Now that we all have an assortment of iPhones, Droids, tablet devices, and Windows devices, lots of industry folks believe that mobile security is the next hot market. There are a number of players already in this market from pure plays like Good Security and Mobile Active Defense. Traditional endpoint security vendors like McAfee see this as an extension of its antivirus business. Symantec is in the same boat with antivirus as well as encryption software from PGP. Networking vendors also see up-side in the mobile device security market. Cisco has AnyConnect and ScanSafe while Juniper Networks wants to combine its Pulse client with its recent acquisition of SMobile.
These vendors come at mobile security from many different angles with different security functionality in different places–some on the device and some on the network. Will this confuse the market? No. Enterprises are actually looking for a wide range of mobile device security functionality. According to an ESG Research survey of 174 security professionals working at enterprise (i.e., more than 1,000 employees) organizations, the top three most important mobile device features are 1) device encryption, 2) device firewall, and 3) strong authentication. They also want things like DLP, VPN, and device locking.
Beyond security functionality, most enterprises also want an integrated platform for mobile device security and management. In other words, they want a single software package for device provisioning, configuration, reporting, etc. They also want a common set of features for all mobile devices rather than a potpourri of different features for iPhone, Windows 7, Droid, Palm, etc.
It appears then that the mobile device security market will include networking, security, and management vendors along with device manufacturers and carriers as well. Personally, I think mobile device security will have a network architecture look to it, with technology safeguards built into devices, the enterprise, and the cloud. If this happens, integration will be critical for all leading products.
Tags: Android, AnyConnect, Cisco, Droid, Good Security, iPhone, Juniper Networks, McAfee, Mobile Active Defenses, Palm, PGP, ScanSafe, SMobile, Symantec, Windows 7, Windows 7 Phone Posted in Uncategorized | No Comments »
My colleague Mark Bowker and I are at a Virtualization, Cloud Computing, and Green IT conference in Washington DC this week. In one of the panels we hosted, an IT executive from a cabinet-level agency mentioned that the agency was qualifying Microsoft Hyper-V even though it already has an enterprise license in place with VMware. When asked why the agency was doing this, he responded, “we are a Windows shop and have a great relationship with Microsoft. VMware has been great but we simply believe that the world is moving to heterogeneous virtualization platforms and we want to be ready for this.”
This IT executive is not alone. In a recent ESG Research study, 55% of the organizations’ surveyed say that their primary virtualization solution is VMware (VMware Server, ESx, ESxi, etc.). This relationship with VMware doesn’t preclude them from using other hypervisors however. In fact, 34% of survey respondents are using 2 virtualization solutions and 36% are using three or more. This was a survey of 463 North American-based IT professionals working at organizations with more than 500 employees.
My take-aways are as follows:
Yeah, I know, everyone would like one standard IT solution to meet all their needs. It hasn’t happened in the past and it won’t happen with virtualization either. The sooner that IT professionals and the industry recognize this the better.
Tags: Cisco, Citrix, EMC, Hyper-V, Microsoft, server virtualization, VMware Posted in Uncategorized | No Comments »
If you attended VMworld in late August, you know that virtualization security was featured extensively. Ditto for VMworld Europe where VMware CEO Paul Maritz included a few security slides in his keynote presentation. Maritz and VMware get it–virtualization security has been somewhat neglected until recently. If server virtualization is truly to become next-generation cloud infrastructure, security must be integrated throughout the technology.
VMware vShield and partner products are a great start toward bridging this virtualization security gap. Unfortunately, security technology is only part of the problem. ESG recently surveyed 463 large mid-market (i.e., 500-1000 employees) and enterprise (i.e., more than 1000 employees) organizations in North America, to gauge how they were using server virtualization technology. The goal was to understand current use, future plans, successes, and challenges. It turns out that security problems are pretty persistent. For example:
In aggregate, there is a people problem (i.e., security skills), an organizational problem (i.e., project management/cooperation), and a process problem (i.e., no best practices). Yes, these issues do ease over time but it is clear to me that they never go away. At some point, highly-regulated organizations are likely to slow down server virtualization projects to address these security gaps. When this happens, server virtualization/cloud vendors will see sales slow to a crawl.
VMware is a technology company so it is doing what comes naturally–addressing security holes with new products and industry relationships. Nevertheless, VMware needs additional help from standards bodies, IT and security professional organizations, and professional services firms. The ESG Research clearly illustrates that server virtualization is a paradigm-shifting technology that changes IT organizations and processes. The real revolutionary potential of server virtualization won’t occur until IT organization and process changes become as pervasive as hypervisors.
Tags: Cisco, cyber security, EMC, ESG Research, IT security, Paul Maritz, RSA Security, Trend Micro, VMware, vShield Posted in Uncategorized | No Comments »
My colleague Mark Bowker and I are knee-deep in new research data on server virtualization. Within this mountain of data, we are discovering some existing and impending networking issues related to network switching.
Today, many server virtualization projects are led by server administrators, with little or no participation from the networking team. As you may imagine, this means that the server team configures all virtual switches to the best of its ability, without considering how physical switches are already configured. As things scale, the server team realizes the error of its ways and quickly calls the networking group in to help out. This is where things really break down. Before doing anything, the networking folks have to learn the virtualization platform, understand how the physical and virtual networks should interoperate, and then roll up their sleeves and start gluing everything together.
This is a painful learning curve but I believe that future issues will be far more difficult. As organizations increase the number of VMs deployed, networking configurations get more difficult — especially when VMs move around. Users regularly complain about the number of VLANs they have to configure, provision, and manage. This situation will grow worse and worse as VMs become the standard unit of IT.
In my mind, it makes no sense for virtualization vendors like Citrix, Microsoft, Oracle, and VMware to recreate the richness of physical L2 switches in the virtual world. So what can be done? Well one alternative is to eliminate virtual switches entirely and do all switching at the physical layer via the Virtual Ethernet Port Aggregator (VEPA) standard being developed in the IEEE.
I believe this will happen but in the meantime there is another alternative being discussed this week at the Citrix Industry Analyst Event — Open vSwitch. As described on the Apache web site, “Open vSwitch is a multilayer virtual switch licensed under the open source Apache 2.0 license. The goal is to build a production quality switch for VM environments that supports standard management interfaces (e.g., NetFlow, RSPAN, ERSPAN, CLI), and is open to programmatic extension and control.”
Here’s why this makes sense to me:
At the very least, Citrix, Microsoft, and Oracle should back this as a way to push back on VMware’s marketshare lead.
I’ve been around long enough to know the strengths and limitations of open source and standards but I think that with the right support, this one could have legs. I know that vendors have their own businesses to look after but isn’t another end goal to create products that the market wants? I think Open vSwitch would fit this bill.
Tags: Brocade, Cisco, Citrix, Extreme Networks, Force 10, HP, IEEE, Juniper, Microsoft, Open vSwitch, Oracle, VEPA, VMware Posted in Uncategorized | No Comments »
If you aren’t familiar with Web threats, you should be. A Web threat uses the ubiquity of the WWW as a threat vector to propagate malicious exploits and payloads. Web threats lead to PCs infected with keyboard loggers, botnet code, or traditional worms and viruses.
Traditional threats like e-mail viruses and automated Internet worms still exist, but the bad guys now find the Web more effective. Cybercriminals can use dynamic links, scripts, URLs, or files to infect PCs. Even worse, they regularly exploit sites like Facebook for social engineering attacks.
This is a very serious threat– each and every enterprise should be implementing Web threat defenses. There are a number available from companies like Blue Coat, Cisco, McAfee, Symantec, Trend Micro, and Websense. Unfortunately, this activity isn’t as urgent as it should be because:
Independent product testing would help educate users and illustrate the types of threats we face. NSS Labs is poised to test a number of products, but since this space is somewhat immature, many vendors are hesitant to step up to the plate. This is unfortunate as it places business concerns over security protection.
To address Web threats, users have to demand help from their vendors. This help should come in the form of education services, product testing, and a contextual framework of where Web threat management fits within overall information security. This needs to happen now, not when products mature and a high percentage of PCs are already infected.
Tags: Blue Coat, Cisco, McAfee, NSS Labs, Symantec, Trend Micro, Websense Posted in Uncategorized | No Comments »
Traditional security solutions are sort of like client/server computing. Security vendors take the role of the server, hosting the master software, adding new anti-malware signatures, and distributing them to all of the clients.
This model was adequate in the past, but it is no longer good enough. Why? Malware volume stresses the system and all too common zero-day attacks have free and clear access to sitting duck systems.
Coping with the new threat landscape means embracing a new security model. First, we have to assume that an unknown file, URL, or IP address is malicious. That said, we can’t simply deny access; rather, we need to analyze the suspicious content in real-time and then make the appropriate access decision (i.e., allow access, deny access, quarantine, send content to a honeypot, etc.).
This new model depends upon a community of users and security devices/software acting as a neighborhood watch and sharing information with security vendors in real-time. Some people call this a “hybrid cloud” model to capitalize on the buzz around cloud computing.
Hybrid clouds are fine for now, but I foresee a future evolution to a peer-to-peer security model. With hybrid clouds, security devices/software still engage in a conversation with only one entity: the security vendor’s cloud infrastructure. In peer-to-peer security, security devices/software will engage in conversations with other security devices/software from multiple entities: security vendors, ISACs, government sources, academic institutions, etc. These conversations will issue warnings, blacklist threats, analyze content, compare notes, exchange data, etc.
Several vendors–including Blue Coat, Cisco, and Trend Micro–already have hybrid cloud offerings that could serve as the foundation for my peer-to-peer model. A bit of vendor cooperation, government incentives, or user demand could lead to further developments in APIs, secure protocols, data standards, etc.
Cybercriminals constantly exploit our security weaknesses and lack of coordination. This has been a winning formula thus far to the tune of billions of dollars in identity theft and data breaches. To overcome these tactics, we need to use our technology assets more effectively. This is precisely what peer-to-peer security can do.
The Network Effect (or Metcalf’s Law) states that the value of a network is proportional to the number of connections. In my opinion, peer-to-peer security leverages the power of the Network Effect for the good guys.
Tags: Blue Coat Systems, Cisco, Trend Micro Posted in Uncategorized | No Comments »
If you do some research on endpoint security you’ll quickly read one analyst or another’s claim that antivirus software is dead and that there is a pressing need for some new model like cloud security services, white listing, black listing, virtual desktops, etc.
Antivirus is dead? Hmm, I wonder if these analysts have been following the financial results of Kaspersky, McAfee, Symantec, Trend Micro or a host of others who continue to make money on endpoint security software.
As you can tell by my sarcasm, I don’t subscribe to this theory but I do believe that endpoint security is going through massive changes in order to best address new threats and new requirements. Now and into the future, endpoint security will:
Aside from market demand, security vendors will go down this path for defensive reasons. Free AV software from AVG and Microsoft is plenty good for casual users.
Will all of these features mean an uber fat client application? No. Like hybrid threat protection, vendors will offer a lot of these features as cloud services and rely on a lightweight agent to orchestrate the process. Finally, users will choose what they want and how much they want via a pricing calculator. Think online PC sales as an analogue.
Security purists may claim that endpoint security changes mean giving up control but the business case is too attractive for both users and vendors to pass up. Broad based solutions that cover requirements like threat management, performance management, backup, identity protection, and configuration management across multiple devices per user are simply the next phase of an evolutionary life cycle.
Tags: AVG, Check Point, Cisco, Dell, Finallyfast.com, IDWatchdog, LifeLock, McAfee, Microsoft, Panda, Sophos, Symantec, Trend Micro, TrustedID Posted in Uncategorized | No Comments »
There is an interesting debate happening in the networking industry that centers around branch office equipment. ESG Research points out that branch office servers and applications are moving to the data center and this move is driving more investment in WAN optimization technologies from Blue Coat, Cisco, Citrix, and Riverbed. At the same time, cheap bandwidth and cloud services are changing the network infrastructure. Large organizations are moving away from back-hauling all traffic through the data center and setting up a real network perimeter at the branches themselves.
While networking changes continue, there is also another trend happening. Lots of legacy networking and IT functionality (WAN optimization, firewall, IDS/IPS, file servers, print servers, domain controllers, etc.) is now available as a virtual machine. A single device can now take on multiple functions.
The debate centers on the “hybridization” of networking and server functionality at the branch office. Should branches deploy edge networking devices packaged with Intel processors for running VMs, or should they simply implement Intel blade servers from , HP, and IBM at the network perimeter and then use VMs for all networking and server needs?
The answer to this question could really impact the industry. For example, Fortinet is the king of UTM devices for branch offices but what if these appliances are suddenly replaced with standard Intel servers and virtual appliance software? Obviously this wouldn’t be good news for Fortinet.
For the most part, leading vendors are not pushing one model or another. Cisco WAAS equipment comes packaged with a Windows server while the Riverbed Service Platform (RSP) can run a Check Point firewall, a Websense gateway, an Infoblox DNS/DHCP server, or basic Windows services.
So which model wins? Both (Yeah, I know it is a cop out, but I truly believe this). It’s likely that smaller branches go with Intel servers and VMs while larger remote offices stick with networking gear. Large organizations will also lean toward their favorite vendors. Cisco’s networking dominance means it wins either way while Riverbed will likely do well in its extensive installed base and succeed at the expense of second-tier WAN optimization guys like Silver Peak.
In truth, there is no right or wrong way at the branch office network, but the vendor debate ought to be very entertaining.
Tags: Cisco, Citrix, Dell, Fortinet, HP, IBM, Riverbed, SilverPeak, virtualization, WAAS, WAN Optimization, Websense Posted in Uncategorized | No Comments »
Like the RSA Security conference in March, Interop will likely offer non-stop hyperbole about all things related to cloud computing. Nevertheless, I expect a lot of additional and very useful dialogue around the following topics:
See you in Vegas.
Tags: 3Com, Aerohive, Aruba Networks, Bluecoat, Cisco, Citrix, HP, Meru, Microsoft, Riverbed Posted in Uncategorized | No Comments »
There is a glimmer of good news on the venture capital front. In Q1 2010, venture funding rose 38% from a year ago to $4.7. What’s more, the pool of VC money is spread over 681 companies–a 7% increase from Q1 2009.
Good, but not great news. Most of the dough is going to biotech companies while investment in clean technology tripled.
The bad news? Investment in software declined 1% year over year. Remember that in Q1 2009, we were preparing for runs on banks and Hoovervilles.
While I have no data, there is anecdotal evidence suggesting additional bad news. I speak with security companies all the time and I simply don’t see VCs investing heavily in this space.
Perhaps they got burned investing in the 5th NAC, anti-spyware, or UTM vendor. Maybe they think that Cisco, Check Point, Juniper, McAfee, Symantec, and Trend Micro have everything covered. It could be that many believe that the whole tech space is mature, so they are chasing the new new thing in other technical areas.
I’m not sure why the VCs are eschewing security investments, but I do know that this is a problem. Why? At a time when attack volume is steadily increasing, cybercriminals operate like Fortune 500 companies, and FBI directors characterize cybersecurity attacks as “an existential threat to our nation,” the VCs are moving on to perceived greener pastures. In other words, there is serious demand for next-generation security skills and technology, but the supply-side continues to invest elsewhere. Bad economics and bad for the digital assets we all depend upon.
Okay, I understand that the VCs are in it for the money and nothing else, but something is wrong with this picture. It seems to me that when demand exceeds supply, there is money to be made. I’d like to see the VCs invest in security as a patriotic act, but I’m not optimistic. Therefore, I have a few ideas for the “smartest guys in the valley” on Sand Hill Rd.
The lack of VC investment in security could have broad implications moving forward, so the VCs can’t sit on the sidelines. It’s time for the rich guys to get more involved and proactively champion security innovation and investment rather than sit back, drink Merlot, and wait for business plans to come in. Our digital security may depend upon this.
Tags: Check Point, CIA, Cisco, DOD, DOE, Federal Government, Israel, Juniper, NSA, Symantec, Technion, Tel Aviv University, Trend Micro, Venture Capital Posted in Uncategorized | No Comments »
Your email:
