Did Microsoft keep its word? EU probes anti trust promises

The EU's executive body, the European Commission, announced today that it was opening an investigation into whether Microsoft has kept the antitrust commitments it made in 2009, and warned that penalties for non-compliance would be "severe."

Microsoft conceded it had "fallen short" of its obligation to provide the "browser choice screen," or BCS. The screen would allow users of Microsoft's Windows operating systems to select a browser other than Microsoft's Internet Explorer.

"Due to a technical error, we missed delivering the BCS software to PCs that came with the service pack 1 update to Windows 7," Microsoft said in a statement.

The company said that PCs running the original version of Windows 7, as well as Windows XP and Windows Vista, did have the screen.

"While we have taken immediate steps to remedy this problem, we deeply regret that this error occurred and we apologize for it," Microsoft said.

EU Competition Commissioner Joaquin Almunia told reporters it appeared that the choice screen, promised by Microsoft in 2009 following an antitrust case, has not been provided since February 2011, meaning 28 million customers who should have seen it may not have.

Microsoft submitted a report to the Commission in December asserting that the browser choice screen was being provided as required. In its statement, the company said it believed at the time that was the case.

The company said it had retained outside counsel to conduct a formal investigation of how the technical error occurred and to make suggestions to avoid such compliance problems in the future.

It also said that it was offering to extend the time during which it is obligated to display the choice screen by an additional 15 months.

"We understand that the Commission will review this matter and determine whether this is an appropriate step for Microsoft to take," the statement said. "We understand that the Commission may decide to impose other sanctions."

The latest development stems from Microsoft's agreement in 2009 to offer a choice of rival Web browsers on Windows to ward off additional fines. Rivals had complained that attaching Internet Explorer to Windows was an unfair way for Microsoft to put its Web software on most of the world's computers.

The competitive landscape has changed greatly since then, however. Tech companies are now more concerned about Google's and Facebook's dominance than Microsoft's. Meanwhile, rival browsers such as Mozilla's Firefox and Google's Chrome have got more use, and apps on mobile devices have started to replace browsers as gateways to online content

The development comes just weeks after a European court upheld most of a massive fine that the European Commission had levied against Microsoft in 2008 for failing to fully comply with an order covering technical documents it had to share with rivals. At the time, the ruling closed the last of EU's active cases against Microsoft, which dated back to 1998.

Keith Hylton, a law professor at Boston University, said the Commission was overreacting.

"There may be a few people on the planet, living deep in forests on the Marshall Islands, who are not already aware that Microsoft's Internet Explorer is not the only browser available," Hylton said. "Google's reminders about Chrome are hard to escape."

Hylton said that, in the US, courts would ask for evidence that consumers had been harmed - evidence Hylton said he doubted could be found in the Microsoft case. He speculated that the Commission was either protecting domestic competitors or raising revenue.

Anthony Michael Sabino, a professor of business law at St. John's University in New York, said the Commission was entitled to enforce its settlement, but its "unremitting hostility" reflected the difference between US and European antitrust enforcement.

"In the US, the law protects competition; in Europe, the antitrust regulators use the law to protect competitors, especially homegrown ones," Sabino said.

Almunia said this would be the first time that this type of legally binding agreement has not been complied with.

"Needless to say, we take compliance with our decision very seriously," he said. "If the infringement is confirmed, there will be sanctions."

All told, the European Union has so far fined Microsoft 1.64 billion euro ($NZ2.5 billion).



Prezi Adds 3D, Fading Animation Presentation Tools

Prezi, a presentation tool with a zooming canvas, has unveiled a whole new line of presentation effects today. The Prezi team hopes the new effects will help professionals make business slideshows and presentations even more dynamic and captivating through increased visual appeal and creative tools.

Prezi

The new line of effects includes 3D and fading animation tools. Prezi's slide-free style allows presenters to zoom in on the canvas to display details or zoom out to focus on the big picture. With the new features, Prezi users can integrate 3D background images to add depth to presentations or fade-in animations to add dynamic reveals for new details or information.

Business owners and professionals who use Prezi can already expect a drastically different presentation style from tools like PowerPoint, which uses slides to present information in a step-by-step format. Prezi gives design-minded presenters an entire line of different options for sharing information with colleagues or giving clients an appealing view of what your company has to offer.

Currently, Prezi offers free presentation service online, which includes some core features and 100 MB of storage space. But the company also offers a few paid options for $59 or $159 per year, which include even more features, support, and storage space. Each of the upgraded plans comes with a 30-day free trial period as well.

Additionally, Prezi offers a Desktop version and an iPad app for viewing and presenting.

Prezi can also create custom templates that incorporate your company's logo, colors, and other branding guidelines so that each presentation is customized with your business in mind. In addition, the software offers the ability to import and edit presentations from PowerPoint, and also to share your presentation with others online and to give them the opportunity to add to or edit your project.

To learn more about Prezi's new and existing features, visit Prezi.




Black Hat 2012: Phoenix, Black Hole toolkits rising in sophistication

Attack toolkits, such as Black Hole and Phoenix, put powerful automation in the hands of less-savvy cybercriminals, and features and capabilities added in recent years have only made these attack platforms more effective and more dangerous.

Users need to patch their Java, their Adobe software and their operating system vulnerabilities … These kits are not using zero-days; they cannot exploit you if you are patched.

Jason Jones,
security researcher, HP DVLabs

It is common for malware architects to update crimeware toolkits with new exploit capabilities a few short hours after a software maker issues patches to repair vulnerabilities, said Jason Jones, a security researcher at Hewlett-Packard Co.'s TippingPoint DVLabs. Jones is scheduled to talk about Web exploit toolkits and their sophistication at the 2012 Black Hat Briefings in Las Vegas. He said cybercriminals behind the attack toolkits not only license them to attackers, but also provide frequent updates and even support services.

"These guys are stepping up," Jones said in an interview with SearchSecurity.com. "We need to keep on our toes and pushing the envelope to protect users."

Jones said he expects the toolkit authors to further advance their code-obfuscation efforts, making it difficult for security teams to detect the toolkit presence on websites. He predicts advances in JavaScript code obfuscation will cloak malicious code from automated technologies designed to detect suspicious website activity.

Security firms have been documenting a steady rise in attacks targeting Java, Adobe Flash and Microsoft vulnerabilities, fueled in large part by the Black Hole exploit kit. Like Phoenix and other attack toolkits, an annual license for the Black Hole toolkit had sold on hacker forums for as much as $1,500. Black Hole was made available for free download last year, creating the surge in Web-based attacks.

"Users need to patch their Java [installations], their Adobe software and their operating system vulnerabilities," Jones said. "These kits are not using zero-days; they cannot exploit you if you are patched."

Attack toolkits have a lot in common. A control panel helps the attacker configure the toolkit to carry out a range of attacks. Most can be configured to ignore a specific IP range, Jones said, in order to avoid attacking a security firm or another entity the attacker doesn't want to attack. A dashboard typically displays reporting capabilities, letting the attacker know how many people viewed their attack pages and how many attacks were successful.

Attackers typically use crimeware kits to set up drive-by attacks. The kit can be used to target vulnerable websites and use those sites as attack platforms. An initial SQL injection or cross-site scripting (XSS) attack gains a foothold on a website. Using malicious JavaScript, the attacker loads an iFrame within the HTML on the page, which launches attacks on visitors to determine their operating system and whether their browsers and browser components are unpatched. If a vulnerability is found, the attack toolkit automatically exploits it, downloading malware onto a victim's machine.

Attack toolkits can contain as few as four exploits or up to a dozen or more. The longer a kit is around, Jones said, the more exploits it accumulates.

Attack toolkits are largely from Eastern Europe, Jones said, but newer exploit kits are emerging from Asia. While the toolkits aren't as sophisticated, they have been offering exploits that target more recently known vulnerabilities. The kits have fueled competition, pushing toolkit authors to rush updates to license holders.

"The Chinese exploit kits were taking market share because they could get more recent vulnerabilities in their kit," Jones said. "They see the success that these other guys are having and they may think they will have the same success or do it better."




Small Banks Are Making a Big Impact on Small Business Lending

After months of decline, banks have jumped head-first back in the small business lending. This is good news for entrepreneurs.

small lender

The latest Biz2Credit Small Business Lending Index, a monthly analysis of 1,000 loan applications, found that approvals in June by big banks ($10B+ in assets) jumped a half percentage point to 11.1% from 10.6% in May 2012. The figure was well above the paltry 8.9% approval rate a year ago in June 2011.

Big banks, which have been under tremendous pressure to become active in small business lending, have finally started closing deals. CitiBank, for one, seems to be closing more deals than before.

Small bank lending increased to 47.5% in June 2012, up two percentage points from 45.5% in May 2012 and up five percentage points from the 42.5.% approval rate in May 2011. Local and regional banks are making a lot of SBA 7(a) express loans, which used to be the bailiwick of the largest banks. Mid-sized banks, such as Sovereign, have really picked up their efforts in small business lending and are pursuing the market aggressively.

The June 2012 loan approval rate of credit unions fell to 55.8%, down from 57.6% in May. Some credit unions reported that they had reached their yearly lending limit, which currently is 12.25% of total assets. Senator Mark Udall (D-CO), has introduced the Credit Union Small Business Jobs Bill (S. 2231) that would raise the credit union business lending cap to 27.5 % of total assets from the current figure of 12.25%.

By raising the cap, credit unions would be able to increase the number of small business loans they make. Keeping the limit in place hinders access to capital, especially since credit unions have become increasingly active in the small business lending space this year.

Alternate lenders also decreased, dropping their lending approval rate to 62.9% from a peak of 63.2% in May 2012. When traditional lenders get back into the game it impacts the alternative funders, such as factoring and merchant cash advance companies, which generally charge higher interest rates than banks do.

If banks are lending, small business owners are less likely to look for other options. When they get access to capital, small companies expand their operations and create jobs.

Lending Photo via Shutterstock




Mobile Strategy Is Not An Option – It\'s Imperative: Jim Blasingame Interviews Ramon Ray on Smallbusinessadvocate.com

A mobile strategy is not optional, it's imperative. Smallbiztechnology.com's very own Ramon Ray joins Jim Blasingame of smallbusinessadvocate.com to talk about the importance of developing a mobile strategy, including the debate about whether you need a mobile app or a mobile site.

Wondering what side of the debate they are joining?  Well, being that many more people are accessing information via their smartphones and tablets while on the go versus a laptop or PC, the need to cater to these potential customers is a must.  This means that you need to give these customers the opportunity to access your website and information on these mobile devices, and ensure that it's relayed in the correct format for viewing.

Check out the radio interview below to hear just what these two small business guru's think about this topic and suggestions they have for you to join in the mobile movement.

 

Find interviews with Small Business experts on the <a href=”http://www.smallbusinessadvocate.com”>Small Business Advocate</a> show

48 Percent of Small Biz Owners Not Taking Vacations This Summer

Despite summer being a little slower for many small business owners, it looks like that won't be causing them to take a vacation this year. Manta released its annual SMB Wellness Index survey today, and it shows that  many small business owners (48%) won't be taking a vacation this year.

manta vacation infographic

Slow Business For Some

It's interesting that, although business slows down for many this time of year (since people are taking time off to be with their children and to go on vacation) small business owners don't slow down too. Terry Benton, owner of Terry's Fabric Cottage, said she notices a significant slowdown in business during the summer.

“Summer is always slower for my business because people are on vacation and they are spending more time with their families and friends,” explained Benton. “Quilts are the last things on people's mind when it's scorching hot out.”

Benton doesn't, she says, have the luxury of shutting off her business, even when it's slow, so she stays connected, even when on vacation.

Despite this slowdown, Manta's survey shows that more than half of those surveyed are working more this year than last. Here's hoping they're working on strategy and marketing while things are slow.

Technology: Always a Factor

Of those that do plan to go on vacation this summer, 71% said they check email while on vacation. Having mobile technology, it seems, is a double-edged sword. It enables us to get out of the office…but it forces us to take the office everywhere.

From the perspective of the spouse who vacations with a business owner who constantly checks his work email (ahem), here are some tips for business owners to balance out their vacation and down time without running their business into the ground:

  • Plan ahead. Determine who will run your business in your absence, or set up parameters for how often you'll check in.
  • Let everyone know. Employees, customers, vendors. It's polite to let everyone know you won't be available.
  • Cut yourself off. Don't let technology make you over-available. If you say you're on vacation, people will respect that. So you don't have to respond to emails the same day.
  • Step away from the business. The purpose of vacations is to step outside of the day-to-day and get some perspective. Don't be surprised if you come back to work refreshed and with great ideas.
  • Focus on family. Small business owners often have to divide their attention between their work and their families. Remember that vacation is all about the latter. Make it a priority.

 




Is Technology Slowing you Down? Four Ways Small Business Owners Can be More Productive

At one time, the world thought computers were going to free up time and resources, eliminating jobs and allowing business owners to spend more time doing things they love. Nearly two decades after Windows 95 changed the face of offices everywhere, we've learned the opposite is true. Not only do we have less free time than ever, we spend that time connected to our various electronic devices.

A recent study by Sage North America found many entrepreneurs seem frustrated with the endless stream of appointments, e-mails to answer, and various applications to keep up with. Many entrepreneurs, according to the survey, wish they had a way to link applications together in one simple interface. But while 51% of respondents wanted applications that linked together, 52% of those respondents said their current applications don't link together. Another 21% of that group reported not having time to figure out how to link their applications together in a way that would save time in the long run.

The good news is, Sage conducted the survey to find ways to make life easier for business owners. “These results, along with the feedback that we receive directly from customers, allow us to have a better understanding of what small businesses are looking for so we can develop tools that meet the real needs of its users,” Connie Certusi, Sage North America's vice president and general manager of small business solutions says.

While Sage works on software-based solutions, there are a few things your small business can learn from Sage's survey to help squeeze more productivity into each day. Those include:

  • Digitize your calendar. Sage's survey found that 13% of entrepreneurs are still using paper calendars to keep track of appointments. Not only does this take longer and increase the risk of it being misplaced, but your co-workers and employees have no way to access it. By using your Outlook calendar or Google Calendar, you can sync your appointments and keep track of your schedule from any device with internet connectivity.
  • Automate administrative functions. Nearly a quarter of respondents reported spending more than half their time on administrative tasks, while another 32% said they spend nearly a quarter of their time on such tasks. Consider software that can handle customer billing, cost estimating, and even inventory processes. While you may spend more on the front end, your time is money as well. Long-term, these solutions can mean more for your business's bottom line.
  • Consolidate apps. Sage reports that 66% of respondents say they use at least three different pieces of software to manage their daily operations. This is in addition to the non-electronic processes these business owners use. Investigate ways to integrate separate software or, at the very least, ways to migrate non-electronic tasks with some of your software. At least one of your software solutions likely comes with customer support. One click phone call could put you in touch with someone who can talk you through linking up software to save time.
  • Utilize mobile versions of apps. If you can take some of your administrative functions on the road, you'll be able to be productive at times when you normally wouldn'tâ€"at the airport, in the waiting room of your doctor's office, etc.

The key to improving processes is to ask the question, “Why?” If your reason for not automating processes is, “our manual system works fine,” as 35% of paper-based businesses responded, you might be relying on comfort. To truly progress as a small business, it's important to always be moving forward.



Given Up On Creating An App For Your Business? Don\'t!!

As a small business, you probably know that having your own business app can really help your business and we've certainly given you reasons why it would. But when you found out that it's not really inexpensive and that there are hundreds of elements you need to be aware of, you dropped the idea.  Well, pick that idea back up because there are solutions that can help you get that app created!

We recently outlined a few solutions to help you build your app. Here are some additional solutions:

  • ShoutEm is an online platform in which you can literally drag and drop elements of your mobile application into the system. When you're done with creating your app on the web and you're ready to publish it, ShoutEm will generate the code and you can test the app via the online emulator or with your smartphone. Once the app is finished, you can publish it on App Store or Google Play and that's it. Really simple, right? Well, it is.  ShoutEm believes that ‘apps should be easy' (yes…that's their tagline!) and they've worked to make that true.  Check out their quick video on how simple they can make it. Of course, all this mobile awesomeness comes with a price: for $30 per month you'll get an app and a limit of 1,000 installs of the app monthly. $50 will get you 2,000 installs, while $100 will give you up to 5,000 installs.
  • AnyPresence - allows you to build and deploy HTML5 or native mobile apps, powered by a unique zero-footprint platform. There is no code needed from your side and your application will be ready in minutes to published ‘live' to the cloud.  AnyPresence is also designed to allow partners and customers to build platform extensions. Add custom business logic services in the language of your choice, and have them work seamlessly with your AnyPresence apps.
  • Swebapps -is a simple, inexpensive way to build, track and update a native mobile ios and android application for your business or organization. SwebApps allows you to create an iPhone and/or Android application online. Once your app is available for download via the iTunes Store or Android Market, you can update your content in real time.

So, if you need (and you probably do) a mobile application, instead of messing around with developers and stressing over the whole process, try one of these solutions. It's simple, affordable and it works â€"  Just like your business does!



4 Blog Policies You Need Before You Start

Adding a blog to your corporate site is a big deal. It's a big deal to your audience who will soon be soaking up your content, and it's an even bigger deal to staff members who will be asked to contribute and add to the company's investment. But before you get started, why not put the proper groundwork in place now, beginning with four essential blog documents that every corporate blog needs.

blog policy

Below you'll find the corporate blog Must Haves that every blog needs to get off the ground safely. By hitting the essentials before your launch even takes place, it will help you bypass problems down the road. It will also empower employees and give them the resources they need to become blogging company assets.

1. A Blog Mission Statement

When you announce your new corporate blog to your team (or even to yourself), you want to be clear about its purpose. A blog is a big time and resource investment, and you're going to need to sell it to your team. I've found that creating a mission statement to help your team understand your blog's mission is a good way to get early approval and to get them on board.

It's natural that there may be fears from certain employees or hesitation from others worried about dedicating time to writing. By showing them how the blog integrates with the company's larger mission and why it's so important, you help alleviate these fears and help them view the blog as a natural extension of their job.

Your blog's mission statement should be in the forefront of everyone's mind to keep people focused on it's real objective (attract customers, build awareness, establish thought leadership, etc).

2. An Official Blog Policy

If you're like most companies, there's a lot of formal paperwork. You have a written policy for how to deal with returns, how to answer the phones, how to calm down angry customers, etc. Your blog is no different; don't let it go live without first putting an internal blogging policy in place that everyone is aware of.

The goal of your blogging policy is to lay the groundwork for what's to come and give your team the information and the tools they need to be blog effectively for your business. This may include information about:

  • Blogging training documents
  • Process maps for publishing posts
  • How to generate appropriate blog topics
  • Comment policy & how to respond to commenters
  • Legal restrictions/confidentiality issues

Whatever will be involved in your blogging process should be addressed in this document so that employees have a central place to go for information. This essentially becomes their “road map” for blogging with your company.

3. An Editorial Calendar

Your editorial calendar may just be the most important document of all when it comes to your blog. This is the document that is going to make sure that you have fresh and targeted content to publish on a regular basis. Your internal editorial calendar breaks down who is blog

  • Who is blogging
  • On what day
  • On what topic/keywords
  • And when drafts of posts are due to others

This document is what keeps your blog running smoothly and it's what helps you make sure you're covering all the topics that you want to on your blog.
To create your editorial calendar I recommend using Google Documents, but you can use whatever application is easiest for you.

4. Best Practices For Promotion

Another Must Have document to go along with your blogging strategy is a best practices for promotion document with tips for using common social media sites. Once a member on your team publishes his or her post, their job likely isn't done. They'll then need to go to Twitter, Facebook, Google+ and wherever else to share that post with the people in your network.

This best practices document should go over how posts are shared (do you use third-party tools? Is only one person responsible for all social sharing?), on what sites they should be shared, and the type of language to be use. It should also share some specifics related to each site to help the blogger understand the unique uses for each and how your audience there differs.

Having this document at your employees' fingertips will help them to feel more comfortable doing something that probably isn't natural for them.

Above are four official documents I believe every corporate blog could benefit from. What other best practices do you think people need once they start blogging?

Blog Photo via Shutterstock




Network controls for mobile application access added by Blue Coat Systems

Blue Coat Systems has introduced application controls to help manage unsanctioned mobile applications on the corporate network.

According to the company, the controls extend the same granular operational controls to mobile applications that a company provides for web-based applications. With these in place, a business can set policies around specific functions within both web-based and mobile applications and enforce policy across all devices.

The mobile application controls are integrated into the Blue Coat ProxySG appliances and the Blue Coat Cloud Service. The company said that it is adding new applications and operations to its mobile application controls on a monthly basis to ensure that the most relevant controls to manage the applications on their network are available.

The mobile application controls are automatically updated through the Blue Coat WebPulse collaborative defence and are immediately available to customers with current support contracts.

Steve Daheb, chief marketing officer at Blue Coat Systems, said: “The growth of consumerisation and BYOD initiatives has created a situation where IT security managers are facing a deluge of untrusted, unmanaged devices and applications on the corporate network.

“Blue Coat mobile application controls give administrators the ability to not only determine which applications are allowed on the network, but also to what extent mobile device users are able to interact with those applications.”



Vulnerability detector and remediation tool launched by Skybox Security

Skybox Security has launched an automated solution to detect network vulnerabilities.

According to the company, Skybox Risk Control 6.5 detects network vulnerabilities in an automated and non-disruptive manner without an active scan, and drives remediation activities.

Available from next month, Skybox Risk Control 6.5 includes a vulnerability detector that consolidates data from multiple sources, including Microsoft Active Directory and System Center Configuration Manager and Windows Server Update Services. The company said that the vulnerability detector uses its patent-pending rule-based Profiler technology to derive an accurate list of vulnerabilities, without actively probing network hosts.

An attack simulation also performs a virtual penetration test to find all vulnerabilities that can be exploited, taking into account all possible attack vectors, available vulnerabilities, network topology, security controls and the value of assets. This generates remediation suggestions automatically.

Gidi Cohen, CEO at Skybox Security, said: “Enterprises rely heavily on active vulnerability scanning as the primary way to determine and minimise the risk presented by vulnerabilities in the IT infrastructure.

“Unfortunately most enterprises respond to scanning headaches by adopting a ‘round robin' scanning approach that assesses only a small portion of their infrastructure on an infrequent basis. This may lead to fewer disruptions, but leaves a large window of risk exposure that is wide open to data breaches and attacks.”



Businesses should \'air gap\' servers and understand Chinese language

Servers need to be ‘air gapped' from the internet in order to prevent attack.

Speaking at an event on China and cyber security titled ‘Traversing the great (fire) wall', US military expert and author lieutenant colonel (Ret) William Hagestad said that companies should ‘air gap' their intellectual property or disconnect it from the internet to keep it separate.

He said: “When you put a server on the web, you will see hits on it as attempts are made to find open ports. You will see hits on servers coming from China and there is no obfuscation.

“It does not point directly to the military though. An APT? It is an over-used term, but it is the perfect technical solution for a nation-state attack, as it is a threat, it is persistent, as it will not go away, and where it is coming from is definitely advanced,” he said,

Hagestad said that the term ‘warfare' should not be used, as with cyber threats originating from China this is not a war situation. “This is conflict,” he said. He pointed to defacement of a Filipino newswire and said that as the country's one billion plus citizens become more connected to the internet, it is leading to a disaffected generation.

He later said that Chinese language is the perfect form of cryptography, as if "any coding is in Chinese they will be able to do what they want unless your administrators can speak Chinese".



Google Executive Marissa Mayer Named New Yahoo! CEO

The 37-year-old Mayer was the 20th Google employee hired when the now legendary search giant was starting out, but today she takes over the reigns of what she calls “one of the best brands on the Internet.” Yahoo! has been struggling to find its way in recent years as the Web continues to evolve, and it's hoped Mayer will be able to provide the company with some new direction. Seeking new talent and a fresh outlook can often change a company's fortunes. Yahoo! sought leadership from a competitor to improve its position in the market. Here is how leadership can play a role.

A New Era

It's official. Several news organizations were piecing the story together yesterday evening, but we have to thank Matt McGee for putting together a thorough roundup of events. Despite her 13 years with Google, which she describes as amazing, Mayer said the decision move on wasn't hard. She officially left Google yesterday and will take over as new Yahoo! CEO today, according to reports. Search Engine Land

The Yahoo! announcement. Mayer has been named President and CEO and a member of the board at Yahoo! according to an official release from the company. Before leaving Google, Mayer was in charge of the company's Local and Location Services, and worked on products like Google Maps, Google Earth, Zagat, Street View, and local search. Yahoo!

Hail to the Chief

The right choice. When Yahoo! chose Mayer to be the company's new President and CEO, it was definitely the right decision, says Dan Frommer in a recent editorial. Mayer is a Silicon Valley heavyweight who will be able to recruit the talent the company needs, has a strong background in computer science that will enable her to understand the company's business model and requirements, and who has the proven experience to lead engineers to design some truly innovative new products to put Yahoo! back on the map. ReadWriteWeb

The short list. As Yahoo!'s new President and CEO, Mayer also gains another distinction, joining a shortlist of powerful women in Silicon Valley and corporate America that also includes Meg Whitman, chief executive of Hewlett-Packard, Virginia M. Rometty, head of I.B.M. and Sheryl Sandberg, chief operating officer at Facebook. DealBook

Looking Deeper

Turning things around. The Yahoo! board members who hired Mayer aren't the only people who respect her credentials. So do others like Marc Andreessen, an industry insider who admits he's surprised that Yahoo! was able to recruit someone of Mayer's caliber. Turning Yahoo! around may be tough, he says. But if anyone can do it, Mayer can. Business Insider

Decisions, decisions, decisions. One of the biggest questions now circulating among those second and third guessing Yahoo!'s big new hire is whether the company was most in need of a strong product person like Mayer or a strong media and advertising executive like interim CEO Ross Levinsohn. In choosing Mayer, the board has made a decision about the company's future. Leadership approach can have a similar impact on any size business. Forbes

Coming into focus. The most important impact leaders can have on a company is often in the area of focus. Whether you run a company traded on Wall Street or a small mom and pop, focus can make all the difference. With the new CEO hire at Yahoo!, it is hoped the company can finally gain some direction. The important thing is to focus on something and do it well, no matter what business you may be in. Seeking Alpha



RSA NetWitness

RSA NetWitness is a network-monitoring system designed to handle a wide range of information. NetWitness comes in three parts: a Concentrator (a Linux-based network appliance), Decoder (a configurable network-recording appliance) and Investigator (an interactive threat analysis application).

NetWitness proved to be a difficult product to set up. The installation directions for the software and hardware are minimal, which resulted in us making several mistakes during system configuration. Also, it was difficult to obtain solutions since we received the incorrect key for different clock times between the NetWitness Investigator and Decoder.

However, once the product was up and running, we found the tool to be compelling. Not only did it capture every packet travelling through the network, but it organised the report in a way that users can quickly reference. Certain functions allow users to implement the packets for risk assessment by way of analysing all traffic on the network. Furthermore, packet capture is not restricted to LANs, but extends to wireless traffic.

The Decoder and Concentrator took some time to grow familiar with, but eventually became fairly easy to navigate. The tool tips were helpful in navigating our way through the application.

The Investigator was another matter, however. It was slightly confusing to navigate, and the amount of information it provided was overwhelming on occasion. But, after getting used to the immense reports, this tool began to shine.

User documentation, excluding the installation directions, was helpful, presenting solid instructions. The user guide was straightforward and attempted to walk the administrator through most of the process, but some sections left us in the dark for certain functions.

On the plus side, the customer service representatives we phoned for support were very accommodating. Not only were they patient with our own network issues, but they continuously offered advice and answers where needed. They were even willing to use immediate means of contact, such as WebEx and remote desktop, for additional assistance.

Overall, NetWitness is a solid product with many useful applications. However, setting it up and the lack of coordination between the user and the company left something to be desired. Setup time and system cooperation took up a good majority of testing time, consequently leaving little room to resolve some troubleshooting issues. The setup problem is not new. Previous evaluations have experienced similar challenges in recent years.

Peter Stephenson



AlgoSec Security Management Suite

The Security Management Suite from AlgoSec provides many features for both firewall policy and risk management. The suite can come bundled in a single appliance and includes two key components, the Firewall Analyzer and FireFlow.

The Firewall Analyzer is the larger of the two components. Administrators can use it to perform auditing, compliance and risk analysis, optimisation and change monitoring. FireFlow allows administrators to manage firewall policy through automation and workflows to ensure that submitted changes are compliant with regulations.

We found this appliance to be quite easy to set up and manage. All administration is done via a lucid management interface that is comfortable to navigate and easy to use. We also found this appliance to offer a lot in the way of configurability and automation. From the interface, it is easy to interact with firewalls and devices such as routers and switches.

This appliance also comes loaded with many out-of-the-box workflows ready to go for the FireFlow component. Using these workflows, an administrator can easily double-check changes before they are made to the infrastructure, including risk and compliance assessments and optimal design recommendations. FireFlow also can submit changes to select devices using its ActiveChange function, which helps eliminate human error.

Firewall Analyzer has three major components. The first is risk analysis. The Analyzer can compare security policy with a database of industry best practices and identify the associated rules. It can then define various configurations to which devices must be compliant and report on their status. Furthermore, the appliance monitors for changes and can provide instant feedback if the change may create risk or take network sections offline.

The second component is compliance standards. This offering provides full compliance checks against many standards right out of the box. The final component is optimisation, which allows for clean-up of unneeded or duplicate rules along with rule reordering suggestions to improve overall performance of firewalls.

Documentation includes user and installation guides complete with screenshots, step-by-step configuration instructions and examples. We found all documentation submitted to be well-organised and easy to follow.

Customers can access a web portal that includes documentation and a knowledge base, along with other support resources at no cost. Customers looking for more support can purchase this as an extra.

At a price starting at c£6,400 for the full suite, we find this product to be great value for money. The AlgoSec Security Management Suite provides a number of features and functionality that make both policy change and risk management easy and seamless, while ensuring that compliance needs are met and adhered to.

Peter Stephenson



Symantec Control Compliance Suite v11

The Control Compliance Suite enables enterprises to define security and compliance-related policies. These are mapped to detailed technical checks and/or specific procedural questionnaires that measure overall risk and compliance within the IT environment.

The product is delivered as an on-premise software offering. Besides the hardware platform, the requirements include MS Windows Server 2003 SP2 or 2008 and Microsoft SQL Server 2005 SP2.

The Risk Manager component is designed to provide a quick view of IT risk. The process sets out to define an asset, either physical or business. The next step is to help visualise and document IT risk for the particular asset. Based on the importance of the particular line of business, assets and more, a 'risk threshold' can be set to alert owners when the security of those assets is in jeopardy. The tool will help prioritise remediation tasks based on risk, not severity.

The user interface is well laid out and easy to use, and navigation is Microsoft-like. Policy setup is done through templates, or users can import their own. The product comes with more than 150 mandates, best practices, regulations and more that are predefined and ready for use.

Using the same tool, users can link controls to policies. The policy portion is integrated with the risk module and remediation actions can be initiated with granular instructions to rectify non-compliance and mitigate risk.

Once policies and controls are set, users can assess the environment. Assessments can mean many things: one can assess against standards, use the vulnerability manager to discover critical vulnerabilities, evaluate procedural controls or integrate data from various third-party sources to review.

Security-related information can be collected using a general-purpose external data interface that enables the enterprise to broaden the risk and compliance view by leveraging other security products in its environment. Imports are supported via Open Database Connectivity, web API, or any flat file format.

It should also be noted that data gathering can be done using both agentless and agent-based clients. This feature gives a lot of flexibility in gathering information from devices.

There is an integrated workflow tool for scheduling and assigning tasks, or one can integrate directly with third-party ticketing systems. Reporting, charting and dashboarding are all excellent. A dynamic dashboard capability pulls everything together by presenting a customised view of risk and compliance for specific areas. Dashboards can be defined to address specific needs and include drill-down capabilities to yield specific, detailed information as needed.

Support and maintenance for Symantec's Control Compliance Suite v11 are available as extra services. The documentation, meanwhile, was complete and easy to follow.

Peter Stephenson