Tuesday, September 22, 2009

Nominum Broadens Intelligent DNS Impact with SKYE Cloud Services

Nominum is introducing a DNS SaaS approach called SKYE. This is interesting partly because the DNS lookup seems like a good time to layer on security and acceptable use services, since attacks now originate from the Web. It is a good concept, with a good management team behind it, and I was glad to support their release.

“DNS has evolved from a simple name resolution protocol to a policy-based system that provides essential availability, auditing and security services for the entire ecosystem of web-based applications,” said Eric Ogren, principal analyst at the Ogren Group. “Since the first step of any Internet request is a DNS look-up, the name service is a natural position to deploy technology asserting manageable controls over the complexities and threats of today’s Internet. With web threats dominating the Internet, the time could not be better for Nominum to launch its SKYE service for ISPs and enterprises.”

Monday, September 21, 2009

Whitelists, SaaS modify traditional security, tackle flaws

Posted on SearchSecurity.com:

"The SANS Institute's latest threat report should be a reminder to security teams that now is the time to rethink the traditional approach to security as 2010 plans are being prioritized, with a strategy to transform security into a capability that is as dynamic as the attack landscape.

Threat reports are usually a tough read as they highlight the successes of hackers without suggesting meaningful preventive actions that IT can take. But the SANS report, The Top Cyber Security Risks, found that traditional security is woefully inadequate in protecting the business infrastructure against infected websites and penetration through popular applications such as Adobe Flash and Microsoft Office."

Wednesday, September 16, 2009

Last thoughts from VMworld

Now that my computer has been replaced with a shiny new Dell box, it is time for my last thoughts on VMworld. Overall, VMware did a great job, there was tangible excitement throughout the entire week at the show, and VMware is poised for a great year. Without further ado, here are my top 5 impressions -

1.Virtual desktops and virtual workspaces are gaining real momentum. The concept of IT managing users and content, and not managing devices is gaining traction. The primary driver is compliance – IT is fed up with configuration drift and data loss at the endpoint which is leading to programs for VDI.

2.VMware needs to provide a bridge from physical environments to hybrid physical-virtual environments to a total virtualized infrastructure. It is one thing to evangelize virtualization and the cost savings associated with application density. However, only 15-20% of applications in the data center have been virtualized. The remaining 80% or so of physical applications will take a while to evolve so VMware would do well to have vCenter embrace management of the entire infrastructure, not just ESX.

3.VMware has the chance to be the spokeperson for virtualization if they change their approach to competitors. RSA was brilliant in giving airtime to opposing points of view from competitors and the US government. The result is the most important and comprehensive security conference on the planet. VMware needs to lift space and messaging restrictions on Citrix, Microsoft, Oracle and others to elevate VMworld to the virtualization showcase conference.

4.VMware has a brand new leadership team with key players in their roles for less than 3 quarters. It is a challenge to learn the business and choose the best strategic path while undergoing on the job training. Maybe I’m overly sensitive to this – I saw Security Dynamics (now RSA) swap out Sales, Marketing, and Engineering leaders only to find the newbies surround themselves with cronies and stymie the business by chasing the PKI windmills.

5.Citrix and Microsoft are very much in VMware’s cross-hairs. Even Citrix customers often host applications on ESX and deliver the user experience with Citrix ICA. VMware is targeting end-to-end solutions by bolstering VDI with PCoIP – a direct challenge to Citrix’ ICA. This is a good move for VMware and will certainly benefit customers who will soon have more choice. Less good is the fear of Microsoft Hyper-V and App-V. VMware needs to find a cooperative and competitive strategy where they can spend less time looking over their backs at Redmond.

Thursday, September 10, 2009

Security vendors can learn from ConSentry Networks demise

The latest article posted to SearchSecurity:

"There is a plethora of security vendors in the world today, many of which are not going to get any bigger. Security startups struggle to get broad horizontal traction, and I have talked with many vendors who insist that everyone must have their product. However, most security vendors simply do not grow to be very big, primarily because their product line is not obviously needed by everybody.

The recent demise of ConSentry Networks Inc., a switch-oriented NAC vendor, serves as a sad reminder that security often only has niche appeal. Smaller privately held vendors may need to go vertical to best understand how to serve the business and to survive as a company..."

Thursday, September 3, 2009

At VMworld 2009, companies focus on virtual desktops for security

Just posted on SearchSecurity.com from VMworld:

"While security and compliance is a major driver of virtual desktop infrastructure projects, security is taking an otherwise decidedly low profile here at VMworld this week. Clearly customers are moving ahead with virtualization projects within the context of traditional security architectures. This is also reflected in the trend that attached costs for professional services, incremental storage, networking, and business applications are all greater in virtualization projects than security expenses. Virtualization projects are going ahead in the data center where application service configurations are relatively static and security can be placed in the physical infrastructure..."

Tuesday, September 1, 2009

At VMworld this week

VMworld brings me back to the Moscone this week. The VMware conference has drawn over 12,500 people and the exhibit hall was absolutely hopping yesterday. There is a lot of excitement about new technology and the vision of a dynamic IT service. Most of what I’ve seen so far is in CAPEX reduction such as layering shared OS images, application packs, and personification settings to reduce storage and administration costs. I like the prospects of VDI to change the security model, but it looks like VDI may stay poised waiting for a breakout for a bit longer.

Most of the security here is tied to multi-tenancy. For example, if an Exchange VM is launched on a new server to meet capacity demand, then make sure a DLP VM is also launched to meet compliance mandates. I can’t say I’ve seen much of innovative use of VMsafe even though big security vendors Check Point, McAfee, Symantec, and Trend Micro are all here. Reflex Security may be interesting when I talk with them tomorrow.

It has come to my attention that www.ogrengroup.com returns a “not found” error message. My blog is hosted by Google so I’ll have to see what changed there. If you are reading this, then you know how to get to my blog directly. Bad timing with the conference going on - I’ll get this fixed as soon as I can!