News Robert Miranda News Robert Miranda

WEBCAST - Containerized IAM on Amazon Web Services (Part 2)

On August 15th, we partnered with ForgeRock to dive deeper into Containerized IAM. Watch the replay…

That's a wrap on Webcast #2! Even though it's over, you can still watch the replay here.

 

Audiences experienced an in depth review of: 

  • Assets and processes needed to containerize ForgeRock

  • Architecture and processes guiding containerized IAM on Amazon Web Services

  • How containers are deployed into Kubernetes

  • Monitoring and management strategies

  • Continuous integration configuration

BONUS: A demonstration of a deployment of ForgeRock into Kubernetes

 
Warren-Gio.png

Speakers Warren Strange, Engineering Director at ForgeRock and Steve Giovannetti, CTO & Founder of Hub City Media 

 

Read More
News Robert Miranda News Robert Miranda

WEBCAST - Containerized IAM on Amazon Web Services (Part 1)

On July 18th, we joined with ForgeRock to show why you don’t need to settle for a standard IDaaS solution and how you can get the exact IAM solution you want - in the cloud. Watch the replay…

That's a wrap on Webcast #1! Even though it's over, you can still watch the replay here.


Audiences discovered how running your IAM on AWS gives you the exact solution that you want with the operational model of a SaaS.  

July 18, 2:00-3:00pm EST

ForgeRock and Hub City Media have partnered together to deploy flexible and scalable IDaaS solutions using:

  • Docker (containerization)

  • Kubernetes (orchestration)

AUDIENCES LEARNED: 

  • Why AWS is a powerful environment for running containerized IAM solutions and how it can meet all of your business needs

  • How ForgeRock is leveraging Docker (containerization) and Kubernetes (orchestration) to prepare their platform for the cloud

  • Why clients are choosing this path and how they’re using containerization today to reduce costs and implement complex use cases in the cloud


Warren-Gio-orange.png

Speakers Warren Strange, Engineering Director at ForgeRock and Steve Giovannetti, CTO & Founder of Hub City Media to explained how you can deploy using this model. 

 

 

Don’t fear the move from on-premise Identity to the cloud. 

Don’t settle for an Identity solution that is anything less than exactly what you need. 


Read More
News Robert Miranda News Robert Miranda

April 2018: Oracle Releases Quarterly Security Patch Updates

Hub City Media advises all Oracle customers review these security vulnerabilities with their teams…

As part of Hub City Media’s ongoing efforts to ensure Oracle IAM environments remain secure, we are advising that Oracle has released their quarterly Security Patch Updates.

We've evaluated these updates and created a summary of critical patches that may be required for client environments. To maintain the best possible security posture, please review these patches with your team.

For assistance with applying these patches, contact us


Component: Oracle Java SE 7
Sub-Component(s): Hotspot, Security, AWT, Concurrency, JAXP, JMX, Serialization, RMI
Patch Number: 13079846
 
Vulnerability Details: 
There were 11 new vulnerabilities discovered in Java 7. These vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. Some vulnerabilities are easily exploitable, and most allow an unauthenticated attacker with network access via multiple protocols the ability to compromise Java. Some vulnerabilities require human interaction from a person other than the attacker, and while the vulnerabilities are in Java SE, attacks may significantly impact additional products.


Successful attacks can result in:

  • unauthorized read, update, insert or delete access to some of Java SE accessible data
  • unauthorized creation, deletion or modification access to critical data or all Java SE accessible data
  • unauthorized ability to cause a partial denial of service (DOS) of Java SE
  • unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data
  • takeover of Java SE, Java SE Embedded

Some vulnerabilities can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. They can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. Other vulnerabilities apply to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

 

Component: Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3
Sub-Component(s): WLS Security (Apache OpenJPA), WL Diagnostics Framework (Apache Log4j), Sample apps (jackson-databind), WLS Core Components
Patch Number: 27453773
 
Vulnerability Details: 
This Critical Patch contains three fixes for Oracle WebLogic Server version 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3. These vulnerabilities are easy to exploit, allowing unauthenticated attackers with network access via HTTP or T3 to:

  • compromise Oracle WebLogic Server and perform a takeover of Oracle WebLogic Server 

This Critical Patch also contains a fix for Oracle WebLogic Server version 12.2.1.3. This vulnerability is easy to exploit, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server and: 

  • gain unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data
  • gain unauthorized read access to a subset of Oracle WebLogic Server accessible data
  • gain unauthorized ability to cause a partial denial of service (DOS) of Oracle WebLogic Server

In addition to the above patches, Oracle has released patches for several of their products. The entire list of products, which you may want to share within your organization, can be found here.


People Working_MSS_Licensed.jpeg

With every patch update, our team ensures your Oracle system is up to date and running smoothly.

Learn more about how we can help you...

Read More
Robert Miranda Robert Miranda

HCM to Run Live Demos at ForgeRock's Identity Live in Austin

Hub City Media to host a booth this year at ForgeRock's Identity Live in Austin, showcasing...

Hub City Media will be hosting a booth at the two day Summit in Austin, Texas on May 2nd and May 3rd, and is inviting all attendees to stop by to check out live demos of Governance, Delegated Administration and Reporting - all BUILT FOR FORGEROCK. 

As a proud ForgeRock partner, we're excited to have the opportunity to showcase the products we've built directly on top of the ForgeRock Identity Platform. It's important we show Summit-goers how these products can help their business with compliance needs, as well as the access and roles of their employees and customers. Most importantly, they can be deployed in the cloud with ForgeRock, and they're very easy to install and run. 

Have a question about how these products fit in with your environment? Stop by the Hub City Media booth in Austin or fill out the form below to get started: 

Read More
News, Featured Jacque Tesoriero News, Featured Jacque Tesoriero

What Happens in the Cloud, Stays in the Cloud: AWS re:Invent takes Vegas

This conference is an eye opener for anyone in the field, from potential developers to CTOs...

From November 27 to December 1, the city of Las Vegas was a hub for Identity and Cloud discussions - from the Gartner IAM Summit to the AWS (Amazon Web Services) re:Invent Cloud Conference. With an ever changing industry landscape, it can be difficult to keep up; however, the AWS conference brought a multitude of new ideas to the table and did not disappoint.

Members of the Hub City Media team attended re:Invent, including CTO and founder Steve Giovannetti. “This is the future of how systems are going to get developed. We’re going to start seeing more people going to the cloud, more interesting uses of the cloud and serverless technologies like AWS Lambda. This is the next step in the cloud evolution.” 

Thousands attended the conference, bustling back and forth between Key Notes and Tech Talks. One talk that stood out to our team was “Automating DDoS Response in the Cloud,” focusing on how to automate security infrastructure. Large-scale cyber security attacks are becoming more and more frequent - staying a step ahead of hackers is crucial to keeping our data safe. We were able to see what innovations AWS is making in the cloud, including using an Amazon Dash Button to run scans or ask Alexa if they’d been hacked. Looks like she does more than report weather!  

Giovannetti also participated in the annual AWS Hackathon, along with about 400 others. Teams worked on completing a series of challenges over the span of eight hours - many providing difficult hurdles to overcome. The challenges spanned from requiring forensic analysis to taking a broken environment, repairing and then hardening it. Through this, the audience was able to see the extensive security features and services offered by AWS. 

One of the most interesting aspects of the conference was seeing how AWS’s biggest clients, like Netflix and Capital One, are leveraging the platform. The major common thread between these types of clients is the use of automation as the key to managing large environments. Many clients were using AWS Lambda to implement Open Source frameworks to a surprising scale, as well as building functions to enforce security policy. 

AWS went through a laundry list of new announcements for their technology, including AWS support for Kubernetes and Amazon GuardDuty Intelligent Threat Detection System. One of our many takeaways from this conference is that, with the incredible amount of talks, meetings and key notes to attend, attendees really need to focus on one track and stick to it in order to walk away with the most value. This conference is an eye opener for anyone in the field, from potential developers to CTOs - even if you don’t use AWS, the conference still provides copious amounts of new and important information. 

Hub City Media’s Security Engineer, Eli Krantz, was very satisfied with his learning experience and enjoyed the “TED-talk-like” atmosphere. “Anyone who is uncertain about moving to the cloud will change their mind after attending this conference. I went in liking the cloud, but for the skeptics out there, this is a great one to attend. It really gets you thinking about how to handle and audit security in the future. I left with a much stronger understanding of AWS security practices, and I’m excited to use this in the field.” 

See you next year! 


For a closer look at what went on at the conference this year, check out the AWS youtube channel. 
 

Read More
News Jacque Tesoriero News Jacque Tesoriero

Cloud Focus at Oracle Open World 2016

Hub City Media attending OOW 2016, bringing Oracle-complementary Cloud products...

Are you looking to deploy to the cloud? Hub City Media products combined with Oracle IDCS can help. 

  • HCM IDCS Webgate - Save money and time by managing on-premise Access Management Systems from the cloud
  • HCM IDCS MFA for DB - Ensure secure VPN and database access with Two-factor Authentication and avoid detrimental breaches
  • HCM IDCS Provisioning - Eliminate the need for local provisioning 
  • HCM cloudMFA™ - Out-of-the-box Authy integration for Oracle Access Manager
  • AutoInstaller - One-click, full Oracle product installations in less than one-hour 

 

Find the solution that's right for you. Contact us today to preview these products at this year's OOW! 

Read More
News, Featured Jacque Tesoriero News, Featured Jacque Tesoriero

Enterprise User Security Lunch & Learn with Oracle

Atlanta Lunch & Learn on Enterprise User Security sparks important discussion...

Hub City Media (HCM) and Oracle hosted a Lunch & Learn event in Atlanta on April 7, 2016, providing industry leaders with the opportunity to discuss Enterprise User Security (EUS). The discussion focused around simplifying user management and avoiding common security risks. 

As enterprises keep up with data proliferation, database tasks such as provisioning, resetting passwords, assigning roles and managing privileges become a greater challenge. We established this forum to help businesses understand how to consolidate / manage user credentials and privileges using Directory services while strengthening security and compliance. 

HCM presented various case studies around EUS, showcasing our ability to assist customers with database issues by implementing EUS, and were well-received by the audience. Two examples are detailed below.  

National Insurance Company

Business Problem
-Manage database access by individuals with AD credentials
-Include multiple AD domains across operational groups in multiple data centers
-Retain user identity in database account name

Technical Solution
-Enterprise User Security
-OUD with replication across data centers
-OUD proxy links to 3 AD domains
-Dedicated Schema account mappings

National Healthcare Management

Business Problem
-Healthcare breaches in the news
-Risk focus on individual user database access: authentication and authorization
-Risk assessment showed poor password management and orphan    account management

Technical Solution
-Enterprise User Security
-OUD with replication across data centers
-OUD proxy to Active Directory
-Mix of Shared and Dedicated Schema account mappings
-Enterprise roles provisioned via group membership

 

Demonstration on Oracle Enterprise User Security. Presented by Hub City Media, Inc.

Even if you’re already using Oracle Data Redaction, Database Firewall, Virtual Private Database and / or Fine Grained Auditing, EUS can also significantly improve the quality and enforcement of your policies. This feature can simplify account provisioning across ALL Oracle databases and can be fully managed through an Active Directory.

 

If you'd like to learn more about EUS or any of our Database Security or IAM offerings, we'd be happy to help! Contact us for more information

 

Hub City Media is a software integrator specializing in sophisticated Identity and Access Management solutions, custom software development and integrations. We provide fully customizable Professional Services and 24 / 7 / 365 Managed Support tailored to the specific needs of each organization. 

Read More
News Jacque Tesoriero News Jacque Tesoriero

World Famous Hacker, Kevin Mitnick, Stuns Audience During RSAC

He used to be one of the F.B.I’s most wanted black hat hackers...

Hub City Media and Oracle host Kevin Mitnick during RSAC 2016

He used to be one of the F.B.I’s most wanted black hat hackers, but now he uses his expertise to showcase to businesses and audiences the security vulnerabilities that could destroy them. Kevin Mitnick, world famous white hat hacker, joined Hub City Media and Oracle to share game changing insights on cybersecurity during the RSA Conference this year. Mitnick is a hands-on, entertaining and versatile presenter, using live technology to make unforgettable impressions on the audience and drive home the dangers of cybercrime. 

mitnik.jpeg

During the presentation, a brave volunteer allowed Mitnick to “hack” her live.

The results of what he does during his presentations are “shocking and sobering” as the audience walks away with a heightened sense of their susceptibility to cyber-attacks. During the presentation, a brave volunteer allowed Mitnick to “hack” her live. In a matter of moments, he captured her birthday, mother’s maiden name and social security number - all with only a name. From that moment on, if Mitnick were a malicious hacker, he could have wreaked havoc with her identity, doing untold damage to her bank accounts, credit score and even reputation!

Seeing Mitnick secure this stolen data in front of a live audience is a truly eye opening experience, illuminating the minimal effort it takes for a hacker to essentially ruin someone’s life or business. “It’s disconcerting to see how easy it is for someone to get access to such personal, private information,” said Philippe Monrougie, CEO of Hub City Media. 

mitnick2.jpeg

Mitnick focused largely on security dangers that we are exposed to everyday - not just cyber, but physical attacks as well, enlightening the audience on social engineering. People are the weakest security link. Who in your organization would be an easy target for a hacker? Individuals who may not be as sophisticated with technology could be first on the list. Insecure password storage and vulnerability to scams are among the long list of ways people can be manipulated, leading to problematic holes in an organization’s security infrastructure. We can secure machines to the highest standards, but engineering a human to avoid sophisticated social attacks is not something that can be packaged. 

Cybercrime is on the rise and growing at a rampant pace. It is absolutely crucial to carefully assess your vulnerabilities and develop a strategy to address them, or you and your business could be next. 

 

Hub City Media is a software integrator specializing in sophisticated Identity and Access Management solutions, custom software development and integrations. We provide fully customizable Professional Services and 24 / 7 / 365 Managed Support tailored to the specific needs of each organization. 

Contact Us For More Information 

Read More
News Jacque Tesoriero News Jacque Tesoriero

Hub City Media Hosts the Boston Bruins Mobile Security event with Oracle's Security Team

In the next 6 years there will be a 75% increase in user access shaped by a mobile architecture (Gartner, 2014)...

New findings indicate that in the next 6 years there will be a 75% increase in the user access shaped by a mobile architecture (Gartner, 2014). With such prominent trends already making their mark on today’s businesses, the Federal Bureau of Investigation’s cyber security division is teaming up with Oracle Corporation and Hub City Media to inform companies of the impeding need for developing new security strategies, the potential risk and oversight, and the preventative measures to successfully protect user data and improve productivity.

Gartner, Forrester Research, and technical experts worldwide are reporting exploding statistics about mobile trends, stating that by 2020, 80% of user access will be shaped by mobile and non-PC architectures, leaving companies who jump on the band wagon even more vulnerable for attack. (Gartner, 2014)

In a time where security slip ups lead to international PR nightmares, information security is of the utmost importance to a company’s success, and the development of a productive and secure mobile security strategy should be at the forefront of their 5-year plan.

With the help of the Federal Bureau of Investigation, Oracle Corporation and Hub City Media have begun to build out security networking communities in major cities across the country. Each city marks a new cyber security executive round table; an exclusive networking opportunity for 10-20 local security executives to discuss their biggest security challenges and best practices with their peers and with industry experts from the FBI and Hub City Media.

The mobile security campaign began on the west coast, where FBI special agents spoke to a room filled with Chief Information Officers, Directors of Information Security, and Directors of Applications, about the noted cyber threats in Palo Alto, CA, and Seattle WA.  The success of the first two events lead to two additional round tables, in New York and Denver, CO. 

A variety of challenges were discussed during the event, from protecting customer data and maintaining PCI compliance, to BYOD and its consequences. Mobile security guru Steve Giovannetti helped facilitate the following mobile security discussion, providing statistics from Forrester Research; “Currently, 50% of US & European enterprises are implementing official BYOD programs.” This statistic will only grow as employee demand rises and mobile workforces increase.

Hub City Media plans to continue the networking with follow up meetings and virtual user group discussions via private LinkedIn groups. If you are interested in participating in a cyber security user group, feel free to contact us as we are continuously expanding our reach. 

Read More
News Jacque Tesoriero News Jacque Tesoriero

New York FBI Cybersecurity Event

The FBI, HCM and Oracle discuss security vulnerabilities...

Oracle / Hub City Media’s 3rd FBI Cyber Security Executive Round Table at the Four Seasons in New York

The New York Cyber Security Executive Round Table took place Tuesday, August 19th, providing 11 New York City security executives with the opportunity to discuss security vulnerabilities with FBI special agent in charge of the cyber security division, and nine industry experts from Oracle and Hub City Media.

Executives from the financial, media, telecommunications, and manufacturing industries attended the networking luncheon, enjoying a three course meal at the Four Seasons in Manhattan. Special Agent in Charge of the New York FBI Cyber Security division kicked off the event with an impressive security presentation, providing insider secrets into the motives and processes of today’s harmful hackers and explaining real-world examples of their attacks.

A variety of challenges were discussed during the event, from protecting customer data and maintaining PCI compliance, to BYOD and its consequences. Mobile security expert Steve Giovannetti helped facilitate the preceding mobile security discussion, providing statistics from Forrester Research; “Currently, 50% of US & European enterprises are implementing official BYOD programs.” This statistic will only grow as employee demand rises and mobile workforces increase. 

Post event surveys indicated that the customers highly valued both the opportunity to network with their peers, and the presentations provided by our industry experts.  Through the success of this first event, we are building a security user group for the New York security community, enabling these executives to continue networking via a private Linkedin group, as well as a future meet up events to come.

Read More
News Jacque Tesoriero News Jacque Tesoriero

Oracle Press Release Commends HCM

Hub City Media recognized as a key Oracle partner...

Oracle Press Release Commends Hub City Media for Customer Enablement

A press release was published today by Oracle's Identity Management team, titled "Oracle Identity Management Achieves Significant Customer and Partner Adoption." Discussing customer trends towards developing a "unified approach to enterprise wide identity management," Hub City Media was stated as a key partner, enabling customers with "consistent access controls" and an "optimized user experience across the extended enterprise." 

Read More
News Jacque Tesoriero News Jacque Tesoriero

Hub City Media Attends WWDC!

At the conference, HCM explored Apple's latest operating system offerings and connected them with our own app, IdentityCert...Free trial on iTunes!

Three members of the Hub City Media technical team attended the 2014 WWDC conference in San Francisco, CA. Joining our CTO and founder, Steve Giovannetti, were two advanced architects who explored Apple’s latest offerings around iOS 8 and OS X 10.10 Yosemite.

After participating in exclusive keynotes and receiving inside knowledge of Apple's new advancements, they had the opportunity to improve upon Hub City Media's successful mobile application, Identity Cert.

Identity Cert is a mobile identity certification solution that integrates with Oracle's Identity Governance suite to provide it's capabilities through a user-friendly, mobile application. Using Identity Cert, company managers can view a simplified identity dashboard, complete identity certifications on the go, and resolve identity policy violations in real time.

While at WWDC, the Hub City Media team attended sessions designed to modernize this app, improve the aesthetics, and further integrate it with Apple's latest operating system. Take a look - a free demo is available on itunes.

Read More

FOLLOW US

FEATURED POSTS