Extracomm Blog

Extracomm Blog

    64 Bit versions of ExtraFax and SecurTrac are coming!

    Steven Alexander  November 11 2008 01:21:11 PM
    Since the release of a 64 bit version of Domino(starting in Domino 8.01), many of our customers have expressed that they will be migrating to Domino 64 bit and need our products to also support Domino 64 bit. Our R&D team has been working hard in response to those requests and we are pleased to announce that 64 bit versions of both ExtraFax and SecurTrac will be released prior to Lotusphere 2009

    We already have a 64 bit beta version of SecurTrac available. If you are interested in participating in our beta program, send us an e-mail to support@extracomm.com and we can send you a download link so that you can give it a try and provide some valuable feedback prior to its release!

      Cisco Security Study Points Finger at Employees

      Steven Alexander  October 8 2008 09:44:36 AM
      A very interesting article I came across on newsfactor.com


      Cisco has released the results of a global security study. The results, Cisco says, indicate that data loss can result from risky employee behavior. Cisco says that helping workers understand how their behavior affects the risk of data leakage will strengthen security practices. Cisco recommends employee-education programs on preventing data loss.

      Employees could be to blame for one of the most prominent security concerns facing businesses today: Loss of corporate information.
      So say findings from a new Cisco global security study. The report offers insight into the risks employees take that could cause data leakage. The reason is clear: With the move toward distributed business models and remote workforces, lines are blurring between work and home lives. That's leading to more collaborative devices and applications, including mobile  phones, laptops, Web 2.0 applications, video and other social media.

      The takeaway: There are opportunities for businesses to tailor risk-management plans that prevent data-loss incidents locally while remaining global in scope. Cisco surveyed 1,000 employees and 1,000 IT professionals from various industries and company sizes in 10 countries, including the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil.

      Security's Roots: User Behavior

      "Security is ultimately rooted in users' behavior, so businesses of all sizes and employees in all professions need to understand how behavior affects the risk and reality of data loss -- and what that ultimately means for both the individual and enterprise," said John N. Stewart, chief security officer at Cisco.

      "Understanding this can help strengthen relationships between IT and employees, tailor localized awareness and education programs, and better manage risk," Stewart said. "Simply put, security practices can be more effective when all users realize what their actions result in."

      The 10 most noteworthy behaviors that lead to data leakage are:

      1. Altering security settings on computers.

      2. Use of unauthorized applications.

      3. Unauthorized network/facility access.

      4. Sharing sensitive corporate information.

      5. Sharing corporate devices.

      6. Blurring of work and personal devices, communications .

      7. Unprotected devices.

      8. Storing logins and passwords.

      9. Losing portable storage  devices.

      10. Allowing "tailgating" and unsupervised roaming.

      According to Stewart, without modern-day security technologies, policies, awareness and education, information is more vulnerable. Today, data is in transit, in use within programs, stored on devices, and in places beyond the traditional business environment, such as at home, on the road, in cafés, and on airplanes and trains.

      "This trend is here to stay," Stewart said. "To protect your data effectively, we need to start understanding the risk characteristics of business and then base technology, policy and awareness and education plans on those factors. Data protection requires teamwork across the company. It's not just an IT job anymore." (continued...)

      A Move To Thin-Client Computing?

      Stewart said these behavioral findings can help companies structure employee-education programs at a regional level and sculpt global risk-management plans. He lists recommended practices for preventing data loss, including knowing your data and managing it well; treating data as if it's your own; educating employees on how data protection equates to money earned; institutionalizing standards for safe conduct; fostering a culture of trust; and establishing security awareness, education and training.

      Zeus Kerravala, an analyst at the Yankee Group, agrees that education is a vital element of the solution. However, he's also somewhat disappointed in the industry for not focusing more on laptop  security, although there has been a strong focus on mobile handsets. A move toward thin-client architecture, Kerravala added, could also be part of the answer.

      "It will be interesting to see if companies use thin-client architecture more. It's changed a lot," Kerravala said. "When you look at what Citrix does with streaming desktops, it's much more secure than the personal desktop. There's a certain stigma associated with thin-client computing, but maybe it's time to put away our biases and actually do what's best for the company."

      Article from: http://www.newsfactor.com/story.xhtml?story_id=62187&page=1

      Lotusphere 2009 Registration is Now Open! Are you going? Extracomm will be there!

      Steven Alexander  September 23 2008 11:05:36 AM
      For those who may not have seen it yet, Lotusphere 2009 Registration is now open!

      Be sure to visit  http://www.lotusphere.com and sign up today.

      Once again the Extracomm team will be there at the most important event of the year.

      Yes, everyone knows Extracomm always brings the coolest giveaways to Lotusphere, but what are we bringing this year?


      Come visit us at booth #617 during Lotusphere 2009 and find out!

      Chat with us about successfully deploying FoIP using ExtraFax – the ultimate fax server for Domino, or about  using SecurTrac to help with compliance issues such as SOX, HIPAA, CFR Part 11 and the Data Protection Directive, and we’ll give you a cool gift!

      Want more still? Enter for our larger grand prize, brought to you by Extracomm, CertFx and MartinScott Consulting.

      New ExtraFax Upgrade Promotion

      Steven Alexander  September 5 2008 07:49:31 AM
      If you are existing customer running  ExtraFax 6.1 or an earlier version, we have just launched a new promotion that will allow you to upgrade to our latest version and save 50% off the cost of maintenance. Be sure to check it out. Full details about the promotion are below or visit our web site at the following link:

      ExtraFax Upgrade Promotion - Save 50% on maintenance

       -------

      Are you currently running an older version of ExtraFax? Are you looking to upgrade to ExtraFax 7? Purchase your upgrade before December 31, 2008 and save 50% off the cost of maintenance for the coming year.

      ExtraFax 7.0 is designed in direct response to the needs of the Notes/Domino community; with new features and enhancements that will further streamline activities within the Notes/Domino environment. These features include, but are not limited to:

      Support for Domino 8
      Support for FoIP
      Enhanced Administrator Interface
      Enhanced “User Preferences” document
      Sametime and IBM Lotus Notes 8 plug-ins
      Bar code based routing

      This offer is available to anyone currently running ExtraFax 6.1 or an earlier release. For more details, please contact our sales team at sales@extracomm.com.  

      What’s on your mind?

      Rosalyn Harris  August 21 2008 04:00:00 PM

      Have something to say?

      For more than a decade our customers and business partners (that means you) have provided us with valuable feedback that has helped to make our products the success they are today. You’ve told us what worked well for you, what didn’t work and what you would like to see in upcoming releases. And we appreciate it. So why stop now?

      If you have something to say in response to any of the posts on this blog, we encourage you to join the discussion by leaving a relevant comment or two in the comments box attached to each post. From now until September 30, 2008, anyone who participates will receive a special thank you gift. Be sure to leave a valid email address so that we can contact you for your mailing address.

      Product announcement

      Rosalyn Harris  August 14 2008 10:00:27 AM

      New SecurTrac plug-in simplifies audit trail retrieval

      We’re please to announce the release of our brand new SecurTrac plug-in for IBM Lotus Notes 8.

      As you all know, at Extracomm we’ve made a commitment to respond to the ever changing needs of the Lotus community. We’re constantly looking for new ways to enhance and improve our products in an effort to make your lives better. And we think we’ve done a pretty good job with this plug-in.

      So how does it work?

      By extending the features of the Lotus Notes 8 client which is based on the Lotus Expeditor platform, SecurTrac provides an Eclipse plug-in that allows you to retrieve a SecurTrac audit trail log history for a currently selected document in a Lotus Notes database.

      The SecurTrac plug-in for IBM Lotus Notes 8 works with SecurTrac 2.3.x and is now available on our website for download.  It is free for all customers who are currently running SecurTrac 2.3.x and have a valid Maintenance Standard or Maintenance Plus plan.

      Image:Product announcement

      Using the SecurTrac plug-in couldn't be easier. While in a Lotus Notes database, either open or select the document for which you want to obtain an audit trail log history from the SecurTrac log database. Specify the range of time for which you want to search and then click on the search icon. When the search is complete, all results will be displayed in the sidebar making log retrieval quick and easy.

      Danger on the inside

      Rosalyn Harris  July 31 2008 03:03:00 PM

      How to save your company tens of millions of dollars

      If there’s one thing you can do to help your organization save money, it’s to convince them to take the risk of insider threats seriously. In their technical report The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures, CERT examines why companies fall prey to insider plots.

      It should come as no surprise that the key to minimizing the threat of insider plots is prevention. An organization needs to take the proper steps to ensure that they have the right balance between technology and recognizing the characteristics of an employee who could pose a potential threat.

      From a technology stand-point, an organization needs to be able to log, monitor and audit employee online actions. This allows an organization to identify and investigate any suspicious insider activity before it’s too late. With a tool like SecurTrac in place, an organization can log and monitor all events and user activities that occur in their Domino environment, and our Intrusion Detection monitor is deigned to monitor for malicious events.

      According to The “Big Picture” organizations who have been victims of insider IT sabotage have suffered losses ranging from a low of five hundred dollars to a high of “tens of millions of dollars.” They also write that 75% of the organizations experienced some impact on their business operations, and that 28% of the organizations experienced a negative impact to their reputations.

      From an employee stand-point, it can be slightly more complex. To being with, how can you identify employee who might be a potential threat? According to the research, most insiders who committed an act of IT sabotage exhibit certain personality traits that are linked to malicious behaviours. For example, they may exhibit any of the following:
      *Serious mental health disorders, such as alcohol and drug addiction, panic attacks, physical spouse abuse, and seizure disorders
      *Social skills and decision-making bias such as bullying and intimidation of coworkers, serious personality conflicts, unprofessional behaviour, personal hygiene problems
      *An inability to conform to rules or a history of rule violations such as arrests, hacking, security violations, harassment complaints and misuse of travel, time and expenses.

      If you’re interested in reading more about insider threats, you might want to check out the following articles:
      Log management as a tool against insider threats
      Taking the Offensive with Insider Threats – How Financial Institutions Can Improve Risk Management
      13 best practices for preventing and detecting insider threats

      Did you know...?

      Rosalyn Harris  July 24 2008 12:11:11 PM

      Eight quick facts on compliance

      1.There is ample evidence that compliance is a customer and reputation issue, and if not managed well, can have an important impact on revenues and profits. Institutions’ reputation with customers has become more closely related to their compliance abilities over the last five years, and this trend is expected to continue over the next few years.

      2.In a Deloitte Dbriefs for Financial Executives webcast on compliance management, 49 percent of the surveyed participants said that technology tools are essential for the integration of compliance and performance.

      3.In the world of healthcare, the threat of a HIPAA compliance audit is the strongest driver for security initiatives.

      4.According to research by Ernst and Young, compliance continues to be the primary driver of information security improvements and a top-ranked influencer in risk management integration. Risk management is considered a top priority for 2008, according to research by KMPG.

      5.In response to the new Federal Rules of Civil Procedure (FRCP), companies engaged in e-discovery are now routinely being asked by the courts to produce vast quantities of information in a relatively short period of time.

      6.Over one in five employers (21%) has had employee e-mail and instant messages (IM) subpoenaed in the course of a lawsuit or regulatory investigation.

      7.In their Chronology of Data Breaches, The Privacy Right Clearinghouse reports that the total number of records containing sensitive personal information involved in security breaches in the U.S. since January 2005 is 234,111,062…and counting.

      8.Over the last five years, compliance with regulatory requirements has become more challenging. Many financial institutions also believe that compliance with their internal policies relating to external regulatory requirements has also become more challenging over the same period.

      A lesson

      Rosalyn Harris  July 17 2008 11:11:40 AM

      A quick lesson on e-discovery

      Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured and searched with the intent of using it as evidence in a civil or criminal legal case. What kind of electronic data? All of it; meaning text, images, calendar files, databases, spreadsheets, audio files, web sites, animation, computer programs and e-mail. In recent years, e-mail has become an important source of evidence in civil and criminal litigation, not only in Canada and the US but around the world.

      In his article E-mail can be used as evidence Scott Orr explains that “In the legal world, the "e" in e-mail stands for evidence,” and many people often forget this when writing emails. People are quick to fire off an e-mail with comments that should never been committed to writing, and then are unprepared to face the consequences of their actions. We would all do well to remember that when writing an e-mail, don’t say anything you’re not prepared to defend and don’t say anything you wouldn’t want on the record.  

      For more information on e-discovery, you might want to attend Best Practices for e-Discovery, an IBM sponsored webinar.

      Product announcements

      Rosalyn Harris  July 3 2008 02:37:56 PM
      SecurTrac 2.3.1 for Sun Solaris is now available and can be downloaded from our website. This release is available for free to all customers who purchased the SecurTrac Maintenance Plus or Standard Maintenance plan, and to those customers who purchased SecurTrac after March 1, 2008. There are several new features and updates available in 2.3.1, but I’d like to bring your attention to two in particular:

      - Track the use of the new Message Recall feature in Notes/Domino 8
      The SecurTrac Mail Delete log will show the action as "Delete (Recall)" if an e-mail document has been deleted by the Domino 8 mail recall feature
      - Log undelete/restore action
      The SecurTrac Document/Mail Update log will show the action "Update (Undelete)" if the document (soft deletion) has been undeleted/restored by the user

      SecurTrac 2.3.1 is available for the following platforms: AIX, Sun Solaris, Linux and Windows.

      We’ve also released a beta version of ExtraFax 7.0.1 for Linux, which is also available for download from our website. This new version is 100% Linux based and we encourage you to test it out. Please send your feedback to support@extracomm.com.

      For more details on either SecurTrac 2.3.1 or on the Linux version of ExtraFax,  please contact our sales department.