Passware software cracks BitLocker encryption open

December 2, 2009 · Filed Under Security Software, Software News · Comment 

Passware announces the release of the world’s first commercially available BitLocker decryption software.

Passware Inc., a provider of password recovery, decryption, and evidence discovery software for computer forensics, has created the first commercially available software to break Microsoft BitLocker hard drive encryption.

The new version of its flagship product – Passware Kit Forensic 9.5 – now recovers encryption keys for hard drives protected with BitLocker. The software scans a physical memory image file of the target computer and extracts all the encryption keys for a BitLocker disk.

BitLocker is an advanced, full-disk protection feature available in Windows Vista, Windows 7, and Windows Server 2008.

“Full-disk encryption was a major problem for investigators,” said Dmitry Sumin, Passware President. “We have been able to provide police, law enforcement, and private investigators with a tool that allows bypassing BitLocker encryption for seized computers.”

Passware Kit Forensic is a complete encrypted evidence discovery solution that reports all password-protected items on a computer and gains access to these items using the fastest decryption and password recovery algorithms. A portable version of the software runs from a USB drive and finds encrypted files and recovers files and website passwords without making any changes to the target computer.

Passware Kit Forensic 9.5 supports over 180 different file types and introduces recovery of passwords for PGP archives and virtual disks. The software supports Windows 7, Vista, 2003, XP, and 2008 Server.

Pricing and availability

Passware Kit Forensic is now available from Passware and resellers worldwide. Manufacturer’s suggested list price starts at $795. The software comes with 1 year of free software updates. Free trial licenses are also available.

Source

Tags: , , , , , , , ,

BitArmor launches new managed encryption software service

November 20, 2009 · Filed Under Security Software, Software News · Comment 

BitArmor offers integrated e-mail, USB and disk encryption solution delivered from the cloud

BitArmor, a leading provider of information-centric encryption software, today announced the availability of BitArmor DataControl 4.0, which includes delivery of encryption software as a managed service. The new service is the industry’s first integrated USB, e-mail and full disk encryption solution delivered from the cloud. BitArmor Managed Encryption is well suited for mid-market businesses, saving them time, money and deployment headaches while providing military-grade encryption to prevent data breaches and comply with state and federal data privacy regulations.

– Easy to afford – Saves tens of thousands of dollars
– Easy to deploy – Leverages existing infrastructure, no additional hardware required
– Easy to use – Encryption is completely transparent to users
– Easy to manage – Enterprise class security without the hassles

“A significant number of PCs and media devices carrying business-critical data aren’t properly encrypted, and this state of affairs is certain to cause disasters for enterprises,” said John Girard, VP and distinguished analyst in Gartner’s Info Security and Privacy Research Center. “Statistical odds suggest that this will happen to virtually every organization, whether small, midsize or large.”

Unlike large corporations, mid-market businesses do not always have the budget, IT resources or infrastructure in place to protect their data with enterprise-class security strategies and technologies. Through BitArmor’s SaaS (Security as a Service) delivery model, all customers can benefit from the advantage of commercial-grade, enterprise-class encryption and affordable data security.

“A.I.M. Mutual is committed to setting the standard in service excellence for our customers, which includes being on the forefront of addressing key data protection issues like the new Massachusetts’s Privacy Law,” said Ray Pata, Manager Systems and Programming of A.I.M. Mutual Insurance Companies, one of the top providers of workers compensation in Massachusetts and an “A” rated financial institution by AM Best Company. “BitArmor Managed Encryption is a great security model as it provides very strong but highly affordable encryption so A.I.M. Mutual can continue to protect our key assets in a fiscally responsible manner.”

“Our customers operating in a wide range of highly regulated industries need encryption as part of their overall defense strategy, but mid-sized companies don’t always have the resources needed to manage an enterprise deployment,” said Carl Kunzmann, Managing Partner of Wulf Consulting, an IT provider that specializes in managed solutions for mid-market businesses and is now offering BitArmor Managed Encryption to its clients. “A great example is Ursuline Senior Services, subcontractor to Pennsylvania’s Allegheny County Area Agency on Aging, which will use BitArmor Managed Encryption to provide an additional level of security and assurance that the confidential healthcare and financial data of the 5,000+ senior citizens it serves will not be compromised.”

As the inventor of patented Smart Tag(TM) technology, a revolutionary approach to data encryption that protects data wherever it goes, BitArmor is recognized for its ability to deliver strategic solutions for the industry’s most pressing data protection problems, including the industry’s only No-Breach Guarantee.

BitArmor Managed Encryption’s latest enhancements solve the unique data protection challenges of the small to medium enterprise market by providing military-grade encryption for laptops, USB devices and email attachments, in a simple-to-manage and affordable subscription-based SaaS model. This is in stark contrast to data encryption solutions offered by many vendors that are cost-prohibitive for smaller businesses because they require investments in disparate technologies, expert IT security resources, and dedicated servers.

New SaaS features with BitArmor Managed Encryption include:
Highest Grade of Encryption: Uses military-grade encryption to safeguard sensitive data;
Complete Control of Sensitive Data: Ensures customers’ sensitive data never enters the cloud by performing encryption processing functions on the client side;
Integrated Managed Encryption: Offers a single integrated managed disk, USB and e-mail encryption solution that is easy to use and completely transparent to end-users;
High Availability: Guarantees the highest level of availability with multiple redundant servers and offline capabilities that provide access to encrypted data in the event of a network outage;
Reporting for Compliance: Supports regulatory requirements with simple-to-use reporting capabilities;
Low Total Cost of Ownership: Allows administrators to easily deploy the solution within hours and securely manage users from a single console – without costly infrastructure investments or prior encryption and key management experience.

“Today’s businesses are faced with the seemingly impossible task of meeting data security requirements while managing IT costs,” said BitArmor CEO Patrick McGregor. “BitArmor continues to deliver the necessary innovations, like SaaS-based encryption, so that all companies can afford to protect their critical data without sacrificing business growth. BitArmor provides consistent value even as regulations and impending risk threats evolve.”

Source: BitArmor

Tags: , , , , , , , ,

67% of French organisations hit by one or more data breach incidents within last twelve months

September 11, 2009 · Filed Under Security Software, Software News · Comment 

Research from Ponemon Institute Reveals that only 9 Percent of Respondents have an Overall Encryption Plan or Strategy Applied Consistently across the Enterprise

PGP Corporation, a global leader in enterprise data protection, has announced the results of its inaugural annual study by The Ponemon Institute, identifying the steps French organisations are taking in order to safeguard their confidential data. The 2009 Annual Study: France Enterprise Encryption Trends study, which polled 414 IT security professionals at enterprises and public sector organisations, found that 67 percent of French organisations have been hit by at least one data breach incident within the last year, with 18 percent having been hit by more than five incidents. A massive 92 percent of the data breaches were never disclosed as there was no legal or regulatory requirement to do so. Despite the large number of data breach incidents, 71 percent responded that data protection was a ‘very important’ or ‘important’ part of their risk management strategy, with protecting sensitive or confidential information in motion (transfer) or at rest (storage) their top priority.

“It is very encouraging to see that 71 percent of respondents view data protection as a critical part of their overall risk management plan,” said Dr Larry Ponemon, Chairman and founder of The Ponemon Institute. “However, the low percentage of French organisations having an overall encryption strategy in place or using a platform approach to encryption suggests that there are still considerable improvements to be made. The focus for 2010 needs to be on applying a strategic approach to data security across the enterprise.”

The following provides an overview of the key findings of the 2009 France Encryption Trends report:

– Only 9 percent of organisations have an overall encryption plan or strategy that is applied consistently across the entire enterprise.  Forty-five percent have no encryption plan or strategy whatsoever while the remaining 46 percent adjust their encryption plan to fit different applications and data types, or use encryption for certain types of sensitive/confidential information such as social security numbers or credit card accounts.
– Encryption is primarily used to comply with privacy or data security regulations (65 percent) or to limit the brand and reputation damage linked to data breaches (43 percent). With regard to the regulations and regulatory bodies most influential in organisations’ decision to implement encryption, the French Data Protection Commission and French National Privacy Law come out on top with 66 percent and 62 percent respectively. International regulations such as Sarbanes Oxley have a very minor impact (4 percent).
– Eleven percent of organisations use a platform approach to managing encryption solutions across the enterprise. Eight-two percent of these organisations believe the encryption platform increases the effectiveness and efficiency of their IT security programme. Reduced operational costs, consistent policy enforcement across applications and integration with third-party encryption applications were specifically listed as the primary benefits.
– Fifty-six percent of respondents use encryption technology at some level and the remaining 44 percent are in the process of introducing it. Encryption is most widely used to protect data on databases, VPNs and file servers. Mainframe and USB flash drive encryption are the least deployed applications.
– Seventy-one percent of organisations have a fully executed or just launched implementation of data archive and e-discovery systems programme. The figure is just slightly lower for the implementation of network-based data leak detection and prevention technologies (70 percent). More than half of respondents (58 percent) have just launched or fully executed an endpoint device control technology.
– Sixty-seven percent of respondents revealed that they had been hit by at least one data breach in the past 12 months. Of the companies that experienced 2 to 5 or more than 5 data breach incidents, none of them had implemented a company-wide strategy governing the use of data encryption technologies.
– A majority of respondents (58 percent) believe the ability to install a management infrastructure once, and then add additional encryption applications as needed is ‘very important’ or ‘important’. Other important features include the automation of key encryption management activities (55 percent) and enforcement of encryption policy across all applications.
– Encryption solutions are seen as a security priority for 39 percent of respondents. 29 percent also indicate that key management for encryption solutions is earmarked amongst the security initiatives in the current budget and accounts for just over 21 percent of overall spending on encryption
– Forty-five percent of respondents consider loss or theft of confidential or sensitive data one of the major security threats of the next 12 to 24 months. Despite this, 68 percent do not encrypt sensitive or confidential information on mobile data-bearing devices such as PDAs and smartphones, only 4 percent use encryption on USB flash keys and 47 percent are ‘unsure’ or ‘not confident’ about their ability to protect confidential or sensitive information in motion.

“The Ponemon data demonstrates that compliance and fear of reputational or brand damage are driving French organizations to prioritize data protection,” commented Phillip Dunkelberger, president and CEO of PGP Corporation. “Encryption solutions, when coherently and consistently applied across the enterprise to confidential and sensitive information, can protect data at rest, in motion and in use.”

For more information or to receive a complete copy of this study, visit: www.encryptionreports.com

Tags: , , , , , , , , , , , , , , , , , ,

69% of Australian organisations hit by one or more data breach incidents within last twelve months

August 12, 2009 · Filed Under Software News · Comment 

Research from Ponemon Institute Reveals Company-wide Use of Data Encryption Technologies Reduces Risk of Breach and is Critical to Company Reputation

PGP Corporation, a global leader in enterprise data protection, has announced the results of the second annual study by The Ponemon Institute, identifying the steps Australian organisations are taking in order to safeguard their confidential data. The 2009 Annual Study: Australian Enterprise Encryption Trends, which polled IT security professionals at 482 enterprises, found that 69 percent of Australian organisations have been hit by at least one data breach incident within the last year, up from 56 percent in the previous year. The number of firms experiencing multiple breaches was also up, with 41 percent of respondents admitting to more than two data loss incidents in the twelve month period (up from 28 percent in 2008). Of those organisations that did admit to a breach in the last 12 months 65 percent were never publicly announced; there was no legal or regulatory requirement to disclose these incidents.

Despite the rising number of data breaches, Australian organisations are aware of the consequences of such incidents, with 66 percent of respondents stating that data protection played an ‘important’ or ‘very important’ role in an organisation’s overall risk management efforts. 57 percent felt encryption helped them meet privacy commitments and 70 percent believed encryption was a critical factor in protecting a company’s reputation. The percentage of respondents who believe that the use of encryption increases customers’ trust and confidence in the organization’s privacy or data security commitments has increased from 32 percent in 2008 to 38 percent in 2009. Using encryption to comply with privacy or data security regulations and requirements has increased from 13 percent in 2009 to 15 percent in 2009. Those who selected regulations as one of the top reasons for using data encryption in 2009 point to the Privacy Act, National Privacy Principles and PCI DSS requirements.

In response to some high profile cases of lost and stolen laptops, together with the increased business use of smart-phones, this year’s study also assessed organisational approaches to encrypting data held on mobile devices. More than 64percent of respondents say it is very important or important to encrypt employees’ mobile devices and 55% believe that it is very important or important to provide end-to-end email security for Windows Mobile 6.0/6.1 Professional Edition.

“As we are finding through-out the world, breaches are on the rise as well in the Australian market where they increased 13 percent year over year,” said Dr Larry Ponemon, Chairman and founder of The Ponemon Institute. “There is encouraging news in the Australian market, 85 percent of the respondents stated that when they take a strategic approach to their encryption applications and use a platform approach it increases the effectiveness and efficiency of their IT security program.”

The primary benefits of the platform approach to managing encryption across the enterprise include reducing operational costs, eliminating redundant administrator tasks and supporting the development of a strategic encryption strategy. These were cited in the 2008 study as being the primary benefits as well.

“Australia organizations are in a unique position to be able to lead the next generation of privacy and data security regulations in the Asia Pacific region,” said Phillip Dunkelberger, president and CEO of PGP Corporation. “The Ponemon data shows us that Australian organisations are already taking a proactive approach to protecting customer information and other valuable data assets.”

The study found that 75% of Australian businesses have fully executed or just launched implementation of data encryption technology while 25 percent are in the process of implementing encryption in order to protect sensitive information. Encryption is most widely used to protect the data held on file servers, Virtual Private Networks (VPN) and databases. VOIP and mainframe encryption are the least deployed applications.

Other high priority activities in 2009 also include data archive and e-discovery systems with 71 percent fully executed or recently launched and endpoint device control technologies with 70 percent fully executed or just launched. The activities with the highest in-process response in 2009 include the implementation of endpoint-based data leak detection and prevention technologies, identity and access management systems and strong authentication devices.

For more information or to receive a copy of this study, visit: www.encryptionreports.com.

Source: PGP Corporation

Tags: , , , , , , , , , , , , , , , ,

PGP Corporation launches new mobile data protection and security solutions

July 21, 2009 · Filed Under Security Software, Software News · Comment 

Encryption Applications Enable Enterprises to Extend Corporate-Wide Data Security Policies

PGP Corporation announced two new mobile security encryption solutions, PGP Portable and PGP Mobile 9.10, designed to address the critical challenges facing organizations that share portable data and secure email on smartphones. An extension of the award-winning PGP Encryption Platform, PGP Portable is a new data protection solution that provides self-contained encryption on any removable storage device or optical media, including USB sticks, CDs and DVDs. In addition to data encryption, PGP Mobile 9.10 now includes encryption for email and email attachments (both stored and in transit) on Windows Mobile smartphones, extending PGP Corporation’s multi-platform support. Furthermore, PGP Corporation is also rolling out new enhanced support programs to meet the changing needs of its customers.

According to the recently published annual 2009 U.S. Encryption Trends Report by The Ponemon Institute, 59 percent of respondents said that it is very important/critical to encrypt mobile devices and 26 percent indicated they encrypt a smartphone or PDA most of the time, but 51 percent said they never do.

“Corporations are increasingly reliant on mobile technology as their primary platform. Mobile platforms of choice are driven by employees who are bringing in their own devices that IT departments need to support,” said Michael Osterman, president and founder of Osterman Research. “This is driving increasing concerns around mobile security and organizations now need a solution that provides email and data protection across a diverse set of platforms, which PGP Corporation offers.”

PGP Portable – Protect Data On Any Media

PGP Portable enables users to share encrypted data regardless of their operating system and without requiring them to install additional software or have special machine privileges. Based on the evolution of PGP Corporation’s patented virtual disk technology that is market proven, trusted and FIPS 140-2-validated, key features and benefits of PGP Portable include:

  • One-click encryption: PGP Portable converts removable devices and media into containers of encrypted data with a single click.
  • Access and modify encrypted data without installing software: When authorized users plug in a USB drive or CD/DVD secured with PGP Portable, they are prompted for a passphrase. Once authenticated, the user can access and modify data on these devices securely and the data remains encrypted on these devices. Users can share encrypted data with others that do not have PGP software on their system.
  • Native operating system user experience: Users access PGP Portable removable drives and media using the standard Windows or Mac OS X operating system file managers.
  • Extends data protection: PGP Portable is easily added to PGP Corporation’s centrally managed full disk encryption, network file sharing and desktop email protection applications.

“Corporations are becoming increasingly concerned with data breaches occurring from the loss of their employees’ mobile devices,” said Michael Disaboto, vice president and service director at the Burton Group. “Security offerings such as PGP Portable can provide protection for data at rest on a wide variety of devices.”

PGP Mobile – Smartphone Data Security Made Easy

PGP Mobile 9.10 for Windows Mobile now provides comprehensive email and data encryption for Windows Mobile 6.0 and Windows Mobile 6.1 Professional Edition smartphones and storage cards for information that is stored, in transit or shared.

Key benefits and features include:

  • Automatic Email Encryption and Protection: Send and receive encrypted emails and attachments directly with Windows Mobile smartphones.
  • Easy Set-up and Deployment: Automatic protection of email and file data with few changes to the user experience; reduce administrator set-up time and speed deployment with over-the-air deployment and integrated provisioning.
  • Enforced Security Policies: Centralized deployment and management of policies, users and keys using PGP Universal(TM) Server that is easy to complement using PGP Desktop Email for complete, end-to-end email encryption. Integrates with Windows Domain Authentication and Active Directory to control provisioning and key management.
  • Comprehensive Data Protection Self-Decrypting Archives enable information sharing with recipients who lack encryption software. PGP Mobile also includes PGP Virtual Disk, PGP Zip and PGP Shredder.

“People are the new corporate perimeter – whether they are employees, suppliers, partners or consultants – carrying sensitive data on mobile storages devices and smartphones that can be easily lost or stolen,” said Phillip Dunkelberger, president and CEO at PGP Corporation. “If the email and data is not protected on these devices, organizations face a huge risk in data breaches and failure to meet compliance. With PGP Portable and PGP Mobile 9.10, PGP Corporation is helping businesses manage the risk involved with today’s ever present mobile technology.”

New Enhanced Support Programs

To help customers worldwide maintain business continuity, PGP Corporation offers four support program options – PGP Bronze, PGP Silver, PGP Gold and PGP Platinum. PGP Bronze Support is best suited for small businesses and individual customers who don’t require round-the-clock Enterprise Support. PGP Silver, PGP Gold and PGP Platinum levels of support are targeted at enterprise customers who generally utilize PGP Universal(TM) Server to manage client policy. All levels of support provide customers with full access to the PGP Support site, including the PGP KnowledgeBase, FAQ and Tutorials, and the PGP Community Forum.

Pricing and Availability

PGP Portable and PGP Mobile 9.10 are both available today from PGP Corporation and its worldwide channel partners. Pricing for PGP Portable begins at $21 USD and pricing for PGP Mobile 9.10 begins at $105 USD. For more details on PGP Bronze. PGP Silver, PGP Gold and PGP Platinum Support Programs, please contact a PGP sales representative or channel partner.

Tags: , , , , , , , , , , , , , , , ,

Next Page »