If you attended VMworld in late August, you know that virtualization security was featured extensively. Ditto for VMworld Europe where VMware CEO Paul Maritz included a few security slides in his keynote presentation. Maritz and VMware get it–virtualization security has been somewhat neglected until recently. If server virtualization is truly to become next-generation cloud infrastructure, security must be integrated throughout the technology.
VMware vShield and partner products are a great start toward bridging this virtualization security gap. Unfortunately, security technology is only part of the problem. ESG recently surveyed 463 large mid-market (i.e., 500-1000 employees) and enterprise (i.e., more than 1000 employees) organizations in North America, to gauge how they were using server virtualization technology. The goal was to understand current use, future plans, successes, and challenges. It turns out that security problems are pretty persistent. For example:
In aggregate, there is a people problem (i.e., security skills), an organizational problem (i.e., project management/cooperation), and a process problem (i.e., no best practices). Yes, these issues do ease over time but it is clear to me that they never go away. At some point, highly-regulated organizations are likely to slow down server virtualization projects to address these security gaps. When this happens, server virtualization/cloud vendors will see sales slow to a crawl.
VMware is a technology company so it is doing what comes naturally–addressing security holes with new products and industry relationships. Nevertheless, VMware needs additional help from standards bodies, IT and security professional organizations, and professional services firms. The ESG Research clearly illustrates that server virtualization is a paradigm-shifting technology that changes IT organizations and processes. The real revolutionary potential of server virtualization won’t occur until IT organization and process changes become as pervasive as hypervisors.
Tags: Cisco, cyber security, EMC, ESG Research, IT security, Paul Maritz, RSA Security, Trend Micro, VMware, vShield Posted in Uncategorized | No Comments »
If you aren’t familiar with Web threats, you should be. A Web threat uses the ubiquity of the WWW as a threat vector to propagate malicious exploits and payloads. Web threats lead to PCs infected with keyboard loggers, botnet code, or traditional worms and viruses.
Traditional threats like e-mail viruses and automated Internet worms still exist, but the bad guys now find the Web more effective. Cybercriminals can use dynamic links, scripts, URLs, or files to infect PCs. Even worse, they regularly exploit sites like Facebook for social engineering attacks.
This is a very serious threat– each and every enterprise should be implementing Web threat defenses. There are a number available from companies like Blue Coat, Cisco, McAfee, Symantec, Trend Micro, and Websense. Unfortunately, this activity isn’t as urgent as it should be because:
Independent product testing would help educate users and illustrate the types of threats we face. NSS Labs is poised to test a number of products, but since this space is somewhat immature, many vendors are hesitant to step up to the plate. This is unfortunate as it places business concerns over security protection.
To address Web threats, users have to demand help from their vendors. This help should come in the form of education services, product testing, and a contextual framework of where Web threat management fits within overall information security. This needs to happen now, not when products mature and a high percentage of PCs are already infected.
Tags: Blue Coat, Cisco, McAfee, NSS Labs, Symantec, Trend Micro, Websense Posted in Uncategorized | No Comments »
Traditional security solutions are sort of like client/server computing. Security vendors take the role of the server, hosting the master software, adding new anti-malware signatures, and distributing them to all of the clients.
This model was adequate in the past, but it is no longer good enough. Why? Malware volume stresses the system and all too common zero-day attacks have free and clear access to sitting duck systems.
Coping with the new threat landscape means embracing a new security model. First, we have to assume that an unknown file, URL, or IP address is malicious. That said, we can’t simply deny access; rather, we need to analyze the suspicious content in real-time and then make the appropriate access decision (i.e., allow access, deny access, quarantine, send content to a honeypot, etc.).
This new model depends upon a community of users and security devices/software acting as a neighborhood watch and sharing information with security vendors in real-time. Some people call this a “hybrid cloud” model to capitalize on the buzz around cloud computing.
Hybrid clouds are fine for now, but I foresee a future evolution to a peer-to-peer security model. With hybrid clouds, security devices/software still engage in a conversation with only one entity: the security vendor’s cloud infrastructure. In peer-to-peer security, security devices/software will engage in conversations with other security devices/software from multiple entities: security vendors, ISACs, government sources, academic institutions, etc. These conversations will issue warnings, blacklist threats, analyze content, compare notes, exchange data, etc.
Several vendors–including Blue Coat, Cisco, and Trend Micro–already have hybrid cloud offerings that could serve as the foundation for my peer-to-peer model. A bit of vendor cooperation, government incentives, or user demand could lead to further developments in APIs, secure protocols, data standards, etc.
Cybercriminals constantly exploit our security weaknesses and lack of coordination. This has been a winning formula thus far to the tune of billions of dollars in identity theft and data breaches. To overcome these tactics, we need to use our technology assets more effectively. This is precisely what peer-to-peer security can do.
The Network Effect (or Metcalf’s Law) states that the value of a network is proportional to the number of connections. In my opinion, peer-to-peer security leverages the power of the Network Effect for the good guys.
Tags: Blue Coat Systems, Cisco, Trend Micro Posted in Uncategorized | No Comments »
Earlier this week, Cisco announced its intentions to end-of-life the Cisco Security Agent (CSA) at the end of the year. Cisco will continue to support CSA for another 3 years but it won’t enhance the product any longer.
Moving forward, Cisco’s endpoint security efforts will center upon AnyConnect, an agent-based offering that unfies endpoint connectivity, TrustSec, DLP, threat defenses, and policy management. As far as pure AV protection, Cisco will recommend partner with vendors like Sophos and Trend Micro.
What’s going on here? Is Cisco walking away from an entire product and market? No. In fact, ESG believes this decision demonstrated guts and vision. Cisco has never had any luck with Windows client software and that’s really what CSA is. Cisco may be saying adios to Windows but this move is right down Broadway as it aligns with Cisco’s strengths and market direction. Why? Because:
Cisco has a fair number of CSA customers so I’m sure some folks within the company wanted to continue to invest in the product. This would have been the easy “let’s not rock the boat” decision.
Yes, this would have been the easy path but it also would have been the wrong decision. Cisco can now focus on endpoint security from a position of network/cloud strength rather than its Windows PC weakness.
The market is already headed in this direction. Cisco is simply shedding some legacy baggage and positioning the company at the nexus of endpoint, network, and cloud security. This is the absolute right decision.
Tags: AnyConnect, Cisco Systems, Okena, Sophos, Trend Micro Posted in Uncategorized | No Comments »
If you do some research on endpoint security you’ll quickly read one analyst or another’s claim that antivirus software is dead and that there is a pressing need for some new model like cloud security services, white listing, black listing, virtual desktops, etc.
Antivirus is dead? Hmm, I wonder if these analysts have been following the financial results of Kaspersky, McAfee, Symantec, Trend Micro or a host of others who continue to make money on endpoint security software.
As you can tell by my sarcasm, I don’t subscribe to this theory but I do believe that endpoint security is going through massive changes in order to best address new threats and new requirements. Now and into the future, endpoint security will:
Aside from market demand, security vendors will go down this path for defensive reasons. Free AV software from AVG and Microsoft is plenty good for casual users.
Will all of these features mean an uber fat client application? No. Like hybrid threat protection, vendors will offer a lot of these features as cloud services and rely on a lightweight agent to orchestrate the process. Finally, users will choose what they want and how much they want via a pricing calculator. Think online PC sales as an analogue.
Security purists may claim that endpoint security changes mean giving up control but the business case is too attractive for both users and vendors to pass up. Broad based solutions that cover requirements like threat management, performance management, backup, identity protection, and configuration management across multiple devices per user are simply the next phase of an evolutionary life cycle.
Tags: AVG, Check Point, Cisco, Dell, Finallyfast.com, IDWatchdog, LifeLock, McAfee, Microsoft, Panda, Sophos, Symantec, Trend Micro, TrustedID Posted in Uncategorized | No Comments »
There is a glimmer of good news on the venture capital front. In Q1 2010, venture funding rose 38% from a year ago to $4.7. What’s more, the pool of VC money is spread over 681 companies–a 7% increase from Q1 2009.
Good, but not great news. Most of the dough is going to biotech companies while investment in clean technology tripled.
The bad news? Investment in software declined 1% year over year. Remember that in Q1 2009, we were preparing for runs on banks and Hoovervilles.
While I have no data, there is anecdotal evidence suggesting additional bad news. I speak with security companies all the time and I simply don’t see VCs investing heavily in this space.
Perhaps they got burned investing in the 5th NAC, anti-spyware, or UTM vendor. Maybe they think that Cisco, Check Point, Juniper, McAfee, Symantec, and Trend Micro have everything covered. It could be that many believe that the whole tech space is mature, so they are chasing the new new thing in other technical areas.
I’m not sure why the VCs are eschewing security investments, but I do know that this is a problem. Why? At a time when attack volume is steadily increasing, cybercriminals operate like Fortune 500 companies, and FBI directors characterize cybersecurity attacks as “an existential threat to our nation,” the VCs are moving on to perceived greener pastures. In other words, there is serious demand for next-generation security skills and technology, but the supply-side continues to invest elsewhere. Bad economics and bad for the digital assets we all depend upon.
Okay, I understand that the VCs are in it for the money and nothing else, but something is wrong with this picture. It seems to me that when demand exceeds supply, there is money to be made. I’d like to see the VCs invest in security as a patriotic act, but I’m not optimistic. Therefore, I have a few ideas for the “smartest guys in the valley” on Sand Hill Rd.
The lack of VC investment in security could have broad implications moving forward, so the VCs can’t sit on the sidelines. It’s time for the rich guys to get more involved and proactively champion security innovation and investment rather than sit back, drink Merlot, and wait for business plans to come in. Our digital security may depend upon this.
Tags: Check Point, CIA, Cisco, DOD, DOE, Federal Government, Israel, Juniper, NSA, Symantec, Technion, Tel Aviv University, Trend Micro, Venture Capital Posted in Uncategorized | No Comments »
In May of this year, I wrote a blog on another media site predicting a precipitous rise in Mac-based malware. At the time, I believed that this would change Apple’s public claims about security superiority over Windows and force Steve Jobs and company to recommend security software for all Mac users.
I guess it got some people’s attention. Usually, my blogs would get a half-dozen comments or so, but this one received a whopping 162. Some supported my position, but many accused me of being a Microsoft shill or a complete idiot.
Well, I hate to say “I told you so,” but this morning I was reading through a recently published report from Trend Micro titled “The Future of Threats and Threat Technologies” which made the following forecast for 2010:
Mac Threats
While cybercriminals are likely to take advantage of any given monoculture (i.e., Windows for desktop computers) in crafting their attacks, they have been found—especially in 2009—to create high-impact malware targeting Mac users. They are unwittingly encouraged by Mac users’ preconceived notion that Macs are “safe and virus free.” Thus Mac users are more than likely to let their guards down when it comes to security. Threats like OSX_JAHLAV.I,14 which pose as legitimate applications and then change the system’s Domain Name System (DNS) settings to redirect the victims’ browsers to malicious sites without their knowledge, will simply become more sophisticated going into 2010. (page 14)
Like I stated in May, I am not writing this because I believe that Apple or Mac systems are profoundly insecure. Nor am I comparing Mac security to Windows security. The fact is that all complex software contains vulnerabilities and cybercriminals are very good at what they do.
Moving forward, I hope that:
Tags: Apple, Mac, Macintosh, Trend Micro Posted in Uncategorized | No Comments »
Your email:
