Category Archives: Uncategorized

Cicada Security Technology Inc. Delivers Technology to Eliminate Data Exposure from Computer Theft or Tamper

Preventing the Next Big Data Breach by Closing the Security Blind Spot Exploited by Manning and Snowden

Cicada – Live Protection of Data Against Risk Caused By Theft and Tamper

The Cicada represents the type of technology which addresses real capability gaps not only found in federal civil agencies, but also across the Department of Defense and the Intelligence Community.

Montreal, Québec (PRWEB) August 09, 2013

Bradley Manning and Edward Snowden made headlines recently when the world became aware that a significant amount of classified material had been stolen, seemingly without effort or detection. According to Ryk Edelstein, the CEO of Cicada Security Technology Inc., this was entirely preventable with an affordable technology called Cicada. The Cicada is the first commercially available product to protect a computer and data against physical threat, including attempted theft or tamper. The Cicada can even be integrated as an enabling technology with authentication, encryption or asset recovery technologies from other vendors to create a new class of physical threat aware security products.

With the growing trend towards the reduction of office space, both the public and private sectors are faced with millions of telecommuters whose computers no longer have the security afforded by an office environment. According to Dr. Thomas A. Cellucci, former Chief Commercialization Officer of the U.S. Department of Homeland Security, “The Cicada represents the type of technology which addresses real capability gaps not only found in federal civil agencies, but also across the Department of Defense and the Intelligence Community.”

Cicada Security Technology Inc. is a Montreal, Québec based developer of innovative security solutions engineered to protect computers, tablets and intelligent mobile devices and their data against vulnerabilities posed by theft or tamper.

# # #

If you would like more information about this topic, please contact Diane Schrenk of Schrenk PR at 866-624-4460 or email press(at)cicadasecurity(dot)com

More on security training

On July 18, 2012, CSO magazine published an article by Dave Aitel of Immunity in their Security and Risks newsletter, titled ‘Why you shouldn’t train employees for security awareness’. In this article, Mr. Aitel presents an argument that security training, despite being deemed by many as best practice, is flawed, and should not be considered a reliable level of defense against vulnerabilities. It is clear that his premise is that the security practices which are deployed should provide sufficient protection against vulnerabilities posed by users, and all levels of threat.

The argument for the development of security policies and practices which are not susceptible to human error is valid, but does not preclude the need for security training and awareness by users of secure resources. As could be expected, the polar views presented by Mr. Aitel have established him as a lightning rod for some very harsh criticism in the comments section following the article. In fact, those participating in commenting the article have even gone to the effort of publishing an animated parody of the article and the comments in an Xtranormal video.

There is no doubt that the security community has strong feelings about those who issue a polarized statement as fact, as is demonstrated by this article. It is our position that there is no black or white in security, merely varying shades of gray, where no single principle can be applied to all environments. In the case of Mr. Aitel’s article, to state that security awareness training is unimportant and that robust system security is the best practice, is naïve and delivers the wrong message. Each IT environment has its own specific requirements, and best practice would dictate that security awareness training should be a component of any properly developed security policy. Of course, the amount and type of training will be subjective to the specific needs of the organization.

In developing the Cicada, we considered such concerns as human error, usage compliance, security education, and technical vulnerabilities, and engineered a solution which we believe provides valuable security against physical threat while not posing an imposition on the user. We also defined a usage model where the actions to protect the system were simple, required a minimum amount of training, and were not subject to human error.

Having worked with a broad range of security technologies, it is understood that any process which is complicated, and causes impedance to the users common work habits will be circumvented or ignored. The best solutions are those which impose the least inconvenience and are not susceptible to human error. Yet, despite the apparent simplicity of this concept, developing valuable security solutions which in fact achieve this balance are relatively complex to build. We are proud to say, we believe that the Cicada provides a high level of value, with limited susceptibility to human error, on a platform which is easy to use.

Encryption – guess again

And how difficult is it to break into your Google account if you leave your laptop open and lying about?

How to handle a security breach

One of the most common methods to breach data that is supposed to be kept secure is the theft or loss of the physical assets containing secure data. All too often people leave portable computers, mobile devices and the like open and accessible for just about anyone. Claudiu Popa writes a simple five-step guide on what to do if and when you suspect privacy has been is breached.

Needless to say one extremely easy method to prevent privacy breaches is the use of Cicada Security Technology on all your computing devices.

Expanding the vision of security – -The importance of gaining visibility to physical threat.

Mention physical security to an IT professional, chances are that the first thing they will think of is a laptop cable restraint device. The cable lock, an industry standard for the protection of mobile computing assets is a dumb device which often is left in the bag, and rarely if ever used, despite company policy or best practice.

This device gets little respect from both users and asset administrators, as users find it cumbersome, and admins know it provides limited protection. But what if physical security was intelligent? And its usage and security policy could be audited, and it had the intelligence to detect physical threat in real time, and were able to invoke deterrent and protective actions? The value of physical security would have a whole new set of values.

Recognizing the value intelligent physical security Cicada Security Technology Inc., A Montreal based company, developed a platform independent USB based physical security device designed to identify threat, and invoke protective actions on the host computer. Using a policy based model, the Cicada can be configured to operate non-invasively to common user work habits, and monitors multiple environmental triggers for deviations from the administrator defined thresholds. Initially devices as a means to protect assets from theft, it soon became evident that the technology had a much greater value for the protection of confidential data, and as an enabling technology for other end point security platforms.

Once triggered, the Cicada invokes user defined protective actions which can include locking the host to the operating login screen, activating a siren on both the device and the host, dismounting an encrypted volume, and in more extreme cases, brick the host, or even destroy cryptographic keys. As can be imagined, as the protective action occurs the moment the threat is detected, and any information stored on, or is accessible from the active host is instantly protected, and the possibility of exposure of confidential information is minimized.

The prospect of adding the ability to audit the presence and status of an intelligent physical security technology opens up a whole new aspect of security where usage compliance can now be validated and enforced both at the local level, as well as at the security perimeter. When connecting remotely to a trusted environment, an external device can now be validated for compliance to the prescribed security policy, including the status of the physical security on the device. Considering the value to enterprise, and environments deploying federated identity gateways, the value is truly significant.

Additional applications of intelligent physical threat detection technology can be applied to the protection of kiosk based computing platforms such as automated teller or gaming systems where in the event of physical disturbance, latent transaction data can be flushed, or crypto keys can be purged rendering the memory of these devices void of any valuable or usable data.

Our Technology

Cicada has been developed to protect portable computing devices from theft or tamper in real world work environments. Designed to adapt to the way you work, Cicada provides the most effective real-time protection.

As an active theft and tamper trigger, Cicada provides strong value to vendors of encryption technologies by offering their clients the ability to add a reactive security system as a means to enhance content level security.

Presidium provides application specific, long shelf life asset protection that can be integrated in to a diverse range of assets. Based on the Presidium security controller, protected assets are covered against theft for up to three years, eliminating the need for periodic maintenance.

Engineered to operate in any country, Presidium can exchange information over any telecommunication network to provide accurate asset location data using NEMA standard geo-positioning data.