1. Better decision making with integrated, end-to-end business intelligence ( BI )

2. Improved performance from both IT and human assets

3. Improved security

4. Increased developer productivity

5. Lower overall costs

Organizations are increasingly looking for ways to lower their IT infrastructure and IT management costs while improving employee access to the right information enabling them to make strong decisions at the right time. Through the efficient use of business intelligence solutions based on SQL Server features such as Analysis Services, data mining, Integration Services, Notification Services, and Reporting Services, decision makers can unlock the business secrets that might enable their success. By using SQL Server together with tools such as Microsoft Office Business Scorecard Manager, your customers can gain a broad view of their opportunities, enabling them to understand their challenges better, effectively shape solutions, and quickly act on their objectives. As you know, decision-making happens across all levels of an organization, and empowering employees with powerful business intelligence solutions can help them make a greater impact on the bottom line.

SQL Server 2005 provides the power and the tools demanded by today’s strategic decision makers at a fraction of the cost of the competition. Because SQL Server’s reputation for having the industry’s lowest costs is well known, many organizations have considered moving away from Oracle. However, for many years, SQL Server, while extremely powerful, could not match Oracle’s scalability. Many customers felt they had little alternative but to remain with Oracle—that is until now.
SQL Server 2005 has reached feature parity with Oracle, even in high-end capabilities, while retaining the lowest costs in the industry. It has become the preferred solution for customers deploying business intelligence applications on the Microsoft Windows platform. It includes numerous features, such as enhanced BI, security, and scalability capabilities, that are expensive add-ons for Oracle customers. Microsoft has been able to match Oracle technology while providing the best value for the mid-sized organization.

Because databases are typically critical and costly IT assets, they often serve as a focal point for efforts to cut costs and improve efficiency. Oracle has long held the reputation of being the most powerful database available, but it also has a well-earned reputation for being extremely expensive. Beyond the obvious cost savings, the tight integration between SQL Server 2005 and Visual Studio 2005 embodies and advances the trend towards data-driven application development. More and more Web sites, for example, dynamically present content based on a variety of factors such as user interests. This new world of development demands a fundamental alteration in how database administrators and developers interact with databases and with each other.

So SQL Server is the right alternative to Oracle not just for the obvious reasons of cost and high-end capabilities but because it is the embodiment of a new development paradigm that will enable the creation of substantially more powerful applications with less time, effort, and cost.

The demands of an always-on work environment that spans geographies and time zones is ever-increasing the pressures on IT departments to provide rich, connected capabilities across the infrastructure, while protecting both the environment and its confidential data from intrusion and disruption. The infrastructure optimization process helps organizations transform their IT infrastructures into strategic assets, reducing system complexity and providing greater operational flexibility. As a result, IT managers are able to:

Control costs:
Reduce hardware, utility, and space expenses for data-center operations
Reduce application compatibility testing for major deployments
Reduce training expenses and free up costly IT personnel forhigher-value use
Increase system uniformity, to avoid conflicts and accelerateproblem resolution
Prevent security breaches and subsequent clean-up efforts
Reduce remote site visits in branch operations

Improve service levels:
Reduce service interruptions from security breaches
Maintain a robust disaster recovery process, to avoid service interruptions and speed recovery
Avoid desktop configuration conflicts and accelerate help-desk resolution
Quarantine out-of-compliance remote systems and legacy line-of-business (LOB) applications

Drive agility:
Increase flexibility and ability to adapt to changing business conditions
Rapidly provision new capabilities
Dynamically assign resources to demanding workloads in near real time
Employ zero-touch self-provisioning and automatic configuration
Streamline and accelerate software deployment

The vision of infrastructure optimization is to help customers realize the value of their investments in IT infrastructure, to make the IT infrastructure a strategic asset that supports agility within their organizations, and ultimately to help customers create an infrastructure for a people-ready business.

For more information about how your business can benefit from the infrastructure optimization process, contact Digital Reach!

Internet attackers looking for ways to compromise a growing number of computers have brought back SQL Injection.  Researchers are noticing a growing number of websites that have been compromised by a mass SQL Injection that take advantage of weak website apps and then use those sites as a launch pad to infect their website visitors with malware.  The concern is that there are a number of sites on the web that are vulnerable to an attack of this nature.  The attackers can access easily and quickly find new targets to attack.

The Asprox Trojan is an example of this SQL Injection.  Researchers have observed it being distributed by a spam botnet.  This trojan is related to a password-stealing trojan known as Danmec. The infected PC will download a binary that searches Google for websites that contain specific search terms and launch a SQL Injection attack on those sites.

Read more here: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1314697,00.html

Protect your companies computers with Digital Reach Managed Services. 

The Abobe Flash Player has a zero day defect that is currently being targeted by attackers across the world who have set up over 200,000 webpages for exploitation of the defect.  The vulnerability could be exploited to cause a denial of service ( DOS ) situation.  It is reported that Adobe Flash Player 9.0.115.0 and 9.0.124.0 are at risk.  The defect occurs when the flash player tries to process a harmful swf file.  Symantec and McAfee are reporting that different exploits are crafted to exploit the different versions of Adobe Flash and that the exploits exist for both IE and Firefox.  Users should visit www.adobe.com to download the latest version of the Adobe Flash Player to protect themselves from this attack.

Digital Reach, Inc. delivers IT solutions designed to help your business perform more efficiently and with more productivity.  Learn more about Digital Reach.

Core Security Technologies today announced that it has been chosen by the Data Protection Summit as a Best of Show awards winner for 2008 in the category of Most Innovative Data Protection Technology for CORE IMPACT, the most comprehensive product for performing enterprise security assurance testing.

The second annual Best of Show awards is the premier opportunity for industry recognition of innovative technology and how it is being used in the marketplace. Winning companies were judged by a panel of industry experts who evaluated each nomination according to the following criteria:

Distinctiveness of the application, technology or product
Central use of data protection as a solution
Technical and business significance

“The Data Protection Summit Innovation Award for Technology recognizes a company whose products and services have raised the bar for data protection,” said Jay Kramer, vice president of worldwide marketing, iStor Networks, and chairperson of the Data Protection Summit Awards Committee. “The Data Protection Summit is proud to recognize CORE IMPACT from Core Security Technologies as a solution that encompasses data protection innovation and makes a real difference in the marketplace today.”

Core Security Technologies, based in Boston, Mass., is the leading provider of enterprise security assurance testing software. Its product, CORE IMPACT, gives organizations visibility into critical information security weaknesses across network systems, end-user systems and web applications. By pinpointing exploitable vulnerabilities, IMPACT enables customers to regularly evaluate the effectiveness of their defensive infrastructure and end-user security policies. The product generates clear, actionable test reports that detail proven vulnerabilities, possible fixes and other information valuable to improving an organization’s overall security posture.

“Companies are losing the battle when it comes to protecting critical data assets, since they are often unable to view their information security from the perspective of attackers,” said Fred Pinkett, vice president of product management at Core Security Technologies. “Many businesses are now addressing this problem by using penetration testing products such as CORE IMPACT to evaluate their ability to detect, prevent and respond to security threats. We are pleased to receive this honor from the Data Protection Summit, and we are glad it recognizes our innovation as a step forward in enterprise information security.”

The Best of Show winners were honored during a special ceremony at the Data Protection Summit on Wednesday,
March 12.

Contact Digital Reach to discuss your CORE IMPACT implementation.

 Security experts are warning computer users to beware of malware attacks timed to coincide with April Fool’s Day, noting that the keepers of the Storm Trojan have already launched such attacks.

Source: SearchSecurity.com | Information Security Magazine

Researchers at Helsinki-based F-Secure Corp. said in the company blog that a new wave of April Fool’s Day-related Storm mails were spammed out late Monday with a link that points to an IP address. Subject lines carry such messages as “All Fools’ Day,” Doh! April Fool” and “Surprise! The joke’s on you.”

There appears to be no text in the messages, only the URL that, if clicked, downloads executable files with such names as “foolsday.exe” and “kickme.exe.” The files carry the Storm Trojan.

“Virus coverage is poor with the samples we’ve captured, but we’re working with the antivirus vendors to improve that,” Stephen Hall, a handler at the Bethesda, Md.-based SANS Internet Storm Center (ISC), said in a message on the SANS ISC blog.

In a follow-up message on the ISC site, handler Joel Esler reminded people to be aware of this and other April Fool’s tricks.

Controllers of the Storm botnet have a history of using holidays such as Valentine’s Day and news events such as a wave of storms that swept across Europe several months ago to dupe people into opening infected emails.

Meanwhile, victims falling pray to the Pushdo Trojan aren’t finding any love. Sunnyvale, Calif.-based network security vendor, Fortinet has been tracking the Pushdo, which continues to spread as a result of a successful eCard spam campaign. The eCard touts nude photographs, random female names and a fake link to relationship sites.

If the victim opens an attachment in the email, “Pushdo.EV cycles through various IP’s in an attempt to establish an HTTP session where it will download a rootkit component,” Fortinet said in its March threat report. The Pushdo botnet is growing larger and gaining in activity, according to Fortinet security research engineer Derek Manky.

Source: www.widespreadpr.com

This month a serious data breach occured at the Hannaford Bros. supermarket chain which exposed 4+ million credit and debit card numbers to ID theft.  The company explained via a release on their website that the company had detected an intrusion of its computer network that resulted in the theft of customer credit and debit card numbers.

The incident, which occured around Feb. 27th, is very similar to the security breach at Framingham TJX Companies that affected 94 million credit card holders.

The Hannaford breach happened despite investments made to bolster security in the last couple years. As part of its PCI DSS compliance measures, for example, the company worked with its checkout counter computer software vendor to enhance encryption and eliminate some of the credit card data that had been stored. The fact that a breach occurred anyway illustrated the need for companies to create an advance response plan.

Are your systems protected from outside attackers? 

How to determine if I have the Storm Worm?
How to determine if my email is infected with the Storm Worm? 

The Storm Worm ( a botnet of infected computers that feeds off unprotected users to strengthen its network ) may arrive in an email with one of the common subject lines listed below: ( see below that for a list of attachment filenames to avoid )

Original Source: Snopes.com

Email Subject Lines:

ATTN!
Spyware Alert!
Spyware Detected!
Trojan Alert!
Trojan Detected!
Virus Activity Detected!
Virus Alert!
Virus Detected!
Warning!
Worm Activity Detected!
230 dead as storm batters Europe.
A killer at 11, he’s free at 21 and…
British Muslims Genocide
Naked teens attack home director.
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
Russian missle shot down Chinese satellite
Russian missle shot down USA aircraft
Russian missle shot down USA satellite
Chinese missile shot down USA aircraft
Chinese missile shot down USA satellite
Sadam Hussein alive!
Sadam Hussein safe and sound!
Radical Muslim drinking enemies’ blood.
U.S. Southwest braces for another winter blast. More then 1000 people are dead.
Venezuelan leader: “Let’s the War beginning”.
Hugo Chavez dead.
President of Russia Putin dead.
Third World War just have started!.
The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!.
The commander of a U.S. nuclear submarine lunch the rocket by mistake..
First Nuclear Act of Terrorism!.
So in Love
Happy World Religion Day!
Most Beautiful Girl
Someone at Last
I Believe
The Dance of Love
The Miracle of Love
All For You
Vacation Love
I am Complete
Wrapped Up
Moonlit Waterfall
A Little (sex) Card
A Special Kiss
Hugging My Pillow
Safe and Sound
You’re Soo kissable
A Romantic Place
Breakfast in Bed Coupon
For You
I Love You So
Want to Meet?
We Are Different
We Have Walked
You Asked Me Why

The attachment filename may be any of the following:

Full Clip.exe
Full Story.exe
Read More.exe
Video.exe
Full Video.exe
Full Text.exe
Flash Postcard.exe

Nugache is a worm that has actually been around longer than Storm.  The Storm Worm is one of the worst botnets on the net but Nugache could take its place.  Researchers report that Nugache has been revised and updated to make it more powerful…perhaps even more powerful than Storm.

Both Nugache and Storm are botnets.  That means they are made up of networks of infected computers that work together to distribute spam to millions of users.  These networks are then bought by spammers to distribute spam email like mortgage offers, performance enhancing drugs, pump-and-dump stocks and ecards. 

The problem is these networks could just as easily mail out a keylogger program that would record items like your login to your bank or credit card number entered in at an ecommerce site.  The keylogger program would then send that back to the botnet creator to be sold.

Are you protected?  Contact Digital Reach and let us protect your network!

The Stration Worm, found mostly in SPAM, could pose a real threat given the potential its creators could unleash.

Security vendors are rating the Stration Worm ( also known as Warezov, Stration and Stratio ) as a low risk infection but admit that the worm is difficult to work with. 

The malware is a virus spread via mass-email and infects machines running Windows.  The infected computer, usually infected due to opening an attachment via email from a spam message, then sends itself out again to other email addresses located in the host computer’s contact list. 

The tricky part is the code is capable of downloading new versions of itself as frequently as every 30 minutes from a batch of websites on the Internet.  The new versions are created by the creator of the original hacker.  This new way is more difficult to identify and solve because the code resides on host computers that can be altered to stay ahead of the virus protection efforts.

Sample Email Subject: “This is not shown on TV.” with attachment: picture0000.zip.

This leading email worm is certainly something to watch.

Are you protected?

Related:
http://antivirus.about.com/od/virusdescriptions/p/stration.htm

http://www.spywareguide.com/product_show.php?id=3108

http://www.sophos.com/security/analyses/w32strationx.html