Software vendor CA Technologies is best known for its mainframe, business-to-business and distributed computing offerings. As an expansion of its enterprise-based offerings, the company also offers a data loss prevention suite called CA Technologies Data Protection. Formerly known as CA Technologies DataMinder, CA Technologies Data Protection is capable of supporting large enterprises with thousands of users and desktops. The DLP software suite components include CA Data Protection Endpoint, CA Data Protection for Networks, CA Data Protection for Stored Data and CA Email Supervision.

Data scanners

This CA Technologies Data Protection suite is able to protect data at rest, data in transit and data in use. It also integrates with CA Technologies Identity and Access Management products to allow access to sensitive information based on content and data classification. CA Technologies Data Protection is also able to quarantine data and protect sensitive information by granting or blocking access based on the reviewer's access privileges.

Endpoint agents

CA Data Protection Endpoint agents are application plug-ins for securing data at rest that execute on an endpoint device. These agents can monitor user activity and execute capture and control actions based on DLP policy. They either work with a gateway server or report directly to the DLP central management server. The agents are also able to continue policy enforcement even if disconnected from the central management server. CA Data Protection Endpoint is able to encrypt data sent to removable media. This action is controlled in part by the Client File System Agent (CFSA). In addition to monitoring local file copy actions, the CFSA is able to enforce policy for synchronization folders connecting to cloud resources such as Drop Box.

Network security

The CA Data Protection for Networks network appliance is able to control SMTP, web browser, webmail and social media HTTP/HTTPS traffic, instant messaging and peer-to-peer messaging such as Skype. Using SPAN ports, it can function as a passive DLP monitoring tool or be deployed in line to block sensitive data traffic, including decoding SSL traffic while inline.

Stored data

CA Data Protection for Stored Data secures data at rest by protecting and controlling sensitive information stored in network file shares and document repositories, public folders, ODBC sources and information collaboration servers such as Microsoft SharePoint. It can recognize and classify over 300 file types including HTML, XML, ZIP and others. CA Data Protection for Stored Data can also conduct full and partial fingerprinting of text and graphical content in order to the file content's transmission and usage. The product's scalable and distributed architecture enables file scan rates of up to 500 gigabytes per hour.

Email data

CA Email Supervision controls and reports on sensitive email in motion and at rest for popular email servers such as Microsoft Exchange and Lotus Domino as well as mail transport agents such as sendmail and postfix. The CA Email Supervision lightweight agent is deployed at the email sever and supports any number of email policies designed to product an organization from potentially criminal as well as unintentional sensitive data exposure. Supported email endpoints include laptops, virtual desktops and smartphones for DLP controls inside and outside the corporate network.


CA Technologies' DLP suite offers several components and features designed to address a wide array of data protection needs for large enterprises. CA Data Protection cover endpoints and data in use as well as data in transit on the network, data at rest in storage or databases, and mobile and cloud data as well. The product suite comes with 24/7 technical support from CA Technologies; free training and educational courses are also available for customers. Organizations interested in pricing and licensing terms for CA Data Protection products should contact the vendor or authorized CA reseller partners.

Next Steps

Part one of this series looks at the basics of data loss prevention products

Part two examines the business case for DLP products

Part three explores usage scenarios for DLP products

Part four focuses on procuring DLP products

Part five offers insight on selecting the right DLP product

Part six compares the best DLP products on the market

This was last published in November 2016



Find more PRO+ content and other member only offers, here.

SearchSecurity: Security Wire Daily News

If time is money in business, speed is security in infosec. HawkEye Analytics Platform is the big data component of the HawkEye set of security tools from Hexis Cyber Solutions, while HawkEye G offers integrated threat detection and automated response. Both are designed to provide comprehensive products to critical requirements in big data security analytics while putting an emphasis on speed.

HawkEye AP: Big data security analytics

HawkEye AP is a layered data management platform providing core services from data ingestion up through reporting and analysis. The foundation of the data management system is the Event Collection component, an extraction, transformation and load service that includes connectors to over 250 types of source systems. These sources include Windows servers, web servers, firewalls, databases, logs, NetFlow sources and SNMP sources.

The platform is designed to parse through hundreds of different data formats automatically. Data ingested by the event collection component is stored in the platform's vent data warehouse, a write once database optimized for columnar storage. The write once feature ensures the integrity of data by preventing tampering at the lowest levels of data access. It also allows database designers to avoid the overhead mechanisms needed in other databases that support update operations. The Event Database supports standard SQL and business intelligence tools so customers deploy third-party reporting tools to support their security reporting.

While traditional BI reporting tools may be helpful in some cases, the volume of data and fine grained attributes captured in security event information can make it difficult to find useful information. The analysis component of the HawkEye AP incorporates user management and some reporting functionality specifically designed for security information. These reporting tools further support a Dashboard, Reports and Investigation module that provides an HTML5 console for a single point of access to security data.

HawkEye G: Threat detection

To further support analysis and reduce the volume of data infosec professionals have to contend with, the HawkEye AP provides a thread detection component called HawkEye G. This incorporates machine learning and statistics techniques to help identify patterns, classify data and help infosec professionals focus on the most informative parts of all available security data.

HawkEye AP, coupled with HawkEye G, offers a comprehensive platform for big data security analytics. While HawkEye AP collects data from servers and network devices, HawkEye G includes endpoint agents for gathering data in real time for user devices. HawkEye G also has modules for detecting events at network edges as well as from third-party platforms.

Significant security events are usually a small percentage of all events recorded. Searching for malicious activity on an active business network is a prime example of searching for the proverbial needle in the haystack. HawkEye G incorporates a proprietary ThreatSync technology that verifies threats to reduce false positives using host and network correlation techniques. It also prioritizes events to help infosec professionals focus on the most important threats.

HawkEye also includes policy driven automated response to events. This can be especially important when infosec staff is limited and automated responses are needed to keep up with suspicious events on the network.

Pricing, support and deployment

Hexis Cyber Solutions' HawkEye AP is a software platform that is designed to sit between an enterprise's security operations center and the existing networking and security infrastructure. In addition to the HawkEye AP platform, Hexis also offers a managed service option for those who would rather delegate management and maintenance to the vendor.

Pricing is available by contacting Hexis Cyber Solutions directly. The company offers 24-hour support through its customer portal as well as phone support during normal business hours or 24/7, depending on your service-level agreement. Hexis Cyber Solutions' professional services group is available to help with planning, implementation and ad hoc analysis. The company also partners with EMC, Palo Alto Networks, SourceFire and Cerner.


Big data security analytics requires both scalable data management and advanced analysis tools that support infosec operations. The combination of HawkEye AP and HawkEye G cover both of those fundamental requirements. HawkEye G will be especially appealing to organizations that want the ability to query an event database using standard business intelligence reporting tools. For its part, the managed service option will likely appeal to small and midsize businesses that want the capabilities of the HawkEye platform, but do not have resources on staff to manage and maintain a big data security analytics platform.

Editor's note: The HawkEye G technology was recently acquired by WatchGuard. It's unclear how this will affect its integration with HawkEye AP.

Next Steps

In part one of this series learn about the basics of big data security analytics

In part two discover the business case for big data security analytics

In part three find out how to evaluate big data analytics platforms

In part four compare the top big data security analytics products

This was last published in September 2016

SearchSecurity: Security Wire Daily News

The vast majority of traffic traversing an organization's network is probably benign, but what about the small fraction of traffic that isn't? How can it tell benign from malicious before it's too late? This is the challenge that has driven the development of security analytics tools such as the Lancope StealWatch FlowCollector.

Analyzing network traffic

Security analytics products are designed to collect a variety of information types, and then integrate, analyze and classify content and events to enable security and system administrators to identify potentially malicious activity. Some security analytics tools tailor their analysis to network traffic, while others incorporate diverse data from server logs and endpoint devices. The common characteristic of all security analytics products, however, is the ability to ingest large volumes of data and quickly identify suspicious activity.

Like other security analytics tools, the Lancope StealthWatch FlowCollector aims to consolidate data from across the network, such as routers, switches and firewalls. It uses NetFlow and IPFIX flow data collected from firewalls, routers and other network devices to achieve its mission.

Data collected at routers is used to analyze traffic entering or leaving the network. Lancope's StealthWatch FlowCollector also considers traffic between devices on the network. This is especially important for detecting malicious activity that occurs within the network boundaries. For example, a disgruntled employee might make a copy of a database backup to take to a competitor using a laptop and storage device connected to the network. This kind of event may not leave any traces in inter-network traffic flows.

Scalability is always a consideration when capturing network traffic. A single StealthWatch FlowCollector is designed to support up to 4,000 devices generating as many as 240,000 flows per second. At peak scalability, a properly configured StealthWatch FlowCollector system can process up to 50,000 sources and six million flows per second. StealthWatch FlowCollector includes the ability to detect duplicate flow data as well.

One company's anomaly is another's norm

The concept of anomalous behavior on a network is fairly easy to understand: it is something out of the ordinary. The first job of an anomaly detection system is to determine the baseline for a particular network. The StealthWatch FlowCollector creates a baseline of all IP traffic, which then supports analytics for detecting anomalies in either network traffic or host behavior.

The StealthWatch FlowCollector also includes host-centric analysis, such as host and application profiling and OS fingerprinting. This is useful for detecting outside of typical patterns of use on a host.

In addition, the analytics product provides reporting on device activity, such as host reporting, router interface tracking, and bandwidth accounting and reporting. There is also support for packet level performance metrics and quality of service reporting.

Lancope StealthWatch FlowCollector can go beyond base level network reporting to detect unauthorized hosts and web servers as well as misconfigured firewalls.

Lancope offers 24/7 customer support via phone and online portal. Enterprise premium support is also available for those organizations that want more proactive assistance with planning and deployments. A community portal offers access to documentation, knowledge base articles and training videos. For more information on pricing and licensing, contact Lancope.


Predicting malicious activity is difficult, even with large volumes of data and the most sophisticated analysis techniques. Baselines -- meanwhile -- change, sometimes slowly over time. This can impact the false positive rate of alerts, so care must be exercised when balancing the need to minimize false alarms with the desire to not miss a real threat because alert thresholds were too high.

If there is malicious activity on IT infrastructure, it is probably leaving a trace of some kind in network traffic, which tools like the Lancope StealthWatch FlowCollector can detect. This tool can profile a normal baseline of activity and then detect variations from that norm, and can alert administrators to potentially malicious activity.

 StealthWatch FlowCollector is especially useful for network administrators and security professionals who need to monitor network-level activities across complex infrastructures.

Editor's Note: Lancope was recently acquired by Cisco. While Lancope still operates as a separate company, the acquisition could impact the Lancope StealthWatch product line, including the FlowCollector series.

Next Steps

Part one of this series explains the basics of security analytics products

Part two examines the use cases for security analytics

Part three looks at how to procure security analytics products

Part four compares the best security analytics products on the market

This was first published in September 2016

SearchSecurity: Security Wire Daily News

Businesses and government agencies are at risk of an increasing array of information security threats such data theft, malware, denial-of-service attacks and even compromise by insiders. No single security control or policy can address all threats. Instead, IT needs to deploy multiple measures. A key challenge for InfoSec professionals is to collect and integrate data on security events from the array of security controls deployed to protect assets. This is where security analytics comes in.

NetBeat MON from Hexis Cyber Solutions, is a security analytics product designed to help protect medium-sized businesses, specifically ones with multiple locations.

In a nutshell, NetBeat MON is a monitoring appliance that observes network activity within any network and its devices. Hexis presents the benefits of the product as supporting "network hygiene." That is, understanding and managing the contents of network traffic using tools such as packet capture and analysis, network flow analysis and intrusion detection.

Combining open source tools

Hexis Cyber Solutions did not reinvent the proverbial wheel when it comes to network monitoring, but it did combine well-established open source tools to bring cost-effective, consolidated monitoring to a broader market. NetBeat MON combines the features of five open source network monitoring tools: ntop, Wireshark, Suricata, Snorby and dumpcap.

  • Ntop is a network traffic sorting tool that supports IPv4 and IPv6. The tool allows you to sort IP traffic using multiple criteria, including source, destination and protocol.
  • Wireshark is a network protocol analysis tool that allows for both live traffic capture and offline analysis, including voice over IP. Information captures with Wireshark can be viewed in either a GUI or the TTY-mode TShark utility, and packet lists can be assigned a color scheme to help with sorting and analysis.
  • Suricata is a tool developed by the Open Information Security Foundation. The tool is used for monitoring network traffic, as well as providing combined intrusion detection system/intrusion prevention system functionality. Admins can also write rules to specific protocols, as opposed to receiving ports.
  • Snorby is a network security monitoring tool built using Ruby on Rails. Reporting features include the ability to classify events into predefined or custom categories for future reports. Additionally, the tool can integrate with OpenFPC, a packet capture tool.
  • Lastly, dumpcap is a tool for network traffic dumping. Dumpcap captures packet data in pcap-ng files, although libpcap formatting is also available. Features include customizable UIs, automated patching and remote management, as well as analysis, NetFlow and packet capture capabilities.

Deployment options

The deployment of NetBeat MON is dependent upon an organization's operation. The product requires the deployment of individual appliances at each of its locations. These appliances are either configured as a Master or a Minion unit upon setup -- the capabilities and duties of each unit follow. The Master unit will most likely be deployed at an organization's central office, allowing for centralized management of the Minions.

Each unit offers 8x DIMM RAM slots, 4 x 3.5-inch hard drive bays (hot-swappable), and an Intel i350 Dual Port GB Ethernet port. The NetBeat MON racks are built on Intel Xeon processors. See here for a full specification list.

As for purchasing and support, the NetBeat MON appliance is available only through channel partners. Single-call support is provided for one year after purchase, after that it is $ 1,500 per unit per year. The Hexis support team can answer questions regarding the open source tools that make up NetBeat MON, but does not provide direct support. Hardware issues are solved by sending the malfunctioning device back for repair.


No business or organization is too small to be the target of malicious cyber activities. Small and midsize business with limited resources can leverage open source security analytics tools without breaking their capital expenditure budgets.

Unfortunately, unless someone on staff is familiar with the implementation details of the range of open source tools in use, then deploying and maintaining a set of well integrated applications is difficult. NetBeat MON relieves some of that burden with a consolidated package of security analytics tools that does not demand an enterprise-scale budget to pay for it.

Editor's note: Hexis Cyber Solutions was recently acquired by WatchGuard, which may impact the NetBeat MON security analytics product line.

Next Steps

Part one of this series explains the basics of security analytics products

Part two of this series examines the use cases for security analytics

Part three of this series looks at how to procure security analytics products

Part four of this series compares the best security analytics products on the market

This was first published in September 2016

SearchSecurity: Security Wire Daily News

All organizations face cyberthreats, but large enterprises face a particularly challenging set of problems. By their nature, larger organizations have many more devices and network points of access to secure. This creates an often unwieldy attack surface to protect.

In addition, larger organizations are often subject to regulatory compliance that requires data and systems controls across their infrastructure. They must also deal with the issue of scale. IT products and services that work well for small and midsize companies may not scale to meet the volumes of data and equipment that must be protected in a large enterprise.

Enter Juniper Networks' JSA Series Secure Analytics, a security analytics and analysis platform designed to meet the needs of larger enterprises.

Analysis for multiple security domains

The JSA Series includes modules to support multiple types of security analytics and analysis. These include models to handle log analysis, threat analysis and compliance reporting.

Log analytics provides tools to collect logs from across an organization and centrally store and analyze their content. This enables both real-time alerting and forensic analysis of events that have occurred in the past.

The threat analytics module spans areas typically covered by network operations and security analytics. By collecting and analyzing information from multiple sources, the module can identify suspicious activities across a range of event types. This kind of broad analytics capability is essential for detecting advanced threats that can occur as a series of steps over extended periods of time. Threat analytics builds on the Secure Analytics platform's capabilities with regard to collecting security logs, host and application logs as well as network application flow logs.

The compliance module helps infosec professionals demonstrate enforcement of policies and procedures required by various regulations. The platform supports reporting for Payment Card Industry Data Security Standard, HIPAA and other broadly applicable regulations.

Analyzing enterprise scale security data

Large enterprises must address the needs of multiple sites of various sizes and with varying types of security requirements. The JSA Series spans a range of deployment options to meet those needs. The product family is available in four different versions.

The JSA3800 and JSA5800 are appliances designed for larger enterprises, while the JSA7500 is designed for carriers and other enterprises with exceptionally large volumes of data. For lightweight deployments, the virtual appliance version may be sufficient, for example.

Because the JSA Series platform employs a distributed architecture, it is possible to start with one appliance and add others as demand grows. In addition to meeting scalability demands, appliances can be configured in hot standby mode to enable rapid failover from a primary appliance to the hot standby.

The JSA Series can be purchased directly from Juniper Networks or through a channel partner. Juniper Networks offers professional services to help with planning, building and deploying the JSA Series.


Security analysis and analytics is challenging, and it becomes even more difficult at enterprise scales. Attackers, meanwhile, may be willing to work slowly in order to avoid detection. And since larger organizations tend to be geographically diverse, multiple data centers and offices require security controls -- such as security analytics and analysis -- to be available to local and remote networks. Enterprises also need continuous security protection from high availability controls that will scale to meet the demands of an enterprise.

Juniper's Secure Analytics platform is designed to meet all of these needs, with components to ingest and analyze a range of data as well as supporting additional compliance requirements. While it may be more than some organizations require -- particularly small and midsize enterprises -- the JSA Series is the kind of product that large enterprises could easily turn to for security analytics and analysis.

Next Steps

Part one of this series explains the basics of security analytics products

Part two examines the use cases for security analytics

Part three looks at how to procure security analytics products

Part four compares the best security analytics products on the market

This was first published in September 2016

SearchSecurity: Security Wire Daily News

Information security is no longer just about implementing a set of best practices or point products like antimalware, network configurations and authentication mechanisms. All of those things are still required, of course, but they are no longer the end of the story. Organizations need the ability to analyze what is happening on their networks in real time.

This starts with assuming that some element of their security controls will be compromised. Enterprises today need to be looking for signs of that compromise. This is where security analytics comes in. Click Security is a company that provides a set of analytics tools focused on areas of security analytics, including profiling, investigating, responding and analyzing actor behaviors within an organization's network.

These tools allow infosec professionals to collect and analyze information about events on the network, identify particularly suspicious activity and then take action to mitigate potential risk of those activities. Here's a closer look at the tools within the Click Security Analytics suite.

Click Security Profiler

Click Security Profiler provides an interface for analyzing both actors and events within an infrastructure. These tools collect data from multiple sources, including network traffic, logs and file events. The Profiler uses event correlation to group discrete events into higher level logical collections. It also provides a risk ranking of actors and events to help front line security analysts assess the relative importance and priority in the face of multiple threats.

Click Stream Security Investigator

Click Stream Security Investigator is a tool for viewing attacker activity at a higher level of aggregation than provided by the Profiler. With the Investigator, events are consolidated and visualized at a level that allows analysts to better assess the key events in the attacker's progress. This sequence of events, known as the kill chain, identifies key events in the progression on an attack. Attacks typically start with reconnaissance, followed by delivery of some kind of attack vector, installation of command and control tools and eventually exploitation of the capabilities that attacker has established. Understanding this typical course of events in an attack, and being able to identify them from network, log and other data is a key to deploying countermeasures to mitigate the risks of an attack.

The Responder

The Responder is an application that applies lockdown policies in response to events. The application includes a graphical user interface displaying key metrics about the number of times policies have been triggered.

Actor Analytics Framework

The Actor Analytics Framework is a central hub for collecting and analyzing security related event data. The framework is designed to collect data on security events, analyze those events with emphasis on actor-oriented activities and incorporates threat intelligence to create a broad view of the actors and event contexts.

Click Security's Actor Analytics Framework also implements kill chain profiling and intelligence management. It utilizes in-memory analytics techniques to examine incoming events and links them to previous events by the same actor. Third-party intelligence data is added to context information collected from Click Security tools.

Prior to being acquired by Alert Logic, Click Security introduced new functionality for its analytics suite, including Actor Context Graph, an interactive visualization feature designed to help admins correlate events with related data.

Pricing and support

Click Security offers support services online and over the phone. For those looking for direct support, Click Security works with partners as well. Contact parent company Alert Logic for additional details on pricing, licenses and support.


The Click Security Analytics tools address key information gathering and analysis stages needed to detect, understand and respond to a cyberattack. In spite of security best practices, the state of today's information security landscape leaves many with the feeling it is only a matter of time before our systems are attacked, if they have not been attacked already. Security analytics tools such as Click Security's Actors Analytics Framework are needed to respond to the kinds of attacks that are all too common today.

Security analytics tools, such as Click Stream, generate valuable information but are not standalone tools, such as malware scanners. Organizations with dedicated information security professionals who understand attack strategies and methods will get the most from Click Security. The combination of tools, such as Profiler, Responder and the Actor Analytics Framework, create a complete security analytics solution. It's important to note that Click Security was acquired by Alert Logic last spring, and Alert Logic said its intention was to "quickly integrate the Click Security employees and technology" into its Cloud Defender platform. This could change how Click Security Analytics is sold and supported in the future.

Next Steps

Part one of this series explains the basics of security analytics products

Part two examines the use cases for security analytics

Part three looks at how to procure security analytics products

Part four compares the best security analytics products on the market

This was first published in September 2016

SearchSecurity: Security Wire Daily News

Mojo Networks' AirTight WIPS is an enterprise wireless intrusion prevention system product that monitors network activity involving wireless local area networks. The AirTight WIPS looks for any WLAN-based attacks, rogue wireless access points and other violations of the organization's WLAN and security policies. A WIPS not only can detect inappropriate activity, but it can also stop it from negatively affecting the organization's WLAN infrastructure, client devices and users -- thus preventing successful compromises and unauthorized access to the organization's sensitive data. Here is a closer look at the features and functionality of Mojo Networks' AirTight WIPS.

Product versions

The Mojo AirTight WIPS uses a management server and physical sensors model. The management server is available through several means:

  • Public cloud-based service
  • Private cloud-based service
  • In-house hardware appliance
  • In-house virtualized appliance

In terms of physical sensors, Mojo Networks, which was formerly known as AirTight Networks, offers several wireless access points that come with built-in WIPS capabilities.

Attack discovery capabilities

The most basic WIPS attack discovery capabilities involve detecting rogue APs and rogue connections, including those from unauthorized WLAN client devices, and AirTight WIPS provides these capabilities. AirTight WIPS can also map the physical locations of WLAN devices, including rogue APs and client devices, to aid in pinpointing the location of attacks.

It is unclear, however, what other types of attacks AirTight WIPS can defend against. The information publicly available about AirTight WIPS does not state whether or not the product can detect denial-of-service attacks, man-in-the-middle and client impersonation attacks, and active authentication and encryption cracking attempts. Organizations interested in evaluating AirTight WIPS should check with AirTight Networks to get more information on its attack discovery capabilities.

Data collection and reporting capabilities

Mojo AirTight WIPS records basic information on WLAN events that it observes, and it can also log all the actions that the WIPS itself performs. However, no information is available as to whether or not the AirTight WIPS offers packet capture capabilities, which can be much more helpful than just logging simple event information when it comes to analyzing an attack session.

Going hand in hand with data collection capabilities is reporting on the collected data and the analysis of that data. Little information is available on AirTight WIPS' reporting capabilities; in fact, it is the only major WIPS product that does not promote its built-in support of reporting for at least one major regulatory compliance initiative. Organizations considering AirTight WIPS for their WIPS needs should carefully evaluate its reporting capabilities, particularly if the organization is subject to one or more compliance efforts.


Because Mojo AirTight WIPS' management capabilities are available through four different models (i.e., public cloud, private cloud, hardware appliance and virtual appliance) its licensing and costs will vary widely depending on the chosen model. In terms of its sensors, AirTight WIPS provides an "all inclusive" sensor pricing model. When a sensor is purchased, that price includes all the features that the sensors can provide. Through its cloud-based management models, Mojo Networks offers a no obligation 14-day trail of the AirTight WIPS capabilities.


The Mojo AirTight WIPS product offers basic WIPS capabilities for enterprises and is suitable for use by a wide variety of organizations. It has highly flexible management options, ranging from public and private cloud-based services to on-premises hardware and virtualized appliances, as well as several different sensor architectures.

Unfortunately, Mojo AirTight Networks does not provide a great deal of information about the features of its product, including its attack discovery, data collection and reporting capabilities. No WIPS product should be acquired without first gathering the full details of these capabilities, as well as a product's other characteristics. Organizations that are considering acquisition of the Mojo AirTight WIPS should seek out additional details from Mojo Networks, as well as perform their own evaluation of the product through the 14-day trial.

Next Steps

Part one of this series looks at wireless intrusion prevention systems in the enterprise

Part two of this series offers six enterprise use cases for WIPS

Part three of this series examines seven criteria for purchasing WIPS products

Part four of this series compares the best WIPS products in the market

This was first published in July 2016

SearchSecurity: Security Wire Daily News