SSS are specialist IT Security Developers and Resellers with over 25 years experience.

Meeting the IT security needs of our customers, and providing overall customer satisfaction is the foundation of SSS's business. Our team work hard to ensure that we properly understand your needs, and that the products and services we sell are a good fit for you. We thrive on solving your IT security problems.

Our Mission:     To provide enterprises with cutting edge and best fit security products, support and consulting services which combine our intellectual property, expert problem solvers and understanding of the customer's business to create peace of mind.


August 2014

Time based web content policy controls can be useful - but beware the limitations

Problem 1: Some of your users are wasting too much time on sites such as Facebook; but you don't want to block access to all users all the time.

Problem 2: You have blocked all access to sites such as Facebook, TradeMe & Stuff, but would like to enable some form of "Reasonable Use" policy

Solution: Enable time based controls or usage reports on your Web Proxy Server - but be aware of the limitations of time-quota based policies and reporting.

Click here to see more information on the benefits of time based policies and also the major shortfall.

Massive savings available with Entrust: Save up to 77% on Multifactor Authentication!

Recently, a large customer of ours worked out that they could cut their cost of Multi-Factor Authentication by 77% - simply by moving off RSA on to Entrust Identity Guard. In addition, moving to Entrust increased the number of authentication options available to them.

  • Much lower cost: Typically Entrust is 25% of the cost of the server and user CALs of products like RSA. Entrust Mobile Soft Tokens (One Time Password – OTP) and/or physical tokens, are only $20 each at the lowest volume, whereas other vendor's tokens are typically around $150 each.
  • Much more functionality: Entrust offers the widest range of authenticators on the market via a single platform including SMS, Tokens, Digital Certificates, Passwords, IP Geolocation, Mobile Device Certificates, Smartcards and USB, Biometrics, Grid cards and knowledge based authentication.
  • Much more flexibility: Entrust enables multiple identities to be used on a single mobile device, PIV (Personal Identity Verification) standards credentials remove the need for a 'client' to be installed on external users' machine for smartcard/smartUSB management. PIV is natively supported on Windows 7
  • Much better manageability: Entrust also has great tools to make the overall management of the environment easier - such as a self-service portal, and a second factor authenticator to reset AD credentials

If you already have RSA deployed for Multi-Factor Authentication, the sensible time to move to Entrust is when you need more / different tokens, or when your annual maintenance is due. With Entrust, you can use Entrust IdentityGuard as the front end to an existing RSA infrastructure so that you can continue to use existing RSA tokens alongside new Entrust tokens. Thus extracting the value from the old asset at the same time as enabling the cost savings and increased functionality and security options of the new Entrust solutions.

Contact us to learn more about deploying Entrust IdentityGuard for Multi-Factor Authentication.

Identity Management – the heart of a modern security policy

We can help you with all aspects of your organisation's Identity Management. Our services can enable you to reduce your user management overheads, and improve your organisation's security, governance and compliance. Our engagements typically help in areas that range from automation of user provisioning; empowering users to manage their own password resets; PKI; role-based access solutions; right through to the deployment of advanced authentication platforms.

Click here to see more detail on our Identity Management Services.

We love talking with customers…

…so please do drop by our stand and say "hello" if you are attending any of these conferences that we will be at in the next few months:

Customer Focus: Baycorp

"Our engagement with SSS started a couple of years ago, to provide us with Sophos antivirus and management tools. SSS has always been available to provide us with excellent technical advice, and we've appreciated the high level of customer service we get from them."

Ray Al Jawad - IT Operations Manager at Baycorp Australia & New Zealand

July 2014

Self-service password reset portals can save you time and money

It’s probably the simplest and most common task in IT, and yet it typically adds the heaviest burden on helpdesks.

Figures on the “Net”, show that anywhere between 20% - 50% of Service Desk calls, are related to password resets alone. Going with those figures, in a team of 4 Service Desk staff, 1-2 people would be exclusively resetting passwords. Not a very inspiring role. It seems fairly obvious that these resets have a high cost to the business, both in terms of over-consumption of service desk resources, and in reduction of general staff productivity.

There is however a better way of managing password resets – that is cost effective for most organisations – and that is to deploy a self-service password reset portal.

Most of the self-service solutions out there are based on Active Directory (AD) password resetting so, if you are a fairly homogenous Microsoft shop, you are likely to be able to find a very cost effective solution. If your environment is more complex i.e. it also includes a mix of UNIX, database passwords, and/or web based resources with their own authentication process, then an appropriate solution can be proportionally more complex, but often still cost effective.

There is no shortage of products out there, ranging from open source products like pwm, through to commercial offerings from the likes of Entrust and Oracle.

In assessing your options, you need to be cognisant of the security implications, and select one, and deploy it in such a way, that it meets your organisation’s security/risk-management requirements.

How do they work?

Self-service portals use a variety of mechanisms depending on the solution, but probably the simplest form would be a series of “things that you know” type questions i.e. what is your favourite Ice Cream? Who is your role model? Moving up the ladder of sophistication, e-mails and SMS can be used to send one-time passwords. Sophistication more often than not brings about a little more expense and complexity, but usually improves the overall security as well. Below is a list of some of the reset mechanisms available:

  • SMS one-time password (things you have)
  • Email one-time password (things you have)
  • Biometrics (things you are)
  • Challenge Questions (things you know)
  • Phone one-time password (things you have)

The Enterprise

Moving up the scale, mid to large organisations may want to consider introducing an authentication platform. The benefits here are the multitude of authentication systems and types they can manage ranging from passwords through to certificate based smart credentials to tokens and biometrics. Products such as Entrust IdentityGuard spring to mind when considering feature rich solutions. Now-a-days, being able to manage smart credentials on a mobile device is often equally as important as being able to reset a Windows password. A good authentication platform should provide a rich variety of self-service options for all your authentication types, and be able to work across multiple Authentication systems, and finally be secure.

Contact us if you’d like assistance in selecting and deploying a best-fit self-service password reset portal for your organisation.

Secure Email: we think S/MIME is the best secure email standard for most business and government situations

SSS has more than a decade of experience in helping organisations deploy and manage secure email solutions. Specifically, our SecureIT S/MIME gateway solution is at the heart of that, and is used by government agencies and businesses here in New Zealand, and around the world. SecureIT is also fully SEEMail V3 certified by the NZ Government.

The key security features of S/MIME based email are digital signing and encryption. These two features are used to impart the following important security characteristics:

  • Authenticity – you can be sure of the identity of the sender; and
  • Non-repudiation – the sender can’t deny they sent it; and
  • Confidentiality – you can be sure no-one else has been able to read the contents of the email; and
  • Integrity – you can be sure the message hasn’t been changed or tampered with in transit.

There are other approaches used for securing email, and one of the more commonly used ones is TLS. Here is a very brief list of the key reasons why S/MIME is more secure than TLS:

  • Authenticity. TLS can be used with mutual authentication, but this does not provide authenticity of an e-mail message. E-mail messages can easily be spoofed. S/MIME, because it provides a digital signature, will always assure authenticity.
  • Non-repudiation. TLS will never meet this as there is no lasting signature to prove the originator.
  • Confidentiality. TLS meets this characteristic only during the session, whereas S/MIME meets this characteristic always.
  • Integrity. Assuming the chosen TLS security includes a digest; TLS will meet this characteristic, but only over the TLS session. S/MIME will meet this characteristic at all times.

Contact us if you’d like to discuss how best to enable secure email for your organisation.

Sophos Tolly report for virtualisation scanning:

Many of the organisations we have been talking with have expressed interest in finding out more about endpoint protection in virtualized environments.

Sophos have a solution in this area – Sophos Antivirus for vShield - and this has been assessed by the Tolly Group alongside some competitive offerings. The Sophos solution demonstrated consistently better performance and by inference, lower system resource demands than McAfee MOVE Agentless 3.0 and Trend Micro Deep Security 9. The Sophos solution also allowed for more simultaneous VMs than the other solutions tested.

The report includes blow by blow performance numbers that show that the Sophos vShield scanning solution is considerably faster and better performing than the alternatives. You can see the full Tolly report here.

Customer Focus: MidCentral DHB deploys RecallIT to help ensure the protection of private data.

With approximately 2,500 users across its network of campuses, MidCentral DHB processes almost 2,000 emails per day on average. With such a high volume of email activity, it is inevitable that occasional mistakes occur, so MidCentral DHB needed to find a solution to help it better manage the accurate sending of all outbound email.

"We handle a huge amount of data via email each day, and the need for all outbound emails to be accurate, and securely managed, is paramount to the organisation," says Robert Bradnock, Team Leader – Infrastructure at MidCentral DHB. "

As a government department we have been watching recent public sector privacy issues very closely and proactively identifying ways in which we can ensure we don’t suffer the same embarrassing situation," he adds. "We started looking at a lot of different solutions and while most had some good features, very few offered everything we needed," says Mr Bradnock. "It was only when we saw RecallIT that we felt we had a solution that ticked all the boxes," he adds.

RecallIT® is an email delay gateway that enables users to recall ‘faulty’ emails sent to external recipients. It holds outbound emails for a specified period prior to them actually leaving the organisation. Users are then able to ‘recall’ any of those emails.

MidCentral DHB is pleased with the value that RecallIT® has already delivered to its organisation. "RecallIT is a bit of a hidden gem really, a quiet achiever, that sits there doing exactly what we need it to do every day," says Mr Bradnock. "We’re only human and not robots and that means mistakes will happen, but with RecallIT we instantly have a layer of protection we didn’t have before," says Mr Bradnock.

"It’s a bit like an insurance policy that will help ensure we don’t find ourselves in an embarrassing situation," he explains. "RecallIT has satisfied all of our requirements, at a very reasonable cost of ownership, and continues to help us protect both our email and the reputation of MidCentral DHB," he concludes.

You can read the full Case Study here.

June 2014

SSS wins Sophos Australia-New Zealand Partner of the Year Award:

SSS has been helping you - our customers - protect your IT systems with Sophos solutions for more than a decade now, and for the past 6 years SSS has won Sophos' New Zealand Partner of the Year award. This year we had Andrew Thompson-Davies and Sebastian Kramer representing us at the Sophos partner conference in Hanoi, Vietnam, and we were delighted to be awarded the new combined Australia – New Zealand Partner of the Year award. For us - a New Zealand based company - to win best partner across all of Australia & New Zealand is obviously much more significant than the local New Zealand award that we had been winning previously. We are proud of our long and successful association with Sophos, especially since we see that this strong relationship directly enables us to provide better solutions and protection for our customers.

You can read the press release here:

Certificate Discovery as a service

Do you know where all of your certificates are, what they are used for and who the key contact is? Many of our customers struggle to keep track of and manage their digital certificates and some have had serious business issues with certificates going unnoticed and expiring.

SSS can offer you a one off Certificate Discovery service (Using Entrust Discovery) which will provide you with a report of all of your certificates and their expiry dates regardless of where the certificate came from. SSS will, either remotely or onsite, install our temporary Discovery tool, which will trawl your environment and use its multi-faceted collection methods to produce a report containing all of your certificate information.

The cost for this service ranges between $1,500 and $5,000 depending on the size/complexity of your environment. If you are interested in receiving a quote please contact us.

If you would prefer to have a system to manage your certificates on an ongoing basis, this one-off Certificate Discovery service would be a useful proof of concept of the Entrust Discovery product for your organisation.

Entrust Introductory offers:

We have been able to secure from Entrust special introductory discounted product prices – which are available for orders received before the end of July 2014. They are:-

  • 20% off all Entrust SSL Certificates; and
  • the following significantly reduced prices for IdentityGuard Multi-Factor authentication product bundles

Entrust's flagship authentication solution, Entrust IdentityGuard leads the industry as one of the most robust authentication and identity-assurance platforms. It delivers an unmatched breadth of capabilities and flexibility to meet the most demanding security environments.

By leveraging a cost-effective platform to authenticate and manage digital identities, businesses can broaden their security deployment, provide flexibility for employees and partners, while achieving operating efficiencies and maximizing their return on investment.

Entrust IdentityGuard is a strong Authentication & Identity management platform, working across users, machines and mobile devices. It enables a variety of authentication features including multifactor authentication. You can see more about the product here.

Contact us if you'd like to get a quote.

Free TransVault Insight PST content management and migration tool.

TransVault has announced a free, time-limited license of its TransVault Insight PST content management and migration tool. The software will enable enterprises to get unrivalled visibility of the actual contents of their PST files, including:

  • the age-profile of the emails stored in PSTs,
  • the types of email attachments stored,
  • the location of emails relevant to an eDiscovery exercise,
  • and much, much more.

Using this information organisations can then take highly targeted action to migrate, copy, or even delete-in-place individuals emails (i.e. not the entire PST file), with many benefits, including:

  • less data pulled across the network (i.e. don’t move the rubbish!)
  • less time and effort involved in achieving PST management goals
  • less data to transfer or process in the target system (e.g. Office 365 or an eDiscovery system)

TransVault Insight is the only solution able to give organizations granular control over the individual emails held in PSTs. It's also designed to offer massive scalability and de-duplicate content on the fly.

Read the full press release

Customer Focus: NZCER chooses Sophos Enduser Web Suite

Established in 1934, the New Zealand Council for Educational Research (NZCER) is the country's only national, independent educational research organisation. The Wellington based team of more than 60 permanent and casual staff produce research-based solutions that assist and inform the work of teachers and learners across the public and private sector. As an organisation that relies heavily on using technology, and in particular the Internet for research, NZCER needed an endpoint security solution that would block threats, not productivity.

One of the key shortcomings of its existing AV solution was an inability to effectively monitor web traffic and browsing behaviour, and this was a key catalyst for making NZCER start looking at what other security solutions were available.

In choosing Sophos Enduser Web Suite, NZCER was able to not only meet all of its immediate selection criteria, but also future-proof the security needs of the organisation.

"There were a number of things we were especially looking for in a new solution and Sophos Enduser Web Suite ticked all the boxes and more," says Mr Intemann, IT Systems Specialist at NZCER. "The things we were most impressed with were how neatly the Sophos solution integrated into the active directory, its automated deployment, and the accuracy of its reporting functionality," he adds.

NZCER is pleased with the value it has already realised from its investment in Sophos Enduser Web Suite.

"As far as web appliances go, with Sophos we were able to immediately see positive trends in our web traffic, and to that end it proved its worth straight-away," says Mr Intemann. "Working with SSS has also been great. They’re a great team with a really broad knowledge of security solutions, and they’re really easy to deal with," he adds. "We haven't really needed to contact SSS a great deal to be honest as the product is doing exactly what it is meant to do, and upgrades are automatic," he explains. "When we have needed their help, their support has been excellent and that has meant for a very smooth experience overall," he concludes.

You can read the full Case Study here.

Older newsletters

May 2014  |  April 2014  |  March 2014  |  February 2014  |  January 2014  |  December 2013  |  November 2013  |  October 2013  |  September 2013  |  August 2013  |  July 2013  |  June 2013  |  May 2013  |  April 2013  |  March 2013  |  February 2013  |  January 2013  |  December 2012  |  November 2012  |  October 2012  |  September 2012  |  August 2012  |  July 2012  |  June 2012

© Scientific Software and Systems Ltd