SynerComm will once again be at the RSA security conference this year. If you are at the conference, please stop by to learn more about the innovative new solutions we have to offer.
SynerComm embraces the continual improvement process to provide top notch IT Security Services to their clients. In keeping high standards in risk and compliancy to their clients, SynerComm has now joined the ranks of being a certified PCI Quality Security Assessor (QSA).
StrikeForce recognizes SynerComm as a valuable new business partner for boosting StrikeForce's business by over 100%.
Sunnyvale, Calif. —March 25, 2013 – Aerohive Networks®, the leader in controller-less Wi-Fi and cloud-enabled enterprise networking today recognized SynerComm, Inc as its Partner of the Year award for the central region.
Juniper Networks announces SynerComm as 2012 Partner of the Year in the Central Region
January 16 - Juniper Networks announced today that SynerComm was awarded central region Partner of the Year at their Annual Global Partner Conference at the ARIA Hotel in Las Vegas attended by over 1000 business partners representing 89 countries. SynerComm grew its Juniper Networks business by over 450% last year while enabling their enterprise customer's to deliver private and public cloud services leveraging Juniper Network's Software Defined Networking (SDN) strategy for data centers and network infrastructures. Frank Vitagliano, Juniper Networks Sr VP Americas Channels added "SynerComm estalished itself as a top performing Juniper Networks business partner by complimenting our solutions with the tools and resources customers need to architect an agile IT infrastructure capable of supporting their business initiatives."
November 15 - Palo Alto Networks today at their Annual Customer and Partner Conference at The Wynn in Las Vegas announced that SynerComm is their Central Region Partner of the year. SynerComm grew its Palo Alto Networks business over 300% in the last year. SynerComm helped over 40 new North American customers in the healthcare, financial, insurance, retail, and manufacturing market segments leverage the power of Palo Alto Network's Next-Generation firewall. SynerComm is one of a select group of Palo Alto Network's Authorized Training Centers in North America and provides customers Palo Alto Networks life cycle services (design, implementation & firewall ruleset migration services, operational support services, and certification training).
SynerComm’s AssureIT group performed computer security incident response activities for a number of organizations in 2011. Here are some of the key insights and trends we observed:
Mobility requires next-generation access without regard to user physical location. And today’s user- owned or “bring your own device (BYOD)” environment is fueled by multiple device operating system platforms including devices which run on Android or Apple iOS. Mobile “anywhere” user-access needs to support multiple device types. The way next-generation mobility is first enabled is through the access layer which is delivered through several alternative approaches/architectures.
(or 10 Tips for Securing your Web Application)
The list below covers the most common weaknesses we find when conducting web application pen tests or vulnerability assessments. Click here to learn more about SynerComm’s AssureIT Penetration Testing and Assessment services or to request a quote.
Yesterday the FFIEC released their update to the 2005 Online Banking Guidance - titled "Supplement to Authentication in an Internet Banking Environment". Below are some first impressions.
As expected, the guidance focuses on Commercial online banking services. This is because the majority of online banking fraud has occurred through Commercial banking platforms, which allow for higher risk transactions such as ACH and Wire. The guidance suggests that FI's "recognize and address the fact that not every online transaction poses the same level of risk. Therefore, financial institutions should implement more robust controls as the risk level of the transaction increases. They go on to suggest that layered security is appropriate for consumer access (I read into this that they do not seem to expect strong multifactor authentication for consumer access) but multifactor is recommended for Commercial platforms.
I’d been hearing some buzz around FireEye on the security mailing lists and such, but with most of the the constant influx of “new security product” info I’d been ignoring it. Now I’ve seen it in action at some of our clients’ sites and I’m impressed with it.
The essence of the FireEye product is different from every other security appliance or software out there. The FireEye appliance has a stack of virtual machines including many flavors of Windows operating systems and many targeted applications like Java, Adobe, Windows media, and Office. The FireEye sniffs HTTP traffic off the wire, and takes anything that looks like it could be suspicious code and tries to execute it within the applications and operating systems in its virtual machines.
This blog posting will describe the evolution of authentication techniques commonly applied to online financial applications, including some of the benefits and drawbacks of the common methodologies.
User ID and Password
The most common authentication mechanism in use on the web today is a user ID and a password. This is considered “single factor authentication” because there is only one aspect (the password) that a bad-guy needs to compromise to break the authentication system.
In 2005 the FFIEC came out with a very strong guidance statement that said “The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.“ This caused financial institutions and their service providers to quickly begin to work to implement stronger controls.
There is a lot of information available on the Internet about Banking Trojans and the recent trend of online bank account attacks. In this article we provide a brief overview and then focus on the points of failure that allow these fraud attacks to occur.
This blog posting is meant to help individuals who need to conduct or update their online banking risk assessment in compliance with the new FFIEC guidance that is expected to be released soon, and maybe need a framework or a place to start. This article will walk through how the FFIEC’s framework for an Information Security Risk Assessment, available from the FFIEC handbook at http://ithandbook.ffiec.gov/it-booklets/information-security/information-security-risk-assessment.aspx, could be used as a basis for an online banking risk assessment.
In 2001 the FFIEC issued guidance titled “Authentication in an Electronic Banking Environment” which provided banks an overview of risk and expectations for risk management controls in an Online Banking environment. In 2005 the FFIEC issued an update to this guidance titled “Authentication in an Internet Banking Environment”. The 2005 Guidance provided additional expectations, and in particular went as far as to specifically say that single factor authentication is inadequate for high risk transactions.
In the near future, the FFIEC is expected to release another update to this guidance for 2011.
Thursday Feb 3rd, 2011, as the most of the United States unburied itself from one of the largest blizzards in decades, a few news agencies like CNN and the AP put out a story that made the bottom of any list of headlines. To most people it’s not a big deal. To those of us that were around for the real birth of the Internet it’s a HUGE deal.
On Thursday, the primary issuing agency for IP addresses gave out the last unallocated block of IP’s to APNIC (Asia) for assignment. This means that essentially there are no major blocks of IPs left in the original pool of IPv4 space.
My name is Brian Lemm, and I started working for SynerComm four weeks ago. Until then I knew that Juniper had a network line, but I came from eleven years at a large fortune 500 company that is a Cisco-exclusive shop. This is not going to be a Cisco versus Juniper entry – I just wanted to give a little info on my background (just saying I’ve been around the block a few times).
Switches switch and routers route. If a networking manufacturer didn’t do those two things well they wouldn’t still be in business… Even equipment that is off the retail shelf will do that. So personal preference plays a big role in deciding which vendor to chose. When I started at SynerComm, I hadn’t touched a Juniper device, so when I was given the opportunity to tag along to some installs I jumped at the opportunity. New technology? Sign me up!