BURLINGTON, Mass. – January 5, 2012 – Veracode, Inc., the leader in cloud-based application security testing, today announced details of its most recent infographic, "Mobile Security: Android vs. iOS." With the dominance of the iOS platform and the rising popularity of Android devices in the mobile marketplace, security is an increasing concern and focus for smartphone users. This infographic examines the security features of Android and iOS while also comparing respective strengths and weaknesses.

Together, Android and iOS account for more than 75 percent of all U.S. smartphone subscribers, according to comScore’s November 2011 U.S. Mobile Subscriber Market Share report. However, greater adoption has also led to greater security concerns and increased awareness of related vulnerabilities. For example, the DroidDream malware discovery and identification of vulnerabilities in various mobile ad-serving platforms serve as two of many examples within the last year of risks facing mobile users. Smartphone owners need to understand how secure their mobile platforms are and what steps they can take to increase the security of their devices.

In this infographic, Veracode includes a list of 10 easy steps that enable mobile users to protect their smartphones from hackers. The image also outlines the similarities and differences between the security features that Android and iOS offer as well as a potential weakness of each platform.

“Designed around communications, mobile devices bring with them a whole new set of application risks compared to traditional computing,” said Connie Stack, vice president of corporate marketing, Veracode. “We created this infographic to help iOS and Android smartphone users make informed decisions when using their smartphone and downloading mobile apps in order to reduce their security risks.”

Created in conjunction with Measured SEM, the “Android vs. iOS” infographic is available for download from the Veracode site: http://www.veracode.com/resources/android-ios-security. Interested parties have permission to embed and share the infographic on their websites or blogs with attribution

Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the Veracode Blog.

Copyright © 2011 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

BURLINGTON, Mass. – January 4, 2012 – Veracode, Inc.,the leader in cloud-based application security testing, today announced it has been positioned by Gartner, Inc. as a Visionary in the 2011 “Magic Quadrant for Dynamic Application Security Testing1.” The research analyzes the evolution and potential growth of the dynamic application security testing (DAST) market and evaluates vendors according to their business and technology vision, as well as their ability to execute against that vision in their products and services.

Gartner defines DAST technologies as those “designed to detect conditions indicative of a security vulnerability in an application in its running state.” The report states that “DAST solutions should be considered mandatory to test all web-enabled enterprise applications, as well as packaged and cloud-based application providers. The market is maturing, with a large number of established providers of products and services.” Further, Gartner suggests that “enterprises should understand the importance of application security vulnerability testing —dynamically and statically. All Web-enabled applications — whether internally developed, procured, outsourced or cloud-based — should be tested.”

In its discussions with clients and prospects, Veracode has found that web application security has risen to the top of the agenda for security professionals striving to increase the effectiveness of their company’s overall application security testing initiatives. This sense of urgency is rooted in the fact that a large percentage of recent cyber attacks have specifically targeted the application layer in order to exploit weaknesses and steal critical financial, customer data and intellectual property. In fact, according to Veracode’s most recent State of Software Security report, web applications analyzed showed high concentrations of Cross-Site Scripting (XSS) and SQL Injection flaws, two of the most frequently exploited vulnerabilities.

According to Veracode, its automated web application vulnerability scanning, also known as DAST or black-box testing, empowers companies to identify and remediate security issues in their running web applications before hackers can exploit them. By dynamically testing web applications at run-time, Veracode inspects applications the same way a hacker would attack them – providing accurate and actionable vulnerability detection. Additionally, one of Veracode’s innovations is its use of Selenium, which has a proven track record in traditional Quality Assurance initiatives, to improve the coverage problems present in many other DAST products.

“We believe that our placement in the Visionaries quadrant is indicative of our innovative approach and superior design decisions,” said Sam King, senior vice president, product marketing, Veracode. “Delivering both our Static Application Security Testing (SAST) and DAST capabilities through a single cloud platform is the right solution for our customers as it avoids fragmentation of vendors and vulnerability information. We plan to continue aggressive development and enhancement of our DAST technology in the coming year with the goal of replicating the market leadership we have established with SAST.”

Gartner’s report also recognized the Veracode DynamicMP service that combines the power of automated web application vulnerability scanning with the benefits of elastic computing in the cloud to provide a massively scalable, inexpensive and rapid vulnerability detection service that can quickly and accurately identify application security vulnerabilities across thousands of sites. Veracode DynamicMP empowers companies to simultaneously scan thousands of websites for critical vulnerabilities such as XSS and SQL Injection. By employing a massively parallel cloud-based dynamic scanning architecture, customers benefit from being able to discover and prioritize vulnerabilities across thousands of web applications in a matter of hours or days, versus months or years as with legacy solutions.

Veracode is providing a complimentary licensed copy of the “Magic Quadrant for Dynamic Application Security Testing” for download on its website.

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

1 – Gartner, “Magic Quadrant for Dynamic Application Security Testing,” by Neil MacDonald and Joseph Feiman, December 27, 2011

Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the Veracode Blog.

Copyright © 2011 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

BURLINGTON, Mass. – December 07, 2011 – Veracode, Inc., today released its latest “State of Software Security Report.” Volume 4 results are based on more stringent analysis criteria, including a zero tolerance policy for Cross-Site Scripting (XSS) and SQL Injection. Considered “low hanging fruit” because of their prevalence in software applications, XSS and SQL Injection are two of the most frequently exploited vulnerabilities, often providing a gateway to customer data and intellectual property. When applying the new analysis criteria, Veracode reports eight out of 10 applications fail to meet acceptable levels of security, marking a significant decline from past reports.

The latest State of Software Security Report captures data collected over the past 18 months from the analysis of 9,910 applications (compared to 4,835 applications in Volume 3) that were submitted to Veracode’s cloud-based application security testing platform. The report examines the security quality of applications across a number of variables including supplier type, language and industry. For Volume 4, Veracode conducted a deep comparative analysis of government applications against other industries such as finance and software, and, for the first time, examined Android security trends.

One of the goals of the State of Software Security Report is to create greater awareness and security intelligence about the risks of unknown vulnerabilities lurking in everyday applications. The results are aimed at creating a greater sense of urgency around the problem of insecure software, while also giving organizations the information they need to quickly take action. Veracode also emphasizes the ease with which organizations can incorporate software testing into current development cycles. This version of the report clearly demonstrates the positive impact of developer training and education on the security quality of the applications they are developing. Following are highlights from the report.

Zero Tolerance for XSS and SQL Injection Errors Leads to Steep Decline in Application Security Performance: As a result of strengthening the overall analysis criteria, including a zero tolerance policy for XSS and SQL Injection errors, eight out of 10 applications across the Veracode dataset failed to meet acceptable security standards. Specifically for web applications, this report showed a high concentration of XSS and SQL Injection vulnerabilities, with XSS present in 68 percent of all web applications and SQL Injection present in 32 percent of all web applications. Data from the Web Hacking Incident Database supports the need for a zero tolerance policy with 20 percent of reported incidents attributed to a SQL Injection exploit. Given this threat environment, organizations should implement stricter security policies that allow for the discovery and timely remediation of these vulnerability types.

Veracode demonstrates that insecure software can be remediated quickly, without negatively impacting rapid development cycles. In fact, an overwhelming majority (more than 80 percent) of applications that failed to achieve acceptable security standards on initial submission were able to achieve a passing grade within one week. Veracode also revisited the impact of application security training and education finding that better trained developers do produce more secure software out of the gate.

Government Applications Are Less Resilient to Common Attacks Compared to Other Sectors: With an increasingly acute, global awareness of the potential impact of insecure software on national security, government agencies are following their private sector peers in the quest for more secure software. Veracode analyzed U.S. federal, state and local government applications, which operate critical systems and process critical data such as personally identifiable information (PII) and national security data, and found that they lag behind other industries in key areas.

For example, government web applications have a much higher incidence of XSS and SQL Injection compared to other sectors. Analysis showed that 40 percent of government web applications had SQL Injection issues as compared to 29 percent for finance and 30 percent for software. Of note, while SQL Injection was trending lower for the overall dataset, in government applications it remains flat. Given the gravity of cyber security risks and the potential impact on national assets, these results further reinforce the need for dedicated developer training and education, and the importance of instituting a programmatic approach to security testing within the government sector.

Common Application Development Mistakes Creep Into Mobile: With organizations seeking to balance employee mobility and productivity against mobile security risk in the “Bring Your Own Device” or BYOD era, Veracode included analysis of Android applications for the first time. Veracode found that mobile developers tend to make similar mistakes to enterprise developers, specifically with the use of hard-coded cryptographic keys. More than 40 percent of the Android applications analyzed had at least one instance of this flaw. The prevalence of cryptographic keys becomes a problem because all installed instances of the application use the same key making it easier for an attacker to initiate a broader assault.

“With the majority of recently reported breaches caused by attackers exploiting weaknesses in web applications or desktop software, often taking advantage of common XSS or SQL Injection flaws, we decided it was time to become even more stringent to reflect the realities of the threat landscape and raise the bar on what should be deemed secure software,” said Chris Wysopal, founder, CISO and CTO, Veracode. “We feel strongly that there must be a greater sense of urgency. Our hope with this report is that by raising the visibility of software-related business risk, we will encourage the industry to adopt a long-term commitment to protecting our software infrastructure.”

Download the Report Veracode’s State of Software Security Report: Volume 4 also examines additional software security topics in context of application threat space trends, including details on the most commonly exploited vulnerabilities, risks associated with commercial software, and the rise of independent security verification across multiple industry segments as well as a detailed remediation workflow study. For complete report findings, download a copy of the report by visiting: http://info.veracode.com/state-of-software-security-report-volume4.html.

Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the Veracode Blog.

Copyright © 2011 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

In these hours on the web is turning the news of a cyber attack performed by a group of Chinese hackers against some U.S. Government Agencies. Once again, the weapon used against the strategic objectives is a cyber weapon, in particular it has been used a new version of the trojan Sykipot.

Chinese hackers have deployed trojan that is aiming the Defense Department, the Department of Homeland Security, the State Department and potentially a other United States government agencies and businesses. The trojan is targeting smart card readers produced by the company ActivIdentity that provides authentication software.

The attacks originate have been originated by Chinese servers and for sure they have targeted the defense sector to steal sensible information. The attack has been conceived to exploit the identity management processes used in governative environments for the physical and logical access management.

What is really interesting is the process followed by the creator of the original trojan detected in December, the original versions of the Sykipot malware was a Trojan that opened a backdoor into the infected PCs to grab documents from high level offcials within target organizations and businesses. This time the malware has been packaged to compromise smart card readers running ActivClient, the client application of ActivIdentity. ActivIdentity ActivClient is the market-leading security application that allows customers to use smart cards and USB tokens as identity management devices inside a smart card-based PKI authentication for Windows login, VPN, Web Login, Remote Sessions, as well as data security, digital signature and secure email. This solution is largely used at the DoD and in number of other US government agencies.

We are dealing with a cyber weapon specifically packaged for a specific target and that makes use of modules available in instances of malware known to researchers. A trend, that does not differ in philosophy, observed in the case of Duqu and Stuxnet. This is the first report of Sykipot being used to compromise smart cards, the authentication devices privileged for identy management systems of the American militia. Hacker have used a version of Sykipot that dates back to March of last year already used for several attacks executed in the past year.The spreading vector is an email campaign addressed to specific targets. Let consider that the malware has appeared several times in combination with zero-day exploits and has been used to launch targeted attacks since 2007.

The attacks compromise smart card readers running in Windows O.s, in partiulary the native x509 modules according what has been reported by US government.

How does the trojan work? It uses a keylogger to steal PINs for the smartcards during their usage. When a card is inserted into the reader, the trojan acts, as authenticated user, is free to access sensitive and protected information. The stoled data are send back to the attacker that is able to drive remotely the operations.

The event is undoubtedly of the utmost gravity and the attack with this method could compromise the whole PKI architecture on which are based the logical and physical access management.

Pierluigi Paganini

The new year does not bode well in terms of cyber threats banking universe. The need for new services, primarily the ability to make transactions in mobile scenario, exposing the banks and their platforms to serious threats. Particularly in these early days of 2012, two reports have raised some concern:

• Global warning about Banking trojan “Gameover”
• SpyEye bank Trojan has been evolved implementing new mechanisms to hiding fraud evidences

Let go in the detail of the two threats.

Criminal organizzation have launched massive cyber attacks against banks like diversive to distract their customers from noticing perpetrated cyber theft. New malware have been implicated in Distributed-Denial-of-Service attacks with the intent to shut down bank websites diverting attention away from fraudulent transactions. The warning has been provided by the FBI, announced the spread of a new variant of the dreaded virus Zeus, called “GameOver”. Zeus malware is used to steal online bank users credential.

The propagation vector is e-mail spam, in fact a huge quantity of infected messages have been spread. The interesting feature of Gameover malware, like similar agents, is its ability to remain silent in the infected host waiting the rigth time to steal user’s credentials during on line bank accesses.

ust the ability to operate silently gives me the opportunity to introduce the second news. The protagonist is still an old threat of the banking sector, the SpyEye malware. Like “GameOver” malware, SpyEye, has-been seen with a feature designed to keep victimsin the dark long after fraud has taken place.

What is the main capacity that has made remarkable SpyEye? The agent is known for its ability to inject additional fields in any web form, using the technique called HTML injection. Fields added are used to retrieve the client credentials and other sensitive information such as credit card numbers.
The interesting feature is that using the same technique you can trick the user showing artifacts information to conceal the fraud in place.
Researchers at the Trusteer company have discovered that the injection of HTML is used to provide incorrect values ​​of the total amount of banking accounts to conceal the misappropriation of money. Diabolical, isn’t it?
But there’s more! The malware keeps a history of banking operations conducted by user providing to the unaware customer a situation of its bank account in which fraudulent transactions are absent.

What to expect from the future? Most advanced malware which will implement the main features of its predecessors. Probably, we will encounter, as it is happened for the “Tilded platform” in the cases of Stuxnet and Duqu, a real development kit with which these agents will be configured and prepared to offend specific objectives.

When using on line banking services, in particular via mobile devices, there are a number of simple rules of behavior that should be shared as:

• To avoid fishing web sites always login to your bank by typing the address in the browser url bar and not using link retrieved inside email.
• Beware to click on links present in arrived email id you are not sure where thay can direct you.
• Use applications to increase the safety of the device. The prinicipali antivirus companies are producing applications that allow even inexperienced users to avoid nasty surprises.
• Be careful visiting web sites, the likelihood of you encountering malware is really high.
• Avoid to downloading utility and porn applications from unverified sources because these types of apps are most likely to have malware hidden inside.
• Be careful clicking on a shortened URL in an SMS message or on a social networking site. Social network platform are preferential place for malware spreading.
• Pay attention to all interactions required by our mobile applications, make sure to authorize only necessary transactions.
• Be careful clicking on app advertisements.When clicking on ads, you need to be confident that the ad directs to where you expect to be directed.

Pierluigi Paganini

Burlington, Mass. - December 15, 2010 – Veracode, Inc., provider of the world’s only independent cloud-based application risk management platform, today announced it has been positioned by Gartner, Inc. as a Leader in the 2010 “Magic Quadrant for Static Application Security Testing.” The research analyzes the evolution of the static application security testing market and evaluates its vendors according to their business and technology vision, as well as their ability to execute against that vision in their products and services.

According to Gartner, “As attacks have become more financially motivated, and as organizations have improved the security of their network, desktop and server infrastructures, there has been a shift to application level attacks. Static application security testing (SAST) is one of the technology markets aimed at securing applications. SAST should be considered a mandatory requirement for all IT organizations that develop or procure applications. Even though the market has not reached maturity, enterprises must adopt SAST technologies and processes because the need is strategic.” A full copy of the report will be available for download by visiting the Resources page on the Veracode website at www.veracode.com.

SecurityReview® is Veracode’s patented cloud-based application security verification service that enables organizations to quickly and cost-effectively improve the security of internally developed software applications, third-party components and purchased or outsourced software applications. According to Veracode, its ability to combine static, dynamic and manual testing in a single, innovative platform delivers unmatched application intelligence that supports unbiased third-party verification capabilities and the ability to meet independent audit and compliance requirements through greater application governance.

“We believe this research is strong affirmation of Veracode’s leadership position as the premier cloud platform for application security testing services. We are proud to be recognized not only as the pioneer, but also as a pure-play cloud services provider in this growing and important market,” said Matt Moynahan, CEO, Veracode. “Veracode is committed to long-term, continuous innovation in order to deliver a market-leading application security service that makes our customers and their partners and employees more secure – regardless of how software is developed, purchased or deployed across an organization.”

For this report, Gartner defines Leaders as those vendors that “demonstrate balanced progress in execution and vision. Their actions raise the competitive bar for all vendors and solutions in the market, and they tend to set the pace for the industry. A Leader’s strategy is focused on the security of applications; its offering addresses the needs of application security specialists within the SLC; and its brand is broadly recognized in the application security space. Leaders reach beyond SAST capabilities and encompass the broader application security discipline. At the same time, Leaders are able to amass a relatively large clientele and revenue in this evolving market. A leading vendor is not a default choice for every buyer, and clients are warned not to assume that they should only buy from Leaders. Some clients may find that vendors in other quadrants better address their specific needs.”

Veracode emphasizes a combination of its successful customer implementations, rigorous quality control and continuous improvement processes as the foundation for its continued growth. Leveraging Veracode’s cloud-based delivery platform, the company’s global partners and independent security consultants are creating new business models and generating recurring revenue streams. The company delivers additional benefits to customers through its developer security training and certification eLearning programs. Additionally, Veracode’s VERAFIED application security marks offer increasingly important industry recognition that a software provider has taken appropriate steps to remove vulnerabilities in their software or to comply with respected industry standards such as the OWASP Top 10 or the CWE/SANS Top 25 Most Dangerous Software Errors.

About the Magic Quadrant | Magic Quadrant for Static Application Security Testing
The Magic Quadrant is copyrighted 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Veracode www.veracode.com
Veracode is the world’s leader in cloud-based application risk management. With patented binary code analysis, dynamic Web assessments and developer e-learning, Veracode SecurityReview® is the most accurate and cost-effective way to independently verify application security in both internally developed applications and third-party software without requiring source code or expensive tools. Veracode provides the most simple, complete way to implement security best practices, reduce operational cost and comply with internal security policies or external standards such as OWASP Top 10, CWE/SANS Top 25 and PCI. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the ZeroDay Labs blog.

About Raina Solutions - www.rainasolutions.com

Raina works with clients to identify business and technology needs and respond with customized solutions that significantly leverage investment and produces desired growth. We take advantage of our global team to bring technology expertise at competitively-priced, custom-designed software, IT, and technology-enabled marketing solutions. Raina Solutions is headquartered in Boston, MA.

Boston, Massachusetts/October 8th, 2010: Acelium, a division of Raina Solutions, and a leading international security training and services provider focusing on Information Security & Intelligence, announced that it has expanded its security offerings through a partnership with eEye Digital Security, a leading provider of vulnerability and compliance management solutions.

"eEye adds a significant edge to Acelium’s security strategy offering," said Amine Hamdi, President & CEO of Raina Solutions, Acelium’s holding company. "eEye is a market leader for vulnerability assessment and intrusion prevention technology in both the private and public sectors. First, it was founded and continues to run as a research group headed by renowned and innovative industry researchers. Second, eEye discovers and then protects against some of the most critical vulnerabilities in various platforms and applications. Third, eEye adds a human intelligence factor that is very rare in today’s market. eEye's solutions are without any doubt a perfect complement to Acelium’s current offerings and fill a crucial need in today’s markets: tackling zero-day vulnerabilities and all-means-possible penetration testing."

Tom Owens, VP of Sales at eEye, commented, “This partnership enables us to help a new community of IT Security professionals within the Acelium customer and prospect base. We look forward to providing solutions that protect these organizations and make the difficult job of vulnerability management easier and more effective. We welcome these new customers into our community as well, and invite them to take advantage of our free IT security intelligence services such as the Vulnerability Expert Forum and the Zero Day Tracker

Acelium will officially introduce eEye to all its existing and target clients in Q4 of 2010 in the US, Africa and Australia.

About eEye Digital Security
Since 1998, eEye Digital Security has made vulnerability management simpler, less expensive and more effective by providing the only unified vulnerability and compliance management solution that integrates assessment, mitigation and protection into a complete offering. With a proven history of innovation, eEye has consistently been the first to uncover critical vulnerabilities and prevent their exploit. eEye leverages its world-renowned research to create award-winning solutions that strategically secure critical IT assets and the data they hold. Thousands of mid-to-large-size private-sector and government organizations, including some of the most complex IT environments in the world, rely on eEye solutions to protect against the latest known, unknown and zero-day vulnerabilities. See more at www.eeye.com.

About Acelium
Acelium | a division of Raina Solutions, is a leading international security training and services provider focusing on Information Security & Intelligence and Compliance Management Consulting. Acelium is committed to delivering world-class, real-world security and compliance solutions with senior expertise and proven methodologies to help enterprises assess their environments, improve their compliance postures, and secure their infrastructures. See more at www.acelium.com.

Raina Solutions improves its security puzzle initiative by adding Mykonos Software to its security offerings.

Burlingame, CA -- August 23, 2010 – Mykonos Software, the creator of the first appliance that provides real-time threat detection and management for Web applications, today announced a partnership with Raina Solutions, a Boston, MA based technology solutions company with significant involvement in enterprise security.

The Mykonos Security Appliance is the innovator in a brand new product category of proactive defense solutions. Unlike traditional security solutions that simply log the threat to a log file to be discovered days later, the Mykonos Security Appliance traps the attacker real-time, profiles them to understand the threat level, and then deploys real-time counter-measures to protect the website.

Raina Solutions will add Mykonos Software's products to their core offerings to help their customers get the most advanced protection for their Web applications.

"Mykonos Software fits perfectly in our security puzzle initiative", said Amine Hamdi, President & CEO of Raina Solutions. "The Mykonos Security Appliance not only helps with identifying the immediate attack, but it also helps set a priority list of security issues for companies to resolve based upon the actual attacks. Our clients will get a head start on cleaning up the vulnerabilities in their web properties and a live status on malicious hacking attempts on their web front."

"Mykonos Software is delighted to partner with Raina Solutions," said David Koretz, President & CEO. "They clearly understand that Web applications are increasingly more vulnerable to attacks and are seeking to provide solutions to their clients addressing this growing problem."

About Mykonos Software - www.mykonossoftware.com

Mykonos Software approaches Web application security differently. We understand how Web applications are abused by criminal attackers to steal data, commit fraud or even use company bandwidth for un-intended tasks. The Mykonos Security Appliance detects malicious abuse of web applications before the damage is done. This software solution profiles the abuse through intelligence gathering and responds to any abuse in real-time ultimately preventing data theft, fraudulent behavior and misuse of your Web properties. More information is available at www.MykonosSoftware.com.

About Raina Solutions - www.rainasolutions.com

Raina works with clients to identify business and technology needs and respond with customized solutions that significantly leverage investment and produces desired growth. We take advantage of our global team to bring technology expertise at competitively-priced, custom-designed software, IT, and technology-enabled marketing solutions. Raina Solutions is headquartered in Boston, MA.

Distribution Agreement Brings Network Management Software to North Africa

Boston, MA, December 14, 2009 – Raina Solutions, a technology solutions company with significant involvement in North African development, has announced a distribution partnership with Dartware, developer of InterMapper network management software.

Raina Solutions will serve as one of the InterMapper master distributors in North African countries. “We’ve been working hard to move into fast-growing markets with technically sophisticated partners that understand network management and provide great customer service,” explains John Sutton, Director of Sales at Dartware. “Raina has offices in North Africa and is ready to provide local support. They’re also very familiar with InterMapper and know how to help clients use the technology to its greatest advantage.”

InterMapper network monitoring software with NetFlow and SFlow analysis graphically maps network infrastructures and alerts network administrators to under-performing devices and unacceptable traffic conditions. Diagnostic and performance trend information is a click away. The graphical presentation of data makes it easy for technicians to spot, locate, and fix problems before networks fail.

“We act as a ‘Virtual IT Department’ and as ‘Virtual CTOs’ for dozens of high-end clients and rely on InterMapper 24/7 to proactively run their networks,” says Amine Hamdi, CEO of Raina Solutions. “It’s an essential tool. We use various network monitoring and mapping solutions but InterMapper is everyone’s favorite. It works across vendors and platforms, is very easy to use, yet incredibly powerful.”

As a master distributor, Raina Solutions will sell InterMapper directly to client companies and recruit and support smaller resellers with training and second-level support. “While InterMapper is easy to implement and very intuitive, partners like Raina Solutions help us make sure that customers are exercising the entire feature set and achieving fast return on investment," says John Sutton.

About Dartware - www.dartware.com
Dartware, LLC develops the InterMapper® network mapping and monitoring software with an integrated NetFlow analyzer. InterMapper earns a quick return on investment by proactively alerting administrators to potential slow-downs, crashes, and other business interruptions. Its real-time, color-coded maps and other displays provide users with an instant view of their network including device status and bandwidth usage. Dartware's software is installed in financial services, healthcare, retail, education, government, non-profit, WISP and ISP organizations around the world.

About Raina Solutions - www.rainasolutions.com
Raina works with clients to identify business and technology needs and respond with customized solutions that significantly leverage investment and produces desired growth. We take advantage of our global team to bring technology expertise at competitively-priced, custom-designed software, IT, and technology-enabled marketing solutions. Raina solutions is headquartered in Boston, MA.