Have you ever revealed the administrative password of an enterprise resource to your colleague? And do you strongly believe that your passwords remain secure even after telling others? If so, you must read this interesting survey done by SecurEnvoy.

The survey results reveal that 75% of UK employees have admitted that they have told at least two other colleagues their corporate passwords.

SecurEnvoy states that while workers are trusting of their colleagues, it may not be a great idea to share passwords so easily since it can compromise one’s entire work life.

The concern raised in the survey is well-founded. Enterprises - big and small, face security issues and outages quite often. After all, mis-management of administrative passwords lies at the root of all security issues.

It is always good to avoid sharing of administrative passwords. But, what if your business needs demand that you seletively share passwords with others and yet ensure high levels of security? Caught in a catch-22 situation, right?

But take heart, you have ManageEngine Password Manager Pro for your rescue. Using this Enterprise Password Management Solution, you can store thousands of administrative passwords in a centralized repository and selectively share the passwords with others. You can have the trail of 'who', 'what' and 'when' of password access. The passwords are shared, yet remain highly secure. Exactly what you want!

To know more, visit www.passwordmanagerpro.com

Bala

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ManageEngine Password Manager Pro
Enterprise Privileged Password Management Solution
Email: passwordmanagerpro-support@manageengine.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Its San FranCisco this time. If you are there and if you happen to be a 'networker', you are sure to attend Cisco Live. And if you fulfill all the conditions given in the previous line, you will definitely enjoy one stall. Stall no. 219. No points for guessing whose stall that will be!! That's where the IT Management gets 'booth'ed (due to lack of an equivalent word for 'personified'). Its the ManageEngine stall!

ManageEngine will be showcasing its IT Management suite of products. With a suite of close to 25 products, ManageEngine has extensive knowledge & experience in IT Management and when we say "We understand IT Management", we mean it!

If you are looking for powerful, cost-effective solution (I know its cliched but I'm being really honest!), Stall no. 219 is certainly the place to be!

There are some surprises there, of course! Drop in to IT Management.... I mean ManageEngine!

See you @ 219

Cheers

Joe

Dear Users,

In our release FacilitiesDesk 5.7 Release you came across the PDA integration feature in brief.

A Question can save your IT ... forever! 

AUSTIN, TX--(Marketwire - June 16, 2009) - ManageEngine, makers of a globally renowned suite of cost effective network, systems, security and applications management software solutions, today announced an update to Desktop Central, the company's web-based Windows Desktop Management Software, with new features designed to control usage of USB devices on desktops across the enterprise.

With the enhanced Desktop Central application, administrators gain an even greater ability to manage desktop security and compliance. Now, from the same familiar Desktop Central management console, administrators may:

• Enable/Disable specific USB devices, such as portable hard drives, CD- ROM, Bluetooth, etc.
• Create and apply policies regarding USB access based on employee roles and departments.
• Generate comprehensive reports on policies and the users and computers that are governed by them.

The new features announced today join an extensive list of existing Desktop Central capabilities designed to maintain company policies and create ever-more-secure networks. For example, Desktop Central allows administrators to generate vulnerability assessments for better patch management; set user-specific desktop policies, disabling the Add/Remove Programs options in the Control Panel, for example; configure firewall settings to prevent unauthorized access; control and manage file and registry permissions; manage local user and group permissions; control Windows services; and detect and remove unauthorized software.

"Before Desktop Central, we had little to no knowledge of our enterprise's security and compliance picture," said Neil Schroeder, Director of Technology, Sioux City Community Schools. "Now we have strong reporting and management functions. We are now in a position to spend much less time running around in the dark trying to individually take care of machines. We have moved from being totally reactive to proactive."

"With the increasing use of portable USB devices, enterprises are constantly under threat of data theft and are focusing on security and compliance as it relates to these devices," said Mathivanan Venkatachalam, Director of Product Management at ManageEngine. "Desktop Central's Secure USB feature allows administrators to selectively limit the scope of USB device usage, either restricting, blocking or allowing full use, depending on the individual user. This will surely be a step toward protecting sensitive corporate data and also reducing the risk from viruses and spyware."

Availability and Pricing

The updated Desktop Central software is available now for download directly from the ManageEngine website at www.desktopcentral.com. ManageEngine offers a 30-day evaluation license of the Professional Edition, with pricing starting at $995 for 100 systems. A permanent Free Edition is also available for small businesses.

About ManageEngine

ManageEngine is the leader in low-cost enterprise IT management software. The ManageEngine suite offers enterprise IT management solutions including Network Management, HelpDesk & ITIL, Bandwidth Monitoring, Application Management, Desktop Management, Security Management, Password Management, Active Directory reporting, and a Managed Services platform. ManageEngine products are easy to install, setup and use and offer extensive support, consultation, and training. More than 30,000 organizations from different verticals, industries, and sizes use ManageEngine to take care of their IT management needs cost effectively. ManageEngine is a division of ZOHO Corporation. For more information, please visit www.manageengine.com.

The distributed flow collection and reporting engine gives the Enterprise edition capability to monitor up to 20,000 interfaces and flow rate in the range of even 60,000 flows per second. This rules out scalability and performance related issues that might have other wise come up with a integrated application trying to handle a large number of interfaces and high flow rate. The features available in this edition are also exactly what a distributed setup needs.

Tree view for devices helps group devices based on their locations (or your preferred criteria) for easier selection by users. This way, users do not have to search through the complete list of devices to find the one for which bandwidth metrics are needed. Timezone based view lets the users see reports in the time zone the device is at rather than based on the time where the product is installed. Administrators can also create multiple user accounts, assign devices or IP Groups to them and also set what timezone the users view the reports in. Do visit here to view the complete list of features available in Enterprise edition.

You can also leave behind your worries about exported NetFlow packets using a large volume of the Internet bandwidth. The NetFlow data is compressed using Java technology before being send from the collector to the central server. This brings down the volume of the exported NetFlow data to less than 20% of the actual size and helps save your valuable Internet bandwidth for critical applications. Moreover, since data is send over HTTPS connection, the NetFlow data is secure and even the GUI of both the collector and central server have HTTPS enabled by default.

Now with the central console, reports from the branches and DR sites spread geographically are at hand. There is no more need to login into different installations and have reports generated from each one of them separately. You also have the option to select the interfaces displayed in the dashboard and so at a single glance the network team gets to see the status of highly utilized links or the status of critical links.

All enterprises preferred uninterrupted monitoring and reporting of critical links, applications or servers. But when the need comes to shut down the central server for maintenance or if the central server is down inadvertently, what can be done? The failover is the perfect feature for this. The data stored in the central server is replicated to a secondary central server and any time the primary server goes down, the secondary is automatically activated after a fixed time. Thus the fail over gives you a automatic backup and redundancy of data.

With all these features and its scalability, NetFlow Analyzer Enterprise edition is the best suitable solution for bandwidth monitoring and traffic analysis. Do download the Central server and Collector from here and start your 30 day evaluation with free technical support from our team.

Compliance is vital for any enterprise not merely to adhere to various regulatory/industry frameworks but also to mitigate the risks attached to corporate IT assets. Enterprises failing to comply not only face penalties from the regulatory bodies but also risk losing respectability and trust. However, in recent times many enterprises fail to remain fully compliant at all times which has led to many security breaches. Case in point, the recent Heartland breach highlighted the fact that staying compliant is a full-time process and just staying within the boundaries of a given regulatory framework is not sufficient to secure your network(s). Enterprises therefore need to look beyond the applicable frameworks to achieve compliance, and one important way is to analyze and manage system, application and event logs to prevent such huge incidents.

Log management for Compliance requirements is an increasingly vital process for enterprises across verticals. There are several implications to having an ineffective log management process, both tangible and intangible.

Enterprises that analyze their log data efficiently can easily recognize the value and impact on their IT and overall operations. The insight gained by log analysis and reporting can help enterprises determine their existing security implementation, cut down on costs on extensive regulatory audits and recovery measures, if any. Up to date log data analysis provides insight into the health and accessibility of network(s), system and applications.

A strong log management solution that handles voluminous and variety of logs is a necessary tool for enterprises to maintain the integrity of all data.

Let’s look at a checklist to ensure log management is applied effectively to ensure compliance.

Do’s

1. Make Log management a daily routine and not just to satisfy compliance requirements

If log management is not done only for the sake of meeting regulatory requirements then we can cover our bases much more effectively. It will take care of any overlapping frameworks and reduce the time to meet all regulatory requirements. This will also cover any condition that is overlooked in the impression that another regulatory requirement covers it. Reports and alerts ensure that the security threat posed is brought to your attention, including those beyond the scope of regulatory compliance.

2. Ensure alerts are set up as per the requirements of the enterprise

Ensure all alerts are set up correctly and for the specific requirements of the enterprise and not just to meet compliance requirements. If any critical data is suspected to have been accessed by an unauthorized user it must be alerted instead of ignoring it if it doesn’t meet a specific regulatory requirement. The alert set up must be reviewed and reassessed periodically.

3. Review reports regularly to identify any gaps in the set up and regulatory requirements.

All reports must be checked not just for the expected data but also for any anomalies in them. Reports must be maintained also for what doesn’t meet the requirements and reviewed frequently.

4. Conduct periodic tests to determine the effectiveness of the set up.

The network must be tested for effectiveness and efficiency in managing and analyzing logs in order to ensure that compliance requirements are met appropriately. A robust log management solution is a vital key towards staying compliant. The test must also be highlighted and validated by the system.

5. Have a representative from the legal department to check if all regulatory requirements are understood and met by the IT department.

Not all regulatory requirements are easy to comprehend and hence might be misunderstood by those defining the IT compliance requirements. This is a pitfall that must be avoided hence all legal aspects must be simplified.

6. Have a consistent approach to managing and analyzing the logs.

Make sure there are defined set of rules on how logs must be managed and analyzed. This must be dependent on the enterprise and not on the authorized personnel. If any change in authority takes place the set of rules for log handling mustn’t be changed as this can lead to loss of log data.

7. Check for unauthorized programs installed by users within the network.

Most breaches are caused due to malicious code planted in the network through unauthorized programs. Users are mostly unaware of the potential threat in installing seemingly harmless programs. A log management solution can help detect such unauthorized programs and alert the administrator before any harm is done.

Don’ts

1. Give access to unauthorized users to view, edit and delete any information.

Access to the network must be strictly monitored and only given to authorized members. Data should be classified appropriately and access to them regulated and monitored. All unauthorized access must be alerted promptly by the log management solution.

2. Provision any Team/group access to any critical data.

No authorization must be provided on a team/group level as this is a greater exposure to risks and provide room for human error. Any changes made on one-on-one level will be lost if not communicated on team/group level.

3. Keep unnecessary ports open in the network.

All redundant ports must be closed in the network(s) in order to protect it from any malicious attack. Ports must be periodically reviewed to ensure only those required are accessible.

4. Run unused services in vital servers.

In order to keep the network(s) efficient and easy to manage all unused services must be stopped to avoid any conflict with essential services. Any redundant service poses a risk in interfering with the operation of critical resources, which will lead to failure of required processes.

This isn’t a comprehensive checklist of course but if you don’t have one, this might be a good place to start. Each enterprise needs to get started with log management with their customized set of checklists to ensure the enterprise IT network(s) is optimally secured. Merely being compliant isn’t enough; it also requires staying more vigilant and having stringent security measures in place.

A new study by Cisco suggests that "Global IP traffic will quintuple from 2008 to 2013". All the signs point to one question - Is your network bandwidth utilized for better or worse! . Are the business critical applications getting enough bandwidth?! There comes a time, sooner or later (preferably sooner), enterprises need to put a limit on their bandwidth utilization and thus the costs accompanying it.

Some of the points of "concern" for enterprises would be:

• Internet video is now approximately one-third of all consumer Internet traffic
• In 2013, the Internet will be nearly four times larger than it is in 2009
• Peer-to-peer (P2P) is growing in volume

Considering the growth of the internet, the increase in video traffic and P2P volume, its not a surprise that enterprises find it harder to keep a tab on the volume of traffic and the different applications that traversing their network. Of course the task is humongous and difficult, but "A task is difficult only till the day you find a solution". Today is the day and there is a solution that can do a lot.

ManageEngine NetFlow Analyzer helps you monitor bandwidth, analyze network traffic and do network forensics. It keeps you informed if the business critical applications are getting enough bandwidth, if not then why. You can view the top talkers, applications, sources and destinations in your network. Reports can be exported, scheduled and threshold violation alerts can be set. 

To mention a few of the "lot":

• Network Bandwidth Monitoring
• Faster Network Troubleshooting
• Site to site traffic monitoring
• Application Performance Optimization
• Department wise bandwidth monitoring
• Validate your QoS policies

Feel free to download now and evaluate for 30 days with free technical support!

Cheers

Joe
http://twitter.com/josephjay