Uri Unplugged

It’s February 14th, and you’re slugging through the work day, counting down the hours until the romantic dinner you planned tonight with your sweetie.

An unexpected e-mail pops into your inbox. Someone sent you a Valentine’s Day e-card! “Click here to retrieve your greeting,” instructs the message.

“How sweet,” you gush in excited anticipation, as you dutifully click on the email’s embedded link to retrieve your e-card.

Oops. What unleashes next is anything but words of endearment. It’s the Storm Worm virus, and faster than you can say “Roses are Red”, malware is downloaded to your PC. Congratulations! You’ve been infected, and are now the latest unwitting victim of the Storm Worm botnet.

Not exactly the love you were looking for, but you’re far from alone. According to Time Magazine, the Storm Worm virus has already infected upwards of one million computers worldwide since it was first discovered about a year ago.

Looks like you’ll have to wait for that romantic dinner after all, since this e-card was actually spam in disguise.

If you haven’t heard of the Storm Worm virus, it spreads itself under a wide range of pretenses - most recently under the guise of an e-card, and often around popular holidays like Christmas or Valentine’s Day. A recent FBI warning announced that this Valentine’s Day is expected to be the next big target. Additional warnings have been showing up on numerous web sites, including this one from Network World.

This is just one real-life example of how quickly and easily malicious threats can wreak havoc on your corporate network. At RADirect, we’ve noticed an increase lately in organizations (especially SMBs and extra-vulnerable business like hospitals and universities) looking for a solution to protect themselves from such attacks.

We recommend and sell the Radware DefensePro (starting at $9995) intrusion prevention system (IPS). This solution is unique because it has the ability to detect and block both known (signature-based) AND unknown (zero-day) attacks, like Storm Worm and the similarly destructive Rahack. The latter is done via adaptive behavioral analysis, and requires no human intervention.

And by the way, if you do fall victim to the Storm Worm virus, you can notify the Internet Crime Complaint Center (IC3) by filing a complaint at IC3.gov.

So, Happy Valentine’s Day! Hope yours is filled with love, romance, and absolutely nothing involving worms or viruses.

Posted by Uri Zilberman at 08:19 PM | Permalink | Comments (0) | TrackBacks (0)

In just a few weeks we’ll ring in 2008 with the usual fanfare. But what’s not usual about this coming year is the state of uncertainty it brings along with it. With market volatility and the fear of a recession offering more questions than answers, we’re all a lot more cautious when it comes to spending money.

Of course, the logical reaction to such market uncertainty is to hold off on new projects and expenditures. My wife and I recently decided to postpone a new car purchase for this very reason.

But there’s no getting around the fact that some purchases, those most critical to the continuation of your business, simply can’t be put off.

If you need it, you need it.

But this year, more than ever, is the time to be extra diligent in evaluating your options.

This is the Year...
To scrap the old mantra: ‘No one ever got fired for buying [insert major brand name]’. Because although [insert major brand name] may have a strong reputation for reliability, chances are the associated outlay is much higher than you’re comfortable spending right now.

This is the Year...
To look for alternative solutions that will lower your overall TCO and offer a healthy balance between price, performance, and reliability.

This is the Year...
To minimize your risks by choosing a solution that’s been proven, yet still cost-effective.

At RADirect, I’m speaking with a lot of storage customers about things like consolidation and tiered storage, which fits right in with this way of thinking.

How is the current market volatility affecting your budget planning for 2008? Drop me a line - I’d love to hear from you.

Posted by Uri Zilberman at 02:45 PM | Permalink | Comments (0) | TrackBacks (0)

Does your organization currently own any of these legacy Nexsan ATA storage products?

• ATABeast
• ATABoy (8 bay product)
• ATABoy2
• ATABoy2-F
• ATABoy2-X

If so, RADirect and Nexsan are offering a low-cost opportunity to trade them in and upgrade to Nexsan’s latest high density SATA-based storage systems - the 42TB/4U SATABeast SATA RAID array or 14TB/3U SATABoy SATA storage array.

Why upgrade? Both offer a bunch of improvements over their ATA-based predecessors, including AutoMAID power-saving features and iSCSI and 4Gb Fibre Channel connectivity.

Until December 21, 2007, you can trade in any of the products listed above for a 45% discount off MSRP on the SATABeast or SATABoy (note: spares don’t qualify).

Feel free to contact me directly to learn more about this "ATA to SATA" trade-up offer.

Posted by Stephen Insdorf at 09:23 AM | Permalink | Comments (0) | TrackBacks (0)

This past summer, I decided to add a new product to RADirect's portfolio – the PL-400 CWDM / DWDM mux from PacketLight Networks. We’d been selling PacketLight’s family of storage over SONET devices for awhile, and when they introduced the PL-400 to my team and I, we knew it would be a well-received addition to our fiber mux family.

In brief, the PL-400 transports up to 8 high-speed (125Mbps - 4.25Gbps) services - storage, data, voice or video - in any mix, over an existing fiber pair. But It's actually more than just a mux - it also performs the 3R's (retiming, reshaping and regenerating), delivers performance and optical power monitoring, etc. So not just another passive solution.

So far, here’s what I’m hearing from customers about the PL-400:

Why Do They Like It?

1. It transports anything - in any mix! 1G/2G/4G Fibre Channel & FICON, ESCON, Fast Ethernet, Gigabit Ethernet, OC-3/STM-1, OC-12/STM-4, OC-48/STM-16, DVB-ASI video and GPON. And each can be configured independently.

2. It’s a money-saver. Eliminates the need to install additional, costly fiber pairs.

3. It’s small and green. Well, not physically green (more your standard blackish/grayish if color is important to you), but it’s only 1U high and delivers low power consumption.

4. It’s inexpensive. Especially given the fact that it supports so many different service types.

5. Feature-by-feature, it stacks up great against the competition.

How Do They Use It?

The biggest customer groups so far have been service providers, military/government, and campus environments (a lot of hospitals and universities) but the PL-400 CWDM / DWDM mux can be deployed in a variety of point-to-point, chain and ring topologies. Common applications include:

1. Fiber relief for high-capacity multi-tenant buildings and campuses

2. Interconnection of SAN and LAN islands in remote metro sites

3. Aggregation of DSLAM and Ethernet switch traffic on a single fiber - from access to core

4. WDM GPON extension between the central office and the local exchange for network simplification and cost reduction

5. DVB-ASI, SMPTE-SDI, SD-HDI, HD-HDI video transport

Posted by Uri Zilberman at 11:06 AM | Permalink | Comments (0) | TrackBacks (0)

With Halloween season in full swing, it seems perfectly natural to have zombies on the mind. But while you may enjoy the treat of having one appear on your doorstep, candy bag in hand, it’s not nearly as entertaining when they turn tricks in your corporate network.

Spam zombies (what’s this?) created by increasingly sophisticated spammers/hackers can wreak major havoc by turning your computers into virtual spamming machines. And you often don’t know about it until it’s too late. These little guys pose a significant threat to your domain, and can possibly get you blacklisted.

Pretty spooky, huh?

PineApp, one of RADirect’s vendor partners for corporate email security, has created a neat little tool called the Zombie Detection System (ZDS) that allows you to test your network IP addresses for the presence of such zombies that could be generating spam messages and using your network to send them.

It’s quick, easy, and free, so try it out here.

And Have a Happy Halloween!

Posted by Lisa Cibellis at 12:39 PM | Permalink | Comments (0) | TrackBacks (0)

I recently came across an eWeek article entitled “The Job of Securing the Database”. It reinforces what we at RADirect have learned about database security: it’s alarmingly lacking. The article cites a Forrester Research stat that estimates database administrators (DBAs) spend only 7 percent of their time addressing database security.

Evil-minded villains anxiously awaiting the day their organization’s sensitive information is blasted across the universe?

Not exactly.

It’s just that they are often bogged down with other things, or simply don’t know enough about security to deploy the necessary tools.

But the article also has good news: Seems the urgency of it all isn’t lost on those to whom it’s most critical (for example, the financial sector). Many organizations are taking steps towards improved database security by reorganizing the key team members responsible for it – i.e. moving DBAs out of their regular departments and inserting them within an IT security team. This win-win strategy brings more database knowledge into the IT Group while exposing the DBAs to the security-centric environment they need to gain more expertise.

Still Not Enough Time to Adequately Address Database Security?

If you're a DBA, you might also consider a tool like Sentrigo’s Hedgehog Oracle database security software.

I especially like this solution because it provides protection against both outsider and insider breaches and also helps facilitate regulatory compliance with reporting and forensics.

Perhaps even more importantly, it also offers virtual patching – predefined rules added in real-time to the Hedgehog system that address newly discovered vulnerabilities. This keeps your database protected from such threats during that critical interval between when they first become known and when Oracle releases the patch code (this can often take months!) and the organization actually applies it (several more months!). With Sentrigo's solution, there is no need to take the system down for the virtual patch installation.

Facing your own database security challenges? What's the bigger issue for you - lack of time or lack of knowledge? Please drop me a line and share your pains and gains.

Posted by Uri Zilberman at 10:54 AM | Permalink | Comments (0) | TrackBacks (0)

Seems like everywhere I turn lately, there’s commentary on the critical need for data centers to “go green”. In fact, internetnews.com published two articles on the topic (“Greening Your Data Center...” and “Green is Hot for Storage Managers”) in less than two weeks.

So why all the buzz? Soaring energy costs (including the cost of cooling). Environmental responsibility. Emerging regulations that govern power consumption levels. In short, companies are challenged to find more energy efficient ways to store higher volumes of data and retrieve it faster.

Analysts and experts have released all kinds of statistics and predictions that are extremely frightening, such as:

• IT organizations are now spending 25% of every hardware dollar on power (IDC)
• IT departments can expect to spend half of their total budget on energy (EPA draft report on server and data center efficiencies)
• By 2008, half of current data centers will have insufficient power and cooling capacity to meet the demands of high density equipment (Gartner)
• By 2009, energy costs will emerge as the 2nd highest operating cost in 70% of worldwide data center facilities (Gartner)

Well then, I guess it’s no surprise that energy efficient products have increased as a buying priority.

Fortunately, a few storage vendors are ahead of the game. For example, Nexsan Technologies, a veteran green machine which has installed more than 50 petabytes of “green storage” since 2001, incorporates their proprietary AutoMAID™ (Massive Array of Idle Disks) technology into their SATABeast and SATABoy SATA storage arrays.

This technology transparently places disk drives in an idle state to conserve energy yet still allows for near-instantaneous access to data, resulting in reduced power consumption and operational costs.

According to a recent Nexsan press release, the SATABeast SATA RAID array (at Level 3 AutoMAID), consumes up to 25 times less power than conventional storage arrays. If the requirement for greener storage continues to grow as I predict it will, this is the kind of stuff buyers will be looking for.

By the way, I noticed that the SATABeast was selected as a finalist for “Green Product of the Year” at this year's Techworld Awards in the UK. Nice!

Posted by Stephen Insdorf at 12:07 PM | Permalink | Comments (0) | TrackBacks (0)

I recently received a letter from my bank informing me that some of my personal information had been breached. While they did offer a one-year free subscription to Experian’s credit report monitoring system, they offered no explanation in regards to the type of breach, what specific information was stolen, and by whom.

I can’t say that I was very pleased with this outcome, and couldn’t help but feel resentful that my bank hadn’t taken any real measures to protect my sensitive information BEFORE it fell into the wrong hands.

I did a little research on this topic, and didn’t have to look very hard to find an alarming number of similar breaches (and these are just a few examples of the published ones!). They include:

1. July 2007 – A DBA contractor for a subsidiary of Fidelity Information Services was caught selling 2.3 million customer records, including credit card and bank account details.

2. July 2007 – An employee of a credit card processing company servicing the Disney Movie Club was caught by federal agents trying to sell credit card information.

3. December 2006 – Hackers gained access to a UCLA database containing personal information on 800,000 current and former students, faculty and staff, financial aid applicants and their parents (including those who did not even attend!). In this case, the university set up a dedicated website to help those affected by possible identity theft following the breach.

The good news is that there are now solutions that can prevent (or at least significantly reduce) this type of database security risk. In fact, we at RADirect are currently reselling a software offering from Sentrigo – the Hedgehog Oracle database security system (support for more databases coming soon). You can download a free 14-day eval license for the enterprise version.

If your business owns or maintains a database of personal information, please take real measures to protect it. It is the responsible thing to do, and represents a solid business practice.

Posted by Uri Zilberman at 02:13 PM | Permalink | Comments (0) | TrackBacks (0)

(Note from Uri: Today’s post is contributed by RADirect Systems Engineer Steve Insdorf)

Over time, I’ve come to realize that the distinction between data backup and data archiving can sometimes be cloudy, with the two terms often used interchangeably. The truth is there are many important differences between the two, so I thought I would use this entry to help clarify.

Put simply, a backup is created for emergency purposes – short term recovery in case the original data is lost or damaged. In contrast, the purpose of an archive is to store, protect, share and manage data assets for the long term and make them accessible for re-use on a regular basis.

In addition:

1. Backup systems are best for dynamic data that changes regularly – for example, customer databases. Digital archives store fixed content that doesn’t change, such as email archives, medical images, financial data, legal documents, images and video, etc.

2. While a backup is simply another copy of data stored on your primary systems, an archive is a preservation of original data moved off of your primary systems.

3. A backup stores data offline. An archive stores it online or near-line.

4. With backup, you generally have a blanket retention policy for all files. True archive systems allow you to set retention policies at the file-level.

5. With backup, data volume or time of day usually determine when data is copied. On an archive, data movement is determined by policy or event.

6. An archive is easily searched and directly accessible by many users – a backup is not.

Have a backup application? I think your best bet is Nexsan’s range of RAID storage arrays. For archiving, you want their Assureon content addressable storage solution.

Posted by Stephen Insdorf at 09:02 AM | Permalink | Comments (0) | TrackBacks (0)

When it comes to leadership, be it political, business, or otherwise, it’s not unusual for a conflict to exist between the previous generation and the more recent one: the ‘old’ versus the ‘new’. The older generation typically offers stability, reliable execution, and a common ground to keep things safe and balanced, while the newer generation brings to the table novelty, a new way of doing things, fresh ideas, progress and a promise to ‘change the world’. This is evolution vs. revolution.

Technology decision makers frequently face a similar 'old vs. new' dilemma when it comes to legacy migration. Do we stay with the 'old', keeping our legacy systems running for as long as possible and only gradually migrating to new networks/systems? Or do we go 'new' by replacing our legacy equipment, ripping it apart and forklifting our infrastructure in order to enjoy a more innovative and current technology?

This type of decision is best made only after you evaluate the risk against the expected rewards, quantifying your migration efforts (time, material, costs) as well as the benefits of a newer technology. Sometimes, it will make more sense to revolutionize. Other times, a gradual evolution will prove best.

The good news is that we at RAD still invest a great amount in developing products that offer an excellent evolution path for many applications. For example, TDMoIP as a path to migrate TDM voice to an IP network. Or, the ability to migrate older protocols and/or older data communications gear (RS-232, V.35, RS-422, HS-UDP to name a few) over current and next generation networks (IP, ATM etc.).

And yes, assessing your scenario and qualifying and quantifying your options is complicated. If this type of challenge is familiar to you, I’d love to hear about your decision process.

Posted by Uri Zilberman at 07:47 PM | Permalink | Comments (0) | TrackBacks (0)

Chances are, you’re in the midst or wrapping up your strategy planning for 2007 (as are we at RADirect!). So I thought it would be perfect timing to share my thoughts on this topic.

It’s widely agreed that the CIO role is becoming more and more complex. If you are a CIO or would like to become one, you must consider these three elements as the main drivers:

1. Leadership. You’ve got to be that person with the vision, the one who can articulate goals, garner strong support from your company’s main stakeholders, manage the resources, and have the ability to execute.
2. Business Acumen. Before undertaking any new initiatives, you must have a strong sense of how each initiative contributes to the overall success of your company.
3. Technology. You should certainly understand technology (including emerging ones), and have a strong sense of how these technologies can be applied to, and play a vital role in, your company’s overall success.

In the course of your planning, I am sure that at least some of the following will make it onto your radar:

• Legacy (infrastructure, application) refresh
• Virtualization
• Consolidation
• Regulations/standardization/compliance
• Business continuity/disaster recovery
• Collaboration
• SOA (service oriented architecture)
• Privacy/security
• Information management
• Instantaneous information via increased computing power, bandwidth and storage
• Globalization
• ASP
• Outsourcing

Obviously, each of these high level concepts can and should be translated into more meaningful tasks that are closely related to your own business environment, challenges and strategic planning. So how can this be translated into a meaningful strategic plan?

In my view, each undertaking you consider should be measured against ROI matrices. You should answer and quantify the following questions:

• How will this initiative help my business grow?
• How will this initiative help my business reduce costs (OPEX, CAPEX)?
• How will this initiative help mitigate risks? And the potential loss if I choose to do nothing?

Once you have fully reviewed the various aspects of each of your initiatives, you’ll probably have a better sense of which are most critical, as well as a better understanding of what will be considered a ‘justifiable investment’ to undertake them. Only then is it the right time to start exploring the available technologies and teaming with the right people to execute them.

The good news is, most of the things that will land on your priority list for 2007 will be doable and consistent with your ROI matrices (I call it healthy competition).

Without a doubt, the coming year will bring an even more vibrant economy. If you are comfortable with change and are as excited as I am about technology and its potential to improve our respective businesses, I think we can all expect an outstanding 2007!

Posted by Uri Zilberman at 11:07 AM | Permalink | Comments (0) | TrackBacks (0)