, Japanese, and English. It is these sorts of commitments that put Penta Security at the top of Frost & Sullivan’s list.

10 Years

Penta Security’s CTO, Duk Soo Kim says,

“It’s been 10 years since we first launched WAPPLES. To hear news that it’s leading the WAF market in the APAC region holds deep meanings for me. It makes me proud of our staff that their hard work over for the past 10 years. It shows that it was not in vain.” He continues, “We reached the top domestically and now in APAC. But it’s not the end. We will continue to pour all our efforts into developing great products and become a top global leader.”

More information on Penta Security can be found at www.pentasecurity.com. For more information regarding specific products or opportunities, contact global@pentasecurity.com

Penta Security Celebrates the 10th Anniversary of “D’Amo” the First Data Encryption Solution in Korea

The First Data Encryption Solution in Korea Reaches 10 years

Since 2004, more than 2100 customers have chosen “D’Amo,” the top data encryption solution in Korea with 46% market share in the public sector for the past three years. 

Data encryption and web security provider Penta Security Systems Inc. (CEO/Founder Seokwoo Lee, www.pentasecurity.com) marked the 10th anniversary of its data encryption solution D’Amo on March 27, 2014.

Ever since its inception in 1997, Penta Security has carried out major security information infrastructure projects such as Government Public Key Infrastructure (GPKI) and National Public Key Infrastructure (NPKI). Based on the valuable experiences gained through such projects, Penta developed D’Amo, the comprehensive data encryption and access control solution. D’Amo has since become a valuable brand and commercial solution, as the first data encryption solution in South Korea.

When D’Amo was first released, the data encryption business in Korea was difficult, primarily because users did not understand the importance of data security, and because most companies did not feel the need to secure their data. Even when customers encrypted data, profitability was low for security technology providers, since system integration took an inordinate amount of time and consumed too much manpower. This resulted in a business environment where both service providers and customers were reluctant to carry out IT security projects.

In response to this environment, D’Amo, a solution packaged as a product, could provide database encryption optimized for customers’ systems, with simplified post-sales technical support. However, it did take some time to educate end-users, since a majority of the administrators of companies were not familiar with this type of a solution.

growth of d'amo the encryption solution in korea

As successful deployment cases increased, customers began to recognize D’Amo’s security features and reliability as an IT security solution.. D’Amo has since become the representative data encryption solution in Korea. Penta Security has invested substantial R&D resources through its own security technology research center, to continue to build upon its encryption source technology. Penta Security has also improved the product’s reliability by obtaining various patents related to data encryption, such as index column encryption method, query processing system and method for database with encrypted columns by query encryption transformation, order-preserving encryption, format-preserving encryption, etc. The company has also obtained various domestic and international certificates (NIST FIPS certificate, Certification from the South Korean National Intelligence Service, etc.). Penta Security began exporting its products into the global market in 2006 while retaining its place as a market leader in the Korean market.

D’Amo supports almost all DBMS environments, and has been deployed at over 1,200 customer sites, as of February 2014. According to the cumulative statistics provided by Korea Public Procurement Service, D’Amo was ranked number one among DBMS encryption solutions, with 46% market share, based on the amount of orders received from 2011 to 2013.

Penta Security CTO Duk Soo Kim said, “The Personal Information Protection Act has gone into effect, and there have been many incidents related to personal information leakage. For these reasons, data encryption solutions have been very hot in the market. Therefore, a number of domestic and international security companies and vendors have been jumping into the data security market. The fierce competition is one of the reasons why D’Amo cannot be complacent with what we have accomplished so far.”

He continued, “We won’t make a product that will mislead customers, and we will not be swayed by the market. We will continue to improve the technology of D’Amo, so that it can continue to be recognized as a great product for its security and stability. With that said, we are very proud to have created a 10-year old solution. Once again, we would like to thank everyone who has trusted and used D’Amo.”

cto duksoo kim

DB Encryption: Business Insight from Our CTO

“D’Amo,” one of the primary product offerings by IT security company Penta Security Systems, celebrated its 10th anniversary this year. As such, Penta Security’s CTO, Duksoo Kim, shared his business insight regarding the industry and technologies.

The DB encryption solutions market has increased very rapidly since its introduction. Accordingly, Penta Security’s D’Amo has become one of the major security solutions in Korea. The company’s current position is the direct result of promoting D’Amo for 10 years after its initial release in 2004. The business scopes of the encryption market are also expanding. In recent years, not only do users encrypt core company data, but also core modules in cars, for example. In accordance with these changes, Penta Security will focus on making its products more sophisticated to become a major platform for encryption in the global market.

penta security cto duksoo kim in a business insight articleDuksoo Kim, CTO of Penta Security, said:

“We are drawing a big picture of an encryption platform. D’Amo is a total encryption platform that supports most of the database environments required in enterprises, including SAP, open source DB encryption, POS device encryption, Oracle DBMS, and Altibase memory.”

Kim explained that even though 10 to 15 DB encryption companies are competing against each other as the security solution market is growing bigger each year, D’Amo is actually the only security solution with its own core technology.

D’Amo provides various components that address hacking, vulnerability and privilege management for enterprises. He added that Penta owns its encryption technology for securing data. The fact that D’Amo has evolved from a package type to a platform means that it can encrypt not only databases, but also OSs and applications. Also, key management is available for authentication and access control, which makes it easier for administrators to manage policies and protect data efficiently.

Controlling policy through key management functions

Kim pointed out that most service companies have already built, or are trying to build, DB encryption systems. The financial sector, however, is delaying the implementation of DB encryption. Banks have already started applying encryption on a partial basis, but they are postponing complete implementation. This is because the important information they have is not organized, and there is concern about the influence of encryption when information is classified according to policies.

DB encryption will eventually improve performance, because it will help organize data and manage partitions. Kim added, “Of course, it would be difficult doing all the classification and implementation at first. However, once you have done it, the burden will decrease and security levels will improve. More importantly, DB encryption can make future system development/design, and DB integration for outsourcing easier by organizing data.”

Most companies have a very disorganized classification scheme as a result of focusing on business convenience. However, DB encryption is becoming a mandatory requirement for corporate compliance. This is considered to be the foundation of enterprise security.

While encrypting existing databases, the main data will be classified and systematized. This will allow administrators to make better policies and manage DB more efficiently, which results in improved overall security. Kim mentioned the importance of policy that can determine the appropriate level of data collection. When designing database security policy in enterprise systems, the existing systems should be analyzed to determine whether too much identifiable data have been obtained.

When an appropriate policy is set, data is well-protected and organized with no duplicate data. It is also common that DB performance and speed will increase after implementing encryption. Penta Security Systems has built DB systems for many enterprises, including Daelim Group, SK Hynix, Kangwon Land, Daishin Securities.

Higher performance than expected

“Dealing with data is very sensitive and many considerations must be taken into account. As a result, a Benchmarking Test (BMT) is sometimes used to measure the effect. Usually, when the BMT is carried out, customers are surprised that the system performance has improved after implementing DB encryption.” -Duk Soo Kim

Last year, Penta Security completed many encryption projects with stock/securities companies. These clients tend to be very speed-sensitive; nonetheless, there were no technical problems for Penta. There are many things to consider while completing a DB encryption project. This can be because the client system is very complicated, and/or because many parts of the system have an impact on one another. Therefore, a more deliberate approach is essential. Implementation is easy, but encryption companies have to discuss even small elements of policy settings with customers to achieve optimal results. Even though it is common for developers and DB professionals to work together for financial sector projects, most do not consider the key issue of performance after encryption.

Kim emphasized the differences between D’Amo and other products on the market. Other products are focused on a specific point, but D’Amo became a platform in 2012, thereby expanding its encryption range. As a platform, D’Amo provides an integrated model that supports various encryption methods for application, DB packages, DB engine levels, and separate equipment, covering all corporate environments. Also, Penta Security has extensive experience in encryption, which has made D’Amo a truly competitive solution.

Public sector customers had been the main customers for the encryption companies until about five years ago. Now, many private sector customers are also implementing the encryption solutions/platforms, and has taken over the public sector as the largest contributor of revenues. In particular, the financial sector has been growing consistently.

Business insight points to further growth

Duksoo Kim stated that Penta Security is trying to change people’s perception about the value of DB encryption as an improvement of overall security, rather than as simply another technology. These days, for example, DB encryption is not only for computers but also for appliances. Therefore, Penta Security is planning to expand its platform to the industries that need Penta Security’s unique technology offerings. He stated that he wants Penta Security to be known as a company that specializes in encryption. Penta Security is aiming to grow 30 percent in revenue this year, compared to last year’s numbers.


D’Amo: D’Amo is a DB encryption product from Penta Security. It can provide the best available encryption method for various DBMS environments, such as Oracle, MS-SQL, DBS, Altibase, and Tibero. D’Amo also supports various DBMS encryption methods, including the API encryption method, plug-in encryption method, hybrid method, In-place method, and Data Encryption Platform (DEP).

clouds

Looking for Security Services, SMBs? Get on the Cloud

Nowadays, as more internet security incidents occur — data breaches via the web and webpage defacements — it is natural for organizations to consider introducing internet security solutions. Along with this trend, cloud-based security services are getting more attention from SMBs, which had previously regarded internet security services as not mandatory and simply cost ineffective, due to their relatively expensive introduction and management costs. This newly found interest in security is not the only motivating factor for this recent trend though. The consecutive launching of cloud-based security services by multiple service providers has accelerated the cloud security industry.

SMBs also need security services.
The cloud approach is appealing among SMBs because it requires a smaller budget and less effort to install, run, and manage the organization’s security. This is largely due to the scalability of cloud technology; companies are able to more precisely pay for the amount of resources that they need rather than have to adhere to the static capabilities and limitations of physical solutions. Considering the fact that the traditional method of security implementation requires that an organization spend many additional resources for installation, operation, monitoring, establishing countermeasures, and customization this new approach is fitting into the market perfectly.

Jaeun Sim, Director at Monitorapp, a web application firewall (WAF) provider based in Korea, which recently launched a WAF SaaS with Innogrid, stated, “Security services provided via cloud can cut down on budget costs for SMBs attempting establish a web security system. An end user now pays just about five percent what pre-existing WAF solutions are charging.”

Furthermore, several security solution providers have made alliances with large IT infrastructure hosting companies to launch joint security service packages. Ahnlab, a Korean based company famous for its antivirus solutions, provides security services for SMBs with the cooperation of LG U+, one of the largest telecommunication companies in Korea. The two remaining telecommunication giants in Korea, KT and SKT, are also offering security services through their own cloud service platforms. The security solutions offered include technologies from Ahnlab, Monitorapp, and Penta Security Systems.

Hyungseop Cho, a Manager at LG U+ explained, “Firewall, DDoS protection, IPS, and Web Application Firewalls are all offered via our cloud service in a pay-as-you-go model. Management and operational services are offered as well for SMB end users.”

These types of services are expected to grow in the future since many security professionals warn that there has been a dramatic increase in hackers attacking enterprises via their SMB-level partners. Gwangtaek Yoon, Director at Symantec Korea, said, “We have seen that attacks targeting organizations with fewer than 250 employees accounts for 31% of all hacks, a 72% increase compared to 2011.”

profile

"D’Amo for SAP”, the Encryption Solution for SAP

D’Amo for SAP, developed by data encryption and web security solution provider, Penta Security Systems Inc. (CEO Seokwoo Lee, www.pentasecurity.com), is an encryption solution that was specifically designed to run on SAP. Loads of personal data and confidential information is stored in company SAP systems. This type of information is required by law to be encrypted in many nations throughout the world, particularly in Korea, where a new privacy act has been enforced since the beginning of 2013. Moreover, sales information residing in SAP is some of the most critical data that a company is advised to secure against breach attempts.

It is not possible to encrypt data on SAP using pre-existing encryption solutions because they do not allow users to freely modify stored business application data. This makes most enterprises hesitant about adopting encryption solutions for their SAP. To overcome this limitation, Penta Security Systems Inc. released the SAP encryption solution in 2012, aptly named “D’Amo for SAP”, which comes equipped with a patented encryption technology known as FPE (Format Preserving Encryption).

The SAP Encryption Solution

D’Amo for SAP’s encryption technology has been certified by SAP, guaranteeing the stability and performance of D’Amo for SAP systems. Along with D’Amo for SAP’s encryption technology, its appliance-type KMS (Key Management Server) offers secure key management for strong authority control.

Previously, it could be quite a complicated process to encrypt data in an ERP. D’Amo for SAP and its included KMS are easily deployed in SAP systems without those complications. In addition, real-time monitoring of the system resources and auditing features make managing a secure SAP system convenient.

Penta Security’s Focus

Penta Security has recently been focusing on small and medium-sized medical centers. As a result, in March they formed an alliance with Choongwae Information Technology, an OCS/EMR provider. This alliance makes it possible to provide D’Amo for SAP together with Choongwae Information Technolgoy’s OCS/EMR product, CI OCS/EMR. CI SFE is a mobile version of CI OCS/EMR programs and is mostly used by medical centers and pharmaceutical companies.