Spring 2009

First, we are delighted to launch our new web-site at www.nexor.com. The new content and image reflect the business transformation that we have successfully realised in recent years. Please browse the site to learn more.

Interoperability News

Nexor Launches Sentinel 2...

Nexor Sentinel 2.0, the latest version of Nexor’s high assurance guard, is now fully available. Operating on the latest EAL5 STOP 6.4 platform, Sentinel 2.0 includes new functionality such as native SMTP support. As part of our supply agreement with the NATO Maintenance and Supply Agency (NAMSA), Sentinel 2.0 will be shipped with immediate effect for all new installations. NATO’s security agency (SECAN) is currently finalising its accreditation of Sentinel 2.0. For further details, follow the link here.

...and Announces Nexor Sentinel 3

Nexor Sentinel 3.0 will also be available this month. The latest in Nexor’s guard family, Sentinel 3.0 runs on SELinux (EAL4) on an HP Proliant Server and mirrors the functionality of Sentinel 2.0. Three customers will be taking delivery of Sentinel 3.0 as soon as it is released. For further details, follow the link here.

The Role of Security Labelling in Data Loss Prevention

Working with a number of leading authorities in UK MoD, UKGovernment and NATO, we are playing a major role in the development of a standard for the positioning and formatting of security labels for data and documents. The growing requirement for interoperability between government departments and non-government organisations increases the need for the interchange of sensitive information. The standardisation of labelling will contribute greatly to secure handling. Further information can be found in the White Paper, The Role of Security Labelling in Data Loss Prevention. This theme will be developed over the coming months.

Innovative Approach to Remote Service Provisioning

We have designed an approach to secure provisioning for remote users by passing Secure Provisioning Mark-up Language (SPML) instructions through a combination of Nexor Sentinel, a high assurance guard, and Nexor Vanguard, a low-bandwith gateway. One sample implementation of this, in an Oracle Identity and Access Management scenario, is further described in the Solution Paper, Secure Provisioning between Fixed and Deployed Security Domains.

An Exploration of NETCONF

In the search for a secure, centralised, reliable and scalable approach to configuration management, we have researched whether the new internet standard, NETCONF, now represents an option for addressing the limitations of current approaches. Using the example of a high assurance guard, this concept is described further in the Solution Paper, NETCONF Configuration Management in High Assurance Environments.

Secure Messaging News

Complete Messaging Portfolio Updated to Latest Microsoft Platforms

We have completed a full upgrade of our messaging products to Microsoft Windows 2008, Exchange 2007 and Outlook 2007. The following products are now available on Windows 2008:

• Nexor Mailer and Messagestore
• Nexor Border Gateway:
  • Nexor Centurion (secure messaging gateway)
  • Nexor Watchman (content verification and release control)
  • Nexor Vanguard (low bandwidth, high latency gateway)
  • Nexor MIXER (X.400 to SMTP switching)
  • Nexor Anti-Virus Interface (for use with Sophos)
• Nexor Overseer (alerting and redirecting messages)

Nexor Defender for Outlook (military forms) and Nexor Enforcer for Outlook (S/MIME, labelling, access control and roles-based messaging) have been upgraded to run on Outlook 2007. Nexor Overseer (alert and forward) has been upgraded to run on Exchange 2007.

Two major customers have already taken delivery of the new software.

For further details, please see the Product Datasheets on our web-site.

PhD Sponsorship Brings Exclusive Preview of New Thesis on Secure Role Based Messaging

We continue to play an active part in the academic community and have sponsored Gansen Zhao during his PhD in Computer Science at the University of Kent. Gansen’s thesis explores the policy based messaging model required to provide message protection across domains, the trust infrastructure required to support policy based messaging and a range of algorithms. The research determines how these components can be effectively applied to enable the implementation of unified military and commercial secure messaging systems. Gansen’s full thesis is available exclusively on the Nexor web-site until the middle of 2009. Follow this link for further details.

Services News

Secure Development Capability

For customers who have a new secure software requirement but no in-house capability or limited resources, we are now offering the services of our highly experienced software engineering department to undertake new development projects, ports and enhancements on SELinux, Trusted Solaris, STOP and Microsoft Windows. The department is run by Andrew Kays, a Certified Software Systems Lifecycle Professional (CSSLP), who has overseen some significant changes including:

• The implementation of our CMMi (Capability Maturity Model integration) compliant methods
• The introduction of Agile development
• The adoption of SELinux, an activity supported by the skills of Tresys, the leading US-based SELinux authority.

For further details see the downloads in the Secure Development section of the web site.

Corporate News

Nexor CEO Receives Intellect Award for Service to Security and Resilience

Nexor’s CEO, Steve Kingan, received an outstanding achievement award from Intellect (the UK trade association for the IT, telecoms and electronics industries) for his work as Chair of the Security and Resilience Group. Steve was commended for his leadership and commitment, which has led to the group being a highly respected force within the industry.

Nexor Joins the Security Innovation & Technology Consortium

Nexor will be represented at the Security Innovation & Technology Consortium (SITC) by Chief Technology Officer, Colin Robbins, from where he will be a key player in representing the UK SME community’s interests in security research and innovation. Colin has already taken an active role on the Governance, Risk and Compliance Board, looking at common standards to facilitate the sharing of security data.