Massachusetts' MA 201 CMR 17.00 data protection regulations go into effect on Monday, March 1, and that is a huge step forward for the protection of personal information. Breach disclosure laws are old news, but 201 CMR 17.00 is different, it prescribes data protection specifics, and it is not limited to those in Massachusetts:
"201 CMR 17.01 (2) Scope

The provisions of this regulation apply to all persons that own or license personal information about a resident of the Commonwealth."

Brian Krebs is reporting that Texas bank PlainsCapital is suing Hillary Machinery, a customer of PlainsCapital. This is significant because to this point it is common for customers to bring suit against a bank over lax security, but this is a rare case of a bank bringing suit against a customer. Details can be found at Krebs' blog. There are hazy details about the case. I don't want to take sides on the litigation, but I do want to point out that both parties could have prevented the actual breach.

These events will feature information regarding Astaro's product roadmap, the security industry, competitive messaging information and technical demonstrations as well as an opportunity to network with other members of the Astaro partner community.

The first two events will be held in Miami and Orlando on March 10th and 16th respectively. We encourage all partners in the area, as well as those considering joining the Astaro partner community, to attend an event.

For more information about dates, times and locations and to register for an event click here.

We hope to see you there!

Dan Goodwin recently reported that a new Internet Explorer exploit has been released into the wild. The exploit, known as CVE-2010-0249, attacks a known vulnerability in Internet Explorer and was most notably used to compromise Google. Luckily, networks with an Astaro Security Gateway are protected against this threat. Astaro is connected to the Microsoft Active Protection Program and therefore it is possible for the product's IPS to recognize and block attacks before other vendors are able to do so.

The webinar featured a guest speaker, Astaro partner Dean Wescott, CMO of Kincaid Network Solutions. During his segment, Dean discussed his experiences leveraging the Astaro Security Gateway Essential Firewall Edition and how it will help VARs and managed services security providers gain momentum in 2010.

Among all of the New Year's normal ebb and flow, predictions for the upcoming year are ubiquitous. More than a couple of these predictions proclaim that 2010 will be "The Year of the Sandbox". While I think this is a sensationalist way of putting it and that it would be hard to pin down any timeframe for such a technology to become the norm, I do agree that the sandboxing of processes is becoming popular. In fact, if you look at the technology as a whole, virtualization can be thought of as macro-sandboxing - that is, making sure that one set of processes (the guest) cannot interact with another set (another guest). Virtualization has taken off and now sandboxing is headed towards stopping individual processes from communicating with things it shouldn't.

It has become more and more difficult to identify malicious links and content on the Internet. URL shortners, ads on legitimate websites , virus downloads posing as anti-virus software and of course fake e-cards all make it harder to know where you should and should not click

In the US the term "hacker" carries a negative connotation. It conjures an image of a dark room filled with computers and a lone man attempting to break into bank or credit card networks to steal as much personal information as they can. While there are plenty of "black-hat" hackers engaging in criminal activity for their own gain, the term hacker has an entirely different meaning.

Many organizations view Internet security as a necessary expense and nothing more. They realize it is crucial to secure their network and select security products that will block malware and filter spam. While recognizing the need for security is a positive step, many of these organizations are missing out on an opportunity to improve their business operations by using these same tools. The most useful security products aren't simply roadblocks for hackers; they also help contribute to an organization's bottom line. Here are some ways security solutions can help improve business operations by improving productivity.

As we get closer and closer to the end of 2009 businesses are beginning to reevaluate their security products. When evaluating products most companies have a clear picture of the features they want. So they look for products that offer those features. This seems logical but when you think about it, this method is actually one of the worst ways to select a product.