Top 10 at Infosec 2014: Talks

There has been a rumour that Infosec is fading out, its long-standing tradition residing in the cliché that everyone goes because everyone else does. There have also been questions raised over the quality of its talks. Whilst not forgetting that Infosec is one of the few relevant shows of its industry that remains free, here’s a review of some of the talks that will take place at this year’s edition. We’ll let you decide for yourself if Infosec deserves its reputation, or if it is indeed going out of fashion.

 1. Defeating corporate antivirus: Live demonstration of how A/V can be bypassed, using readily available tools and real-time information

Who: Ken Munro, Partner at Pen Test Partners

When:  Wednesday 30 April 2014 16.40 - 17.05

Where: Technical Theatre

Ken Munro will explain how analysis and security research tools available online are harvested, modified and then used against an organisation's firewall. The talk is delivered with a live demo of over 40 anti-virus products which will show which products have responded and which have failed to detect threats from public virus databases.

2. Security as an enabler: Supporting enterprise innovation and transformation

Who: Moderator - Peter Wood, Security Advisory Group at ISACA London Chapter

          Panellist - Lee Barney, Head of Information Security at Home Retail Group

          Panellist - David Cass, SVP CISO at Elsevier

          Panellist - Michael Colao, Head of security at Axa UK

          Panellist - Andy Jones, CISO at Maersk Line

When: Tuesday 29 April 2014 10.45 - 11.45

Where: Keynote Theatre

This panel talk addresses a very current issue for the cyber community – information security being perceived as the business inhibitor, the innovation-stiffler, the risk-averse, in a word the mother-of-all-evils within the corporate agenda. The debate looks to challenge the negative perceptions surrounding information security and compliance as well as searching for solutions to better educate, engage and integrate these topics with the business decision-making process.  

3. Too small to succeed? The problems ethics of threat intelligence sharing

Who: Barmak Meftah, CEO at AlienVault

When: Tuesday 29 April 2014 10.00 - 10.25

Where: Business Strategy Theatre

The cybercrime scene has evolved to a functioning network of capable hackers who share and benefit from crowd-sourcing of information, tools and advice. Meanwhile, the business world is still torn between the benefits of sharing and the ethics of exposing vulnerabilities. This presentation flips the coin on both sides and addresses a sore spot for both information security as well as the board room. 

4. Into the breach: Lessons learnt from targeted attacks

Who: Ryan Kazanciyan, Technical Director at Mandiant

          David Damato, Director at Mandiant

When: Wednesday 30 April 2014 15.20 - 15.45

Where: Technical Theatre

Mandiant attempts a discussion drawing on the experience of past attacks, highlighting the reasons for which these attacks continue to happen, finding the blind spots of cyber security and ways to better deploy existent resources in tackling these issues, as opposed to buying more gadgets, or waiting for miraculous solutions. They also look at the pros and cons of "threat intelligence" and they take a chance on predicting the evolution of state-sponsored threat and targeted attacks in the near future. 

5. Hall of Fame interview

Who: Dr. Eric Cole, Chief Scientist at Secure Anchor Consulting
          Drew Amorosi, Deputy Editor at Infosec Magazine
When: Thursday 01 May 2014 10.00 - 10.35
Where: Keynote Theatre

The Infosecurity Hall of Fame celebrates the achievements of Infosec practitioners with long-term contributions to the advancement of information security, revolutionary ideas and inspiring innovations. This year, Dr. Eric Cole the founder of Secure Anchor Consulting and a fellow of the SANS institute was introduced to the Hall of Fame which now counts an impressive array of infosec personalities. Dr. Cole holds 20 patents, has authored several books and is part of the Commission on Cyber Security for the 44th President as well as a few other advisory boards. 

6. What's new in cybercrime? Keeping up with the cybercriminal

Who: Moderator - Eleanor Dallaway, Editor & Associate Publisher at Infosec Magazine
         Panellist - Michael J. Driscoll, Assistant Legal Attache, FBI
         Panellist - Lee Miles, Deputy Head of National Cyber Crime Unit, National Crime Agency
         Panellist - Graham Cluely, Independent Security Analyst
When: Wednesday 30 April 2014 12.00 - 13.00
Where: Keynote Theatre

With the high-speed developments in cyber crime there is an increasing need to look at the drivers and motivations of cyber attacks, understand their business models and assess the risks and the best ways to manage and mitigate them, and finally, identify the real threat to the organisation; be it a state sponsored attack, organised cyber crime, hacktivism or the inside threat. 

7. Privacy & Compliance Think Tank: Utilising compliance as an information security asset

Who: Moderator - Vicki Gavin, Compliance Director at The Economist
          Panellist - Len Svitenko, Head EU IT Compliance at Staples Europe
          Panellist - Stewart Room, Partner at Field Fisher Waterhouse
          Panellist - Mike Jolley, Head of Information Risk Management at Yorkshire Building Society Group
          Panellist - Stephan Geering, Chief Privacy Office EMEA at Citibank
When: Thursday 01 May 2014 12.35 - 13.30
Where: Keynote Theatre

With  compliance becoming more of a burden, this discussion examines how what has now become an exercise of ticking the boxes could be returned to its original roots - an asset in ensuring the security of the organisation. The panellists will look at the new standards of several industries, discuss transition measure between the old and new procedures, as well as guidance in preparing for the upcoming EU General Data Protection Regulation and the Network and Information Security Directive. 

8. EU General Data Protection Legislation: Status update and key action points for organisations

Who: David Smith, Deputy Commissioner at the Information Commissioner's Office
          Drew Amorosi, Deputy Editor at Infosecurity Magazine
When: Wednesday 30 April 2014 17.00 - 17.30
Where: Keynote Theatre

This session will bring updates on the latest developments concerning the EU General Data Protection Legislation and the measures required to ensure your organisation remains compliant. 


9. The idiot's guide to destroying a global 500 company... for £500

Who: Kevin Kennedy, Senior Director at Juniper Networks
When: Tuesday 29 April 2014 11.45 - 12.45
Where: Information Security Exchange Theatre

Kevin Kennedy delivers a presentation which demonstrates that it only takes a PayPal account for a legitimate business to crash. He also teaches different approaches to change the economics of hacking and practical advice to protect the organisation from the latest threats. 

10. The new model of security

Who: Adam Philpott, Director EMEAR Security at Cisco
          Terry Greer-King, Director UK&I Security at Cisco
When: Wednesday 30 April 2014 14.15 - 15.15
Where: Information Security Exchange Theatre

Cisco directors offer insights into the forecasting new models of security, given the disruptive age of technology and implicitly of security. A challenging view over security assumptions and fresh perspectives to understand that concepts such as the Internet of Everything will undeniably change the future of security forever.

This is only a handful of debates and presentations from over 100 sessions available for free. From our perspective it looks like these topics reflect the concerns - practical as well as theoretical - of the information security professional. Does this make Infosec the place where opinion leaders voice thoughts and debate fresh approaches? Or is it that after almost 20 years the Earl's Court cyber expo became a compulsory attendance for the industry? Let us know your opinion in the comments below, on Twitter @TitaniaLimited, or in person at stand G25.

Target. A Series of Unfortunate Events

Source: yahoo.news.com

It started right before the holidays, with Brian Krebs’ first report on a 40 mil. financial data breach at Target stores.  News followed that a further 70 mil. accounts containing personal identifiable information was also compromised during the heist.

From then on the focus was on how  the breach happened, what software was deployed, where did Target go wrong and who should take the best part of the blame. Meanwhile, Target provided customers with a sign up for free credit monitoring and identity theft protection system and announced it will invest $5mil in a brand new cyber security coalition. 

But that’s not the end of the problems for the retailer.

Alongside Target, the retail industry is experiencing a surge in cyber attacks and POS malware. The FBI re-assures us that they are aware of these attacks and they are not likely to stop. Compliance is widely criticised as Target was in fact compliant with the PCI DSS standards and it did nothing to stop these spectacular attacks. 

However the infosec community is looking at the entire story with a shaking head and a look of “I told you so”, because researchers have long stated that compliance does not mean security. Previous incidents at Wall-Mart and Heartland Payment Systems had left an even more embarrassing mark on compliance, as they were certified compliant while their networks were in the process of being hacked.

The implications of these recent hacks are wide and diverse. Banks will tighten their liability policies, payment providers will continue to issue fines for poor cyber security measures, while retailers deal with bad publicity and falling share prices. 
This in turn affects economies and market statutes while the customer is left in the middle with the choice of a week’s worth of hassle for cancelling a compromised card and/or the expense of a lawsuit against the retailer.

It seems that all these industries should take a break from trying to only protect themselves and come together for a long-term cooperation strategy centered around the key player: the consumer.  As it stands every industry is furiously trying to escape the responsibility and pass an already irritated and distrustful victim from one institution to another. 

This may work for the time being, but will only lead to a deeper lack of trust in a flawed system.  There is more to be done to educate, prevent and restore trust, and this will take a cooperative and supportive effort from all the industries if they continue to expect customers to hand over their data. 

A Tool That Tells a Tale

Richard Hatch, IT Security Consultant at Portcullis

About the Author

Richard Hatch is a software engineering graduate who joined Portcullis in 2011. As an IT security consultant he carries out penetration testing, writes reports, develops tools and supports in-house capabilities. He has an interest in reverse engineering.

Portcullis is committed to providing a comprehensive IT security consultancy for our clients to ensure that their networks and websites are secure from threat of attack. As a leading UK service provider, we assist our clients through penetration testing, digital forensic services, incident response, training and bespoke consultancy services to ensure they have a true sense of security.

Portcullis can complete tests under the CREST and CESG CHECK schemes. www.portcullis-security.com

At Portcullis we understand the benefits of automating data gathering and parsing data with tools to quickly extract pertinent information. Such information can be used to automatically run additional targeted checks against certain network services for example. This enables a penetration tester to be quickly alerted about known security issues and provides references to related vulnerability information, e.g. matching Metasploit exploits to Nessus output.

When it comes to performing security assessments of network devices such as firewalls, routers or switches then Nipper Studio is the first tool we reach for.

After running a Nipper Studio audit, the report is presented (as HTML) within an embedded browser. Nipper Studio also allows the user to export that report in a number of easily selectable formats (CSV, txt, HTML, XML etc.). A nice feature of the presented report is the cross-linked references to issues, tables, etc. which enables the user to drill down in to logical names present in rules (such as object groups). Any passwords, some of which are decoded from the obfuscated forms, can either be displayed inside the report or masked.

Additionally, Nipper Studio reports on known software vulnerability issues for the device firmware version, without the need for an active Internet connection. This saves time that can then be spent reviewing the issues identified or considering the device within the business context. For example does the device adequately fulfill the role it is supposed to play, or should additional rules be present to address specific needs or concerns of our customer?

The options to perform checks against different compliance policies, as well as differential comparisons (a “before” and “after” review to highlight changes), makes what would be a time-consuming and challenging task a quick and straight-forward one.

The output formats supported by Nipper Studio enables our penetration testers to use bespoke tools to process the report output and process references such as CVE numbers. These are then imported in to our own custom reporting tools.

The explanation of the issue findings in Nipper Studio also serve as both an insight and a reminder when encountering some of the more obscure issues or features present on a device. For instance a configuration file command that starts “glbp” may not be immediately recognised by a tester as the Gateway Load Balancing Protocol, a proprietary Cisco protocol. The issue help text from Nipper Studio expands such acronyms and enables the tester to recall their understanding of the technology invoked by the “glbp” technology.

The benefits of using Nipper Studio for security analysts mirror those for the client: It offers a faster, potentially more in-depth review with more technical detail available. Furthermore is has the ability to determine if a device adheres to necessary compliance policies, documented design rules, or what configuration changes are present against a known baseline. For example, imagine a company detects that their internal network has been compromised, but are unsure if the attacker gained access to a router and changed the configuration (to breach network segregation). They can quickly compare the current
configuration against the Nipper Studio report of a known-good configuration that could not have been affected by a hacker, (e.g. stored on a backup CD that is held in a safe at another location).

In one case, a client had asked for a security assessment of a firewall, with specific consideration given to the protection of key network assets. The firewall had a large number of rules configured and there was a chance that the assessment could not have been completed in the time available. By using Nipper Studio to automate the time consuming process of manually identifying issues, the tester was able to take a “step back”. With the help of a network diagram they determined that, although access to key assets was prevented from the Internet, there were no such restrictions in place to prevent access from an internal network area. The client was then able to add additional filtering to prevent access to the sensitive data held within those key assets. The client commented that none of the previous firewall assessments undertaken had identified this issue which when pointed out seemed obvious.

In conclusion, Portcullis use Nipper Studio to quickly identify potential security concerns arising from the configuration of network devices, in a way that provides those findings in formats that can be processed by scripts. The consultants save time, allowing more in-depth assessments even in environments were internet access is not permitted. These assessments take into account the environment in which a device will operate, allowing better (and more detailed) information to be provided to clients. Any technical team that have a need to review, assess or compare the configurations of firewalls, routers or switches would do well to consider Nipper Studio.

PenTest Magazine Publish a Dedicated Issue to Titania - Download Your Free Copy!

PenTest Magazine is the only magazine dedicated exclusively to penetration testing and offers technical advice, info, reviews and opinion to security auditing enthusiasts all over the world. After working with the publication for over a year, Titania has been given the unique opportunity to co-produce its own issue of the magazine. The majority of the content has been written by the Titania in house technical team with decades of penetration testing and network security experience between them.

Sign up for free, download your copy of the magazine and find out more about Titania, our products, free tools that we offer, expert technical and pen testing advice, exhibitions that we recommend, what our customers have to say and much more. 

UK Cyber Minister Mentions Titania in Annual Cyber Strategy Review

We were delighted to receive a mention in yesterday’s speech in Westminster by Cabinet Office Minister Francis Maude, in his annual review of the UK’s progress towards the objectives of the national Cyber Security Strategy.  

During his speech, the Minister announced the government’s new target for the UK to achieve £2 billion of cyber exports annually by 2016.

In doing so, he specifically mentioned Titania, a UK SME already supplying its cyber software to 50 countries, as an example of the type of company in “the industries of the future that can help the UK achieve strong lasting growth and compete and win in the global race.”

Andy Williams, Titania’s Head of Global Business, who also sits on the board of the UK’s public/private Cyber Growth Partnership, said: “We appreciate the government’s active support for UK cyber SMEs, from which we have already substantially benefited. As Titania continues to expand into new overseas markets, we look forward to increasing our contribution towards the UK’s achievement of what is an ambitious but eminently achievable target of £2 billion for cyber exports.”

The mention comes around 8 minutes in. 

For more stories about Titania, please visit our news & media page.

2014’s Cyber Threat Predictions

1. BYOD makes two of the prolific lists for cyber threats released for the year ahead. Grouped with Cloud services, this new technological development poses more and more of a risk to information security.

Experts recommend: If you can’t eliminate BYOD or Cloud, make sure to implement them early, correctly and where possible with clear boundaries to distinguish between personal and professional data.

Image ID: 913723 via www.sxc.hu 

2. Reputational damage is largely dependent on how efficient your incident-response plan is. Time and time again we hear that companies are more than likely to have already suffered an attack and not even know it. Not a day goes by without a hacking story surfacing in the news.  Improving the security defences are of course recommended but for companies that want to stay ahead there is some more advice:

Experts recommend: Once the damage is done, a good response time can make the difference between a company’s survival and its failure. Plus it’s not only the IT department that must take all the heat. Correlated efforts throughout the entire organization are necessary to mitigate the issues. Just look at the #RBSglitch or the BA promoted tweet incidents to see the damage that can be done.  

      3. Privacy and regulation mainly on the issue of data management. Companies storing and processing third party data is common practice, but under sub-contractors the safety of this data is not entirely clear until a breach occurs. Sadly, their security standards may not always be at the same level as yours.

     Experts recommend: A closer inspection of the subcontractors and clear guidelines on responsibility, obligations and legal roles in case of a breach.

       4. Cybercrime – This is quite a broad spectrum. Fast tech developments, isolated and under-invested IT departments, increased online hacktivism and regulatory frameworks that simply do not update fast enough, provide the perfect recipe for cybercrime.

    

     Experts recommend: Rapid progress does not only occur in the criminal world. The past 12 months have showed a great increase in sophisticated tools, cyber forensics, prevention mechanisms and improvements in response-protocols, which looks promising in terms of preventing and protecting against online attacks. So use these tools and evaluate and update your systems and defences to make the best use of these technological developments.

      5. The IoT (Internet of Things) is becoming quite visible in the media lately. Especially since Symantec reported a new worm targeting specifically IoT.  The Internet of Things is a concept which assigns physical objects virtual representations that would enable interaction without human interference.  The threats on PCs have plenty of negative implications that can affect life, work, play and finances, but the IoT takes it a step further and connects the virtual world with the real one.

   

     Experts recommend: Future concerns regarding the protection of these devices, and more research allocated into the development of IoT. As attackers test against different architectures, proving the intent for more targeted attacks, the physical harm potential looms closer.

      6. Malicious insider – predictions say that for 2014, companies should expect a significant number of data breaches to come from inside. Such attacks can go undetected and if discovered will rarely be heard of outside the organisation

      Experts recommend: Naming and shaming the attackers may be a good deterrent, but also knowing the data breach regulations and accountability rules is strongly recommended so that organisations that have fallen prey to intellectual theft property know how to proceed.

      7. Corporate auditing committee results can be costly if you haven’t carried out a proper risk assessment and implemented a cyber policy. This is because these committees not only consider the financial welfare of the organisation, but the connection between cyber security standards and the financial welfare of the company. The legal and reputational implications arising from that can involve protection against lawsuits questioning the level of cyber security that can be deemed “commercially reasonable”.

   

     Expert recommend: That the corporate board auditing committees need to decide who determines what “reasonable” cyber security standards is, who enforces it and what response procedure should be implemented.

Most of the forecasts for 2014 are not new. They’ve been reported in the media so much over the past year that cyber risks are not only keeping the InfoSec community up at night, but have now entered into the sphere of general public concern. What these predictions are however, are an exercise in learning from past mistakes, and considering the pace technology is developing, individuals and organizations need to learn fast. 

Titania Launch Their New Website

We are pleased to announce that this month, November 2013, Titania have launched a new website. Since opening its offices, nearly three years ago, Titania has gone from strength to strength every year, now trading in 50 countries worldwide and supplying high profile customers from the Financial, IT Security, Telecommunications and Government sectors. 

The new website has been created with our customers in mind. We wanted to make it easier for you to contact us, whether it’s reaching the appropriate technical support faster and more efficiently, or placing an order. The user interface has been redesigned, making it easier to navigate so it facilitates the management of your accounts with greater efficiency than ever before.

The Home Page offers quick, intuitive access to the most popular areas of our site, and convenient buttons for Nipper Studio and Paws Studio will direct you to our products where you can browse or purchase. Each tab contains further information, product specifications and literature to help you decide which solution is the best fit for your needs. Also don’t forget to have a look in our Free Toolspage where you can find useful programs to add to your auditing tool kit, free of charge.  In the About Us page you will find all you need to know about our ISO 9001:2008 quality certification, customers, partners and careers as well as our awards. From Russian and European prizes to the numerous awards from Computing Security Magazine, winning the prestigious Government Security Awards in Washington and being named as high-commended at this year’s UK IT Industry Awards; our software has achieved recognition within and across borders, as an industry leading network security tool.

In case you can’t find the information you require, the website Support section consists of comprehensive guides, FAQs, common compliance policies and query form that enable you to submit a question to our technical team instantly. Plus there is still a traditional Contact Us section, where you can reach us by email, post or telephone.

We have a fresh News & Media feature which brings you a live news feed, press releases, useful reviews and informative literature to let you know what we’ve been up to, where we have appeared in the media and the latest awards we have scooped.

If there’s anything that you would like to see, you have any thoughts on our new website or you would like to learn more about our company and products, please let us know at enquiries@titania.com. 

The Curious Case of BadBIOS

The latest story keeping cyber security experts awake at night is the existence of a super virus with the digital footprint of a ghost, discovered by a reputable researcher in software security.

Image ID: 1153286 via www.sxc.hu

In theory, most of the industry experts agree with Dragos Ruiu’s superbug – BadBIOS. In reality, he’s the only one to have experienced it. So it doesn’t come as a surprise that people are questioning the accuracy of his findings. The whole story started three years ago, when Ruiu was installing a new version of Apple OS X and his laptop started to update its BIOS, unprompted. His computers behaved strangely ever since, even when unplugged and with the Wi-Fi and Bluetooth being turned off. This led him to believe that the hidden virus – called BadBIOS due to the infection in the computer’s Basic Input/ Output System – can propagate on infected machines via ultrasound signals, from the speakers of one machine to the microphone of another. But it was only a month ago, when he first posted his findings on his Google+ account that the story picked up interest from media and peers alike.  

The tech community is in a bit of a twist over this new information and opinions are clearly split. Some believe that many reputable years in the industry, have driven him to paranoia; some believe he may be right, with governmental institutions having the capability of creating something as stealthy and high-tech as an undetectable malware, some believe that it’s nothing more than a publicity stunt.

Whilst even the sceptics agree that everything he’s pointing out is theoretically plausible, the question that seems to plague his research is: Is it real-life applicable?

The fact that no one else has stumbled across a copy of BadBIOS makes it difficult to believe its existence. When Stuxnet came out, it spread quickly and more importantly it came out for a reason. If BadBIOS does exist, what is the motivation behind it? And why is Dragos Ruiu the only one to find it?

The controversy remains high due to Ruiu’s status in the worldwide scientific community. He’s not an ordinary security geek, but the man behind CanSecWest, PacSex and the creator of Pwn2Own hacking contest. Now, it seems, he is also the sole identifier of this invisible, untraceable bug, which deletes any evidence of its existence.

However, even if this newly sparked interest may only be the Twitter hashtag of today, peers agree that Ruiu’s findings can happen given the right circumstances, resources and motivations. So even if there’s nothing there yet, it has made researches pay attention to something that may not be merely science fiction after all. 

Titania are Pleased to Announce they are a UK Government Supplier after Approval Through New Pilot Scheme

The UK Cyber Growth Partnership (CGP), which brings together government and industry leaders to develop initiatives aimed at growing the UK’s cyber security industry, is running a pilot scheme to enable companies to promote their status as suppliers of cyber security solutions to UK government.

After successfully completing the application process, we are very pleased to announce that Titania has been named as one of the first suppliers in the pilot scheme to be allowed to publicise that it is a cyber security supplier to UK government.

We already promote the fact that we are an international company exporting to 50 countries, and that our software is used extensively across U.S. government departments and agencies. However, we are delighted that we can now also promote the fact that our network security and compliance audit software is used by UK government. Ian Whiting, Titania’s CEO, said: “We are committed to supporting the aims and activities of the UK Cyber Growth Partnership.  The ability to promote the fact that we supply to UK government will be of great benefit to us in reinforcing our credentials as an international supplier of cyber security solutions to government and business.”

Survey Reveals 96% of Businesses Don’t Think They Are Adequately Prepared for a Cyber Attack, Are You?

The information security community will not be surprised by news reported today by the Telegraph revealing that cyber-attacks are the primary threat to UK businesses. No longer a case of if businesses will be attacked but when, the realisation is a big concern to industry.

A recent survey by EY shows that a massive 96% of UK businesses fear that their security would not be strong enough to withstand an attack. The main hurdles highlighted by the 1,900 senior executives surveyed are budget restraints (69%), lack of skilled resources (66%) and a lack of executive awareness and support (28%) .

With 66% saying they have seen a 5% increase in security incidents this year, Mark Brown, Information Security Editor at EY said,

“Organisations must undertake more proactive thinking, with tone-from-the-top support. Greater emphasis on improving employee awareness, increasing budgets and devoting more resources to innovating security solutions is needed."

(image downloaded from www.sxc.hu image ID:806151)  

Titania’s Advice

A combination of scanning tools, manual audits and configuration analysis tools can help overcome some security issues and achieve a greater depth of security. Configuration analysis tools, such as Nipper Studio, produce vulnerability audits that are much more detailed than a scanner can achieve. They analyse the devices from the inside, looking at the way the device is actually configured. This helps to maintain an expert level of network security surveillance between manual audits, reducing the risk of breaches and the potential time and costs associated. 

Titania Announced as Finalist in The Birmingham Post Awards for Manufacturing

Worcestershire based developers of security and compliance auditing software, Titania have been shortlisted for the regional Birmingham Post Awards in manufacturing. The awards have been set up to recognise the diversity and success of businesses in the West Midlands.

The award category criteria consider the company’s growth, innovation and the involvement and impact the company is having on the West Midlands region. Titania, having only opened offices in December 2010, now supply their security and compliance auditing tools to over 45 countries worldwide to organisations in the telecommunications, IT security services and financial industries to name a few. A large proportion of business is also with Government Department especially in the U.S. which the company won a Government Security Award for earlier on in the year. However although their client base is largely international they run operations from their offices in Worcester and plan to continue here for the foreseeable future.

Ian Whiting, Titania CEO, said, ‘As well as generating revenue and bringing about jobs through continuing expansion, we work very closely with organisations such as the Worcestershire LEP,Malvern Cyber Security Cluster and the e-skills project to promote the area as a technology hub and to encourage professionals to choose to live and work in the region. We are very pleased to have been recognised by the Birmingham Post for our innovation in manufacturing and our dedication in supporting the region.’

The winners of the awards will be announced at the ceremony held at Edgbaston Stadium on the 17thOctober 2013. For more information about the awards and to book seats to their website.

Vote for Titania in the Computing Security Awards 2013!

Thanks to your votes we have been made finalists in 5 categories. Now the votes have been put back to 0 and the voting has opened again to decide the winners.

We would be really grateful if you would vote for Titania and Nipper Studio in one or all of the following categories:

- Network Security Solution of the Year
- SME Security Solution of the Year
- Enterprise Security Solution of the Year
- Security Company of the Year

Additionally Ian Whiting, Titania CEO and creator of Nipper Studio has been nominated for the Personal Contribution of IT Security Award.

To vote for Titania, Nipper Studio and Ian just go to www.computingsecurityawards.co.uk . Select ‘vote now’ on the left hand side and choose from the drop down menu for each category.

Voting closes on the 9^th of October 2013.

Thanks to everyone for your support!

From the Titania Team

Nominate Titania for the Computing Security Awards 2013

The Computing Security Awards 2013 are open for nominations, thanks to everyone’s votes last year we were made finalists in 5 categories and won 2 awards for our Nipper Studio auditing tool!

We would be extremely grateful if you would help us become finalists again by nominating Titania and Nipper Studio in one or all of the following categories:

Network Security Solution of the Year

SME Security Solution of the Year

Enterprise Security Solution of the Year

Security Company of the Year

It only takes a few minutes to nominate by going to http://www.computingsecurityawards.co.uk/ and clicking ‘Nominate Now’.

Nominations close on the 29th of July, we will announce if we have become finalists then!If you would like to give Nipper Studio a go before nominating then please go to our website for your free trial.

Thank you very much for your support.

From the Titania Team

Nipper Studio Named Network Security Solution and Enterprise Security Solution of the Year

Titania and their network security auditing tool Nipper Studio, were announced as the winners in two categories at the Computing Security Awards 2012.

The Computing Security Awards 2012 were held at the Grand Connaught Rooms in Covent Garden on Thursday the 8^th of November. Organisers set up the awards to recognise the products, services and companies that have been the most impressive at protecting organisations from IT security threats. Now in their third year the awards have become well known within the industry and are widely acclaimed.

Representatives from Worcestershire cyber security company Titania travelled to London on Thursday evening to attend the awards ceremony having been made finalists in five categories. The small business was up against some very large international organisations such as Fortinet and WatchGuard but still took home the awards for Network Security Solution of the Year and the Enterprise Security Solution of the Year. Titania also received the runner up award in the SME Security Solution of the Year category, proving that small companies with innovative products can succeed in the cyber industry.

Ian Whiting, Titania CEO, said, ‘We are so pleased to have won two Computing Security Awards. Everyone in the company has worked extremely hard to make our products some of the best in the industry and it is an honour to gain this recognition from our customers and industry peers.’
Before travelling to London Mr Whiting had delivered a presentation at the Malvern Festival of Innovation titled ‘Cresting the Cyber Wave.’ He discussed the innovative steps that Titania have taken in order to grow the company, and offered advice to start-up companies looking to achieve success in the lucrative industry of cyber security.

‘The Festival of Innovation was a brilliantly inspiring event and demonstrated just how much innovation there is out there. I was very pleased to been invited to speak by the organisers KeyIQ. Receiving the awards that same evening was a great end to a very successful day for the company. Next year we are planning to take on more staff and expand our offices yet again, this will be the fourth time in two years. As a company we are very excited for the future,’ said Mr Whiting.

For more information about previous and future events and awards please contact Ruth Inglis.
Ruth Inglis- Marketing Manager Titania Ltd - Email: ruth.inglis@titania.com Tel: 01905 888785
Go to www.titania.com for more information

Paws Studio Intelligent Compliance Auditing

Titania’s new compliance auditing tool, Paws Studio, is now available! After a period of in house and beta testing our professional auditor for workstations and servers can be evaluated for free on our website.

With Paws Studio you can:

1.       Perform compliance audits through either remote network auditing or manual access to the audit data in secure environments

2.       Produce advanced and easy to action reports with comprehensive summaries

3.       Audit against pre-defined policies such as PCI, NSA, STIG and NERC

4.       Define your own customised policy to suit your organisation

PLUS… Paws Studio is fully scriptable so can be written into your current processes.

For more information and for a free trial go to the Titania website www.titania-security.com

Vote for Titania-Nipper Studio for your Chance to Win £100 worth of Amazon Vouchers or $1000 worth of Nipper Studio Software!

Titania are proud to have been made finalists in the prestigious Computing Security Awards 2012 in several categories. The winners will be decided by public vote and we need your help!

Go to Computer Security Awards and select Titania-Nipper Studio from one or all of the following categories:

• Network Security Solution of the Year
• SME Security Solution of the Year
• Enterprise Security Solution of the Year
• Security Company of the Year

Voting closes on the 29^th of October 2012.

To be entered into the prize draw forward your confirmation e-mail to ruth.inglis@titania.com
Please put ‘Nipper’ or ‘Amazon’ as your email subject title if you have a preference of prize. Winners will be announced at the end of the month.

Thank you very much for your support and good luck!

Vote for us!