Security Manager SecPoint Magazine Interview
Link to original article: http://www.secpoint.com/awards/Securitymanager-Interview-Secpoint.pdf
SecPoint offers the most powerful Penetration Testing products that an enterprise needs.
SecPoint evaluates your company's IT vulnerabilities by doing penetration testing in wired and wireless networks. Secpoint also gives proposals that are geared toward the achievement of intensive IT security for the company. Here are the major points of the interview that was granted by Mr. Victor Christiansenn, the formidable Director of Sales of Secpoint to the Security Manager Magazine.
Q: How important is IT security for a business or organization? What would be the advantages of evaluating vulnerabilities through penetration testing in a network and how is this achieved?
Penetration Testing has become very necessary in the last few years, because a lot of new threats and liabilities to a company's IT infrastructure are discovered every year. Even popular software products such as Adobe Acrobat Reader, Firefox, Internet Explorer, Chrome, Windows and many are affected by these threats, so companies should not be complacent. Second, around five years ago, security invaders usually break into a company's website and leave an unpleasant message or two, for example: Dr d00m hacked this site today. But in the most recent years, it's not just pranksters but also organised criminals who break into companies' websites. They can damage your company in an incalculable way.
This time, hackers get access to the sensitive information of big organizations, including banks, and steal very important customer information, which they can sell to someone else or exploit for their own gain. In fact, just in the year 2008, 285 million security intrusions were recorded, according to a report by Verizon. According to Verizon's report, organised criminals attempt to break mostly into networks of big firms and organizations. It has become easier for lawbreakers to do this now because while there is increasing complexity of IT equipment, the safety of the IT infrastructure is often left out by companies.
Because of these, it is easy to conclude that it is exceptionally important for companies to avail of services that protect them from every possible attack. Besides that, they also must be aware of the liabilities of their network, so that they can correct vulnerabilities as soon as possible. While most companies have a firewall, they wrongly assume that a firewall is enough to make sure that their networks are safe and secure. However, the truth is that hackers discover new techniques to break into networks every day.
Therefore, we may be secure today, but unsafe tomorrow. With these in mind, SecPoint offers the most powerful Penetration Testing products that companies need to evaluate their IT security. The new European law that places the responsibility for IT security on each company's IT Director will take effect soon, and IT Directors should be prepared for such duty. By using Secpoint's products, companies will not only discover new vulnerabilities but also be able to block and exterminate them from their system immediately.
Q: What are SECPOINT's product advantages in terms of penetration testing?
One of the Penetrator's main characteristics is that it comes with more than 13.000 unique controls of threats that are updated every single day. It has a user-friendly and functional interface that allows programmed and automated control, so that the customer can check all their systems on regular intervals. The Penetrator customer will also receive e-mail whenever new liabilities are discovered. By knowing the liabilities of the network, the company can easily solve them. The Penetrator is a complete solution that can solve all such problems.
Q: We know that a lot of companies use network wireless technology such as WiFi. How secure are the protocols used (such as WEP and WPA) and what are the dangers of using wireless networks?
WiFi is indeed a new and very important way of networking, that is used by a lot of companies worldwide. However, very few of wireless networks are secure. It is easy for anybody to invade your IT system by using WiFi, and thus, access your company's files and possibly damage or steal them.
A lot of companies still use exceeded encryption WEP, which has been broken many years ago. The reason is simple. A lot of companies use old printers and equipment that support only WEP. Many companies are aware of more powerful encryption such as WPA and WPA2, but they use easy-to-crack passwords such as “thunderball”. Most of the time, if an Access Point has the Customer's name, usually the password is very similar with the customer's name. This makes your network easily accessible to hackers who want to harm your company. We also observed a new way of attacking customers. The Windows Operating System searches for corporate networks every day, even when you are not in your office. For example, when you are in an airport and try to connect to the airport's WiFi with your laptop that usually use your company's wireless network, your laptop will try to find your corporate network first. Thus, if a hacker happens to be in the airport and sees that your laptop is searching for your corporate network, it can create anartificial connection in his laptop. Your Windows laptop will see this and connect to it automatically, without you knowing about it. In this way, it can have complete access of all the files in your computer.
Q: What does SECPOINT propose for the safety of wireless networks?
SecPoint proposes a particularly powerful solution to ensure the safety of wireless networks, that is named Portable Penetrator.
With Portable Penetrator, you can check the wireless networks with protocols WEP, WPA and WPA2, to ensure the safety of your company's wireless networks. Portable Penetrator comes with the most advanced technology for wireless networks and provides a detailed methodology of ensuring that your WiFi network is very secure. We have also seen how in 3 months from the purchase of a Portable Penetrator, hackers can find a new way to break a company's wireless network. Thus, the Penetrator regularly checks your network, and informs you automatically with the most recent updates on IT security and threats.
Q: Today the tendency for unifying all modes and aspects of Security Management is even stronger with the use of UTM appliances. How do you evaluate concrete development and what do you suggest to customers to be careful and aware of when purchasing a UTM appliance?
It is true that companies recognize that purchasing a unified UTM appliance can solve all their safety problems with the minimal possible maintainance. To be careful, when purchasing a UTM appliance, it should be updated often and include all modules in its price . SecPoint offers specialised UTM appliances and has proven excellent delivery for many years ever since it was founded. SECPOINT appliances offer Unified Threat Management Solutions that includes all these in a great package: Anti-Spam, Anti-Virus, Web Filtering, Web Proxy, Intrusion Prevention, and Content Filtering.
Q: What solution does SECPOINT propose with regards to UTM appliances and what advantages do your products offer?
Secpoint is proud to recommend the multi-awarded appliance named Protector. It is updated every quarter of an hour with the latest features and updates and four times every day with the most recent database definitions. Theinstallation of its hardware is very easy and quick for users, and does not require changing anything in your existing network. Each user can check his own Spamsautonomously, so it is very easy to manage the criteria of his spams and put somebody's mail or other messages that he doesn't want to receive in black list. These preferences will take effect only for his account and not affect other people's accounts. For Antivirus, SecPoint Protector supports anti-virus suppliers such as Bitdefender, Kaspersky, Norman, and ClamAV. The Protector's Web Proxy also ensures faster and more secure Internet usage. With Web Filter, you can proportionally apply different policies for each of your company's departments. For example, you can prohibit your employees in the Sales Department to use Facebook during work hours. Finally, with Intrusion Prevention, you can determine all current possible attacks of hackers.