“Wedge Networks has a new software-based security solution that it says delivers on the promises of software-defined networking (SDN): cheaper infrastructure costs, easy scalability, and performance similar to hardware-based offerings.” For the full article, please visit RCRWireless.
The Heartbleed bug has been hitting the news quite frequently lately, and with good reason. It is a serious vulnerability in the popular, and widely used OpenSSL cryptographic software library. It is important to note that this is not a virus or malware but rather a mistake that was written into the OpenSSL software. In essence, this bug allows criminals to potentially steal the information, that would normally be protected under normal conditions, by the SSL/TLS (Secure Socket Layer / Transport Layer Security) encryption used to secure the internet. SSL/TLS is what provides security and privacy to communications over the internet, in particular, for applications such as web, email, instant messaging and some virtual private networks. For more detailed information on the Heartbleed Bug.
The core vulnerability that the Heartbleed bug has exposed is that it allows anyone on the internet to read the memory of the systems protected by vulnerable versions of the OpenSSL software, compromising the secret keys used to identify the service providers and to encrypt traffic. This includes the names and passwords of the users and actual content sent within the communication. It essentially allows attackers to “listen in” on communications and then steal data from either the service provider or the user that they can use to impersonate the user later.
What does this mean to users and how can they protect themselves? Well, as long as the vulnerable version of OpenSSL is in use, it is still open to attack. A fixed version of the OpenSSL software has been released and it has to be deployed. It is now up to any service providers and users that have utilized the vulnerable version of OpenSSL to install the fix for their systems wherever it is being used in their networks.
For end-users, the first thing that they should check is whether the online services that they use, like PayPal, Gmail, Yahoo, Facebook, Instagram, etc. have updated their servers in order to fix this vulnerability. Next, once the fix has been carried out by the service provider (not before), the users should then change their passwords. Some websites such as Mashable have provided a list of many popular websites that are affected by the Heartbleed bug. This is not a complete list so users should still be wary if a website that they frequent is not on the list. Wedge’s technology partner, computer security company McAfee, has provided a Heartbleed Test Tool for users to check if their frequently used website has been compromised. If the website pops up as being compromised, it means that the website has not updated their version of OpenSSL and the user should wait to change their password.
When it all comes down to it, the Heartbeat Bug is a good wake-up call for users and service providers alike. It reminds users that they should always be cognizant of security when transmitting valuable information over the internet. For service providers, how they deal with this bug is a good measure of how prepared they are to mitigate these problems when they arise in the future.
“Network vendor Juniper Networks and Wedge Networks, a cloud-based security services company, will test a network function virtualisation use case for cloud sercurity (NFV-S). The proof-of-concept demonstration is part of the Open Cloud Project – a new industry initiative announced this week by the CloudEthernet Forum (CEF) and the Metro Ethernet Forum.” For the full article, please visit ITWeb.
“Wedge Networks, for example, has introduced a hypervisor-based software solution called NFV-S (network function virtualization-security), which does very much what Casado had in mind, which is to provide a security layer outside the virtualised servers.” For the full article, visit Tech Week Europe.
SUNNYVALE, Calif.–(BUSINESS WIRE)–March 31, 2014–
Spirent Communications, a provider of networks, device and applications testing products, today announced that it is collaborating with Wedge Networks to demonstrate the new Spirent Velocity virtual lab environment. Selected as a Best of Interop 2014 Finalist, Spirent Velocity is a unique cloud-based virtual lab environment that enables testing of Software Defined Networks (SDN) and Network Function Virtualization (NFV).
Highlights of the Demonstration
The joint demonstration, featured at Spirent’s booth #727, showcases how NFV providers can easily setup and run tests to quickly bring high-performance virtual appliances and applications to market. In this demonstration, Spirent Velocity will enable the provisioning of virtual devices-under-test, such as the Wedge Networks NFV-based security solution, dramatically reducing the capital expenditure associated with physical labs. Spirent Velocity will showcase how rapid test setup and execution with packaged methodologies from Spirent TestCenter Virtual and Spirent Avalanche Virtual lets users quickly gauge performance and security in a stressed cloud. Furthermore, the demo will highlight Spirent Velocity’s ability to orchestrate Spirent TestCenter Virtual on OpenStack.
Solutions in the Demonstration
Spirent Velocity helps accelerate time to market and reduce CAPEX and OPEX associated with traditional test beds. This virtual test lab allows users to set-up a virtualized test fabric that emulates their desired deployment architecture including choice of hypervisors, guest operating systems, reference server setup, NFV and other technologies such as SDN controllers and switches.
Wedge Networks will be providing the first-ever demonstration of NFV for Security (NFV-S) solution. NFV-S is a new paradigm in providing network security for the ISP and Data Center markets being launched by Wedge Networks that brings advanced network security capabilities into virtualized functions – all in a complete, real-time and elastic solution. The WedgeOS(TM) powered Wedge Networks Cloud Security Platform(TM) provides an elastic, embedded and on-demand solution to deliver a security capability independent of physical network topology and hardware networking systems.
Supporting Executive Quotes
“As providers start evaluating network function virtualization solutions and deploying NFV in their networks, they need to know that on-demand security services can be layered over the virtualized network,” said Jeff Wilson, principal analyst for security at Infonetics Research. “The NFV-S solution is the type of forward-looking solution that providers need if they want to deploy NFV-compatible security services – no matter the location, service, or bandwidth.”
“Wedge Network’s NFV-based security solution will be deployed in the cloud, so it makes absolute sense to test our solution in the cloud as well,” said Dr. Hongwen Zhang, CEO of Wedge Networks. “Spirent Velocity provides us the ability to rapidly provision the virtual test bed, and then verify that our virtual solution maintains performance while scaling under rapidly increasing load.”
“Spirent is pleased to be partnering with Wedge Networks for this joint demonstration,” said Patrick Johnson, Spirent’s vice-president of cloud services solutions. “Wedge Networks is re-inventing network security and Spirent Velocity is re-inventing the world of test itself, ultimately accelerating the transformation of the network.”
For more information on Spirent Velocity, visit:
www.spirent.com/products/velocity
About Wedge Networks(TM)
Wedge Networks(TM) is transforming the way security is delivered. Powered by the innovative WedgeOS(TM) the Wedge Networks Cloud Security Platform(TM) is designed to combat the shifting threat landscape associated with mobility, cloud, internet of things and the consumerization of IT. Unlike first generation security products, cloud-assisted appliances or even dedicated security clouds, the Wedge Platform enables inline inspection of both inbound and outbound traffic embedded within the cloud layer across all platforms and device types without latency. The Wedge Platform(TM) is deployed globally, delivering security protection for tens of millions of users in Fortune 500 companies, government agencies, Internet service providers, and across all industry verticals. Wedge Networks is headquartered in Calgary, Canada and has international offices in Sunnyvale, USA; Beijing, China; and Manama, Bahrain. For more information visit, http://www.wedgenetworks.com/
About Spirent Communications plc
Spirent Communications plc. (LSE: SPT), a global leader in test & measurement, offers an extensive portfolio of solutions to test data centers, cloud computing and virtualized environments, high speed Ethernet networks and services, 3G/4G wireless networks and devices, network and application security, and positioning technologies. For more information visit
http://www.spirent.com/about-us/News_Room/About_Spirent_Communications_plc.aspx
“Wedge Networks sees a completely different view of the future of device, computer and enterprise security. They believe that most of the effort around anti-virus and anti-malware should be further up the food chain. More specifically they believe it’s the responsibility of the telco.” For the full article, please visit TechDay.
In an interesting article on CBC News last week it turns out that although many of us believe we are protected against fraud when we use our credit card and online banking websites, fine print in the online electronic banking agreements for the big six institutions in Canada suggests that the consumer holds a lot more responsibility and liability than previously thought.
According to the CBC article, “A survey of the electronic banking agreements for the big six institutions reveals a variety of conditions imposed on clients. They include requirements such as having the latest anti-virus software on any computer used for banking, and not using a PIN, password or security question that’s too easy to guess.”
Digging deeper, typical terms and conditions of several of the banking websites have wording such as:
“You agree to implement and maintain reasonable security measure which include up-to-date virus scanning software and a firewall system, if such security measure are available for your Electronic Access Device.” (Part B, Section 15 – Security)
“In addition, in no event, even if we are negligent, will we be liable for any loss or damage suffered by you that is caused by:” “your failure to fulfill any of your obligations under this Agreement including those in Part B, Section 15 (Security) or to comply with any instructions we may provide to you from time to time in connection with the Services.”
With online banking becoming far more prevalent, and online fraud increasing exponentially, how do you keep up with responsibilities of ensuring their web-devices have the most up-to-date anti-malware and firewall protection? For the most part, in order to fulfill “responsible security measures” as mandated by the banks, you would have to be constantly on top of managing security for every one of your web-connected devices. More than ever, you need services that you can enable to provide easy-to-use blanket protection. With all of your devices at home connected through your service provider you should look to them to help keep your security measures up to date. This is the future. Let your ISP protect you from the liabilities and costs of online fraud.
Innovative cloud security platform to be rolled out globally
CALGARY, March 5, 2014 /CNW/ – The Government of Canada has announced it has chosen technology from Wedge Networks™, the leader in Cloud-Based Security Services to protect its information systems from advanced security threats. The WedgeOS™ platform is a first-of-its-kind solution that melds patented network traffic inspection capability with software defined networking (SDN) and Network Functions Virtualization (NFV) to deploy a rich set of security services for large populations of computing devices, from traditional servers and personal computers, to mobile computing devices, to the modern “internet of things”.
“Today the traditional network perimeters are evaporating.” Said Hongwen Zhang, PhD, Co-Founder and CEO of Wedge Networks. “Data is in the cloud, consumerization of IT is embraced, we have a mobile workforce where users co-mingle multiple types of devices throughout the day, and almost everything – phones, tablets, cars, medical equipment, point of sale systems and even thermostats – has an internet connection. We built the WedgeOS™ platform to deliver security protection for users as they embrace the cloud computing model.” he said.
Deployed in the data centres of Shared Services Canada, WedgeOS™ will protect the Government’s critical information systems being shared across diverse departmental networks, and in the future will protect information being shared between Canada and other countries.
Before being awarded the contract, WedgeOS™ was deployed in the Government’s verification networks to validate all functions, including advanced data leakage protection and anti-malware. WedgeOS™ software can provide Government networks with accurate and transparent web security by inspecting all content – both inbound and outbound for malicious activity and making sure advanced threats are detected and contained.
Honourable Diane Finley, Minister of Public Works and Government Services, recently visited Wedge Networks 2013 to announce the government contract awarded to Wedge Networks under the Build in Canada Innovation Program (BCIP) and said: “Cyber security is critically important in this online age. So we are excited about WedgeOS. It is a software platform that conducts a full inspection of content within Internet traffic in real time. A cutting-edge innovation such as this one could bring many benefits to the IT industry so I am very pleased to announce this contract.”
Canada, Calgary 28 February 2014 – Wedge Networks, the leader in Cloud-Based Security Services today announced that Info Security Products Guide, the industry’s leading information security research and advisory guide, has named WedgeOS™ Version 2.1 winner in the following 3 award categories: Gold Award for Best Cloud Security; Silver Award for Managed Security Services and Bronze Award for Innovation in Cloud Security.
The security industry celebrated its 10th Annual 2014 Global Excellence Awards in San Francisco by honouring excellence in every facet of the industry, including products, people behind the successes, and best companies.
More than 50 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2014 Global Excellence Awards Finalists and Winners. Winners were announced during the awards dinner and presentation on Feb. 24 in San Francisco attended by the finalists, judges and industry peers.
“We are overjoyed to be recognized by the Info Security Products team in 3 categories and to win the Gold Award for Cloud Security. A great achievement for Wedge Networks, and for WedgeOS™ which currently protects over 15 million endpoints with over 1000 installations across 16 countries and melds patented network traffic inspection capability with software defined networking (SDN) and Network Functions Virtualization (NFV),” said Steve Chappell, Executive VP of Sales and Marketing and COO. “We believe that securing the cloud layer is the only viable way of ensuring safe computing for the many billions of connected digital devices.”
About Info Security Products Guide
Info Security Products Guide sponsors leading conferences and expos worldwide and plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources. It is written expressly for those who are adamant on staying informed of security threats and the preventive measure they can take. Readers will discover a wealth of information in this guide including tomorrow’s technology today, best deployment scenarios, people and technologies shaping info security and market research that facilitates in making the most pertinent security decisions. The Info Security Products Guide Awards recognize and honour excellence in all areas of information security. To learn more, visit www.infosecurityproductsguide.com
About Wedge Networks™
Wedge Networks™ is transforming the way security is delivered. Its innovative WedgeOS™ is a true cloud security platform designed to combat the shifting threat landscape associated with the consumerization of IT. Unlike first generation security products, cloud-assisted appliances or even dedicated security clouds, WedgeOS™ enables inline inspection of both inbound and outbound traffic embedded within the cloud layer across all platforms and device types without latency. WedgeOS™ is deployed globally, delivering security protection for tens of millions of users in Fortune 500 companies, government agencies, Internet Service Providers and across all industry verticals. Wedge Networks is headquartered in Calgary, Canada and has international offices in Sunnyvale, USA; Beijing, China; and Manama, Bahrain. For more information please visit www.wedgenetworks.com
“Cloud is both a concern and an enabler of security.”
Wedge CEO, Dr. Hongwen Zhang, was quoted, along with leading industry analyst Tim Dillon, Asia Research Director, Current Analysis, in Singapore Business Review’s article on Cloud Security, published on January13, 2014.
For the full article, please visit Singapore Business Review.
Kaspersky ThreatPost
