Press Release Summary:
Mobile Firewall Plus prevents unauthorized enterprise access by protecting devices and data to minimize organizational exposure to handheld vulnerabilities. Product provides always-on, device-level security that scales seamlessly to support growing mobile workforce. Multi-layered security software provides AES-based encryption and enforcement of power-on passwords, device-level integrity manager, cross-packet analysis, and device quarantine functions.
Original Press Release:
Bluefire Unveils Industry's First Handheld Security Software to Protect Mobile Enterprises
Johns Hopkins Medicine Deploys Mobile Firewall Plus to Protect Confidential Patient Data from Wireless Device Attacks and Vulnerabilities
BALTIMORE - April 28, 2003 - Bluefire Security Technologies today announced the availability of its handheld security software, Mobile Firewall Plus. Designed to close the gap in enterprises' mobile security created by unsecured wireless devices and to prevent unauthorized enterprise access using devices as a backdoor, the software protects both devices and data, and minimizes organizational exposure to handheld vulnerabilities.
The security strategy of mobile enterprises will ultimately fail if they do not include installing security software on the handheld itself. By ignoring the handheld, organizations are creating a backdoor to the enterprise that can be easily accessed from mobile devices and the Internet. For example: Once a device leaves the protection of network perimeter defenses and is used in unsecured environments, it is susceptible to a variety of threats and can be easily compromised. When the user returns the compromised device to its cradle, the handheld is recognized as a trusted user and given clearance to access mission-critical information behind the firewall.
Organizations utilizing unsecured mobile devices are also vulnerable to information theft or copying of proprietary data that could impact a company's market performance. A sophisticated hacker could even enter a corporate network through the handheld and use it to plant a snooping program that would stream information back to the source undetected.
Much like the rapid adoption of laptops, mobile and wireless devices are becoming more common vehicles for enterprise data delivery, making them more popular targets for attack. Traditional security products will not be effective in defending the handheld because those products were not created to address the mobile platform's unique size and design challenges.
Given the level of risk of enterprise exposure via the handheld, protecting devices has become a top priority for enterprises that employ mobile technologies. A recent Gartner, Inc. report underscores the need for mobile device security, predicting that "security attacks through end-user devices are the primary threat to enterprises." Source: Gartner, Inc., November 2002, Report: Mobile Security Exposures, Trends and Remedies.
Risk is amplified for many mobile organizations, such as those in the health care industry, as they face not only internal challenges if attacked, but must also deal with federal regulatory issues that mandate how their information is stored and protected. If these organizations do not meet the specified requirements, they are fined and must comply.
Johns Hopkins Medicine, in Baltimore, has selected Bluefire as part of its complete security solution to protect patient data transmitted and stored on handheld devices in its clinical care areas.
Hopkins physicians will be able to access critical information throughout the hospital via Pocket PC-based handheld devices, enhancing the diagnostic and treatment processes. Recently, the organization launched a series of mobile applications for medical record updates, radiography, prescription ordering and coding.
Bluefire is also helping Hopkins protect patient information and meet the security requirements in the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA final security rule went into effect in April 2003 and specifically stipulates that portable computing devices that can store personal health information - such as PDAs - are subject to the data security requirements outlined in the rule.
"Johns Hopkins needs to protect their patients' personal information, but at the same time, make that information conveniently accessible to the hospital's medical staff to ensure quality of care," said Mark Komisky, CEO of Bluefire Security Technologies. "Our solution helps them achieve both, providing powerful, always-on, device-level security that is easy to manage and scales seamlessly to support their fast-growing mobile workforce."
Bluefire also announced today that Johns Hopkins Medicine and the Johns Hopkins University Information Security Institute intend to collaborate with them in research programs and work together on new handheld security solutions. The group plans to implement a test bed for innovations in some of the following areas: handheld device vulnerabilities; encrypted communications software systems; security software interoperability; authentication; and anti-virus and wireless network vulnerability testing.
Bluefire Mobile Firewall Plus is the right choice for organizations like Johns Hopkins because it is the only solution on the market that provides multiple layers of security on the handheld device. Key features of the Bluefire solution include:
o AES-based encryption and enforcement of power-on passwords protects information on the device;
o Device-level integrity manager alerts administrators to changes in system files, registries and applications;
o Cross-packet analysis secures mobile devices and enterprise networks from complex attacks and negligent transmission of malicious code during synchronization;
o Device quarantine functions shield the enterprise from compromised devices;
o Enterprise manager centrally controls devices, defines security policies and deploys security rules; and
o Scalable, relational database consolidates policies and profiles, collecting event logs for complete historical reporting.
Enterprise Devices Demand Enterprise Protection
The Bluefire Mobile Firewall Plus solution is uniquely architected not only to secure handheld devices but the enterprise networks to which they connect. At the heart of the product is a rules-based personal firewall engine that resides on the device, is easy to configure and customize, and protects against multiple attacks. A flexible solution, Mobile Firewall Plus allows IT administrators to set the appropriate level of security on the fly. The solution also provides real-time logging and alerting of all device-level activities. The logs allow administrators and end-users to track device usage, detect intrusions and identify attack methods via an intuitive graphical user interface for quick and effective problem isolation.
The solution's powerful handheld firewall capabilities are consistent with Gartner, Inc. recommendations for mobile security best practices. To protect handheld devices and enterprise data, Gartner recommends that organizations install a personal firewall on every device that has a wireless network interface card (NIC). "Within two years, we will be carrying a networked set of computers, as our cell phones, PDAs and laptops intercommunicate over IrDa, Bluetooth and 802.11b networks. Gartner believes this will require every person to carry a personal firewall to protect these networks in motion." Source: Gartner, February 2003, Wireless Access, Mobile Business Solutions Conference, Security and Privacy on the Run.
About Bluefire Security Technologies
Bluefire Security Technologies develops security software that protects handheld devices and data. The company's flagship product, the Bluefire Mobile Firewall Plus solution, is the industry's first complete firewall for handheld devices, providing firewall, intrusion prevention, integrity management, encryption, authentication and policy-based enterprise security management features that enable the safe use of mobile and wireless applications. For more information, visit www.bluefiresecurity.com or call (410) 637-8160.