Recent News & Events

2020.11.09 Cyber Range Training Centre & UDS jointly support RTTP Training Program – Anti-Phishing Workshop



Cyber Range Training Centre and UDS Data Systems Ltd. jointly support RTTP Training Program by launching Security Awareness Training – Anti Phishing Workshop. The objective of the workshop is to help candidates understand how phishing attacks work, the tactics that cyber criminals employ, how to spot and avoid a potential attack and most importantly you’ll be improving yourself and less vulnerable to phishing attacks.

Date: 9th Nov 2020

9:30am – 12:30pm

Workshop of Delivery:
Online Instructor-Led deliver thru Zoom video conferencing platform

Prerequisites:  Prepare your own smartphone/ laptop/ using internet / email service experience

Suggested Course Fee: HK$1200/person (By applied RTTP training grant, HK$400/person ONLY)

Quiz will be provided as a knowledge check that allows re-take if needed. Award of Certificate will be provided as a kind of qualification to enlighten a candidate's career portfolio.

Click here for download workshop detail (pdf/836KB)           

Training grant

Companies interested in applying for a training grant for their employee(s) to attend registered public courses should submit the application via online system at least two weeks before course commencement. A list of registered public courses is available for reference. For tailor-made courses, companies should apply for course approval and training grants in one go.

Click here for FAQ of RTTP(pdf/19KB)
Click here for Training grant detail

2020.09.10   Next-Generation Blue Team Workshop


16 Sep 2020 (Wed)
14 Oct 2020 (Wed)
9:00AM – 6:00PM
ACW Office
Room 2108, Island Place Tower
510 King's Road
North Point
Medium of Instruction:
Cantonese with
English terminology
Eric Moy

Technical Manager of UDS and
Range Instructor of Cyber
Range Training Centre Limited     
Paul Chow
Senior Consultant
UDS Data Systems Ltd
Matthew Wan
Channel Systems Engineer
Palo Alto Networks

Confirmation email with details will be sent after successful registration.

This Next-Generation Blue Team (NGBT) training workshop provides a unique experience for the participants to learn individually and as a team by actually battling an adversary in real time, in a technical terrain emulating a realistic enterprise environment.
Under various attack scenarios, the participants will get hands-on experience working with various tools to analyze and respond to cyberattacks happening in the environment. Our instructors will direct the blue team step by step in uncovering the attacker’s techniques and footprints, and then work to eradicate the adversary from the compromised system. Moreover, participants will have firsthand experience with the latest security operations (SecOps) technologies like SOAR*, which can be utilized to take incident response to the next level.

* Security Orchestration, Automation and Response
Through real-time attack scenarios like “web defacement” and ransomware, we will demonstrate how cyberattack incidents should be handled.
During this workshop, participants will:
    •    Learn the standard incident response (IR) process
    •    Find out how to respond when an incident occurs
    •    Share knowledge and responsibilities within a team
    •    Advance their skills on servers and network forensics
    •    Gain hands-on experience with brute-force, web defacement, ransomware, etc.
    •    Understand how to use tools like Cortex™ XSOAR improve the (IR) process
AM Session:
    •    Introduction by CyberRange
    •    Web defacement & ransomware showcase
    •    Product Introduction of Palo Alto Networks
PM Session:

    •    Hands-on Lab with XSOAR playbook design

 Should you have any questions, please feel free to contact us 28510271, thanks.

2020.07.02   UDS carries xSecuritas Products

About xSecuritas


xSecuritas, Inc. is a company that develops systems related to security. Most security programs are targeted at the enterprise, but xSecuritas wants to distribute the best security programs to its small business or personal as well.

Screen Watermarks
Display a Watermark in your PC DISPLAY and SCREEN. Your confidential documents and internal applications will have the screen watermark. Even when people taking video or photos of the screen, the Watermark is still shown up. You can display the desired watermark on the screen. This screen watermark does not affect operation of other programs.

  •  • Displays watermark on the monitor.
  •  • Dual monitor support
  •  • The watermark displayed on the monitor has no effect on existing programs, ie there is no restriction on operations such as mouse clicks.
  •  • Supports watermark font, size, colour, transparency, location, etc.
  •  • Watermark support
  •      • Up to 4 text watermarks
  •      • Up to 4 image watermarks

Screen Watermarks Enterprise Edition
 • Policy concept add to the Screen function. 
 • The administrator creates screen watermark policies to be distributed to groups or users using Web Console. (You can create multiple watermark policies)
 • The same policy can be applied to all users, or each policy can be applied to each group or user.
 • Even if the agent program is running, the watermark may not be displayed by the policy.
 • The administrator can set the policy applied when logging on to AD, SSO, or agent programs. The administrator can also set the policy applied when logging off.

For more information
You can visit or contact CC Chau ( for further information.

2020.03.23 Certified EC-Council Instructor

Congratulations to Mr. Eric Moy.  He received the Certified EC-Council Instructor (CEI) from EC-Council from Mar 2020. 


The Certified EC-Council Instructor (CEI) program is designed for individuals who want to become certified to deliver EC-Council's suite of professional certification programs. The CEI program provides resources for individuals to become industry-recognized trainers specializing in the field of information security.


The International Council of Electronic Commerce Consultants is a professional organization that certifies individuals in various e-business and information security skills. The EC-Council is headquartered in Albuquerque, New Mexico. In 2003, EC-Council was founded by Haja Mohideen and Jay Bavisi.

The International Council of Electronic Commerce Consultants is a professional organization that certifies individuals in various e-business and information security skills. The EC-Council is headquartered in Albuquerque, New Mexico. In 2003, EC-Council was founded by Haja Mohideen and Jay Bavisi.

Ways to improve your network architecture ROI and network visibility


A compelling ROI analysis is the difference between a successfully funded IT project, and one that gets cancelled. This is especially true for relatively new technologies that are not well understood by IT management.


By reading the e-book, you’ll learn five different ways you can use network packet brokers (NPBs) to improve your network architecture ROI:

1.    Saving total cost of ownership
2.    Expedite troubleshooting
3.    Detect breaches faster
4.    Reduce the processing burden on your existing tools
5.    Extend tool life after a network upgrade
6.    Streamline regulatory compliance

IXIA Network visibility solutions are a powerful way to optimize your network monitoring architecture and strengthen your network security. There are many use cases that can be deployed to solve or enhance issues that IT monitoring and security engineers face. The key point is to implement a visibility architecture that creates the fundamental capture and sharing of the valuable data that is needed.

Use cases based upon a visibility architecture will allow you to do the following:

   *  Access the data you need, when you need it, across the network to properly diagnose problems
   *  Add/remove security, forensic, and monitoring tools at will for inline and out-of-band monitoring architectures
   *  Decrease mean time to repair
   *  Provide a rapid response to crises
   *  Conduct advanced threat analysis
   *  Eliminate most, if not all, Change Board approval processes and crash carts for monitoring effort
   *  Reduce the cost of a breach by connecting tools to the network faster and decreasing the associated MTTR
   *  Reduce your tool (and SPAN) port programming effort and costs
   *  Create an architecture that allows you to deploy new inline and out-of-band monitoring solution

Should you have any questions, please feel free to contact us 28510271 or Bread Wong ( Thanks.

2020.02.10 Illumio, a cybersecurity leader delivering segmentation solutions, prevents the spread of breaches inside data center, container and cloud environments


The Illumio ASP delivers segmentation to prevent the spread of breaches, and to meet regulatory compliance standards such as SWIFT, PCI, and GDPR. Because the perimeter doesn’t stop all bad actors from getting inside data center and cloud environments – or even through to your containers - segmentation from Illumio restricts access to critical systems to only authorized entities. 

Gain visibility and control of containers. Illumio’s ASP delivers a full range of segmentation for containerized hosts:

          ·    Centralize visibility of containers alongside other compute environments – gain a single view across containerized workloads and bare metal, virtual machines, private and public cloud - because you can’t protect what you can’t see.
          ·    Enforce uniform policy across containers – and everything else – segment containers along with the rest of your overall data estate, with unified policy, regardless of the environment.

See how to secure your containerized applications running in OpenShift or Kubernetes using Illumio's Adaptive Security Platform.

Demo video example:
Should you have any questions, Please feel free to contact Bread Wong ( ) for more information.

2019.01.16 Thales Vormetric Transparent Encryption for Splunk Repositories, Databases, Files and Disks

With advanced persistent threats (APTs) now common, hackers are actively seeking to steal credit card data, personally identifiable information (PII), critical intellectual property (IP), and other legally protected information to sell to the highest bidder. Some of the most effective tools for fighting these attacks are the security intelligence and threat detection capabilities of SIEM solutions, such as Splunk.

Here there is a recommended solution for you to consider.

Vormetric Transparent Encryption (VTE) delivers data-at-rest encryption with centralized key management, privileged user access control, and detailed data access audit logging that helps organizations meet compliance and best practice requirements for protecting data, wherever it resides. The FIPS 140-2 level 1 validated VTE agent resides at the operating file-system or device layer on a server that has Splunk software installed, and encryption and decryption is transparent to all applications that run above it. VTE provides rich access controls, which allow organizations to determine who can access data, when they can access it, and what type of access they have.

Vormetric Transparent Encryption agents are distributed and optimized for specific file system and encryption acceleration hardware across servers, resulting in very low latency and overhead. Agents employ logic and fine-grained policies defined by the DSM to evaluate attempts to access protected data, and then grant or deny access; all activities taking place around the protected data are logged. The agents have been deployed in tens of thousands of servers, making them the right solution for Splunk Enterprise Big Data requirements.

For more details, please contact UDS Data Systems Ltd at (852) 2851 0271 or email to

2020.01.07 Switch to Sophos Intercept X Advanced

By combining cutting-edge technologies including deep learning and endpoint detection and response, Intercept X delivers unmatched protection against unknown malware, exploits, and ransomware.          
•    Proven protection: Intercept X consistently receives top marks in third-party endpoint protection tests.     
•    Unmatched defenses: With Sophos, you get features not available with other vendors, including:    
    •    CryptoGuard, which uses behavioral analysis to stop never-before-seen ransomware     
    •    Exploit prevention, blocking more exploit techniques than anyone else    
•    Easier management: You can manage and protect all your devices through a single, cloud-native console.

Offer 2 comes with one year of Network Protection and Enhanced Support.
* Terms and Conditions of Offer 1 and 2:
>    Valid from 16th December 2019 to 29th February 2020.
>    Valid for a three-year subscription of Sophos Intercept X Advanced only.
>    In offer 2, the free XG appliance, Network Protection, and Enhanced Support are part of a one-year license. This license will commence simultaneously with the start of the Intercept X Advanced license.
>    Not applicable for renewals.
>    Valid for Hong Kong and Macau only.
>    ACW Distribution reserves the right to change this offer at any time without notice.
For more details, please contact UDS Data Systems Ltd at (852) 2851 0271 or email to

2019.12.16 Demisto - a comprehensive Security Orchestration, Automation and Response (SOAR) Platform

Demisto, a Palo Alto Networks company, is a comprehensive Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation to serve security teams across the incident lifecycle with a seamless experience. With Demisto, security teams can standardize processes, automate repeatable tasks and manage incidents across their security product stack to improve response time and analyst productivity.
Demisto's orchestration engine automates security product tasks and weaves in human analyst tasks and workflows. Demisto Enterprise, powered by its machine learning technology, acquires knowledge from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations. The platform (and you) get smarter with every analyst action. With Demisto, security teams build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.

1.Consistent, transparent, and documented processes
   •   Playbook-driven response actions and investigation queries.
   •   Auto-documentation of all investigations and historical searches.
   •   Automatic detection of duplicate investigations.
   •   Search across investigations, indicators, and evidence.

2.Quicker resolution times and better SOC efficiency
   •   Customizable playbook portfolio to automate redundant and repeatable steps.
   •   Virtual “War Room” for joint, real-time investigations.
   •   Granular tracking of incident and analyst metrics.

3.Improved analyst productivity and enhanced team learning
   •   Visual maps of related incidents for quick detection of duplicates.
   •   Real-time collaboration and unstructured investigation support.
   •   ML-powered insights for task-analyst matching, ownership, and response actions.
   •   Mobile application for on-the-go case management.

4.Flexible and scalable deployment
   •   Solution available as cloud-hosted or on premise deployment.
   •   Supports full multi-tenancy with data segregation and scalable architecture.
   •   Engine proxy to handle segmented networks.
   •   Multi-tier configurations for improved load management.

For further information about Dimasto, please contact Mr Bread Wong of UDS Data Systems Ltd (, Tel  +852 2851 0271) for details.

2019.12.02 Android 'spoofing' bug helps targets bank accounts


The loophole was found when a security firm probed how bad apps stole cash.

A "major" security weakness in Google's Android software has let cyber-thieves craft apps that can steal banking logins, a security firm has found.

The bug lets attackers create fake login screens that can be inserted into legitimate apps to harvest data.

More than 60 financial institutions have been targeted by the technique, a survey of the Play store indicated.

Google said it had taken action to close the loophole and was keen to find out more about its origins.

"It targeted several banks in several countries and the malware successfully exploited end users to steal money," said Tom Hansen, chief technology officer of Norwegian mobile security firm Promon, which found the bug.

Lurking threat

The problem emerged after Promon analysed malicious apps that had been spotted draining bank accounts.

Called Strandhogg, the vulnerability can be used to trick users into thinking they are using a legitimate app but are actually clicking on an overlay created by the attackers.
"We'd never seen this behaviour before," said Mr Hansen.

"As the operating system gets more complex it's hard to keep track of all its interactions," he said. "This looks like the kind of thing that gets lost in that complexity."

Promon worked with US security firm Lookout to scan apps in Android's Play store to see if any were being abused via the Strandhogg bug.

They found that 60 separate financial institutions were being targeted via apps that sought to exploit the loophole. Lookout said it found criminals used variants of a well-known malicious money-stealing app known as bankbot.

In a statement, Google said: "We appreciate the researchers' work, and have suspended the potentially harmful apps they identified."

It added: "Additionally, we're continuing to investigate in order to improve Google Play Protect's ability to protect users against similar issues."

Promon's chief technology officer welcomed Google's response, as he said many other apps were potentially exploitable via the spoofing bug. But he noted that it still remained possible to create fake overlay screens in Android 10 and earlier versions of the operating system.


2019.08.06 UDS Supporting RTTP Training Program – Anti-Phishing Workshop


UDS support RTTP Training Program by launching Security Awareness Training – Anti Phishing Workshop. The objective of the workshop is to help candidates understand how phishing attacks work, the tactics that cyber criminals employ, how to spot and avoid a potential attack and most importantly you’ll be improve yourself and less vulnerable to phishing attacks.

12th Sep 2019

Time: 2:30pm – 5:30pm

Venue: Theatre 2, 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong

Prerequisites:  Bring your own smartphone/ Using Internet / email service experience

Suggested Course Fee: HK$1200/person(By applied RTTP training grant, HK$400/person ONLY)
Quiz will be provided as knowledge check that allows re-take if needed. Award of Certificate will be provided as kind of qualification to enlighten candidate career portfolio.

Click here for download workshop detail (pdf/216KB)

Training grant
Companies interested in applying for training grant for their employee(s) to attend registered public courses should submit the application via online system at least two weeks before course commencement. A list of registered public courses is available for reference. For tailor-made courses, companies should apply for course approval and training grants in one go.

Click here for FAQ of RTTP (pdf/19KB)

Click here for Training grant detail

2019.08.06 好消息!  (Chinese Only)



中國的註冊信息安全專業人员認證課程 Certified Information Security Professional (CISP)及註冊信息系統審計師課程China Certified Information System Auditor(CISP-A)將會在8月底首次在香港及深圳舉行,透過再工業化 及科技培訓計劃(RTTP),UDS Data Systems Ltd 聯同 Cyber Range Training Centre成功取得上述課程於香港政府RTTP計劃獲資助三分二的學費,原價港 幣24,000(包含考試費用),RTTP計劃資助港幣16,000,個 別課程實際學費為港幣8,000。UDS是這課程的代理。機會難逢,萬勿錯過!

甚麽是RTTP Reindustrialisation and Technology Training Program (RTTP)?

再工業化及科技培訓計劃 (RTTP) 是香港創新及科技基金下的一個資助計劃,以2:1的配對形式資助本地企業人員接受 高端科技與「工業4.0」有關的培訓。每間公司每一個財政年度的資助上限 為港幣五十萬元。Cyber Range Training Centre於2019年的課程中設有兩個課程CISP-A和CISP並獲得 RTTP資助。

甚麽是注册信息安全專業人员 (CISP)及註冊信息系統審計師 (CISP-A)?

注册信息安全專業人员Certified Information Security Professional (CISP)為中國信息安全測評中心(CNTISEC)依據中國編辦批准開展“信 息安全人員培訓認證”之一, 其職能為實施信息安全專業人員的資質認定。CISP是國家對信息安全人員資質最高 認可。而CISP也可以說是國內版的CISSP認證。

註冊信息系統審計師China Certified Information System Auditor (CISP-A)

是由中國信息安全測評中心根據中央編辦授權,於2016年推出的國家註冊信息系統 審計師認證制度。信息系統審計是國家網絡空間安全保障戰略中的重要環節,是第三道 防線。將審計崗位和控制措施崗位獨立分開,是網絡安全策略中“職責分離”的重要要 求。國家註冊信息系統審計師的職責是執行審計以判斷信息系統控制措施的設計有效性 和執行有效性,並提供審計改進意見。持有信息系統審計師證書體現了證書持有者在信 息系統審計,安全與控制等方面的綜合實際能力。而CISP-A也可以說是國內版的 CISA認證。


隨著《中華人民共和國網絡安全法》的頒布實施,要求各相關機構定期對從業人員進行 網絡安全教育、技術培訓和技能考核”的義務。作為信息安全顧問或系統集成商,在國 內必須具備的是CISP和CISP-A。兩個認證都是由中國信息安全測評中心認 證,在國內安全行業與“一帶一路”的建設還是相對有很大優勢,尤其是乙方安 全從業者,項目投標首選證書,有一些中資機構在香港的辦事處或支部也 遵從國家的信息安全的標準,要求其從業員或供應商要具備CISP或CISP-A的 認證方可參與有關的資訊安全的項目。

為了配合各機構進行信息科技風險防範“三道防線”建 設,培養信息系統審計專業技術隊伍,提高信息系統審計人員執業能力,真正建立起 “關鍵信息基礎設施第三道防線”,中國信息安全測評中心自2017年開始,正式推 出“CISP-A註冊信息系統審計師”培訓考試制度,並於同年內推出了“信息系統 審計服務機構”資質認證制度。

中國信息安全測評中心(CNITSEC)是甚麼 機構?

中國信息安全測評中心是中國專門從事信息技術安全測試和風險評估的權威智能機構。 對信息安全專業人員的資質能力進行考核,評估和認定。信息安全人員測評與資質認 定,主要包括註冊信息安全專業人員(CISP), 及註冊信息系統審計師 (CISP-A), 信息安全意識培訓。

認證對象:國家信息安全測評機構、信息安全諮詢服務機構、社會各組 織、團體、企事業單位中從事信息安全服務或高級安全管理工作的人員、企業信息安全 主管、信息安全服務提供商、IT或安全顧問人員、IT審計人員、信息安全類講師或 培訓人員、信息安全事件調查人員、其他從事與信息安全相關工作的人員(如系統管理 員、程序員等)。


CISP:张老师:信息安全領域資深高級講師/諮詢顧 問, 中國信息安全測評中心授權CISI講師. 為山西太原軟件協會、雲浮教育局、廣東藥監局、廣東省財政廳、南沙檢察院、深圳市 政府、深圳市網絡中心、深圳市科委、深圳信息技術學院、深圳農商銀行、東 莞電力、華南師範大學、廣州開放大學、北京師範大學珠海分校、第一創業證券、寶盈 基金、鼎和財保、國投瑞銀等多家企業、學校的信息安全管理理念、信息安全管理體 系、風險管理、信息安全意識宣貫培訓、網絡安全法解讀、業務連續性管理(BCM) 等課程設計、教材編寫和課程主講等工作。

CISP-A:廖老師:信息安全專業人員,副教授,北 京航空航天大學博士,中國信息安全測評中心特約講師,為中國人民銀行、交通部、國 家稅務總局、教育部、中國石化集團公司、國家電網公司、國家機關工委、中軟集團等 國家政府機構、大學國有企業提供各類安全諮詢服務和培訓項目。作為高級信息安全顧 問,主要負責諮詢信息安全類服務項目規劃、審計評估項目組織和執行、登記保護和信 息技術服務體系建設等。




1. 教育與工作經歷:碩士或研究生以上,具有1年工作經歷:或本科畢業,具有2年工作 經歷:或大專畢業,具有4年工作經歷。
2. 專業工作經歷:至少具備1年從事信息安全有關的工作經歷。
3. 培訓資格:在申請註冊前,成功地完成了CNITSEC或其授權培訓機構組織的註冊 信息安全專業人員培訓課程相應資質所需的分類課程,並取得培訓合格證書。

CISP及CISP-A考试题型為單選選擇題共100题,每题1分,得到70分或 以上為通過, 時間為三個小時。



















































信息安全管理基礎與管 理體系








安全漏洞與惡意代碼基 礎

























注册信息安全專業人员Certified Information Security Professional(CISP)

註冊信息系統 審計師China Certified Information System Auditor(CISP-A)

查 詢
請致電 2565-4638 或發電郵到

2019.07.08 Is Your SOC Team Ready for a Cyberattack?

Eventually, your organization will be attacked.

Unfortunately, this will be the first time your SOC team will experience this attack.

Cyberbit Range prepares your security team for the attack, by providing a hyper-realistic, virtual SOC environment, in which they can train in responding to real-world, simulated cyberattacks, and dramatically improve their performance.


Prepare your SOC team and red team with a wide range of simulated training scenarios, from entry level individual training to advanced, multi-stage attacks and team training.

Higher Education

Become the regional cyber hub. Increase student enrollment and retention and prepare your graduates for a career in cybersecurity with hands-on cyber range simulation labs.

Service Providers and MSSPs

Expand and differentiate your portfolio and increase revenues, by setting up a Cyber Security Training and simulation center and offering advanced training services.

Public Sector

Solve the cybersecurity skill gap by accelerating the certification of cybersecurity professionals. Train incident response teams in simulated cyber attacks. Test your IT infrastructure and security measures in a safe and controlled environment.

Call UDS Data Systems Ltd for a Cyber Range Course Test Drive or product demonstration at 2851 0281 or email to

2019.05.30 Secure Code Warrior – taking responsibility at the Source



Secure Code Warrior is a global security company that makes software development better and more secure. As stated at the outset, the time has come to evolve developer software security training and tools, so they become a constant and positive part of their everyday working routine. Writing great software means it must be secure.

Developers need to take more responsibility for security, and a significant opportunity exists for companies to build a strategic business advantage by encouraging this kind of approach. The solution not only involves building skills, but also having the right toolset to help every step of the process, from the first line of code until the last and beyond.

An innovative approach empowered by modern training and tools that we know work in alliance to improve developer security. The powerful combination of Secure Code Warrior’s training platform and the Sensei IDE plugin will assist security and development teams to collaborate constructively in building a positive security.

 2019.05.24 SafeGuard LAN Crypt goes conpal – stay well protected and up-to-date 


Dear LAN Crypt customer,
SafeGuard LAN Crypt is a first-class, high-performance Data Encryption Solution – today and of course in future. Your data deserves seamless protection. That is why we at conpal GmbH are delighted to continue the development of LAN Crypt for you.
We are using our extensive know-how and long term experience in the development of IT security solutions in order to ensure a smooth transition. Following, you will find the most important information with respect to the transfer of LAN Crypt.
What’s the current situation?
In July last year, Sophos has transferred the rights of SafeGuard LAN Crypt to us.You have been informed by Sophos in October 2018. At the beginning of 2019, we have received permission for the transfer from the relevant authorities (in accordance with § 57 of the German Foreign Trades and Payments Regulation). At present, we are preparing the release of the first conpal LAN Crypt Version.
What’s the next step?
We are making our "Upgrade Release" available for all customers with an active support agreement for SafeGuard LAN Crypt. The "Upgrade Release" is the first conpal version of LAN Crypt - and free for all customers with a valid maintenance contract. The "Upgrade Release" serves as the basis for all future LAN Crypt Versions released by conpal and as such builds the foundation for further development and support.
What are the system requirements for the "Upgrade Release"?
The "Upgrade Release" will be released as conpal LAN Crypt 3.97. The Version will provide an upgrade on the last Version of SafeGuard LAN Crypt Client 3.95.3, released by Sophos. In addition, the "Upgrade Release" supports the current Windows 10 Release 1809 and forms the basis for future upgrades, updates and bugfixes.
What changes regarding your administration?
Nothing, as the upgrade is primarily impacting the client. The backend infrastructure can be largely maintained. We will ensure that your existing policy settings will remain unchanged during the transition, as the Upgrade will be compatible with the current SafeGuard LAN Crypt Admin 3.90-Version.
What should you do now?
We are realizing a smooth transition in order to achieve a seamless protection of your data. To get access to the "Upgrade Release", please register at our LAN Crypt Landing Page.
From Device Security, via authentication to encryption: Our broad expertise grants a sustainable protection of our customer’s data. For this reason we will continue to develop LAN Crypt now and in future aligned on your current needs – trust in it.

Do you have questions?
Further information about the "Upgrade Release" can be found on our LAN Crypt Page.
"conpal LAN Crypt encrypts your data in an reliable and trustworthy way. We will continue to develop this powerful IT security solution to make it well prepared for the challenges of the future. With our extensive Know-how and our vast experience, we make sure that you retain complete control of who accesses your sensitive information."
Rolf Wassermann und Ralf Engers, founders and managing directors of conpal
"We are delighted that conpal is ready to release their inaugural version of conpal LAN Crypt that will continue to provide our mutual customers with great protection for their confidential information for a long time to come. As we transition existing Sophos SafeGuard LAN Crypt customers to conpal, it is of the outmost importance to us that we make sure that our customers have a smooth journey to get there and we are convinced that conpal will be a great partner for everybody going forward."
Petter Nordwall, Director of Product Management, Sophos

For the new conpal LAN Crypt price , upgrade maintenance and new deployment information, please contact Mr Bread Wong of UDS Data Systems Ltd (, Tel  +852 2851 0271) for details.

2019.04.09   Cyberbit Range for Computer Science Programs Case Study: Ariel University

The Need for Hands-On Academic Computer Science Programs

STEM education is evolving. With the increased demand for qualified graduates in technology and engineering roles, students expect more from their academic degree programs, while educators are more focused than ever on preparing their STEM students for their careers. This evolution calls for an increasingly hands-on approach in computer science, IT, and engineering programs. Ariel University in Israel is one of the first higher education institutions to integrate hands-on cyber range sessions into their computer science and cybersecurity degree programs, starting with undergraduate courses. This approach significantly impacted the program’s success, quality and appeal. Ariel University chose to use Cyberbit Range to run the programs.

About Cyberbit Range

Cyberbit Range is a simulation platform, originally developed for training blue and red cybersecurity teams in military organizations. Since its launch in 2013 Cyberbit Range has become the world leading simulation platform for hands-on academic degree programs in cybersecurity and computer science. In addition to Ariel University the platform is used by Regent University, Miami Dade College, Metropolitan State University, The University of Maine, and additional education institutions worldwide.

Computer Science and Cybersecurity Curriculum Leveraging Cyberbit Range

• Networking basics
• Databases
• Protocols
• Network security
• Secure coding
• Understanding defender and attacker
• Wireless and cellular
• Big data and machine learning in cybersecurity

2018.09.24 跨行業安全資訊共享平台 Cybersec Infohub啟動,聯合數據系統有限公司 (UDS) 為Cybersec Infohub成員

政府資訊科技總監辦公室(資科辦)正式啟動為期兩年的網 絡安全資訊共享夥伴試驗計劃Cybersec Infohub,並推出全港首 個跨行業的網絡安全資訊共享協作平台, 以促進公私營機構及社區交流網絡安全資訊,提升香港整體應對網絡攻擊的防 衞及復原能力。

政府資訊科技總監林偉喬在啟動儀式 上說:「現時網絡攻擊每分每秒都在發生,網絡威脅花樣繁多。任何企業或機構單憑一 己之力應付千變萬化的網絡威脅,實在非常困難。因此,我們需要建立互信及 緊密的協作關係,共享網絡安全資訊。」 Cybersec Infohub由資 科辦管理,並獲創新及科技局的科技統籌(整體撥款)資助進行。

凡在香港有營業地址、須管理電子通 訊網絡和對網絡安全資訊有運作需要的公司及機構,不論規模大小,均可免費成為Cybersec Infohub的成員。聯合數據系統有限公司 (UDS) 已登記為Cybersec Infohub的成 員。

政府 資訊科技總監林偉喬(手持標誌)與一眾支持機構大合照。

通過Cybersec Infohub設立的協作平台(, 成員可與不同行業的網絡安全專家共享網絡安全資訊、建議及專家見解,例如緩解措施 和良好作業模式等。而公眾也可以瀏覽平台的公眾區域,從而獲取這些專業資 訊,形成一個多向的資訊交流平台。協作平台另一個作用是促進成員之間的協作,成員 通過盡早分享最新的網絡威脅及攻擊情報,除發揮預警作用外,還可藉着互相協作更有 效地防禦網絡攻擊。

在保 安方面,平台除了嚴格遵守政府的保安政策及指引外,也會採用雙重驗證的登入方式, 以及業界在共享網絡安全資訊方面的標準。這些措施為成員提供可信賴的環境,讓他們 在專區內安全地分享資訊及情報、進行討論或與其他專家協作。此外,成員亦可從協作 平台蒐集並導出入侵指標至其營運系統,以便應用或作進一步的安全分析。

林偉 喬表示,世界各地已成立不少共享網絡安全資訊的組織,通過交流情報、知識及經驗, 令成員能在網絡威脅或攻擊初起時及時回應。他期望通過Cybersec Infohub,本港也能建立行業之間的協作文化和更緊密的夥伴關 係,從而更有效和迅速地應對網絡攻擊。



現時,來自81間公司和機構的229名代表已登記為 Cybersec Infohub的成 員 (包括 UDS),當中不少已率先在平台上分享不同類型的資訊,包括最 新的網絡威脅趨勢、勒索軟件的研析報告、漏洞的保安建議等。參與的公司和 機構包括網絡保安公 司、大專院校、關鍵基礎設施營運商、資訊科技業界專業協會、電訊或互聯網服務供應 商、金融及保險業機構,以及本地兩個電腦保安事故協調中心等。

林偉喬說,協作平台於明年上半年會注入人工智能元素, 使用機器學習構建和操作文本分析模型,協助成員就網絡安全資訊進行整合和分析,方 便專家更便捷地取得所需資訊和更及時地向公眾發布。


2018.09.19 Cyberbit Partners with Cyber Range Training Centre (CRTC) to Open First Cybersecurity Simulator in Hong Kong

Cyberbit Range will provide hands-on simulations of real cyberattack scenarios to train professionals and organizations how to defend against them in real time.

Cyberbit Ltd., a world leading provider of cybersecurity simulation and IT/OT detection and response platforms, and Cyber Range Training Centre (CRTC) Ltd., have collaborated to open the first IT security defense training centre equipped with the latest simulation training technology in Hong Kong.


“IT security threats are increasingly becoming a major risk to business and technology alone is not sufficient to protect organizations against these threats,” says Joseph Yang, CEO, CRTC. “Whether security teams are in-house or outsourced to a managed security service provider, it is important to perform joint drills in a realistic setting so that all teams can respond in a coordinated manner when under attack.”


The new CRTC is powered by the Cyberbit Range platform and is being launched in collaboration with the Hong Kong Productivity Council. The Centre will offer hyper-realistic professional training programs instructed by elite cybersecurity experts to enterprises and individuals, and certifications including CISA, CISM, CEH and ISSE.


“CRTC will provide a vital component of strong cybersecurity to the Hong Kong market - well-trained, experienced professionals,” says Adi Dar, CEO, Cyberbit. “Innovative simulation and training is the best way to ensure the highest level of cyber security to businesses.”


opening ceremony


To learn more about Cyberbit’s Cyber Range platform and CRTC in Hong Kong, please email to Bread Wong for more details.



Cyberbit Range is the most widely deployed cybersecurity training and simulation platform for higher education, service providers, governments and enterprises. The platform has already been selected by numerous cyber training facilities in the US, Europe, Asia and Australia, with dozens of classrooms operating around the world and new training centers continuously being launched. In addition to simulating large-scale virtual networks and attacks based on real-world incidents, the platform can also pinpoint system vulnerabilities and help users develop countermeasures and improved protocols for dealing with cyber-attacks on critical network systems. As a result, cybersecurity practitioners benefit from receiving real-time training for threat detection and the response process, enabling them to dramatically improve the performance of all security and SOC teams.


1 UDS carries Kemp Products 


Kemp Technologies, Inc. was founded in 2000 in Bethpage, New York and operates in the application delivery controller industry.[2] The company builds load balancing products which balances user traffic between multiple application servers in a physical, virtual or cloud environment.

Kemp product including the following products
1. Load Balancer - providing High Availability and Geo Load Balancing.  It supports Virtual LoadMaster on Hypervisor such as VMware, Hyper-V, Xen, KVM and Virtual  LoadMaster on cloud such as Microsoft Azure, AWS and VMWare vCloud Air.

2. Security - Web Application Firewall

2018.07.01   Range products Regent University

Cyberbit Ltd., a world-leading provider of cybersecurity simulation and IT/OT detection and response platforms, and Cyber Range Training Centre (CRTC) Ltd., have collaborated to open the first IT security defense training centre equipped with the latest simulation training technology in Hong Kong.

Regent University also conducts Cyberbit Range training to National Security Agency of United States of America (NSA) and U.S. Department of Homeland Security (DHS).

On Tuesday, 2017 October 3, Regent University took a cutting-edge leap into training students to secure those breaches as it launched its Cyber Range training center in partnership with Cyberbit Ltd., the leading provider of cybersecurity products enabling detection, response and training across IT and Operational Technology (OT) systems.

The world-class facility will provide hands-on cybersecurity training and simulation platforms with real-time attack scenarios and security breaches for Regent students seeking to fill the projected 6 million job openings in the cybersecurity field by 2019.

The Cyber Range will also serve as a training center for local businesses, government and military organizations, and features customizable capabilities to meet every industry’s data protection needs.

It’s among the first of its kind to launch in the United States at a private university.

"This facility is going to be available to train military leaders, business leaders and especially the students of Regent University in cutting-edge technology," said Regent Founder, Chancellor and CEO Dr. M.G. "Pat" Robertson to guests attending the Cyber Range’s ribbon-cutting and dedication ceremony. "We want to be leaders, and Regent University has been a leader. And I hope that those of you here in the Virginia Beach community realize how important this Cyber Range is going to be."

Robertson estimated 1 trillion dollars-worth of damage done by cybercriminals hacking into corporations. He explained that the Cyber Range will give real-world experience to executive and students alike on how to handle cyberattacks.

And according to Cyberbit CEO, Adi Dar, the most effective way to master a new skill is through simulation training.

"We are proud to partner with Regent University in their pioneering effort to advance the state of cybersecurity by developing a highly skilled workforce that can detect advanced threats and respond effectively to any kind of cyber incident across IT and OT networks," said Dar. "There is no doubt in my mind that it has tremendous potential. I would like to congratulate the university on this special day and thank Dr. Robertson for the opportunity to be a part of this vision."

Following the ribbon-cutting ceremony, Regent’s Office of Alumni Relations & Special Events hosted a luncheon event. Former United States Attorney General John Ashcroft said he’s honored as he completes his thirteenth year at Regent, sharing the privilege of preparing the next generation of Christian leaders.

"Here, no pursuit of truth – intellectual or spiritual – is off-limits, and the truth, and an understanding of it, is the greatest defense we can have," said Ashcroft. "As a result, both Americans individually and America as a defender of global liberty, are stronger, and I’m grateful to have this opportunity and for your involvement and your support of this project."

Continuing to lead the way in training cybersecurity experts, Regent University will host its inaugural Cyber Summit, featuring reformed hacker and security consultant to Fortune 500 companies and global governments, Kevin Mitnick, in February 2018.

2018.06.28   UDS new win for Drivelock case

Happy to share this nice new win. As always, the business case is very interesting:
Company Name:  China Branch of a famous Germany car manufacturer

Use Case: Device Control

Number of Agents being deployed: Over 7,000

The Challenge/Solution: There were many legacy Windows systems distributed in several production plants.

Note: Drivelock can be tailor-made as a tool to help companies protect from malwares, i.e., ransomwares as well as to fulfill GDPR requirements. Please feel free to contact Bread Wong ( ) for more information.

2018.04.26   UDS carries Next Generation Deep Learning End Point - Deep instinct

About Deep Learning

Deep learning is the most advanced subset of artificial intelligence. Also known as “deep neural networks,” it takes inspiration from how the human brain works.
Namely, the more data that is fed to the machine the better it is at intuitively understanding the meaning of new data – and, therefore, does not require a (human) expert to help it understand the significance of new input.

About Deep Instinct

Deep Instinct is the first company to apply deep learning to cybersecurity. Harnessing the power of deep learning’s predictive capabilities in order to create the ultimate cyber security solution: On- device, proactive solution that protects against zero-day threats and APT attacks with unmatched accuracy.


By using advanced methodologies and deep learning, Deep Instinct protects its customers from executable-less attacks, dual-use and code-injection attack.

Advanced heuristics, which also protect against file-based attacks, quickly prevent code-injection and in-memory attacks. And finally, Deep Instinct’s unique deep learning model protects against dual-use tools utilized in living-off-the-land attacks, and against dropper files used in non-PE attacks, blocking these attacks pre-execution.

Deep Instinct do NOT need

-    Signature
-    Sandboxing for detection
-    Traditional Machine Learning

2018.03.20   CA Veracode is once again recognized as Leader in Application Security by Gartner Magic Quadrant

CA Veracode, Inc., a leader in securing the world’s software, and acquired by CA Technologies (CA), today announced it has been positioned in the Leaders quadrant for the fifth consecutive time of Gartner Inc.’s 2018 “Magic Quadrant for Application Security Testing1.” In our view, CA Technologies (CA Veracode)’s position in the Leaders quadrant is a result of the company’s completeness of vision and ability to execute in the application security testing (AST) market.


With broad language and framework coverage, the CA Veracode Application Security Platform offers a holistic, scalable way to manage security risk across your entire application portfolio. With a wide range of security testing and threat mitigation techniques, as well as support from our security program managers, organizations are given the keys to creating a strategic, repeatable way to tackle application security risk. It features integration into Software Development Life Cycle (SDLC) processes with built-in integrations with multiple IDEs, bug-tracking systems and build servers, as well as APIs for integration, CA Veracode Greenlight and Developer Sandbox.

To learn more about CA Veracode’s Application Security Platform, please visit:

For further information about CA Veracode, please contact Bread Wong.

1 Gartner, Inc. 2018 “Magic Quadrant for Application Security Testing” by Ayal Tirosh, Dionisio Zumerle and Mark Horvath. March 19, 2018

2018.03.15 Cyberbit SOC 3D Automate. Orchestrate. Investigate.
Cyberbit's SOC 3D is a SecOps force multiplier, increasing SOC efficiency and reducing Mean Time To Respond (MTTR) with the first SOAR platform combining security orchestration, automation, and big-data driven investigation, enabling incident responders to manage the entire incident lifecycle within a single screen, from detection to recover.

SOC 3D is the first Security Automation and Orchestration (SOAR) platform combining automation, orchestration, and big-data powered investigation into a single and comprehensive incident response platform that triples SOC efficiency, provides unprecedented visibility and reduces time-to-respond by 90%.

Accelerate Response
Reduce MTTR (Mean Time To Respond) by up to 90%, and free your analysts to recapture high-priority incidents by automating manual tasks like collecting threat intelligence, sending emails, and more.

Reduce Escalations
Empower tier-1 analysts by centralizing IR management, automating manual tasks and simplifying investigations. Reduce escalations by 50% to allow tier-2 and 3 analysts to focus on critical incidents.

Investigate Efficiently
SOC 3D is a big-data platform providing visibility into all raw data, so your analysts can get any question answered, fast, and create any investigation dashboard they need, in real-time.

Focus on What's Important
Focus your incident response team on business-critical alerts with automated prioritization by business impact, ensuring that high-priority threats are managed first - always.

Centralize and Automate Incident Response

"Cyberbit’s SOC 3D does so much more than previous iterations of SOC technologies, and the key difference is the huge time savings. SOC 3D automates and orchestrates incident response playbooks and provides more accurate and actionable high priority alerts in real-time so that staff can act faster."
                                                                                                                                                                                    Toby Musser, CEO, MNS Group (MSSP)

2018.02.15  UDS is promoted Gemalto Platinum Partner and Introducing SafeNet released a Luna HSM 7.1

UDS Data Systems Limited has been accepted into the 2018 Gemalto Cipher Partner Program at the Platinum level effectively on February 1 of 2018. UDS's membership in the Gemalto Cipher Partner Program gives usaccess to exclusive benefits and resources and validates that UDS Data Systems Limited is authorized to re-sell our hardware and software products, including, authentication, encryption, and maintenance.

Introducing SafeNet Luna HSM 7.1

This 7.1 release for SafeNet Luna Network and Luna PCIe HSMs includes:

Flexible partition policies on each partition that match the use case

•    Keys in hardware as a default, providing the strongest key security for critical use cases including PKI, Code Signing, and Blockchain
•    Exporting private keys to be embedded in devices for secure manufacturing, IoT, smart metering, and more
•    HSM and Partition Policy Templates
•    Ability to set consistent policies for HSMs and partitions
•    Support for AIX and Solaris

2018.02.01   The General Data Protection Regulation (GDPR) soon becomes a global privacy law
The new EU General Data Protection Regulation (GDPR) represents the most significant change in global privacy law in 20 years. It introduces new and wide ranging privacy requirements for any organization handling the personal data of individuals living in the EU. The GDPR will broaden and add requirements to its predecessor, the EU Data Protection Directive or DPD, and because it is a regulation, not a directive, it will have binding legal force throughout every member state.

The GDPR was adopted in April 2016 and goes into effect on May 25, 2018. Given the complexity and detailed requirements of the regulation, organizations need to begin now to plan, budget, and implement the process and technology changes needed to meet regulatory guidelines.

What Does the GDPR Mean for Compliance and Security Professionals?

As those who have studied the details of the GDPR know, the regulation is a legal framework that does not specify many technical details as far as how to achieve compliance. However, it does clearly spell out a new set of data protection principles and procedures that must be followed.

In order to get started with GDPR requirements, organizations need to have a clear understanding of how they process, store and secure personal data. Once the organization has catalogued all personal data used for processing, it must ensure that this data is adequately secured. The GDPR mandates that "appropriate technical and organizational measures" be put in place to protect data, and it requires documentation that demonstrates this compliance. Lastly, the GDPR requires organizations to monitor and detect any breaches of personal data that occur and to notify authorities and in some cases data subjects when a breach occurs.

  offers a complimentary brief that lists several GDPR requirements and maps them to specific ways identity governance can help prepare for and meet those requirements. Please contact Mr. Bread Wong ( for the free brief.

Identity management gives you the power to securely and confidently grow your company, enter new geographies, collaborate globally and focus on innovation.

SailPoint gives you the power of identity so you can move your business forward.

Secure the Cloud Enterprise
We are all moving to the cloud, and it changes our security footprint.

Prevent Data Breaches
It's your new reality. Don't let breaches distract you from your business.

Collaborate without Boundaries
Unstructured data is growing exponentially each year. Embrace it, secure it.

Operate Internationally
Global world. Global workforce. Global business. That means global regulations.

Keep Your Competitive Advantage
Balance business enablement and security to confidently focus on your business.

2018.01.09   ObserveIT Closes 2017 with Third Consecutive Record-Breaking Quarter Driven by Customer Demand for Insider Threat Solution

The leading insider threat management solution provider with approximately 1,700 customers around the world, today announced its third consecutive record-breaking quarter, driven by customers' need to decrease risks through advanced insider threat detection and prevention.

ObserveIT regularly releases new product updates to meet evolving customer needs and deliver a cutting-edge solution with best-of-breed capabilities. In Q4, ObserveIT added key new features and enhancements to the platform, including File Activity Monitoring and Enhanced Alert Workflow.

Additional milestones achieved in 2017 include:
•    Achieved more than 60+ percent year-over-year bookings growth.
•    Saw Net Promoter Score increase to the mid-70's, reflecting deep customer loyalty, continued confidence and strong overall support.
•    Grew customer base to approximately 1,700.
•    Secured significant customer wins, with a record-breaking 500 percent increase in the total number of six-figure deals in Q4.
•    Continued employee growth, with a more than 20 percent increase from the end of 2016.

About ObserveIT:

ObserveIT is the leading Insider Threat Management solution with approximately 1,700 customers across 87 countries. ObserveIT is the only solution that empowers security teams to detect insider threats, streamline the investigation process, and prevent data exfiltration. With 230+ out-of-the-box insider threat alerts, rich metadata and outstanding search capability and playback of any policy violation, ObserveIT provides comprehensive visibility into what people - contractors, privileged users and high-risk users - are doing, and reduces investigation time from days to minutes.

For a free demo, please contact Bread Wong at (852) 28510271.

2017.7.19  Bangcle is one of the selected vendors in Gartner 2017 Market Guide for Application Shielding


2017.07.11  ObserveIT's Record-Breaking Business Success in the Insider Threat Industry Continues in Q2 2017

ObserveIT sees 100% percent year-over-year growth fuelled by record bookings in Q2, Net Promoter Score surges past 70, wins "Best Place to Work" award, and has fastest adoption in history for newest version of product to help companies eliminate Insider Threats.

Milestones achieved in Q2 2017 by ObserveIT include:

•    100 percent year-over-year growth in bookings (Q2 2017 v Q2 2016)
•    Record bookings in Q2 2107, fuelled by a $1.4 million deal with one of the largest asset management firms in the world and the highest number of $100K-plus deals in a single quarter in company history
•    Net Promoter Score increased to greater than 70, reflecting deep customer loyalty and satisfaction
•    Signed more than 50 new customers in Q2 2017, increasing its customer base to 1,557 organizations worldwide. ObserveIT now has 5 of the top 10 financial services companies, 3 of the top 5 banking institutions, and 2 of the top 5 asset management firms as customers.
•    Fastest adoption of a new product version (ObserveIT 7.0 released in April) in company history

Other achievements in Q2 2017 include:

•    •    In June, the Boston Business Journal (BBJ) named ObserveIT to its exclusive 2017 list of Best Places to Work.
In April, the company released ObserveIT 7.0 to accelerate insider threat detection and prevention with new actionable analytics and user activity profiling to thwart threats from within.

ObserveIT product highlights:

Interesting? Please contact Bread Wong at (852) 28510271 for more information.

2017.5.24  Splunk - Weapon of a Security Warrior

Are you well prepared for fighting against the next Ransomware attack?

No matter you are being impacted by WannaCry or not, we all know that hacker will not stop because ransomware give them real business, and there may be even more attacks in the future. Splunk has been a thought leader in providing solutions for detection and prevention of ransomware-type malware for a couple of years. In response to this recent attack, we would like to invite you to join our webinar, which will cover:

• Splunk’s finding on WannaCry and how to use Splunk to detect WannaCry.
• How to protect yourself from the next ransomware attack.

2017.5.15  WannaCryptor Ransomware ­ 3 Actions You Should Take Immediately

WannaCryptor Ransomware hit over 40 UK hospitals, as well as over 75,000 additional workstations in 99 countries as of today, in what is turning to be the most massive ransomware campaign to date.

The ransomware, also referred to as WannaCry and Wana Decrypt0r, is delivered as a Trojan, which is downloaded when the user mistakenly clicks on a hyperlink delivered in a phishing email, Dropbox link or banner. Once the ransomware payload is executed, it encrypts files on the user’s hard drive, deletes the originals and displays the following message, requesting the user to pay a ransom in order to decrypt and recover the files.

Why is WannaCryptor ransomware spreading so quickly?

As initially reported by the Spanish CERT, and confirmed by Cyberbit researchers, the attack utilizes a Windows XP vulnerability: EternalBlue/MS17-010/SMB to spread laterally. This means that after attacking one computer in the organization, the ransomware can spread independently within the network and attack additional workstations. An interesting fact is that this exploit was developed by the NSA and leaked by Shadow Brokers hacker group. Although these vulnerabilities were patched by Microsoft in March, large corporates, particularly hospitals, often lag behind in patching and therefore many of the workstations were left vulnerable, allowing the attack to spread.

What should your organization do now?

1. Patch Windows XP machines immediately – while this will not prevent the initial infection it will prevent the ransomware from spreading laterally and substantially slow it down

2. Re-enforce security awareness best practices – East Kent Hospitals Tweeted all staff and warned them from opening the phishing email labeled ‘Clinical results’. Update your employees on best practices and warn them about the risk of opening unexpected emails from untrusted or sources
Wannacryptor Ransomware

3. Deploy an Endpoint Detection and Response Product with anti-ransomware – only 30% of antivirus software can identify and block WannaCryptor ransomware, as reported by the Mirror. It is essential to complement antivirus with an endpoint detection and response product that protects against advanced malware that bypasses traditional AV. This solution should include inherent anti-ransomware capabilities to block.

Cyberbit EDR anti-ransomware

Cyberbit’s Endpoint Detection and Response (EDR) provides ransomware detection and prevention that helps organizations detect and block ransomware attacks like WannaCryptor in real-time before critical files were encrypted. Cyberbit EDR identifies behavioral characteristics that indicate an attack, and as a result it detects threats that often bypass antivirus solutions.

Cyberbit EDR graph view – identifying ransomware infection

Cyberbit EDR  – Identifying ransomware encryption behavior

Read the Cyberbit blog for recent ransomware detection success story in a large enterprise and visit the Cyberbit website for more info and a demo

Tal Morgenstern is Head of R&D, Endpoint Detection and Response Team at Cyberbit.

Please feel free to contact us for more information.

2017.5.15  Defend against WannaCry/Wcry Ransomware

Due to the WannaCry/WCRY Ransomware attack around 150 counties, we need to notify how our security product to against this attack.  The following is the information for protect your origination.

For the Forigatet product:
Update the IPS signature and anti-virus signature


For TippingPoint product:

Login to the TMC account and download the Ransom_WCRY_i.csw DV toolkit and import to the IPS
 The filters in the CSW are designed to detect the propagation of the malware known as WannaCry/WCRY by looking for the malware binary download.

For Sophos UTM:
Active the Advanced Threat Protection in the firewall

For Sophos Intercept X:

For Lumension:
Apply the latest Windows Patch MS17-010 for all Windows computers by Lumension

For Splunk:
Steering Clear of the "WannaCry" or "Wanna Decryptor" Ransomware Attack

On the 2nd Phase of the Infection Chain, the mssecscr.exe will call back to C&C for the key and OpenDNS will terminate the connection between victim the C&C.  This will prevent the exploit of the Wannacry

For questions or technical assistance, please contact Bread Wong or (852) 28510271 (Office).

2017.4.26   Cyberbit EDR Adv Cybersecurity with Adaptive, Automated Capabilities

Cyberattacks continue to shift tactics, with hackers launching fileless malware that is undetectable by ransomware safeguards, antivirus and other traditional endpoint protection platforms.

Cyberbit’s  adaptive Endpoint Detection and Response (EDR) platform, now provides advanced and semi-automated threat hunting, centralized response capabilities, and an improved SDK for detection customization.

Originally developed to meet requirements of high-risk organizations, Cyberbit’s new EDR enhancements help customers decrease threat detection and response times while minimizing false positives, drastically improving cyberattack countermeasures and cutting distractions for security teams.

Cyberbit EDR’s approach detects a broad range of attacks without relying on indicators of compromise (IOCs), including signature-less, fileless and targeted attacks as well as ransomware.

The adaptive approach automatically tailors a behavioral detection policy to the customer’s organization, which ensures the highest levels of accuracy based on each environment.

Danielle VanZandt, research analyst at Frost & Sullivan
"Cyberbit provides one of the most effective solutions for detecting unknown, signature-less and targeted threats, including fileless attacks and ransomware, by using machine learning and behavioral analytics, enabling quick identification of root cause and response," said Danielle VanZandt, research analyst at Frost & Sullivan.

"Cyberbit’s approach proved to provide its customers with substantially higher detection and response capabilities, while keeping low false positive ratios."

"As a result, security teams can focus on high priority alerts and are not distracted and overloaded with false alarms."


The new release includes the following key features:

Analyst in a Box

Analysts often work with fragments of the attack story; using their knowledge and experience, they seek traces of attacks buried in data.

Cyberbit's EDR platform assists analysts by automating much of the hunting process, leveraging behavioral analytics and machine learning, which serves as an "analyst in a box," speeding up threat identification and often saving weeks of investigative effort.

SDK and customization

Advanced customers can add proprietary detection algorithms to address their unique security requirements. They can also access the EDR's big-data repository using APIs, and use their own functions and tools to proactively investigate and hunt threats.

Centralized response capabilities

Ideal for large, dispersed organizations, security managers can access any endpoint in the organization from a central location and rapidly investigate and respond to an incident, which eliminates the need to be physically present at the compromised endpoint.

"It takes only one fileless or signature-less attack to bring down an organization; however, these attacks are invisible to endpoint security systems."

"Customers now understand that this is where they need to focus," said Adi Dar, CEO of Cyberbit.

"Our EDR is gaining traction as one of the most reliable means to protect against advanced attacks, and this new release helps customers stay ahead of new threats and save time with next-generation SOC technology."

Cyberbit was recently named by CRN magazine one of 20 coolest endpoint security vendors for 2017.

Cyberbit EDR is also the winner of the Frost and Sullivan Technology Leadership Award for Cybersecurity Detection and Response, and the winner of the Network World Asia Reader’s Choice Rising Star award for endpoint security.

2017.3.31   Implementing Strong Authentication for Office 365 with Gemalto SafeNet Authentication Service

With Microsoft Office 365, organizations can move their familiar Office environments to the cloud. But unlike traditional enterprise productivity suites, Office 365 creates a new reality in which employees, whether in the office, at home, or on the road, are in effect accessing enterprise systems remotely. Without traditional access controls implemented via the enterprise network, the only protection afforded these online services are inherently weak, static passwords.

By implementing strong authentication for Office 365 with SafeNet Authentication Service by Gemalto, organizations can significantly mitigate the risk of unauthorized access and data breaches.

Watch video to learn how to use SafeNet MobilePASS+ to secure access to Office 365!

Using SafeNet Authentication Service with Office 365

SafeNet Authentication Service by Gemalto can be used as the trusted identity provider, extending Active Directory identities, and adding strong authentication to Office 365. Providing a wide range of authentication methods, including out-of-band (OOB), personal identification pattern, and both hardware and software-based one-time password (OTP) form factors, SafeNet Authentication Service provides a sound balance between cost, convenience, and security. Two implementation options are available:

I.    Strong authentication using the Gemalto AD FS Agent

Organizations want to implement unified strong authentication policies for client and web-based applications can use Microsoft’s AD FS (Active Directory Federation Services) with the Gemalto AD FS Agent. The Gemalto AD FS Agent enables the implementation of strong authentication policies for cloud-based services such as Office 365 and other client and web-based applications. The Gemalto AD FS Agent is available for AD FS 3.0, which was released with Windows Server 2012 R2.

II.    Strong Authentication Using AD FS and SafeNet Authentication Service as a SAML Identity Provider
Organizations that want to extend strong authentication to Office 365 and other browser-based applications have the option of using AD FS with SAML (Security Assertion Markup Language). With this option, Gemalto SafeNet Authentication Service is configured as a SAML 2.0 Identity Provider for AD FS when users log in to Office 365.

About SafeNet Authentication Service
SafeNet Authentication Service by Gemalto delivers fully automated, highly secure authentication-as-a-service, with flexible token options tailored to the unique needs of your organization—substantially reducing the total cost of operation. With no infrastructure required, SafeNet Authentication Service enables a quick migration to a multitier and multi-tenant cloud environment, offering:

  °  Automated workflows and token management
  °  Fully customizable interface
  °  Extensive self-service portals
  °  Embedded identity federation for securing access to SaaS and web-based applications
  °  Protection of all resources, including networks, VPNs, SaaS applications
  °  Numerous token options
  °  No infrastructure investments
  °  Quick deployment and setup


For further information about SafeNet Authentication Service, please contact Bread Wong or (852) 28510271 (Office).

IT Technologies & Solutions for Hotel Industry

On 16-March-2017, our Business Development and Sales Manager, Norman Chan was being invited to speak in a Seminar on “Latest IT Technologies & Solutions for Hotel Industry”. The Seminar was organized by Hutchison Telephone Macau & Macau Productivity and Technology Transfer Center and Supported by to major Macau Hotel Associations: The Macau Hotel Association & Macao Hoteliers & Innkeepers Association. Mr. Chan Topic was “Using SOTI MobiControl Enterprise Mobility Management (EMM) Solution to Manage the Mobile Device of the Hotel” with a Peninsula Hotel case study.

2016.12.21    ObserveIT Insider Threat Video Best Practice featuring Gartner   

With data breaches and data theft occurring more quickly and with more sophistication than ever before, protecting your organization against cyber security threats has likely proven increasingly difficult.

Companies have commonly focused a majority of resources on protecting against malicious outsiders. And, while hacking and phishing are still a major cause for concern, it’s insiders—trusted employees, contractors and vendors—that have become the most cited culprits of cybercrime. There are myriad reasons for this, including infrequent security policy training, lack of employee ability to provide feedback to security teams, and, of course, purposeful insider attacks. For this reason, CISOs are increasingly looking for tools to identify and eliminate accidental and malicious insider activity.

As organizations evaluate user activity monitoring as a part of their plan to thwart insider threats, there are many questions that arise, including:

•    Who are the insiders that put organizations at risk… and what are their motives?
•    What types of organizations and data are most targeted?
•    What can organizations do to mitigate the risk of insider threats?

Gartner Vice President, Anton Chuvakin, and ObserveIT’s Gaby Friedlander address these questions and discuss best practices for Insider Threat programs in the Garnter Research Video preview below.

Learn more about keeping your data safe from insider threats, please contact or watch the full video that provides insights on specific actions you can take to help protect your organization.

2016.10.20   UDS carries HID Lumidigm V-Series V302 Fingerprint Sensors to support Hong Kong Next generation Smart ID Card Project

   • The industry’s best fingerprint images
• The industry’s best biometric matching performance for any person in any environment
• Premium liveness detection to insure only genuine fingers can be matched
• Increased throughput and user convenience: single-placement failure to enroll (FTE) and failure to acquire (FTA) errors are eliminated
• Multiple integration options to enable rapid integration in a wide variety of applications

Product Features
• Images surface and subsurface fingerprint features using Lumidigm’s patented multispectral imaging technology
• High-contrast 500 dpi images
• Multiple communication interfaces supported: USB 2.0, RS-232
• ANSI 378 / MINEX-certified biometric templates
• Local verification (1:1) functions with template storage up to 1,000 users
• Identification (1:N) capacity up to groups of 10,000 fingers
• Small, ready-to-integrate form factor for easy mechanical integration
• Operates across wide ranges of temperature, relative humidity, and ambient light
• High durability glass platen with no coatings that wear out.

If you are interested in HID Lumidigm V-Series Fingerprint Sensors, please call us at 2851 0271 or email to <> for more detail.

2016.9.15   Sophos Launches Next Generation of Anti-Exploit and Anti-Ransomware Technology

On September 15, 2016 Sophos announced Sophos Intercept X, a next-generation endpoint security product that stops zero-day malware, unknown exploit variants and stealth attacks, and includes an advanced anti-ransomware feature that can detect previously unknown ransomware within seconds. Sophos Intercept X installs alongside existing endpoint security software from any vendor, immediately boosting endpoint protection by stopping malicious code before it executes.

Click and watch this short video to see it in action.


Sophos Intercept X combines four critical security components that IT administrators should expect from next-generation endpoint protection.

  • - Signatureless Threat and Exploit Detection: Anti-malware and anti-hacker defense that blocks zero-day, unknown and memory resident attacks and threat variants without the need for file scanning

- CryptoGuard: Anti-ransomware innovation that identifies and intercepts malicious encryption activity, blocks ransomware before it can lock and cripple systems and can roll back maliciously encrypted files to their pre-attack state

- Root Cause Analytics: A 360 degree visual analysis of attack events that shows where the attack came in, what it affected, where it may have stopped and recommended actions to prevent a similar attack in the future

- Sophos Clean: Powerful utility that hunts for and removes any trace of spyware and deeply embedded, lingering malware

Click for Video
Short Video: Sophos Intercept X - Root-Cause Analysis (RCA) in Two Minutes

 If you are interested in next-generation endpoint protection, please call us at 2851 0271 or email to <> for more detail.

2016.7.10   SOTI MobiControl named 2016 "Editors' Choice" in PC Magazine MDM product Review

Recently, PC Magazine awarded SOTI MobiControl the prestigious distinction of “Editors’ Choice” as part of their mobility management roundup for 2016.
SOTI brings support for all major mobile platforms, including Android, iOS, Windows, with deep remote control capabilities.
Read why SOTI MobiControl was named “Editors Choice” by PC Magazine in their review of top MDM solutions for 2016.
This article & review provides your customers with a great third-party analysis of the benefits of SOTI MobiControl, including:
“SOTI MobiControl matches up with all of the products in this roundup quite well, and stands out from the rest with the remote control feature.”
“A staging capability for corporately owned devices makes it easy to fully configure the SOTI agent before issuing it to an employee.”
SOTI brings support for all major mobile platforms, including Android, iOS, Windows, with deep remote control capabilities.
Read why SOTI MobiControl was named “Editors Choice” by PC Magazine in their review of top MDM solutions for 2016.

    The Best Mobile Device Management (MDM) Solutions of 2016:
    PC Magazine Editors' Choice 2016:

About SOTI Inc.

SOTI is the world's most trusted provider of Enterprise Mobility Management (EMM) solutions, with over 15,000 enterprise customers and millions of devices managed worldwide. SOTI's innovative portfolio of solutions and services provide the tools organizations need to truly mobilize their operations and optimize their mobility investments. SOTI's flagship product, MobiControl, allows enterprises to enable, optimize and secure their mobile workforce across all platforms to support corporate-liable and Bring Your Own Device (BYOD) policies. SOTI extends secure mobility management beyond basic MDM to provide a total, flexible solution for comprehensive management and security of all mobile devices deployed in an organization.

2016.06.24    Cisco OpenDNS - Multi-layer Defence against Ransomwares 

On 24 Jun 2016, Cisco, Ingram Micro and UDS co-organised an Encryption Ransomware seminar. In the seminar, security experts from the market shared weapon, strategies to handle security incidents, such as malwares and ransomwares, and ways to perform cyber threats investigation in different companies.

Why OpenDNS?

Cisco OpenDNS has the largest DNS service built for security. Its global network processes 80+ billion Internet requests daily from 65 million users with 100% uptime. Statistical models are applied to this data to accurately identify, predict and prevent known and emergent threats. Every day OpenDNS blocks 80+ million malicious requests and gains predictive intelligence on 17+ million new domain names. Best of all: there is no hardware to install or software to maintain!


If you are interested in Cisco OpenDNS, please feel free to contact Mr Eric Moy for more details.

2016.06.17    Splunk, ObserveIT and OpenDNS in the AWS Summit HK 2016   

UDS Data Systems Ltd is the Consulting Partner of Amazon Web Services (AWS) which provides trusted, cloud-based solutions to help you meet your business needs. Running your solutions in the AWS Cloud can help you get your applications up and running faster while providing the same level of security. AWS Enterprise Summit has been established to deliver an industry platform focused on driving business innovation, agility and transformation through the application of Cloud Computing technology. UDS booth was over-crowded indeed because …

In addition to AWS, UDS carries three cool outstanding products: Splunk, ObserveIT and OpenDNS. You just can’t miss out any one of them.

Splunk is a big data monitoring and BI tool for all machine data. It offers the leading platform for Operational Intelligence. Insights from using Splunk help make your company more productive, profitable, secure and competitive. UDS is the distributor of Splunk.

ObserveIT detects insider threats and stops data loss. It provides Employee Monitoring, Behavioural Analytics, Policy Enforcement and Forensic Recording. UDS is the distributor of ObserveIT.

OpenDNS provides cloud-delivered network security and threat intelligence, which safeguards you from Ransomwares and various DNS attacks everywhere. UDS is the first Partner of Cisco OpenDNS in Hong Kong.

UDS Team: Mr. Frankie Leung, Mr. Bread Wong, Mr. Paul Chow, Mr. Johnny Lam, Mr. Eric Moy and Mr. KL To (from left to right).

If you are interested in any of the above-mentioned products, please feel free to contact us at (AWS and OpenDNS) and (Splunk and ObserveIT).

2016.05.21    Splunk Hands-on workshop in PISA Jam event

On 21 May 2016, UDS organised a hands-on workshop, Detects Advanced Attack as the Blue Team, in the 15th Anniversary of PISA (專業資訊保安協會) event on the theme of security of everything, big data, forensic, honeynet and mobile.

Mr. Charles Mok (left photo above), Legislative Councilor (Information Technology), delivered a speech.

Mr. Paul Pang (right photo above), the Chief Security Strategist of Splunk, delivered a hands-on workshop on making use of Splunk to detect advanced attacks. He aroused all attendees’ interests in Splunk and won a burst of applause.

Last but not least, in addition to UDS tailor-made souvenirs, thank you for Splunk sponsoring the giveaways.

Crypto Ransomwares Attack are wild. Use Amazon Web Services to Backup Company Data & Files   

Crypto Ransomware attacks are getting wild in Hong Kong. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council alerted the public to be vigilant to the ransomware attacks that hold data hostage and demand ransom from the victim.
Hackers have launched the attacks through globalized massive spam campaigns and compromised many websites to host the malicious code. Victimized computers are infected by opening email attachments or clicking the hyperlinks of websites with malicious code. On the other hand, a website injected with the malicious code will redirect visitors to an exploit website which hosts the attack code. The latter will further attack the security vulnerabilities of the users’ computer system and applications and install the Crypto Ransomware. The malicious code usually targets Web Browsers users.

To protect data from Crypto Ransomware attack, HKCERT advises the macro feature of Microsoft office should be turned off, and only re-enabled temporarily when necessary and under secure condition. In addition, users are advised to delete any suspicious emails received. The Internet users should regularly backup data and keep an offline copy of the backup, and keep security software updated, patch system and other software.

For backing up company valuable data, UDS advises companies that you use Amazon Web Services (AWS). AWS offsite backup solution is high security, high performance & can setup fast. Companies can use a mixture of AWS Storage-Gateway, S3 & Glacier Services for backup data and schedule to do the backup automatically. The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. Usually AWS S3 is for Mid-Term Data Storage up to 6 months & AWS Glacier is for Long-Term Data Storage beyond 6 months.

Interest to Securely Backing up your Company Data & Files to Amazon Web Services to protect against Crypto Ransomware Attack, please call 2851 0271 for  Eric Moy <> or Norman Chan <> for more detail.

2016.3.12    Splunk won two SC Magazine 2016 U.S. Awards, leading in Gartner reports and IT Central Station ranking

Splunk, provider of the leading software platform for real-time Operational Intelligence, announced Splunk Enterprise Security (ES) won the Excellence Award for the Best SIEM Solution at the 2016 SC Magazine Awards. Splunk Enterprise also won the Trust Award for the Best Fraud Prevention Solution. This is the fifth consecutive year Splunk solutions have been honoured by the U.S. SC Magazine Awards.
In latest two Gartner reports, Splunk was named a leader for the third straight year as depicted in the 2015 Magic Quadrant and the 2015 Critical Capabilities for SIEM.

Splunk ranks No.1 among top SIEM vendors shown at IT Central Station website. IT Central Station helps tech professionals by providing a comprehensive list of enterprise level Security Information and Event Management (SIEM) vendors.  IT Central Station also compiles reports based on product reviews, ratings, and comparisons from over 128,467 professionals having using IT Central Station research on enterprise tech. All reviews and ratings are from real users, validated by our triple authentication process.

From now on until 24 March 2016, you are invited to nominate leading technology products for the Computerworld Hong Kong Awards 2016. If you have similar views on SIEM category as the IT Central Station review does, please nominate Splunk online or download the nomination form here.

2016.3.10 We are proud to be listed as standard partner of Amazon Web Services (AWS)

Why AWS Service
The AWS Cloud provides a broad set of infrastructure services, such as computing power, storage options, networking and databases, delivered as a utility: on-demand, available in seconds, with pay-as-you-go pricing.
Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. Explore how millions of customers are currently leveraging AWS cloud products and solutions to build sophisticated applications with increased flexibility, scalability and reliability.
UDS have five AWS Certified Solutions Architect and will be have totally 6 soon. 

2016.3.9 Splunk and UDS co-joined the itSMF Annual Conference 2016 at Cordis Hotel

With the emergence of cloud computing and Software-as-a-Service (SaaS), businesses need to accelerate the design and implementation of ITSM processes and capabilities to manage their cloud infrastructure, maintain efficient services delivery, and align both development and operations. As a cloud continues to grow, the complexity and costs of data migration and cloud integration often outweigh the benefits. Through successful cloud IT Service Management, IT professionals can ensure their cloud services - whether they are private, public or hybrid - operate with well-defined processes, best-practice management and guaranteed SLAs. This not only protects the performance, efficiency and reliability of cloud-based services, but also helps to lower the associated security risks and TCO. The annual itSMF conference fosters IT leaders and ITIL practitioners to exchange ideas, skills and experiences on how to advance clouds with the latest ITSM strategy, technology and solutions.

Mr Kelvin Yeung, Senior Big Data Architect of Splunk, was one the speaker who delivered a topic called “Next-generation Data-driven Monitoring and Analytics Platform with Splunk IT Service Intelligence”. UDS Splunk Architects and Sales & Marketing Team worked together with Splunk Sales Team in the conference. During the conference, they shared Splunk business, technical experience, use cases and demo with guests and partners.

2016.2.29 Centrify leads Identity-as-a-Service Market in delivering derived Credential Authentication support for mobile devices

  extends her mobile solution capabilities to enable secure single sign-on with CAC/PIV derived credentials in highly regulated environments.
Smartcards contain cryptographic credentials that allow users to authenticate without usernames and passwords. However, the physical cards — Typically Personal Identity Verification (PIV) or Common Access Cards (CAC) — require a dedicated reader. Many laptops include this reader as part of their hardware, and those that don’t can make use of a USB-based reader.

However, attempting to use PIV or CAC cards with mobile devices has, until recently, been a real challenge. The small form factor of today’s smart devices just isn’t compatible with a smartcard reader, and external readers (often called “sleds”) are costly, only work with certain devices, and generally don’t fit today’s employee needs.

Derived credentials can solve these issues. With derived credentials, the cryptographic credential is stored securely on mobile devices, in compliance with today’s smartcard regulations. This means no need for a dedicated reader and much more flexibility for users.

At a glance, Centrify’s derived credentials offer the following benefits:

•    Secure CAC/PIV based SSO to cloud and on-premises apps
•    Integrated device management to manage and lock down devices
•    The ability to enroll devices and provision derived credentials to them
•    Derived credential issuance from popular certificate authorities
•    Compliance with FIPS 201-2 and NIST SP 800-157 to satisfy HSPD-12 and OMB-11-11, allowing mobile access to apps, websites, and services that require smart            cards authentication
•    App provisioning to set up user accounts within target applications
•    Workflow to ensure only the right users get access
•    Easy deployment into existing enrollment and issuance portals

For enterprises that need stronger authentication that eliminates passwords — or Federal agencies and other organizations who must meet Homeland Security Presidential Directive 12 (HSPD-12), NIST guidance and other security mandates for smart card authentication — Centrify’s derived credential solution provides a seamless way to provide mobile access without compromising security.

For more information, please visit or send us an email to

2016.2.23 Splunk IT Service Intelligence - The next-generation monitoring and analytics solution

UDS, Splunk’s authorised distributor and co-provider for professional services in Hong Kong and Macau, has been realizing tremendous value across multiple industries and use cases for customers. From blue-chips to small companies, retail shops, financial enterprises, logistic service providers, telecommunications, entertainments, NPOs and government agencies are improving service levels, reducing IT operations costs, mitigating security risks and driving new levels of operational visibility.

Splunk IT Service Intelligence (ITSI) is a next-generation monitoring and analytics solution that provides new levels of visibility into the health and key performance indicators of IT services.

Splunk IT Service Intelligence

•    Data-driven service monitoring and analytics

•    Delivers a central, unified view of critical IT services for powerful, data-driven monitoring
•    Maps critical services with KPIs to easily pinpoint what matters most
•    Utilizes advanced analytics powered by machine learning to highlight anomalies, detect root cause and pinpoint areas of impact
•    Supports drill down deep into the data for rapid issue investigation and resolution

Why Splunk IT Service Intelligence?

      Puts Everything in a Business Context
Monitor business and service activity using metrics and indicators that are aligned with strategic goals and objectives

      Transforms Monitoring with Data-Driven Analytics
Eliminate costly false alerts, understand trends and anomalies and employ machine learning to baseline normal operations.

      Finds Problems Faster
Simplify and speed up troubleshooting by collecting and correlating metrics and events across the service stack.

      Brings all IT Data Together
Easily consolidate data across diverse technologies and point tools for multi-dimensional analysis and simplified workflows.

      Offers Flexible Deployment Options
Support data collection and deployment for on-premises, cloud and hybrid environments.

     Deploys Within Days, Not Months
Install quickly, connect to any data source effortlessly and begin interacting with the data immediately.

Watch Video for more information: Data-Driven Service Intelligence

Learn more about Splunk ITSI: Watch Splunk ITSI product tour or browser Splunk ITSI page.

If you are interested in Splunk ITSI, please send a request to for a product demo.

What’s new about Splunk ITSI event? Splunk will join the itSMF Annual Conference. If you feel interested, please contact us.

Date: 9 March, 2016 (Wednesday)
Time: 9:00 – 17:00
Venue: Level 7, Cordis Hong Kong (Langham Place), Mongkok

2016.1.16 Mr. Frankie Leung acts as President of International Information Systems Security Certification Consortium (Hong Kong Chapter)

2016.1.16 Mr. Frankie Leung (Director of UDS Data Systems Ltd) acts as President of International Information Systems Security Certification Consortium (Hong Kong Chapter)

Mr. Franke Leung (CISSP, CISA, CISM, CRISC) was elected to be the President of (ISC)2 Hong Kong Chapter in the 2016 Annual General Meeting. He will work closely with PISA (Professional Information Security Association) to promote the Information Security and (ISC)2 Credential certification program in Hong Kong.

(ISC)2 Hong Kong Chapter was set up in 2012. It aims to provide members and other security professionals with the opportunity to share knowledge, grow professionally, raise security awareness and advance information security in Hong Kong.

(ISC)2 Hong Kong Chapter operates as a special interest group (SIG) of the Professional Information Security Association (PISA). PISA ( is a Hong Kong based not-for-profit Information Security organization. Eight officers are elected in the (ISC)2 Hong Kong Annual General Meeting.

2016 (ISC)2 HK Chapter Committee Member

Frankie Leung (President)
Frank Chow  (Secretary)
Frankie Wong (Treasurer)
Joyce Fan  (Membership Chair)
Mike Low (Program Director)
Jim Shek (Program Director)
Vincent Ip (Professional Development)
Martin Ho (Liaison)

For more information of (ISC)2 HK Chapter and PISA, please visit

2016.1.13  Centrify delivers industry’s first Federated Privileged Access Service to protect enterprises with outsourced IT

  the leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises, is the first vendor in the industry to support federated privileged access across an organization’s entire security eco-system, including secure outsourcing of IT and application development. The solution is designed for an enterprise’s hybrid IT environment of cloud, mobile and on-premises and leverages the Centrify Identity Platform. Coupled with other major new features such as application-to-application password management (AAPM) and multi-factor authentication (MFA) for servers, Centrify’s Privileged Identity Management solution reduces an enterprise’s attack surface and enables continuous compliance.

The outsourcing service retains management of their employee identities, and the customer organization uses Centrify to grant web-based access and privilege for systems and applications. Privileged access is governed through request and approval workflows, monitoring with optional termination of privileged sessions and reconciliation of approved access versus actual access to critical infrastructure. The solution supports businesses outsourcing to more than one service organization while ensuring identity lifecycle management for outsourced IT administrators and developers remains with their employer, including the disabling of their enterprise identity upon employment termination.

In addition to federated privileged access, Centrify’s products work in tandem to offer a comprehensive, integrated security solution built for the modern enterprise. New capabilities for Centrify’s identity management for privileged user solution include the following:

(a)    Minimize attack surface

•    Local account provisioning — Centrally manage the lifecycle for application and service accounts on UNIX and Linux systems, and automatically secure and manage       credentials and access.
•    Application-to-application password management ― Eliminate hard-coded, plain text account passwords from scripts and applications. Applications and
      scripts authenticate and retrieve passwords securely without human intervention, enabling organizations to meet compliance and security policies.
•    Privileged access request ― Grant temporary, time-bound privileged access to on-premises and cloud-based infrastructure to minimize attack surface and reduce risk.
•    Secure password storage ― In addition to using the secure data store of the Centrify Identity Platform to store all user, resource, account, and password information,       Privilege Service now supports SafeNet KeySecure key management appliances from Gemalto for encrypted storage of account passwords on-premises.

(b)    Thwart in-progress attacks

•    Multifactor authentication for servers ― Protect against hackers using stolen passwords and credentials by configuring multi-factor authentication (MFA) for
      IT administrators who access Linux systems and require elevated privileges.

(c)    Govern access and prove compliance

•    Reconcile approved and actual access ― Easily prove access controls are working as designed by reconciling approved access with actual access.
•    Reporting services ― Report on who did what, where and when, who has access to what and how they can use that access to meet complex
      regulatory requirements. Select or schedule packaged attestation reports or create your own.

Get Users to Log in as Themselves, while Maximizing Control over Privileged Accounts

For more information, please visit or send us an email to

2015.9.30 Splunk Workshop: Strengthening Cybersecurity to Improve APT Defense in the Financial Sector

Financial institutions face a challenging environment in which cyber threats are growing in severity and sophistication. Splunk has been working with many large finance institutions as the core SOC platform to address the APT defense requirement.

The reference architecture, in which Splunk serves as the Operational Intelligence platform, can help financial institutions reduce their risk by enhancing the visibility of assets, identifying vulnerable assets and enabling faster response to security threats.

                      Splunk Enterprise                     Splunk User Behavior Analytics               Splunk Enterprise Security

Splunk User Behavior Analytics (Splunk UBA) is an out-of-the-box solution that helps organizations to find known, unknown, and hidden threats using data science, machine learning, behavior baseline, peer group analytics and advanced correlation. It presents results with risk ratings and supporting evidence so that an analyst and a hunter can quickly respond and take actions.

•    Detects APTs, malware infections, and insider threats without writing signatures, rules, policies, or human analysis
•    Improves threat detection and targeted response using a variety of threat indicators and supporting evidence within context of the kill chain to enable targeted
•    Dramatically increases SOC efficiency with rank ordered lists showing events in the kill chain linked from summary to supporting information over time
•    Seamlessly integrates threat information with Splunk Enterprise and Splunk App for Enterprise Security, to further scope, disrupt, contain and recover from the attack

Splunk Enterprise Security (ES) is a premium security solution that provides insight into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information. It enables security teams to quickly detect and respond to internal and external attacks to simplify threat management while minimizing risk and safeguarding your business. Splunk Enterprise Security streamlines all aspects of security operations and is suitable for organizations of all sizes and expertise. Whether