Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/10/2007
06:32 AM
50%
50%

Cisco, EMC, MS Help Out Uncle Sam

EMC, Cisco, and Microsoft link arms against government data breaches

With the U.S. government under continued pressure to improve its security strategies, Cisco, EMC, and Microsoft have responded with a strategy to help. (See EMC Teams With Cisco & Microsoft, Homeland Security Spending Spree, and Report: Feds Need Security.)

This IT power troika is touting a partnership called the Secure Information Sharing Architecture (SISA) in an attempt to bridge the perceived communications gap between government agencies and their suppliers -- while, of course, bringing in revenue.

Identity and access management is at the heart of SISA, which aims to ensure that only authorized personnel can access specific data. With Cisco and EMC providing, respectively, networking and storage hardware, Microsoft will offer digital rights management and identity management software to control who gets access to what. Software from EMC's RSA acquisition will be used to encrypt data. (See EMC Acquires RSA and Tucci Aims for 'One EMC'.)

Other vendors involved in the SISA initiative include digital rights management specialist Liquid Machines, data protection vendor Swan Island Networks, and classification specialist Titus Labs. EMC's SISA manager Francie Kress told Byte and Switch that the door is also open for other storage and security vendors to get involved. "We assume that other people will soon be part of this, but there's nothing to announce."

Kress says the three leading vendors pre-test their SISA offerings, which will be built to order. The vendors' proof-of-concept deployment was in the defense sector, according to the exec. "Our original customer was someone that was dealing with coalition forces and wanted to share sensitive information with their partners," she says. "Before, they could not use technology to share information."

Kress won't reveal exactly how many government agencies have deployed SISA, or their identities, but she insists that "several" are using the technology.

The rise of SISA is no surprise. In the aftermath of 9/11, the U.S. government has been forced to rethink its approach to protecting data, with mixed results. (See Portable Problems Prompt IT Spending, Pundits Ponder Potential Pitfalls, Breaches Stress Need to Improve, and CSIA Releases Agenda .) Last year, for example, the Veterans Administration hit the headlines thanks to a missing laptop containing the Social Security numbers of millions of veterans. (See VA Reports Massive Data Theft, VA Picks GuardianEdge, and On the Brink of Storage Disaster.)

Making matters worse, there is concern in some agencies that lack of communication between vendors and the federal government is hindering security efforts, particularly when it comes to encryption. (See Red Tape Trips Up Security.) At one point, the U.S. Air Force and the Department of Homeland Security called on storage vendors to help the government out. (See USAF Issues Storage Challenge and Ridge Issues Security Challenge.)

SISA is aimed at bridging the government's IT gaps. One potential use for the alliance's offering could be in planning for pandemics such as an outbreak of avian flu, something which is increasingly on the radar for CIOs and IT managers. (See Pandemic Plans Pan Out, Biz Continuity Goes Back to Basics, CIOs Ponder Potential Pandemic, and Will DOD Catch Flu?)

EMC's Kress explained that SISA could monitor confidential pandemic data in different government agencies and coordinate the necessary response efforts, an issue highlighted by the recent case of TB traveller Andrew Speaker. "Some people knew that information, but they could not share it effectively through the infrastructure," says Kress.

— James Rogers, Senior Editor Byte and Switch

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • EMC Corp. (NYSE: EMC)
  • Input
  • Liquid Machines Inc.
  • Microsoft Corp. (Nasdaq: MSFT)
  • Titus Labs

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/14/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Why Cybersecurity's Silence Matters to Black Lives
    Tiffany Ricks, CEO, HacWare,  7/8/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-11083
    PUBLISHED: 2020-07-14
    In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of...
    CVE-2020-5246
    PUBLISHED: 2020-07-14
    Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with L...
    CVE-2019-12773
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product ...
    CVE-2019-12783
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the targe...
    CVE-2019-12784
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess an...