Back around 2005, DLP was the buzz term Du Jour within the information security industry. DLP was designed to find sensitive data and make sure that this data wasn’t accidentally or maliciously misused. The most common DLP implementation was as a network gateway for filtering Layer 7 content. When a DLP device spotted credit card numbers in an e-mail, it simply blocked this transmission, thus preventing a data breach.
Back then, DLP was the proverbial low-hanging fruit for security protection so lots of firms were ready to buy. This prompted VCs to fund companies like PortAuthority, Reconnex, Tablus, Vericept and Vontu to complete in this burgeoning space.
Fast forward to 2010 and DLP has a bit of an identity crisis. Why? DLP was once a tactical point tool for blocking content on the network. Now however, DLP has evolved into:
With these features, DLP is slowly morphing from a security policy enforcement point to a more holistic technology for data governance. In other words, this is an enterprise domain (i.e., consulting, distributed architecture, central command-and-control, etc.), not a tactical security domain. As such, the term DLP minimizes the technology value and no longer accurately describes what the technology does.
I know Gartner is often the default analyst firm for naming IT technologies but since nothing new is coming out of Stamford, let the people decide. I am partial to the term Enterprise Data Governance (EDG) myself–anyone have another suggestion?
Tags: Data loss prevention, DLP, EMC, McAfee, PortAuthority, Reconnex, Symantec, Tablus, Vericept, Vontu, Websense Posted in Uncategorized | No Comments »
Now that we all have an assortment of iPhones, Droids, tablet devices, and Windows devices, lots of industry folks believe that mobile security is the next hot market. There are a number of players already in this market from pure plays like Good Security and Mobile Active Defense. Traditional endpoint security vendors like McAfee see this as an extension of its antivirus business. Symantec is in the same boat with antivirus as well as encryption software from PGP. Networking vendors also see up-side in the mobile device security market. Cisco has AnyConnect and ScanSafe while Juniper Networks wants to combine its Pulse client with its recent acquisition of SMobile.
These vendors come at mobile security from many different angles with different security functionality in different places–some on the device and some on the network. Will this confuse the market? No. Enterprises are actually looking for a wide range of mobile device security functionality. According to an ESG Research survey of 174 security professionals working at enterprise (i.e., more than 1,000 employees) organizations, the top three most important mobile device features are 1) device encryption, 2) device firewall, and 3) strong authentication. They also want things like DLP, VPN, and device locking.
Beyond security functionality, most enterprises also want an integrated platform for mobile device security and management. In other words, they want a single software package for device provisioning, configuration, reporting, etc. They also want a common set of features for all mobile devices rather than a potpourri of different features for iPhone, Windows 7, Droid, Palm, etc.
It appears then that the mobile device security market will include networking, security, and management vendors along with device manufacturers and carriers as well. Personally, I think mobile device security will have a network architecture look to it, with technology safeguards built into devices, the enterprise, and the cloud. If this happens, integration will be critical for all leading products.
Tags: Android, AnyConnect, Cisco, Droid, Good Security, iPhone, Juniper Networks, McAfee, Mobile Active Defenses, Palm, PGP, ScanSafe, SMobile, Symantec, Windows 7, Windows 7 Phone Posted in Uncategorized | No Comments »
The international horse show wasn’t the only event in Washington DC this week; I participated in the Virtualization, Cloud, and Green Computing event in our nation’s capital. One of the guest speakers was Ira “Gus” Hunt, CTO at the CIA. If you haven’t seen Gus speak, you are missing something. He is very strong on the technical side and extremely energetic and entertaining.
Gus focused on cloud computing activities at the CIA (I’ll blog about this soon), but I was intrigued by one of his slide bullets that referred to something he called the “encrypted enterprise.” From the CIA’s perspective, all data is sensitive whether it resides on an enterprise disk system, lives in a database column, crosses an Ethernet switch, or gets backed up on a USB drive. Because of this, Hunt wants to create an “encrypted enterprise” where data is encrypted at all layers of the technology stack.
The CIA is ahead here, but ESG hears a similar goal from lots of other highly regulated firms. When will this happen? Unfortunately, it may take a few years to weave this together as there are several hurdles to overcome including:
A lot of the technical limitations are being worked on at this point, so the biggest impediment may be based upon people and not technology. We simply don’t have a lot of experience here, so we need to proceed with research, thought, and caution. To get to Gus Hunt’s vision of the “encrypted enterprise,” we need things like reference architectures, best practices, and maturity models as soon as possible. Look for service providers like CSC, HP, IBM, and SAIC to offer “encrypted enterprise” services within the next 24 months.
Tags: CIA, CSC, EFS, EMC, Emulex, Encrypted enterprise, Gus Hunt, HP, IBM, KMIP, Microsoft, Oracle, PGP, RSA, SAIC, Symantec Posted in Uncategorized | No Comments »
If you aren’t familiar with the Stuxnet worm, here is a brief synopsis. The Stuxnet worm is a sophisticated self-replicating piece of malicious code which targets Supervisory Control and Data Acquisition (SCADA) systems made by Siemens. The worm is able to recognize and destroy a facility’s control network.
As of this writing, about 45,000 systems around the world, 60% of which are in Iran. Iran has publicly stated that the worm has not damaged its nuclear program but it is causing IT havoc in Iran, Indonesia, and elsewhere.
This is a very serious attack that the whole world should be following. Here are a few of my initial thoughts:
1. Make no mistake, this is an act of cyber warfare. Stuxnet joins other events such as the July 2009 attacks on the U.S. and South Korea, the attack on Syrian air defenses, and the political attacks on South Ossentia and Estonia.
2. It’s easy to say that this attack was state sponsored and originated in either Israel or the U.S., but it could also have come from a well-funded private group with access to technical expertise. Symantec estimates that the group who developed Stuxnet consisted of around 10 individuals. It wouldn’t cost that much to fund a project like this.
This is an important point — with a bit of money and some smart techies, you can do a lot of damage to the infrastructure of an entire nation.
3. I wouldn’t rule out the Chinese or Russians here. This may have been a wake-up call to let the Iranians know what’s coming. There is also a another objective here, cyber reconnaissance — launch a cyber attack on Iran that will likely be blamed on the U.S. and Israel, and then sit back and see what happens next.
4. Stuxnet is a self-replicating worm so it may have infected the Seimens systems over the Internet, but it could also have been introduced somewhere in the cyber supply chain. Perhaps it was installed by a rogue system integrator or added during equipment shipping. Either way, this illustrates how vulnerable our IT equipment is — even before it is even installed.
The question from here is obvious: What happens next? My guess is that Stuxnet will continue to mutate and infect systems as a demonstration of power. In the meantime, we could see waves of retaliatory strikes from Iran or its supporters. Either way, we are talking about the potential for cyberwar escalation.
Washington must take note here. Cyber warfare is a dangerous game with no rules and the U.S. is far more vulnerable than any other nation. The time for International diplomacy is now.
Tags: China, Cyberwar, Iran, Israel, Russia, SCADA, Siemens, Stuxnet Worm, Symantec, United States Posted in Uncategorized | No Comments »
I was at Oracle Open World yesterday when I heard the rumor that IBM was going to buy Brocade. At the time, I was meeting with a group that had collective industry experience of more than 100 years. We all laughed this off as hearsay.
The fact is that IBM already OEMs equipment from Brocade (as well as Juniper) so it is not lacking in engineering experience or alternatives. Does IBM want to start a stand-alone networking business? Does it want to OEM Fibre Channel switches to and HP? Does it want to bet on Brocade/Foundry Ethernet switches against the rest of the industry? No, no, and no.
This is not the only silly rumor we’ve heard lately. Last week, Microsoft was going to buy Symantec. Yeah sure, there are no antitrust implications there. And does Microsoft really want to buy a company that has about a dozen products that are redundant to its own?
How about Oracle buying HP? Larry may be spinning this up for fun, but it’s simply crazy talk. Oracle, a software company focused on business applications and industry solutions, wants to get into the PC and printer businesses? Yeah, I know, “What about servers and storage?” To which I answer, “What about Sun?”
These rumors are circulating because of the recent uptick in M&A activity, but my strong bet is that nothing remotely similar will happen. The rumors must then be coming from one of two sources:
Not all mergers make sense, but there tends to be some business logic inherent in most transactions. Let’s try and remember that before spreading rumors for personal or unethical gain.
Tags: Brocade, HP, IBM, Juniper Networks, McAfee, Oracle, Symantec Posted in Uncategorized | 1 Comment »
Anyone remotely interested in identity management should definitely download a copy of the National Strategy for Trusted Identities in Cyberspace (NSTIC) document. It can be found at this link: .
A a very high level, the strategy calls for the formation of a standards-based interoperable identity ecosystem to establish trusted relationships between users, organizations, devices, and network services. The proposed identity ecosystem is composed of 3 layers: An execution layer for conducting transactions, a management layer for identity policy management and enforcement, and a governance layer that establishes and oversees the rules over the entire ecosystem.
There is way more detail that is far beyond this blog but suffice it to say the document is well thought out and pretty comprehensive in terms of its vision. This is exactly the kind of identity future we need to make cloud computing a reality. Kudos to Federal Cyber coordinator Howard Schmidt and his staff for kicking this off.
I will post my feedback on the official website, but a few of my suggestions are as follows:
There will be lots of other needs as well. The document recommends identity and trust up and down the technology stack but it doesn’t talk about the expense or complexity of implementing more global use of IPSEC, BGPSEC, and DNSSEC. There is also the need for rapid maturity in encryption, key management, and certificate management. Good news for RSA, PGP, nCipher (Thales), IBM, HP, Venafi, and others.
The key to me is building a federated, plug-and-play, distributed identity ecosystem that doesn’t rely on any central authority or massive identity repository. This is an ambitious goal but one that can be achieved — over time — if the Feds get the right players on board and push everyone in the same direction.
Tags: BGPSEC, CA, Cyber Coordinator, DNSSEC, Federal Government, Howard Schmidt, HP, IBM, IPSec, Liberty, Microsoft, Microsoft Geneva, National Strategy for Trusted Identities in Cyberspace. nCipher, Novell, NSTIC, Open ID, Oracle, PGP, PKI, Project Higgins, RSA, Shibboleth, Symantec, Thales, Venafi, Verisign, Web services Posted in Uncategorized |
An industry friend just sent me a story from the Wall Street Journal proclaiming that security management leader ArcSight will be acquired within the next week. The story goes on to say that the likely buyers include Oracle, HP, , IBM, and CA.
Hmm. First of all, anyone familiar with ArcSight was sure this was coming. The company is a leader in a growing market segment, has a great Federal business, and is one of few real enterprise players. It is interesting to me that the Wall Street Journal is spreading rumors but that’s another story.
Let me weigh in by handicapping the field:
Given the Intel deal, McAfee is likely out of the running. I’ve heard through the grapevine that McAfee made several attempts at ArcSight but the price tag was just too big. Symantec, like IBM and CA, has also developed security management products that haven’t taken off in the market. If Enrique Salem is up for another big acquisition, ArcSight would be a great fit.
Finally, wherever ArcSight ends up, there are plenty of other innovative security management companies that may quickly follow. Feisty Q1 Labs would be a natural for Juniper. Brainy Nitro Security could be a fit for Cisco or CA. LogRhythm could be a good addition for HP, Check Point, Websense, etc.
ArcSight deserves what it gets as it really guided the security market moving forward. Its fate will greatly influence the enterprise security market moving forward.
Tags: ArcSight, CA, EMC, HP, IBM, Juniper Networks, LogRhythm, McAfee, Nitro Security, Oracle, Q1 Labs, Symantec, Wall Street Journal, WSJ Posted in Uncategorized | No Comments »
Before the bell rang on Wall Street, Intel shocked the army of Latte sipping financial wonks by announcing its intentions to buy security leader McAfee. The deal is valued at $7.7 billion or $48 per share, about a 60% premium on the stock price.
A few financial analysts who cover Intel say that this is about Intel’s mobile device aspirations. Maybe, but McAfee just got into the mobile device security market and my guess is that this business accounts for $5 million in revenue or less.
Sorry Wall Street but that ain’t it at all. I believe that Intel sees the same thing I see. The security market is wildly fragmented with vendors producing tactical point products for its customers. These point products can no longer address the environment of sophisticated and massive threats. In the very near future, enterprise and service provider security technologies must deliver unprecedented levels of scalability, manageability and integration.
Guess what? In today’s market there isn’t a single vendor who can deliver a security product suite anywhere near what’s needed in the market. Get it Wall Street? There is massive emotional demand but no supply. Here’s the kicker — without significant improvements in security, this whole Internet party hosted by companies like , eBay, , , etc. could get really, really ugly soon.
To be fair, McAfee can’t deliver the level of scale, manageability and integration that the market demands but it’s as close as any other vendor. Combine this with Intel hardware, money, and brainpower and you’ve gotten something.
I believe Intel sees a market opportunity, not a product opportunity. Yes, there is plenty of room to integrate McAfee with mobile phones, microprocessors, and NSPs but this is a footnote to the story.
A few other observations:
Tags: ArcSight, Check Point, Fortinet, IBM, Intel, LogRhythm, McAfee, Nitro Security, RedSeal, RSA, Sourcefire, Symantec Posted in Uncategorized | No Comments »
Symantec’s acquisition of the Verisign security assets closed earlier this week. This frees Symantec to tell the world what it bought and the role the Verisign services play.
Good thing. Symantec caught a lot of flack for buying a legacy SSL certificates business. In truth, this deal could be much more–a SaaS authentication and PKI offering to broker trust relationships in B2C and B2B transactions.
I believe this could be a very good acquisition, but Symantec can’t assume that anyone other than PKI nerds understand this. To satisfy Wall Street and maximize the ROI on this deal, Symantec must:
Symantec needs to prove to the market (and especially Wall Street) that it can back vision and money with execution. The Verisign deal was fairly significant, around $1.2 billion. Symantec needs to execute ASAP to demonstrate that this deal was well thought out and that the money was well spent.
Tags: PKI, SSL, Symantec, Verisign, X.509 Posted in Uncategorized | No Comments »
If you aren’t familiar with Web threats, you should be. A Web threat uses the ubiquity of the WWW as a threat vector to propagate malicious exploits and payloads. Web threats lead to PCs infected with keyboard loggers, botnet code, or traditional worms and viruses.
Traditional threats like e-mail viruses and automated Internet worms still exist, but the bad guys now find the Web more effective. Cybercriminals can use dynamic links, scripts, URLs, or files to infect PCs. Even worse, they regularly exploit sites like Facebook for social engineering attacks.
This is a very serious threat– each and every enterprise should be implementing Web threat defenses. There are a number available from companies like Blue Coat, Cisco, McAfee, Symantec, Trend Micro, and Websense. Unfortunately, this activity isn’t as urgent as it should be because:
Independent product testing would help educate users and illustrate the types of threats we face. NSS Labs is poised to test a number of products, but since this space is somewhat immature, many vendors are hesitant to step up to the plate. This is unfortunate as it places business concerns over security protection.
To address Web threats, users have to demand help from their vendors. This help should come in the form of education services, product testing, and a contextual framework of where Web threat management fits within overall information security. This needs to happen now, not when products mature and a high percentage of PCs are already infected.
Tags: Blue Coat, Cisco, McAfee, NSS Labs, Symantec, Trend Micro, Websense Posted in Uncategorized | No Comments »
Your email: