Salare Security LLC

• 1: Home
• 2: Products
  • 2.1: vPurity™
  • 2.2: vPurity™ OEM Software
• 4: Services
  • 4.1: Security Assessment
  • 4.2: vPurity™ Custom Features
  • 4.3: Annual Maintenance
  • 4.5: Integration Services
• 5: Training
• 6: Webinars
• 7: White Papers
• 8: VoIP Security Standards
• 9: About Us
  • 9.1: Management
  • 9.2: Board of Advisors
  • 9.3: Business Partners
• 10: News
• 11: Contact Us

Salare Security News

July 12, 2010 (Chicago, IL) Salare Advances in the American Security Challenge

Salare Security has advanced to the next round of the American Security Challege (www.AmericanSecurityChallenge.com). The 2010 Challenge is targeting more than $25M in purchases and investment in Challenger companies with compelling cybersecurity, C4ISR, physical security and energy applications.

As the largest competition and matchmaking opportunity in the nation, the American Security Challenge is the center of gravity for the critical stakeholders in the security technology market. This year over 40 Pilot Awards have been added dramatically increasing Challenger contracting conditions. Federal and private sector customers provide the resources to "Pilot" or "test-drive" vendor solutions in a small controlled environment that mirrors the full-scale scenario. These Pilots provide Challengers the opportunity to have their technologies test driven, not by tire-kickers, but by qualified potential customers who have ready contract vehicles and funding for technologies passing the pilots. These customers may include but are not limited to various groups within the Department of Defense, Office of the Secretary of Defense, Raytheon, ArcSight, Intuit, members of the Intelligence Community and others (additional customers pending). By quickly identifying solutions to mission critical and highly visible issues, the American Security Challenge public/private partnerships are working to secure our nation's citizens, our assets and our economy.

"Our objective is not to award some demo or lab tests to just to benchmark a vendor's performance," says ASC Chairman Roger London, "rather, we want the pilot to be the beginning of a long and substantive contractual relationship between the vendor and the customer. We believe the Challenge is a way to shorten the sales cycle, and connect a buyer and a seller who might not otherwise connect. This platform enables us to accelerate the adoption of critical innovation that protects our economy, our assets, soldiers and citizens domestically and around the world."

May 26, 2010 (VoIP Monitor) Report: VoIP Cyber-Security Risks Predicted to Raise Insurance Rates

Spurred by the lure of low cost, the unregulated and unprotected Internet–based telephone services are expected to produce major insurance losses according to a report issued by NJ-based telephone technology development and licensing company, Emerson Development. [See More Here]

April 23, 2010 (Chicago, IL) DISA Identifies VoIP as Covert Communication Channel

Salare Security reports that the US Defense Information Services Agency (DISA) has identified VoIP systems as a potential covert communication channel. The latest version of the Voice and Video over Internet Protocol (VVoIP) Security Technical Implementation Guide (STIG) Version 3 Release 1 (Released March 15, 2010) contains the new vulnerability key V0021507. This vulnerability key describes how VoIP can be used to transport information or executables both in and out of an organization. This can present significance risks to organizations for information theft and malware propagation.

Paul Sand, President of Salare Security, said, “Through relationships developed while Salare provided leadership in a VoIP Security Project at the Internet Security Alliance ,we were able to provide input and guidance to DISA about this vulnerability whose exploitation could have very high impact on an organization. This is a critical gap in traditional VoIP security approaches that leave over 97% of VoIP traffic (the media traffic, or spoken word) with virtually no security treatment today. We are excited to see another thought leader in cyber security address this vulnerability that leads to serious risk for organizations.”

At a macro level, the impact of the theft of information is staggering. The Ponemon Institute in its Fifth Annual US Cost of Data Breach Study estimates that in 2009 more than $30 billion in losses were incurred by the US economy due to data record breaches. McAfee in a 2009 report, Unsecured Economies: Protecting Vital Information, placed the theft of intellectual property at the level of $1 trillion.

Salare Security’s industry leading vPurity® Appliance and Licensed Security Software can prevent the use of VoIP as a covert communication channel. The vPurity® Software provides a “defense in depth” approach to stopping the flow of data and executables in or out of an organization by using three distinct, proprietary technologies: FlowSpect™ Software, vTect™ Software, and Active Network Behavior Analysis.

The DISA VVoIP STIG can be found at:
http://iase.disa.mil/stigs/downloads/zip/unclassified_vvoip_v3r1_stig_23dec2009.zip

March 31, 2010 (Chicago, IL) "The Financial Management of Cyber Risk" Report Released

Salare Security in conjunction with the American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) announced availability of a report titled “The Financial Management of Cyber Risk.” Paul Sand, President of Salare Security, collaborated with ANSI, ISA and a number of leading companies to develop this thought provoking document that highlights the business drivers, business needs and business results that are supported by good cyber security practices.

"Many organizations see cybersecurity as solely an IT problem," said Karen Hughes, director of homeland security standards programs at the American National Standards Institute (ANSI), one of the major sponsors of the new report. "We are directing a wake-up call to executives nationwide. The message is, this is a very serious issue, and it's costing you a lot of money."

The report cites a cyberpolicy review released by President Barack Obama's administration last May saying that U.S. businesses lost US$1 trillion worth of intellectual property to cyber attacks between 2008 and 2009. That number doesn't include losses due to theft of personal information and loss of customers, the report said and the total cost of a typical breach of 10,000 personal records held by an organization would be about $2 million, the report said.

"We believe if we can educate American organizations about how much they're actually losing, we can move to the next step, which is solving the problem," Larry Clinton, president of the ISA, said. Eighty to 90 percent of cyber security problems can be avoided by a combination of best practices, standards and security technology, but some organizations need to understand the financial problems associated with poor security practices before they will make changes," Clinton said. "A small percentage of company CFOs are directly involved in cybersecurity plans at their companies, and at many companies, most employees don't see cybersecurity as part of their jobs," Clinton said. "In American organizations, everybody has data," he said. "Generally, people don't think it's their responsibility to secure their own data. They think that's the job of the IT guys down at the end of the hall."

More information can be found at http://www.businessweek.com/idg/2010-03-31/study-calls-for-more-c-level-involvement-in-cybersecurity.html

The report may be downloaded at http://webstore.ansi.org/cybersecurity.aspx