Data Center is our focus

We help to build, access and manage your datacenter and server rooms

Structure Cabling

We help structure your cabling, Fiber Optic, UTP, STP and Electrical.

Get ready to the #Cloud

Start your Hyper Converged Infrastructure.

Monitor your infrastructures

Monitor your hardware, software, network (ITOM), maintain your ITSM service .

Our Great People

Great team to support happy customers.

Saturday, May 17, 2014

Mobile security management dan BYOD



IT Best Practices Alert By Linda Musthaler, Network World
January 31, 2014 09:44 AM ET
Linda Musthaler
Sponsored by:
Network World - Many IT professionals agree that BYOD promotes end user productivity and satisfaction. If it weren’t for a little thing called “security,” BYOD would probably be much more widely embraced than it is.
In an April 2013 survey of the Information Security Community of LinkedIn, only about 20% of the 1,600 respondents say that privately owned devices are widely in use and supported by a BYOD policy at their organizations. On the other hand, Microsoft says that 67% of people use their personal devices at work, regardless of the company’s official policy on BYOD. That’s a pretty big gap between officially sanctioned and reality — and that gap puts corporate data and applications at risk.
As reported in the Cisco 2014 Annual Security Report, criminals are exploiting the mobility aspect of BYOD by using wireless channels to eavesdrop and gain access to data being exchanged through those channels. What’s more, mobile malware is becoming a big problem, especially for devices utilizing the Android OS. Cisco says that 99% of the malware it analyzed in the past year is directed at Android devices.
Just where does all that mobile malware come from? All the apps we can’t resist downloading. Even apps that appear to be legitimate can be fake versions designed to spread malware. For instance, there are numerous counterfeit versions of the Netflix mobile app that are primed to inject malware onto smart phones and tablets.
There is a new entrant in the mobile security market designed to address the two pain points of risky apps on users’ devices and unsecured wireless networks. Marble Security offers what looks to be a well rounded mobile security management solution that dynamically adapts to threats in real time while also providing essential device and app management features.
Marble’s cloud-based service is comprised of three sets of capabilities:

• Mobile Security Management (MSM)
• Mobile App Management (MAM)
• Mobile Device Management (MDM)

Marble’s MDM capabilities are fairly standard: enforce password and encryption requirements; remotely lock and wipe devices; control device functions such as the camera or Bluetooth; set policies for geo-fencing.
The MAM capabilities are also similar to other vendors’ offerings: push corporate apps to employees’ devices; remove apps as necessary when people leave the company or the device is lost; provide an enterprise app store for required or recommended apps.
It’s the MSM capabilities that tell the real story. The MSM capabilities are anchored by the Marble Threat Labs, an internal research group that analyzes tens of thousands of mobile apps a day to understand their behaviors. These apps are run in an instrumented kernel in a sandbox to see what they do and what behaviors they exhibit.
For example, does an app collect information from the device’s contacts list and send it to a malicious server? Does the app read all of the SMS messages on the phone? Marble Threat Labs has learned that 9% of the apps it analyzes redirect SMS messages off the device. Another 10% of apps read all of the device owner’s phone messages.
Since there aren’t legitimate reasons for apps to behave this way, the apps are deemed as high risk. Their use on the enterprise network can be controlled via policy in the MSM console. Rather than blacklisting an app by name, which can get cumbersome to maintain, you can identify app behavior that is not permitted; for example, “do not allow devices on our network if they contain apps that read the SMS messages.”
Marble continuously establishes risk scores in real time for each user, device, app and network connection based on criteria set by the enterprise. Marble uses Big Data analysis to correlate and assess all of these parameters. This aids in setting risk-based access control, making it possible to restrict access to enterprise networks, applications and data whenever risk thresholds exceed levels set by administrators.
Unknown or unprotected wireless networks can pose a risk, too. Some users connect to 10 or more networks – at work, at home, in the coffee shop, at the airport, etc. – and IT only controls one of those networks. To resolve this problem, the Marble Network is a secure, hosted VPN that isolates users from network attacks and provides encrypted communications between enterprise applications and cloud services.
Marble Messenger is another feature that may appeal to highly regulated industries such as healthcare and financial services. This is a secure messaging service that encrypts messages end-to-end and attachments, too. For example, two doctors can be communicating about a patient’s care, even including photos of, say, the patient’s wound. Ordinary SMS text would be a violation of HIPAA, but Marble Messenger ensures the messages and attachments are all encrypted and private. The data from the conversation is not stored on the local devices but rather on the Marble servers. An administrator can set policies for how long the messages and attachments are to be stored, if at all.
The Marble solution includes other security features as well: a private DNS service; DNS blacklisting; URL and IP address blacklisting; jail-break jammer detection; and malware and privacy protection. Marble Security’s solution is comprehensive and focused on securing enterprise data and applications in a BYOD environment.
Linda Musthaler (LMusthaler@essential-iws.com) is a Principal Analyst with Essential Solutions Corp. which researches the practical value of information technology and how it can make individual workers and entire organizations more productive.  Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.  

Kini saat yang tepat menjadi ahli Cyberscurity


Network World - This is a great time to consider a new career as a cybersecurity professional. According to CIO magazine, experts in cybersecurity are among the most sought-after professionals in the tech sector, with demand for workers in that field outpacing other IT jobs by a wide margin.
According to a recent report from Burning Glass Technologies, the demand for cybersecurity professionals has grown more than 3.5 times faster than the demand for other IT jobs over the past five years and more than 12 times faster than the demand for all other non-IT jobs. Current staffing shortages are estimated between 20,000 and 40,000 and are expected to continue for years to come.
In a recent Network World blog post, John Oltsik of The Enterprise Strategy Group (ESG) confirms the severe shortage of skilled people in this field. ESG just completed a survey on 2014 IT spending intentions, and results show that 42% of responding organizations intend to increase headcount in information security. This is the highest percentage of all IT skillsets in demand.  
Moreover, 25% of all organizations surveyed claim to have a “problematic shortage” of information security skills. The shortage is especially acute in the government, manufacturing, financial services, retail/wholesale, and healthcare industries. This is not surprising, given the vast amount of sensitive (and monetizable) data in those organizations, and the high regulatory pressure to secure that data.
(For more insight from Oltsik on this topic, also see What CISOs can do about the cybersecurity skills shortage and Cybersecurity Skills Haves and Have Nots.)
As the law of supply and demand dictates, people with good cybersecurity skills have great earning potential. A new survey by Semper Secure, a public-private partnership in Virginia formed to advance the cybersecurity profession, reports the average salary for U.S. security professionals to be $116,000, or approximately $55 per hour. That's nearly three times the national median income for full-time wage and salary workers, according to the Bureau of Labor Statistics.
Of course, salaries vary according to skills, experience, geographic location and employer, but even junior level cybersecurity professionals can earn good pay. Here are just three examples of compensation from the Cyber Security Salary Calculator:
• Deputy CIO/CISO/CTO
o 15 to 19 years of experience
o Metropolitan Washington, DC area
o Doctorate or Post-Doctorate degree
o Five or more relevant certifications
o Average salary: $142,826

• Mid-Level Cybersecurity Manager
o 5 to 9 years of experience
o California
o Bachelor’s degree
o Two relevant certifications
o Average salary: $111,529

• Junior Level Non-IT Management professional
o Less than 1 year of experience
o Minnesota
o Associate’s degree
o No relevant certifications
o Average salary: $91,124

When it comes to professional certifications, the most popular (in terms of what people hold, not what employers demand) are:
• CISSP: Certified Information Systems Security Professional issued by (ISC)2
• CCNP Security: Cisco Certified Network Professional Security issued by Cisco Corporation
• CEH: Certified Ethical Hacker issued by EC-Council

If you already have some entry-level skills and want to find a job in the cybersecurity field, consider participating in the first National Cybersecurity Career Fair (NCCF) presented by Cyber Aces. Taking place June 18 and 19, 2014, NCCF is an innovative virtual meeting place for the top cybersecurity employers and cybersecurity jobseekers in the United States. The purpose of this event is to bring people and employers together in a virtual meeting setting in order to help fill some of the many open cybersecurity positions all across the country. The career fair is co-sponsored by SANS Institute, the US Cyber Challenge, the Council on Cyber Security, the Center for Internet Security and SC Magazine.
There is no cost for individuals to participate; you simply need to register and provide a profile of your work experience and upload a resume.
Though the career fair spans two days, you can come and go for the activities you choose to attend.  The main page of the website will direct you into a networking lounge. From there you can look at a national job board, apply for jobs, and check the schedule for employer web and video chats. Employer participants have their own booths where they can meet virtually with candidates for employment, show videos about the company, and post materials specific to the organization or their available jobs.
As a special incentive to get people to participate in the NCCF, SANS Institute is giving each job candidate the opportunity to stand out by taking theSANS Cyber Talent exam for free. This exam usually costs $2,500 and is a way to measure your aptitude for work as a cybersecurity professional. If you do well on the exam, you can upload your score to your career fair profile to attract more attention to yourself.
If you are novice enough to cybersecurity that you don’t feel ready to put yourself out there for the June career fair, then consider taking online training from Cyber Aces starting this fall. Cyber Aces is a non-profit organization dedicated to identifying and encouraging individuals with an aptitude for information security to refine their skills and talent. While SANS Institute serves people with advanced level cybersecurity skills, Cyber Aces caters to people who are still learning the core fundamentals of cybersecurity, with a special focus on veterans who are just entering the job market, college students, and adults who want a career change.
The organization’s main program is called Cyber Aces Online, and it involves three training modules covering operating systems, networking, and system administration. Each of these modules designed by SANS Institute involves some video, some online study materials as well as being able to conduct study practices online. These tools can help you learn the fundamentals to start you on your way to becoming a cybersecurity professional. Once you’ve gone through the Cyber Aces Online program, you can choose to continue your education or look for an entry-level position. With as many as 40,000 open positions in this country alone, the opportunities are endless.
Linda Musthaler is a Principal Analyst with Essential Solutions Corp.) which researches the practical value of information technology and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.  

Thursday, May 15, 2014

Apakah Anda sudah menanyakan pertanyaan kritikal ttg proyek Anda?


Have You Asked These Critical Questions About Your Project?

April 27, 2014 | Author: PM Hut | Filed under: Project Management Best Practices

Have You Asked These Critical Questions About Your Project?
By Michelle Symonds

There are occasions when we all ask questions about the projects we are involved with. Sometimes they are as poignant as ‘what sort of a project manager do I want to be?’. Other times they can be as simple as ‘where did I put my diary?’. On unfortunate occasions the musing of ‘why did I get myself into this?’ might even float through our heads. However, none of these are any of the questions we really should be asking about our projects, but the following ones are.
  • What is the objective?
    The first and most critical question is the one we should all be able to answer before we embark on any project. Without knowing where we are trying to get to, how on earth can we suitably plan how to get there?
  • Where am I?
    Yes, I’m sorry, the weekend is over and you’re back at work. But that’s not what this question really means. In order to plan how to get where you’re going, you need to find out where you are right now. This means establishing scope, budget and timescales before any action takes place.
  • How will we get there?
    This is probably the longest question to answer of them all, as this is the point at which project planning, resource allocation and budgeting all takes place. You know the ingredients, you know what sort of cake you’ve got to make, now you need to figure out how to use them all to get to that delicious goal at the end of the road.
  • How does this fit into the bigger picture?
    Knowing where your project fits within other environments helps you and your project team to see the ‘point’. For instance, if you are designing a website for a customer, you need to know why they are redoing their site, what they hope to achieve with it and where they want to go in the future so that you can produce a solution that will meet all their needs.
  • Who should be involved?
    This is about identifying not only the right people to deliver the project, but also those who need to be involved in the project communications such as your stakeholders and funders. You can break these down into three types of people: Your drivers - those who will directly deliver the project, your supporters - those who will help the success of your project, and your observers - those who will be interested in your project. Once you’ve mapped them out, putting together a robust communications plan to satisfy everyone should be much easier.
  • What can go wrong?
    Ignoring those parts of the project which might fail or be compromised by things out of your control is a foolhardy action. Risk management is all about being brutally honest about what might occur, and then doing what you can to monitor and mitigate these risks.
There are many other questions that will need to be answered as the tasks roll on, such as who should be assigned which activities, what other resources you might need and whether team members will need to attend project management training courses. These 6 crucial questions must be asked by any project manager before the project starts. Being able to answer these questions well can make the difference between project success and failure, and will put you in a great position to ensure your project runs smoothly.

Michelle Symonds is a qualified PRINCE2 Project Manager and believes that the right project management training can transform a good project manager into a great project manager and is essential for a successful outcome to any project.


There is a wide range of formal and informal training courses now available that include online learning and podcasts as well as more traditional classroom courses from organizations such as Parallel Project Training.

Wednesday, May 14, 2014

Watchguard mengintegrasikan management Wireless Access Point

WatchGuard Access Point

Secure your WLAN from today's sophisticated, blended threats with WatchGuard's AP100, AP102 and AP200 wireless access points. By extending best-in-class UTM security – including application control, intrusion prevention, URL and web content filtering, virus and spam blocking and more – from any XTM or Firebox T10 appliance* to the WLAN, business can harness the power of mobile devices without putting network assets at risk. What's more, security policies can be applied to wired and WLAN resources simultaneously, which is critical to enforcing security standards across an entire network. And unified device management tools offer a "one-stop" configuration and monitoring of AP100, AP102, AP200 devices and your WatchGuard firewall – reducing setup time and maintenance cost


Strong security
Features like MAC filtering, client reporting, Captive Portal technology, 802.1X authentication, and PCI compliant scan and reporting, ensure a strong WLAN security stance.
Advanced wireless hardware
Advanced technologies deliver 2x2 MIMO with dual spatial streams capable of handling data rates up to 600 Mbps.
'Single pane of glass' management
With unified management tools, administrators can easily manage both their AP devices and WatchGuard appliances from a single console.
Automatic device discovery
Significantly reduces setup time, making deployment quick and easy.
Simple roaming
WatchGuard AP devices have you covered, with up to 16 SSIDs for seamless network access when roaming between access points. And with AP102, WLAN access is available both indoors and outdoors.
Lower TCO
Realize big cost savings, with no separate controller hardware costs, no per-AP "seat" charges, and no controller software license fees.
Great coverage, low profile
Powerful radios and internal antennas housed in a sleek design allow for maximum coverage with a subtle deployment profile, suitable for any indoor or outdoor space.

ManageEngine Automates Office 365 Provisioning in ADManager Plus

ManageEngine Automates Office 365 Provisioning in ADManager Plus

New Feature To Simultaneously Create Active Directory, Office 365 User Accounts
  • Consistently provisions user identities
  • Immediately synchronizes corporate credentials
  • Download AdManager Plus at http://ow.ly/vFl46
PLEASANTON, Calif. - April 15, 2014 - ManageEngine, the real-time IT management company, today announced automated user provisioning of Microsoft Office 365 user accounts in ADManager Plus, its Active Directory management and reporting software. Available immediately, the new feature automatically provisions an Office 365 user account when an IT administrator creates a user's AD account, ensuring the AD and Office 365 user identities are consistently provisioned.
In the absence of automated user provisioning, IT admins working in directory synchronization-enabled environments must wait to create an Office 365 account for a newly-created AD account. Meanwhile, the absence of directory synchronization requires admins to put in twice the effort to create an AD account and an Office 365 account for the same user. Now, ADManager Plus addresses these pain points by automating this cumbersome procedure and making user creation a one-step process.
The new Office 365 user provisioning feature in ADManager Plus is integrated with the Active Directory user creation process, so admins can create an Office 365 user account with Active Directory information. From the Office 365 setting in the ADManager Plus interface, admins simply select the option that best fits their business requirements and provide the necessary license details. Admins can choose to create an Office 365 account based on whether directory synchronization is enabled or disabled in the organization. Alternatively, they can choose not to create an Office 365 user account.
"We've combined the benefits of cloud-based collaboration and the security of an on-premise Active Directory in the new Office 365 user provisioning feature," said Manikandan Thangaraj, director of product management, ManageEngine. "ADManager Plus gives IT admins tailor-made user provisioning choices, which enable each admin to choose the option best suited to his or her business environment. Ultimately, we're giving ADManager Plus users a way to slash their waiting times, eliminate duplication of effort and simplify delegation of Office 365 licenses to corporate users."
"The integration of ADManager Plus with Office 365 (user creation) happens to be one of the finest implementations. It undoubtedly adds to the repertoire of AD solutions," said Kashif Latif, security administrator at City of Brampton.

Pricing and Availability

ADManager Plus pricing starts at $495. A free, fully functional, 30-day trial version is available at http://www.manageengine.com/products/ad-manager/download.html.
For more information on AdManager Plus, please visit http://www.manageengine.com/ad-manager/. For more information on ManageEngine, please visit http://buzz.manageengine.com/; follow the company blog at http://blogs.manageengine.com/ on Facebook athttp://www.facebook.com/ManageEngine and on Twitter at @ManageEngine.

About ADManager Plus

ADManager Plus is a web-based Windows Active Directory management and reporting solution that helps Active Directory administrators and help desk technicians accomplish their day-to-day activities. With an intuitive, easy-to-use user interface, ADManager Plus handles a variety of complex tasks and generates an exhaustive list of active directory reports, some of which are an essential requirement to satisfy compliance audits. For more information on ManageEngine ADManager Plus, visit http://www.manageengine.com/ad-manager/.

About ManageEngine

ManageEngine delivers the real-time IT management tools that empower an IT team to meet an organization's need for real-time services and support. Worldwide, more than 90,000 established and emerging customers - including more than 60 percent of the Fortune 500 - rely on ManageEngine products to ensure the optimal performance of their critical IT infrastructure, including networks, servers, applications, desktops and more. Another 300,000-plus admins optimize their IT using the free editions of ManageEngine products. ManageEngine is a division of Zoho Corp.with offices worldwide, including the United States, United Kingdom, India, Japan and China. For more information, please visithttp://buzz.manageengine.com/; follow the company blog at http://blogs.manageengine.com/, on Facebook athttp://www.facebook.com/ManageEngine and on Twitter at @ManageEngine.
Media Contact:
Ahana Govinda
ManageEngine
ahana.g@manageengine.com
Follow us on Twitter: @manageengine

Nagios XI 2014, banyak peningkatan


Nagios® XI 2014 provides several substantial upgrades over previous versions including the following: 

    Custom Dashboard Nagios XI 2014
  • Performance: Nagios XI 2014 uses the powerful Nagios Core 4 monitoring engine to provide users with an increase in performance over previous versions of XI. Nagios XI 2014 provides users with greater scalability while utilizing server resources efficiently to maximize overall monitoring performance.

  • Enhanced Visualizations & Graphing Engine: A new and improved graphing engine allows for extensive analysis of monitoring metrics including custom time frames, user menu memory, and direct linking to monitored devices. Stacked Graphs allow for a visual representation of several devices so users can easily pinpoint a problem area or device.

  • Updated Web Interface: Nagios XI 2014 now has a brand new, updated theme. The web-interface is modern and easy to navigate allowing users to quickly gather and analyze monitoring data from their network. Quick-search functionality and a Birdseye dashboard allow users to find problem areas faster and minimize downtime.

  • Instant Remote Host Access: Provides users with instant remote access to any device they are monitoring. Access any host via RDP, VNC, Telnet, or SSH directly through the Nagios XI interface to quickly and easily perform corrective action to a specific network device.

  • Service Status Dashboard Nagios XI 2014
  • Automatic Decommissioning: Ensures network monitoring work-flow remains clean and organized by eliminating unwanted and unacknowledged notifications. Host configurations for devices that are in a problem state for too long are automatically removed to minimize false-positives and provide greater network clarity.

  • Advanced Configuration Snapshot Archive: Provides users with an archive of past configuration snapshots to revert to if problems occur in the current configuration. The Configuration Snapshot feature saves the most recent configurations in addition to any snapshots that are archived. The Snapshot Archive ensures configurations remain organized, secure, and allows for a quick recovery when needed.

  • Automated Back-Up Scheduler: Nagios XI 2014 now has an automatic back-up scheduler to ensure that configuration data and critical Nagios files are saved before any updates are made. Additionally, back-ups can be scheduled on a recurring basis so your monitoring environment always has a proper configuration and critical system files are secure.

  • Mass Acknowledgment Tool: Enables users to acknowledge batches of alerts and modify scheduled downtime, thus simplifying the management of large environments and network incidents.

  • Monitoring Wizards Nagios XI 2014
  • Monitoring Wizards: Nagios XI 2014 comes pre-packaged with several new and updated Configuration Wizards including: Updated Switch/Router Wizard, MongoDB Server Wizard, MongoDB Database Wizard, Domain Expiration Wizard, and an NCPA Wizard.

  • Easy Upgrading: Nagios XI 2014 now supports system upgrades directly from the web-interface dramatically simplifying the upgrade process. Administrators can easily maintain a safe and secure monitoring environment by upgrading to the latest version of XI which includes feature enhancements, bug fixes, and resolved security vulnerabilities.

  • Help System Integration: Provides users with an actionable button on each page in the Nagios XI interface that links to helpful, relevant support documentation, tutorial videos, and more.

  • Service-Level Agreement (SLA) Reports: Provide users the ability to measure effectiveness of specific hosts, services, and business processes to determine if service-level agreements are being met. Schedule reports to be sent on a recurring basis for quick and accurate network performance statistics.