News & Events

Aura Information Security is a Preferred Supplier on the DIA's Web Professional Services Panel

12 September 2012

Aura Information Security is very pleased to announce that it is now a member of the government’s Web Professional Services panel, led by the Department of Internal Affairs (DIA). The syndicated procurement panel is intended to give DIA and eligible agencies across all of NZ government a mechanism to quickly identify and engage with preferred suppliers of web professional services where there is a need for expertise that is not available in-house. 

Aura will be offering its penetration testing services to participating agencies and this includes website security testing, mobile application security testing, and infrastructure security testing (i.e. the environment in which the application is hosted). Aura is also offering agencies its security consultancy services, which include security design reviews and threat modeling workshops, code reviews and secure web-development training.

Although Aura has many customers across the New Zealand government sector already, being on the Web Professional Services panel gives Aura the opportunity to provide its services to new agencies. It is also expected to greatly assist in reducing the time and cost associated with each agency’s procurement process.

Managing Director Andy Prow also hopes that the panel itself will encourage participating agencies to not only plan for independent penetration testing at the end of a project, but also plan for more pro-active services such a security reviews and training at the front-end as well. Such early reviews ensure that high-level security design flaws are avoided early on, which reduces the need for costly and time-consuming software and infrastructure fixes at a later stage.

For more information about the Web Professional Services Panel please visit www.ict.govt.nz.
For more information on Aura’s services, please contact sales@aurainfosec.com.

---

Aura a finalist in the 2012 Electra Business Awards

16 August 2012

Aura is pleased to announced that it has been named as a finalist in the 2012 Electra Kapiti Horowhenua Business Awards. This is the second year that Aura has been in the finals, having won the Business of the Year in 2010. The winner will be announced at an awards dinner on Friday 12 October.

---

Aura a finalist in the 2012 ANZIA Awards

14 August 2012

Aura is pleased to announced that it has been named as a finalist in the 2012 Australia and New Zealand Internet Awards (ANZIA) for its RedEye Vulnerability Scanner. This marks the second year that Aura has made the finals; in 2011 it won runner-up in the Security & Privacy category. The 2012 winners will be announced at a gala dinner in Canberra on 10th October, 2012.

---

 

Aura receives more funding from MBIE to take RedEye to the next level

30 July 2012

Aura RedEye Security Limited is very pleased to announce that the Ministry of Business, Innovation and Employment (MBIE) has granted Aura extra funding of $270,000 for the development of Aura's RedEye Vulnerability Scanner. The new funding will assist in the development of a new and enhanced online client portal as well as integration with F5 appliances for Aura's RedShield managed service. RedShield combines RedEye vulnerability scans with F5's Web Application Firewall (WAF) to provide near real-time protection against website vulnerabilities. With investment from both MBIE and Aura, the new development will take RedEye to a new level of functionality and innovation. It will also allow Aura to target the world's extremely large and growing market for easier and more effective continuous security through fast vulnerability identification and remediation.

---

RedEye developer Scott Fletcher nominated for ITEX Developer of the Year

30 July 2012

Scott Fletcher, Aura's Development Manager, has been nominated for Software Developer of the Year at the ITEX Computerworld Awards, which will be held in Auckland on 8 November 2012. Aura Managing Director Andy Prow says that Scott has been working hard developing the web interface and API for Aura RedEye and has delivered an impressive quality of work in a very short space of time. Says Prow, "we're all very proud of the achievements that Scott has made with RedEye and wish him all the best at ITEX".

---

 

Aura Managing Director now a certified Gateway reviewer

16 July 2012

Aura's Managing Director Andy Prow is now a certified Gateway reviewer. The Gateway is an assurance methodology for major New Zealand government investments and is a review process that examines programmes and projects at key decision points in their lifecycle to provide assurance that they can progress successfully to the next stage. See more information about the Gateway here.

---

Cyber specialist 'teaches good guys bad tricks'

6 July 2012

Chief executives are increasingly interested in training up for the fight against cyber criminals, hackers and disgruntled IT workers, Aura's Managing Director says. See the article on Stuff.co.nz.

---

Bosses put company data at risk

6 July 2012

Bosses bringing their iPads or new smart phones into work can be putting their own companies in danger of costly cyber attacks, says Aura Information Security's Managing Director Andy Prow. See the article on nzherald.co.nz.

---

Aura Information Security is now part of the NZITF

25 June 2012

In association with Equinox IT, Aura is pleased to be offering our "Teaching the Good Guys Bad Tricks" secure developer training course in Wellington as an open course on 1 and 2 August. Please contact us for more information and to book.

---

Aura Information Security is now part of the NZITF

14 June 2012

Aura Information Security is now a proud corporate member of the New Zealand Internet Task Force. The NZITF is a community of security professionals focusing on improving the operational robustness, integrity, and security of the Internet in New Zealand.

---

Aura RedEye a finalist in the AUT Business Awards

13 June 2012

Aura Information Security is pleased to announce that Aura RedEye has been selected as a finalist in the 2012 AUT Excellence in Business Support Awardsin the Business under $5m turnover – Technology category. We will be attending the awards dinner on 25 October at AUT Business School.

---

Aura a finalist in the Wellington Gold Awards

17 April 2012

Aura has been selected as a finalist in the Wellington Gold Awards in the 'Discovering Gold' category (recent research & development projects). Managing Director Andy Prow said he was delighted to have been nominated and in the company of other high calibre Wellington businesses. The 2012 Gold Awards will be held on Thursday May 31st at the TSB Bank Arena.

---

Aura a top five finalist in the GO UK Awards

28 March 2012

Aura Information Security has been selected as one of the top five finalists in the GO UK Awards. The GO UK competition invited New Zealand companies to submit business plans for a chance to win a $30,000 prize package including airfares and professional services to establish themselves in the United Kingdom. Managing Director Andy Prow says that it was an honour to be nominated amongst other high calibre New Zealand businesses.

---

"Discourse on Implications for Security and Cryptography from Quantum Oddness"

19 March 2012

Aura's Graeme Neilson is NOT a quantum physicist or any other kind of physicist … not in this universe anyway. Still, he does think he can help illuminate the subject of quantum computing for other non-physicists in IT and he is attempting to do so at the Troopers12 Conference in Heidelberg, Germany this week where he is a regular speaker.

---

A happy and secure 2012 to all from Aura

16 January 2012

Happy New 2012 from Aura Information Security! At Aura we're really excited about the year ahead - we are beginning some new nationwide and global cyber security initiatives that aim to make New Zealand (and overseas) organisations much more secure online. So watch this space for new and exciting developments!

---

Some Safe and Sound Advice from Aura Information Security this Christmas

20 December 2011

Aura Information Security would like to wish everyone a safe and information secure Christmas and New Year holiday this year, and offers this fun yet important message for everyone to consider:

---

Simple Cyber Security should be Child's Play says Aura

14 December 2011

Aura Information Security has released a series of videos to illustrate that basic cyber security can be so simple that even kids can "get it". Aura worked with Room 7 of Te Horo school to produce the videos which was not only a lot of fun for the children, but an important learning experience as well. Although the videos are aimed at adults and organisations, Aura's Managing Director Andy Prow has also been travelling to select schools to talk about the importance of basic personal online security in an engaging and fun way, yet with an underlying serious message. "Many kids are simply too trusting when it comes to the Internet. The irony is that they are often more knowledgable about computer systems and new online trends than their parents. We teach them to be a little more weary of what and who is online and not to accept everything at face value. And as it happens, the exact same message also holds true for adults and companies". You can watch the first video in the series, Kids on Social Networking, below.

---

Aura climbs up the Deloitte Asia Pacific Fast 500 and is acknowledged again at the Electra Business Awards

2 December 2012

On top of Aura's recent success in the 2011 Deloitte New Zealand Fast 50, where it was awarded the fastest growing technology company in Wellington and the lower north island, Aura was also placed as 269th at the 2011 Deloitte Asia Pacific Fast 500 Business Awards. This represents continued positive growth from last year's position of 284th fastest growing company in the entire Asia Pacific Region. Aura was also presented with a Past Masters Award at the 2011 Electra Business Awards in November this year, in recognition of Aura's previous title of Business of the Year award and its continued and sustained growth.

---

Aura's Incidence Response Service allows for compromised organisations in New Zealand to receive top priority

28 November 2011

After a number of recent high profile cyber attacks in New Zealand, Aura would like to remind New Zealand organisations about its Incidence Response Service, which provides immediate and priortised support and consulting to organisations affected by a serious cyber attack. This service includes assessment of the exploit, priority vulnerability remediation, and advisement on both media response and evidence preservation for later forensic analysis. Aura has a wealth of experience working with companies who have had core systems compromised and Managing Director Andy Prow says that Aura's Incident Response Service allows these companies to have fast resolution which can reduce downtime, contain the damage and minimise any further risk to the customer. Also, for organisations that haven't been compromised, Aura offers incident response plan development as a pre-emptive strategy to ensure that - should the worst happen - customers have contingency measures in place to mitigate damage. If your company has had a serious cyber attack, phone Aura as soon as possible on 04 894 3755.

---

Are kiwis too trusting?

25 November 2011

Aura's Managing Director Andy Prow postulates that New Zealanders' trusting nature could have serious implications for the organisations that they work for in this week's New Zealand Computer Society newsletter.

---

Aura wins at the Deloitte Fast 50

9 November 2011

Aura Information Security is extremely proud to announce that it has won a Deloitte Fast 50 award for the fastest growing technology business in Wellington and the Lower North Island. Overall this places Aura as the 37th fastest growing company in New Zealand. Managing Director Andy Prow says he is "very proud of this accomplishment and it reflects Aura's committment to protecting its customers as well as promoting information security to all New Zealand businesses".

---

Aura at Kiwicon V

7 November 2011

Kiwicon V was held on 4-6 November in Wellington. This year's event had a large turnout of 600 and included a wide range of technical and political talks from many expert speakers. Aura's Mike Haworth and Aura associate Kirk Jackson spoke about issues where the boundary between web apps and native apps gets blurry. Click here for the slides to the talk.

---

Aura receives a mention in the EDANZ Annual report

31 October 2011

Click here to read the article in the Economic Development Agencies of New Zealand Innovation Through Collaboration 2011 Annual Report.

---

Aura RedEye wins second place at the Australia and New Zealand Internet Awards

10 October 2011

Aura is proud to announce that its RedEye vulnerability scanning managed service has won 2nd place (highly commended) at the 2011 Australia and New Zealand Internet Awards (ANZIA) in the security and privacy category. Owners Andy and Diane Prow were very pleased to accept the award in person at a ceremony held in Melbourne.

---

Aura's Graeme Neilson is presenting at H2HC in São Paulo, Brazil October 29-30, 2011

9 September 2011

Aura Information Security is pleased to announce that Graeme Neilson has been selected to talk at the Hackers to Hackers Conference (H2HC) in São Paulo, Brazil where he will be presenting the topic "Welcome to RootKit Country v2". With training and lectures presented by respected members of the corporate world, research groups and underground community, the H2HC promises to demonstrate techniques that have never been seen or discussed with the public before. As well as sharing information, the corporate knowledge that Aura will gain at the conference is part of its commitment to research in information security, which ensures that it is at the forefront of what's happening in the industry.

---

Hack·Ed: Boost your defences!

25 August 2011

Andy Prow and Kirk Jackson presented at Tech·Ed NZ 2011 - the largest tech conference in New Zealand. They have compiled a "Cheat Sheet" of defenses for the common web risks for ASP.NET, MVC and SharePoint developers. You can download the PDF here.

---

Get a Head(er) in Web Security

14 July 2011

Today Kirk Jackson presented at the inaugural WDCNZ Web Developer Conference in Wellington, organised by Xero. Kirk's talk looked at new browser features to help secure web applications, in particular the support for HTTP headers to help prevent cross-site scripting, man-in-the-middle attacks and more. You can download a PDF of his whitepaper on File Upload Considerations here.

---

New Zealand Security Information Forum (NZSIF) breakfast talk

14 July 2011

Today, at the NZSIF monthly breakfast at the University of Auckland School of Business, Scott Fletcher talked about the Secure Development LIfe Cycle and how organisations can save themselves many long-term problems by being proactive about security and ensuring that it is "baked in" at every level of the development cycle. You can download his presentation here.

---

Aura @ OWASP

7 July 2011

Aura's Kirk Jackson presented at OWASP New Zealand Day 2011 on File Upload Considerations. You can download his presentation here. Scott Fletcher wass also at OWASP presenting an entertaining training module entitled "The CodeFather" but if you missed this session don't worry, we're repeating this event both publicly and as bookable events in Auckland, Wellington and Christchurch. Just email us to register your interest.

---

Gary Hinson of ISECT presents on behalf of Aura at the CIO Summit

27 June 2011

Gary Hinson, Chief Executive Officer of ISECT Ltd presented "Taking Information Security to the Executive Team" at the annual CIO Summit. You can download his presentation here.

---

Aura sponsoring CIO Summit, 27-28 June

1 June 2011

Aura Information Security is pleased to announced that it is a Platinum Sponsor of this year's CIO Summit at the SKYCITY Convention Centre, Auckland. This year Gary Hinson, Chief Executive Officer of ISECT Ltd will be presenting "Taking Information Security to the Executive Team". This presentation proposes that Information Security should be the responsiblity of the whole company, starting with the Executive team. The session will cover the real risks all organisations face today and how the solutions are a balance of technology and organisational awareness and behaviour. Click here to register for the CIO Summit.

---

Cloud Security Policies Presentation at Cloud Security Summit

24 May 2011

Andy Prow gave a presentation at the Cloud Security Summit on what's happening in the Cloud Infrastructure as a Service (IaaS) space, including the pros and cons of using a Cloud provider and the security implications and risks. He also explained how to mitigate these risks by implementing specific cloud security policies. You can access the presentation here.

---

Aura and Endace launch RedEye RealTime in Vegas

12 May 2011

Aura Information Security and Endace Ltd, the high-speed, lossless packet capture experts, announced their new partnership to the world stage at Interop Vegas, one of the world's largest business technology events.

This new partnership centers around RedEye RealTime which is the merger of the Aura RedEye Vulnerability Scanner and the Endace Probe, a product that allows enterprises to combine vulnerability scanning with full historical packet retrieval. RedEye RealTime allows companies, once a vulnerability has been identified, to be able to reliably and accurately ascertain whether that vulnerability has been exploited and if so, what exactly has been compromised or stolen from a company's network. Andy Prow, Managing Director of Aura Information Security, says that RedEye RealTime effectively "minimises the gap between risk and impact".

The first commercial trials of RedEye RealTime are expected to begin shortly.

---

Aura is New Zealand's first and only PCI Approved Scanning Vendor!

15 April 2011

Aura Information Security is very proud to announce that it is now the first and only New Zealand company to become an Approved Scanning Vendor of the PCI (Payment Cards Industry) Security Standards Council.

As a PCI ASV, Aura is authorised to validate certain DSS requirements by performing vulnerability scans of companies' Internet facing environments. The criteria to become a PCI ASV is very strict and only a handful of companies in the entire Asia Pacific region (including India) have become certified by the PCI Security Standards Council.

By combining their certified Information Security expertise with their daily vulnerability scanner RedEye, Aura can now ensure that their customers are guaranteed to comply with PCI standards every day. A PCI Qualified Security Assessor (QSA) tends to conduct audits yearly or quarterly (at best) and because customers' networks are always being changed or new vulnerabilities are constantly being discovered, this security strategy is comparatively limited in its effectiveness.

Also, by providing vulnerability scanning and Information Security services locally, Aura can now offer New Zealand companies much more responsive and relevant security than if they were to deal with overseas companies to ensure their consistent compliance with the PCI standards.

---

Aura is now a Rapid7 Authorised Reseller

14 April 2011

Aura Information Security is pleased to announce that it is now an authorised reseller of the Rapid7 line of products, including the award-winning and highly-accoladed neXpose vulnerability scanner.

Rapid7 NeXpose, which received the highest rating of “Strong Positive” in Gartner’s Marketscope for Vulnerability Assessment 2010, leverages one of the largest vulnerabilities databases to identify vulnerabilities that represent the greatest threat to organisations.

Says Aura Managing Director Andy Prow: "of all the enteprise-level vulnerability scanners that we evaluated for our own RedEye suite of products, neXpose consistently out-ranked and out-performed the competition. We truly believe it is the best product for organisations requiring on-site vulnerability assessment".

The top three reasons that organisations should switch to neXpose:

• They reduce their vulnerability management cost of ownership
• They comprehensively fullfil regulatory compliance vulnerability assessment requirements
• They lower their security risk profile