SSS are specialist IT Security Developers and Resellers with over 25 years experience.

Meeting the IT security needs of our customers, and providing overall customer satisfaction is the foundation of SSS's business. Our team work hard to ensure that we properly understand your needs, and that the products and services we sell are a good fit for you. We thrive on solving your IT security problems.

Our Mission:     To provide enterprises with cutting edge and best fit security products, support and consulting services which combine our intellectual property, expert problem solvers and understanding of the customer's business to create peace of mind.


July 2014

Self-service password reset portals can save you time and money

It’s probably the simplest and most common task in IT, and yet it typically adds the heaviest burden on helpdesks.

Figures on the “Net”, show that anywhere between 20% - 50% of Service Desk calls, are related to password resets alone. Going with those figures, in a team of 4 Service Desk staff, 1-2 people would be exclusively resetting passwords. Not a very inspiring role. It seems fairly obvious that these resets have a high cost to the business, both in terms of over-consumption of service desk resources, and in reduction of general staff productivity.

There is however a better way of managing password resets – that is cost effective for most organisations – and that is to deploy a self-service password reset portal.

Most of the self-service solutions out there are based on Active Directory (AD) password resetting so, if you are a fairly homogenous Microsoft shop, you are likely to be able to find a very cost effective solution. If your environment is more complex i.e. it also includes a mix of UNIX, database passwords, and/or web based resources with their own authentication process, then an appropriate solution can be proportionally more complex, but often still cost effective.

There is no shortage of products out there, ranging from open source products like pwm, through to commercial offerings from the likes of Entrust and Oracle.

In assessing your options, you need to be cognisant of the security implications, and select one, and deploy it in such a way, that it meets your organisation’s security/risk-management requirements.

How do they work?

Self-service portals use a variety of mechanisms depending on the solution, but probably the simplest form would be a series of “things that you know” type questions i.e. what is your favourite Ice Cream? Who is your role model? Moving up the ladder of sophistication, e-mails and SMS can be used to send one-time passwords. Sophistication more often than not brings about a little more expense and complexity, but usually improves the overall security as well. Below is a list of some of the reset mechanisms available:

  • SMS one-time password (things you have)
  • Email one-time password (things you have)
  • Biometrics (things you are)
  • Challenge Questions (things you know)
  • Phone one-time password (things you have)

The Enterprise

Moving up the scale, mid to large organisations may want to consider introducing an authentication platform. The benefits here are the multitude of authentication systems and types they can manage ranging from passwords through to certificate based smart credentials to tokens and biometrics. Products such as Entrust IdentityGuard spring to mind when considering feature rich solutions. Now-a-days, being able to manage smart credentials on a mobile device is often equally as important as being able to reset a Windows password. A good authentication platform should provide a rich variety of self-service options for all your authentication types, and be able to work across multiple Authentication systems, and finally be secure.

Contact us if you’d like assistance in selecting and deploying a best-fit self-service password reset portal for your organisation.

Secure Email: we think S/MIME is the best secure email standard for most business and government situations

SSS has more than a decade of experience in helping organisations deploy and manage secure email solutions. Specifically, our SecureIT S/MIME gateway solution is at the heart of that, and is used by government agencies and businesses here in New Zealand, and around the world. SecureIT is also fully SEEMail V3 certified by the NZ Government.

The key security features of S/MIME based email are digital signing and encryption. These two features are used to impart the following important security characteristics:

  • Authenticity – you can be sure of the identity of the sender; and
  • Non-repudiation – the sender can’t deny they sent it; and
  • Confidentiality – you can be sure no-one else has been able to read the contents of the email; and
  • Integrity – you can be sure the message hasn’t been changed or tampered with in transit.

There are other approaches used for securing email, and one of the more commonly used ones is TLS. Here is a very brief list of the key reasons why S/MIME is more secure than TLS:

  • Authenticity. TLS can be used with mutual authentication, but this does not provide authenticity of an e-mail message. E-mail messages can easily be spoofed. S/MIME, because it provides a digital signature, will always assure authenticity.
  • Non-repudiation. TLS will never meet this as there is no lasting signature to prove the originator.
  • Confidentiality. TLS meets this characteristic only during the session, whereas S/MIME meets this characteristic always.
  • Integrity. Assuming the chosen TLS security includes a digest; TLS will meet this characteristic, but only over the TLS session. S/MIME will meet this characteristic at all times.

Contact us if you’d like to discuss how best to enable secure email for your organisation.

Sophos Tolly report for virtualisation scanning:

Many of the organisations we have been talking with have expressed interest in finding out more about endpoint protection in virtualized environments.

Sophos have a solution in this area – Sophos Antivirus for vShield - and this has been assessed by the Tolly Group alongside some competitive offerings. The Sophos solution demonstrated consistently better performance and by inference, lower system resource demands than McAfee MOVE Agentless 3.0 and Trend Micro Deep Security 9. The Sophos solution also allowed for more simultaneous VMs than the other solutions tested.

The report includes blow by blow performance numbers that show that the Sophos vShield scanning solution is considerably faster and better performing than the alternatives. You can see the full Tolly report here.

Customer Focus: MidCentral DHB deploys RecallIT to help ensure the protection of private data.

With approximately 2,500 users across its network of campuses, MidCentral DHB processes almost 2,000 emails per day on average. With such a high volume of email activity, it is inevitable that occasional mistakes occur, so MidCentral DHB needed to find a solution to help it better manage the accurate sending of all outbound email.

"We handle a huge amount of data via email each day, and the need for all outbound emails to be accurate, and securely managed, is paramount to the organisation," says Robert Bradnock, Team Leader – Infrastructure at MidCentral DHB. "

As a government department we have been watching recent public sector privacy issues very closely and proactively identifying ways in which we can ensure we don’t suffer the same embarrassing situation," he adds. "We started looking at a lot of different solutions and while most had some good features, very few offered everything we needed," says Mr Bradnock. "It was only when we saw RecallIT that we felt we had a solution that ticked all the boxes," he adds.

RecallIT® is an email delay gateway that enables users to recall ‘faulty’ emails sent to external recipients. It holds outbound emails for a specified period prior to them actually leaving the organisation. Users are then able to ‘recall’ any of those emails.

MidCentral DHB is pleased with the value that RecallIT® has already delivered to its organisation. "RecallIT is a bit of a hidden gem really, a quiet achiever, that sits there doing exactly what we need it to do every day," says Mr Bradnock. "We’re only human and not robots and that means mistakes will happen, but with RecallIT we instantly have a layer of protection we didn’t have before," says Mr Bradnock.

"It’s a bit like an insurance policy that will help ensure we don’t find ourselves in an embarrassing situation," he explains. "RecallIT has satisfied all of our requirements, at a very reasonable cost of ownership, and continues to help us protect both our email and the reputation of MidCentral DHB," he concludes.

You can read the full Case Study here.

June 2014

SSS wins Sophos Australia-New Zealand Partner of the Year Award:

SSS has been helping you - our customers - protect your IT systems with Sophos solutions for more than a decade now, and for the past 6 years SSS has won Sophos' New Zealand Partner of the Year award. This year we had Andrew Thompson-Davies and Sebastian Kramer representing us at the Sophos partner conference in Hanoi, Vietnam, and we were delighted to be awarded the new combined Australia – New Zealand Partner of the Year award. For us - a New Zealand based company - to win best partner across all of Australia & New Zealand is obviously much more significant than the local New Zealand award that we had been winning previously. We are proud of our long and successful association with Sophos, especially since we see that this strong relationship directly enables us to provide better solutions and protection for our customers.

You can read the press release here:

Certificate Discovery as a service

Do you know where all of your certificates are, what they are used for and who the key contact is? Many of our customers struggle to keep track of and manage their digital certificates and some have had serious business issues with certificates going unnoticed and expiring.

SSS can offer you a one off Certificate Discovery service (Using Entrust Discovery) which will provide you with a report of all of your certificates and their expiry dates regardless of where the certificate came from. SSS will, either remotely or onsite, install our temporary Discovery tool, which will trawl your environment and use its multi-faceted collection methods to produce a report containing all of your certificate information.

The cost for this service ranges between $1,500 and $5,000 depending on the size/complexity of your environment. If you are interested in receiving a quote please contact us.

If you would prefer to have a system to manage your certificates on an ongoing basis, this one-off Certificate Discovery service would be a useful proof of concept of the Entrust Discovery product for your organisation.

Entrust Introductory offers:

We have been able to secure from Entrust special introductory discounted product prices – which are available for orders received before the end of July 2014. They are:-

  • 20% off all Entrust SSL Certificates; and
  • the following significantly reduced prices for IdentityGuard Multi-Factor authentication product bundles

Entrust's flagship authentication solution, Entrust IdentityGuard leads the industry as one of the most robust authentication and identity-assurance platforms. It delivers an unmatched breadth of capabilities and flexibility to meet the most demanding security environments.

By leveraging a cost-effective platform to authenticate and manage digital identities, businesses can broaden their security deployment, provide flexibility for employees and partners, while achieving operating efficiencies and maximizing their return on investment.

Entrust IdentityGuard is a strong Authentication & Identity management platform, working across users, machines and mobile devices. It enables a variety of authentication features including multifactor authentication. You can see more about the product here.

Contact us if you'd like to get a quote.

Free TransVault Insight PST content management and migration tool.

TransVault has announced a free, time-limited license of its TransVault Insight PST content management and migration tool. The software will enable enterprises to get unrivalled visibility of the actual contents of their PST files, including:

  • the age-profile of the emails stored in PSTs,
  • the types of email attachments stored,
  • the location of emails relevant to an eDiscovery exercise,
  • and much, much more.

Using this information organisations can then take highly targeted action to migrate, copy, or even delete-in-place individuals emails (i.e. not the entire PST file), with many benefits, including:

  • less data pulled across the network (i.e. don’t move the rubbish!)
  • less time and effort involved in achieving PST management goals
  • less data to transfer or process in the target system (e.g. Office 365 or an eDiscovery system)

TransVault Insight is the only solution able to give organizations granular control over the individual emails held in PSTs. It's also designed to offer massive scalability and de-duplicate content on the fly.

Read the full press release

Customer Focus: NZCER chooses Sophos Enduser Web Suite

Established in 1934, the New Zealand Council for Educational Research (NZCER) is the country's only national, independent educational research organisation. The Wellington based team of more than 60 permanent and casual staff produce research-based solutions that assist and inform the work of teachers and learners across the public and private sector. As an organisation that relies heavily on using technology, and in particular the Internet for research, NZCER needed an endpoint security solution that would block threats, not productivity.

One of the key shortcomings of its existing AV solution was an inability to effectively monitor web traffic and browsing behaviour, and this was a key catalyst for making NZCER start looking at what other security solutions were available.

In choosing Sophos Enduser Web Suite, NZCER was able to not only meet all of its immediate selection criteria, but also future-proof the security needs of the organisation.

"There were a number of things we were especially looking for in a new solution and Sophos Enduser Web Suite ticked all the boxes and more," says Mr Intemann, IT Systems Specialist at NZCER. "The things we were most impressed with were how neatly the Sophos solution integrated into the active directory, its automated deployment, and the accuracy of its reporting functionality," he adds.

NZCER is pleased with the value it has already realised from its investment in Sophos Enduser Web Suite.

"As far as web appliances go, with Sophos we were able to immediately see positive trends in our web traffic, and to that end it proved its worth straight-away," says Mr Intemann. "Working with SSS has also been great. They’re a great team with a really broad knowledge of security solutions, and they’re really easy to deal with," he adds. "We haven't really needed to contact SSS a great deal to be honest as the product is doing exactly what it is meant to do, and upgrades are automatic," he explains. "When we have needed their help, their support has been excellent and that has meant for a very smooth experience overall," he concludes.

You can read the full Case Study here.

May 2014

Sophos wins at 2014 Security Blogger Awards:

We, and many of our customers, find the award winning Sophos nakedsecurity blog interesting and useful. It contains articles on computer security, news, opinion, advice and research from Sophos. You might find it interesting too.

In February this year it again won an award at the annual Security Blogger Awards. You can see more on that here:

SSS releases new functionality for RecallIT – our email delay gateway.

RecallIT allows users to recall "faulty" emails before they are actually released to external recipients. This mitigates the risk of human error, and is a very useful element of an organisation's Data Loss Prevention strategy. The best part is that users love it!

RecallIT's main purpose in life is to hold emails for a configurable amount of time prior to them leaving the organisation. Users can browse to the RecallIT gateway, and control - i.e. recall, delete, hold or release any of their emails currently held at the gateway.

Users can also specify RecallIT subject line parameters at the time of email creation for further email management options – such as holding a particular email for a non-standard amount of time e.g. {embargo 4pm}.

We confidently claim that if you use email, you will find RecallIT useful.

Our latest release of RecallIT adds some useful new functionality – including

  • New Outlook "buttons" for quick access to RecallIT functions
  • New shared workstation forms-based authentication for web access
  • Ability to delegate control of embargoed emails on a per email basis
  • Ability to set an alarm for embargoed emails
  • New icons in the web interface to show info such as delegates, alarms, priority, & sensitivity

Contact us if you like to learn more about RecallIT.

Managing network traffic by IP-address alone just isn't enough these days

Next Generation Network (NGN) firewalls now allow you to manage traffic by User-ID as well, and this makes securing your network and enabling application control much more effective in today's environment, especially with the plethora of mobile devices now used to access systems.

Palo Alto have published a "Technology Brief" on this:

Long gone are the days when just monitoring IP addresses to ensure network security was acceptable.

As organizations' employees require network access from just about anywhere, IP addresses are constantly re-assigned, rendering it useless as a method of user control and security.

In this resource, explore a solution that integrates next-generation firewalls (NGFWs) with existing enterprise directory services so that administrators can easily link application activity and security policies to users and groups. By leveraging user information, IT teams can improve visibility, policy control, and logging and reporting capabilities to better protect networks. Read on to learn more.

Customer Focus: MidCentral District Health Board chooses Sophos Endpoint Protection Advanced to ensure greater control of its devices.

MidCentral DHB has approximately 1,800 desktop PCs across its network of campuses, and many of these terminals are accessed by multiple users. With an increased call on its IT resources, the DHB needed to ensure greater levels of control by introducing restrictions on the use of external USB devices and CD Rom drives. In evaluating all other available offerings, MidCentral DHB had a clear set of criteria it needed a solution to meet as a minimum. "We needed a solution that was easy to manage and use, provided a solid layer of control and comfort to the organisation, and would keep us protected now and into the future," says Mr Bradnock (Team Leader – Infrastructure at MidCentral DHB). "While most options offered some of what we needed, most were unable to tick all of our boxes cost-effectively," he adds. "SOPHOS Endpoint Protection Advanced was the stand out exception, with excellent functionality at the right price," he explains.

In implementing a change to SOPHOS Endpoint Protection Advanced, MidCentral DHB has achieved its goal of introducing a new layer of protection, control and comfort. "SOPHOS has allowed us to simplify our anti-virus and better control the use of external devices across our number of campuses," says Mr Bradnock. "SEPA keeps us more informed than ever before and more protected than we have been in the past, and that brings inherent peace-of-mind across the DHB," adds Mr Bradnock.

You can read the full Case Study here

Older newsletters

April 2014  |  March 2014  |  Febuary 2014  |  January 2014  |  December 2013  |  November 2013  |  October 2013  |  September 2013  |  August 2013  |  July 2013  |  June 2013  |  May 2013  |  April 2013  |  March 2013  |  February 2013  |  January 2013  |  December 2012  |  November 2012  |  October 2012  |  September 2012  |  August 2012  |  July 2012  |  June 2012

© Scientific Software and Systems Ltd