Written for Lumension - Endpoint Security: Moving Beyond AV

"Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability, filling in the gaps that anti-virus (AV) was never designed to cover. Organizations have invested heavily in traditional AV solutions, often stacking AV filters from multiple vendors along the data path in the desperate hope that one of the products would stop malware from infecting the corporate or government endpoints. While AV plays a crucial role in identifying known malware and cleaning infected systems, the reality is that relying on layers of the same defense mechanism leaves organizations completely exposed to attacks and data theft from unknown or designer malware that can be delivered in web-based active code, downloaded encrypted code fragments, and persistent botnets. Security teams that know they need more than AV are now deploying application whitelisting technology to protect laptops, desktops, server and Point-of-Sale endpoints from unidentified malicious code as well as undetected code injections - and they are finding significant operational benefits due to fewer interruptions responding to infected endpoints.

This Ogren Group Special Report, Endpoint Security: Moving Beyond AV, commissioned by Lumension, presents the market demand for application whitelisting with recommended actions for security decision makers. Information in this report derives from Ogren Group research and interviews with enterprise security executives of global organizations." ...

OPSWAT quote for press release

OPSWAT is a neat company that develops toolkits for embedding security into applications. The most common need is for a general purpose interface to make calls to an AV product, allowing the application vendor to pick and choose the right AV engine for the job. OPSWAT also includes logic to facilitate a clean removal of security - a welcome capability for those of us who have ever attempted to uninstall an AV product when switching vendors. They do interesting work with a refreshingly pragmatic approach. I am pleased to support their press release with a quote:

“As the IT need for embedding security solutions in the fabric of the infrastructure becomes an increasing necessity due to the growing number of Internet-based threats, so does the ability to manage these solutions in an efficient manner,” said Eric Ogren, founder and principal analyst at the Ogren Group. “OPSWAT, Inc.’s Metascan technology provides the capability to bolt anti-malware scanning engines directly onto third-party software. Together with OESIS application management features, the acquisition of Metadefender’s technology nicely positions OPSWAT to provide a comprehensive, all-inclusive anti-malware scanning engine, benefiting vendors of secure products.”

New hacker skills optimize revenue

The latest from SearchSecurity:

"Malware is evolving into a rewarding, mature high-tech market, and it's not surprising that the financial incentives of developing and peddling malware can outweigh the risk of penalties that include spending quality time in jail. Malicious code developers may not be business school graduates, but they appreciate basic business principles to expand their addressable market; optimizing revenue from the install base and leveraging technology. That was the takeaway from the Cisco 2009 Midyear Security Report, an excellent summary of the major malware activity written for a less-technical executive audience..."

Offering SaaS for securing mobile devices

The following has just been posted in TechTarget's SearchSecurityChannel:

"Intelligent mobile devices are revolutionizing the way remote users connect to their business, and thus are presenting unique security opportunities for solution providers. Blackberrys, iPhones, and the emerging category of promising Mobile Internet Devices (MIDs) are exploding in popularity, fueled by the availability of easy-to-use application interfaces to access information (both business and personal) in non-traditional ways..."

Cloud-based security services should start private

Posted on SearchSecurity.com this week:

"Many early stage cloud vendors have it backwards when it comes to offering cloud-based services. They implement Software as a Service (SaaS) first to demonstrate their vision and then develop enterprise integration features. But the right way to go about it is to support corporate clouds in early product releases. IT is typically conservative about business risk and likes to retain control over sensitive data and applications. Security SaaS vendors may be better served by allowing IT to start by hosting its own private cloud service, integrated with existing data repositories and administrative systems and then provide a path to the full cloud application environment"...

Ogren Group Impact: MokaFive LivePC at your service

MokaFive has the innovative idea of deploying virtual desktops as a service for remote users. The payoffs can be large for IT – centralized control of endpoint configurations for meeting compliance mandates, protection of sensitive data while working in remote locations, and end-user convenience of having ubiquitous access to their desktop. The Ogren Group believes that with performance concerns abating due to the virtual desktop running on the endpoint, virtual desktops will usher in new opportunities for IT to cost effectively service business users.

Tufin takes an operational view on firewall rules management

Tufin is one of the promising companies in the firewall rules management market. While security and managing compliance is of primary importance, Tufin also appreciates the operational cost savings benefits of controlling and automating firewall rules administration. The following is a quote for their Automatic Policy Generation press release that hit the wires on June 29th:

"Automating the creation of optimized firewall rule bases is critical to establishing an accurate baseline for increasing network security and reducing operational costs," said Eric Ogren, principal analyst of the Ogren Group. "Well defined firewall rules lower the risk of creating holes in network security, eliminate many of the business disruption issues that can accompany firewall deployments, and reduce the number of costly support calls. Automation ensures that firewall rule bases act on the intelligence discovered from actual observed business traffic."

Twitter risks, Facebook threats trouble security pros

Nice way to start July with a new SearchSecurity post!

"The explosive growth in social networking has positioned many security teams solidly between a rock and a hard place. On the one hand, conscientious security executives cannot ignore the data loss and regulatory compliance risks to the corporation; on the other hand, security cannot politically survive by categorically objecting to other organizations innovative use of new business tools...."