In this issue ...

• A Layered Approach to Security: Raising the Bar
• SC Magazine: Entrust's Secure E-mail, Versatile Authentication Solutions are Five-Star Products
• Fraud Detection Solutions: The Top 8 Questions You Should Ask Before You Buy
• Entrust Lands Secure E-mail Bid for Top-50 U.K. Law Firm
• Public Key 2.0: PKI Matures, Becoming Security Benchmark

---

A Layered Approach to Security: Raising the Bar

The Entrust layered security strategy is an advanced approach to ensuring the digital identities and information of an organization, enterprise or government agency are protected. Leveraging this layered security model to address growing risks, Entrust solutions help secure the most common digital identity and information protection pain points in an organization. These include SSL, authentication, fraud detection, shared data protection and e-mail security.

What is the value of implementing multiple layers of security to enable and protect organizations, identities and information?

For some organizations, it is possible to sub-optimize a collection of point solutions from a variety of vendors in an attempt to secure all avenues into an organization. However, the risk of those solutions leaving unprotected gaps in security — and ultimately easy access to information and identities — is far too great. The Entrust layered security strategy affords security-conscious organizations a higher level of synergy, interoperability and cost-effectiveness.

Offered in three distinct platforms — Authentication & Fraud, Information Protection and Public Key 2.0 — easy-to-use Entrust solutions are the foundation of layered security models that can help improve end-user acceptance and reduce help-desk calls. The Entrust suite of award-winning solutions can be seamlessly leveraged to provide the layered security environment tailored to the needs of any organization — regardless of scope, vertical or environment.

How does layered security adapt to meet evolving business challenges?

A pioneer in digital identity and information security, Entrust championed the development of many of the world's most secure infrastructures. Today, Entrust security solutions are lauded because of their interoperability, easy-to-use capabilities and scalable nature. Entrust solutions address current and future security challenges with strategies that provide layered safeguards, which protect information and identities against sophisticated threats, increase efficiency, and enable customers to apply security policies and procedures to fulfill regulatory demands - all while empowering users.

Can a layered security strategy reduce the risk associated with integrating point solutions?

Instead of inflexible point products, organizations can leverage a comprehensive layered security model that addresses the challenges of consumer, enterprise and government environments. Entrust provides a suite of security solutions that foster a vital synergy and promotes interoperability, efficiency and cost-effectiveness.

---

SC Magazine: Entrust's Secure E-mail, Versatile Authentication Solutions are Five-Star Products

Based on their last two product reviews, Entrust security solutions provide premiere products in the eyes of SC Magazine. The well-respected IT security publication reviewed a pair of Entrust offerings — Entrust Entelligence Messaging Server and the Entrust IdentityGuard versatile authentication platform — and had nothing but praise.

SC Magazine labeled the award-winning Entrust IdentityGuard — a key component of a layered security strategy — as a "Best Buy" in their authentication group test, which featured side-by-side comparisons of the industry's leading authentication platforms. This accolade, the top honor they bestow during comprehensive reviews, was accompanied by a perfect five-star rating — only one of two vendors to do so — and was hailed as "a simple solution to a complex problem, providing a single interface to manage two-factor authentication."

The group review, which compared products from 11 total vendors, evaluated authentication solutions on the merits of performance, features, ease of use, documentation, support and value for the money. Competing authentication vendors tested included RSA, Vasco, ActivIdentity, Stealth, Aladdin, PassGo, Authenex, Crypto-Shield, SafeSign and Tri-D. When comparing available product support for the authentication platforms, Entrust received a five-star rating in five of the six categories, topping all competing solutions.

In their September 2007 issue, SC Magazine rated the Entrust Entelligence Messaging Server 9.0 as a five-star product and one of the best e-mail security choices for the money. The hardware-based e-mail encryption solution, which also serves as key component of a layered security approach, was found to be one of the most flexible and manageable solutions tested. Further, it was concluded that the solution was "a first-rate appliance in all respects" and "a good value for the money."

The group review, which compared products from eight total vendors, evaluated e-mail security solutions on the merits of performance, features, ease of use, documentation, support and value for the money. Competing e-mail security vendors tested included Centurion Soft, E-Lock Technologies, PGP, Secured eMail Limited, Tumbleweed, Utimaco and Voltage Security.

SC Magazine awarded Entrust Entelligence Messaging Server 9.0 the maximum five stars in all categories, which were broken down by features, performance, ease of use, documentation, support and value for money. A respected, unbiased resource, SC Magazine enables IT security professionals to make informed security decisions for their companies by offering a consolidated view of the IT security space through independent product tests and well-researched editorial content. SC Magazine also provides readers with the necessary knowledge about IT security strategies, best practices, government regulations and current infosecurity tools.

---

Fraud Detection Solutions: The Top 8 Questions You Should Ask Before You Buy

When it comes to detecting fraudulent activity, a number of solutions are available in the market that can help defend, adapt and protect against cyber crime. But what approach is best? To help sort through the vendor hype, Entrust offers the following list of questions you can ask while evaluating different solutions. Download the full document here.

1. Do you have to send your data outside the organization to be analyzed?
2. What is your fraud rate capture?
3. Once new fraud patterns have been discovered, how quickly can the system be updated to start catching these types of fraud?
4. Once you have identified the fraud patterns and implemented the new rules, is your system effective in detecting it 100 percent of the time when it happens?
5. How effective is your fraud system in handling the IVR and call center channels in addition to the online channel? Can it stop fraud across those channels?
6. Does the fraud platform allow you to stop the fraudulent transactions before the money leaves the financial institution?
7. Does the system allow you to do forensics on transaction histories to find other incidents of a fraud pattern or how a newly discovered type of fraud was perpetrated?
8. Now that you've caught the fraud, how are you going to prosecute?

The Bottom Line: Do you have a zero-touch fraud detection solution with minimal impact to customers and to your infrastructures -- that simultaneously protects you and your brand?

---

Entrust Lands Secure E-mail Bid for Top-50 U.K. Law Firm

The Entrust Entelligence Messaging Server continues to gain momentum. Charles Russell, a top-50, U.K.-based law practice, selected the Entrust secure e-mail solution to provide seamless e-mail encryption to protect sensitive data for clients and customers.

According to an August article in Datamonitor, a division of Computerwire, Entrust was awarded the contract over Voltage, based on Entrust's full suite of security platforms and capabilities. Both vendors offered server-based e-mail encryption, but Entrust Entelligence Messaging Server, a key component of a strong, layered security strategy, provides options and capabilities that leverage public key infrastructure (PKI), SecureMIME, PKIX and PGP.

With Entrust Entelligence Messaging Server deployed, the firm's clients can benefit from e-mail encryption regardless of their own capabilities. To streamline protocol, Charles Russell places e-mail encryption policy management in the hands of the organization's IT department, freeing lawyers from the burden of encrypting confidential information during electronic communication.

A testament to Entrust's heritage, Charles Russell was attracted to the standards-based credential management technology within Entrust Entelligence Messaging Server. The solution automates harvesting of certificate credentials, and boundary deployment eliminates lawyer intervention, one of the initial requirements of the firm. As a standards-based credential management solution, Entrust Entelligence Messaging Server delivers a technology that can evolve as the practice's security goals change over time.

U.K.-based Charles Russell is a top-50, full-service legal practice with offices in London, Guildford, Cheltenham, Cambridge, Oxford and Geneva. The firm boasts the expertise and size to advise on complex, cross-border transactions and to manage the input of international networks of major law firms. The organization's clients range from international, FTSE and AIM-listed businesses to governments, not-for-profit bodies, private individuals, trustees and intermediaries.

---

Public Key 2.0: PKI Matures, Becoming Security Benchmark

If you thought public key infrastructure (PKI) was a dead technology, the State of Illinois is living proof that it's back and better than ever. One of the leaders in promoting and advancing e-government initiatives, the State of Illinois continues to find innovative ways to leverage PKI as diverse agencies within the state continue to adopt its capabilities.

Originally launched in the late 1990s, Illinois' PKI venture with Entrust, managed by the state's Central Management Services (CMS) office, was only one in a handful of such implementations. Today, PKI is finding more traction than ever. Illinois is receiving praise for its patience with the infrastructure and is now seeing dividends.

An August article in Government Computer News (GCN) applauds Illinois' ability to fully deploy PKI and become cross-certified with the Federal Bridge Certification Authority (FBCA), which provides citizens, businesses and state employees with seamless access to a number of federal government applications.

To date, the State of Illinois, recognized across the country as pioneers of government PKI, has issued more than 107,000 digital certificates. All told, 26 state agencies, eight universities and six local governments leverage the Entrust PKI solution portfolio to secure sensitive data through authentication, digital signatures and e-mail/file encryption.

The media aren't the only ones taking notice either. In June, Gartner released a case study, "Slow and Steady Wins the Race for PKI in Government," a follow-up to a 2002 report, which highlights the State of Illinois' success with the implementation and the advantages it provided participating agencies.

More than 15 states have inquired to the State of Illinois regarding its PKI model and how best to approach the implementation of a citizen-centric government. Entrust's solutions helped the state earn recognition for its leadership. For more on the State of Illinois' PKI initiative, review Network World's July 11, 2007, article: "Illinois puts pizazz back in PKI."

The success of the State of Illinois' PKI initiative, as well as favorable coverage from both media and research outlets, are positive signs for the advancement of PKI technology, particularly in the government sector.