Wednesday, December 29, 2010

Catching the Wave

You have to admire the perseverance of a vendor whose vision is miles ahead of the market, and then fights, scratches, claws, and just hangs on until they find customer traction. This has been the case with Wave Systems, an early evangelist of placing and managing keys in secure hardware, particularly the TPM as defined by the Trusted Computing Group. For Wave there has always the lingering question of “if the idea is so good, why aren’t companies buying”? Well, it looks like the time has come and they’re now underway with two primary use cases:

Secure remote access with intrinsic two-factor authentication. Using the secret key from the TPM turns the laptop into the “something you have” factor to go along with the password (“something you know”). Enterprises not only save money by reducing token purchases, they also gain secure access while giving users and security administrators one less thing to worry about.

Transparently encrypt the hard drive of remote users. Enterprises that need to protect intellectual property or regulated data on laptops are getting tired of trying to administer DLP or DRM at the endpoint. A simpler solution is to transparently encrypt data on the hard drive using a secret key from the TPM. It is more secure, easier to manage, and may cost less. The most noteworthy implementations support Bitlocker and Samsung and Seagate self-encrypting hard drives.

Wave Systems sells software that makes administration of keys and TPMs practical for larger organizations that need to secure remote access and locally stored data. They’re moving forward and have some impressive references to their credit, including Mazda, Papa Gino’s, and Boston Medical Center. It’s nice to see their perseverance paying off.

Monday, July 26, 2010

Checking out PacketMotion

PacketMotion came by my office in Stow last week, leading to a lively discussion on the direction of network security. The company, founded in 2004 with its flagship PacketSentry product at version 4.0, has been around too long for Early Vibe status in this blog. However, PacketMotion is embracing a few unique ideas that may give security teams the flexibility they need to meet corporate functionality and cost-of-ownership requirements.

Corporate networks are dynamic as IT gains flexibility with wireless access, virtualizes applications and desktops, and increasingly relies upon browser-based cloud applications to support the business. This trend changes access paths between users and applications, and challenges security that is based on static addresses.

User Activity orientation allows IT to focus on securing business policies of users and applications. PacketSentry integrates with Active Directory to monitor user traffic to applications, with the option of killing non-compliant connections. Security policies are less dependent on the network infrastructure and are more easily mapped to business requirements.

Virtual Segmentation features provide a virtual PCI-compliance partitioning of resources by automatically monitoring and enforcing user activity to regulated applications and data repositories. That is, rather than deploying internal firewalls and replicating security mechanisms in the network, PacketMotion’s virtual segmentation helps assure that users and programs do not step out of bounds and access unauthorized business resources.

Automate compliance reporting with significant cost savings. Compliance mandates are designed to ensure the security of a business process and confidential data. Traditionally this has been done in a bottom-up manner starting with individual security products and then aggregating and correlating results into an overall business view. PacketMotion’s top-down approach reporting user and application activity across a broad range of protocols saves IT a lot of pain and can significantly reduce the burden of compliance reporting.

PacketMotion does a lot of things. In fact, one of their larger challenges is defining a strong position in the marketplace that also addresses priorities in security budgets. Since PacketSentry is a network appliance in the datacenter that looks at and records activity there will be pressure to place the company into a SIEM bucket (because it records activity), an NBAD bucket (because it can detect and terminate unauthorized behavior), or an automated GRC bucket (because it automates compliance). The company has good leadership and will find its way, but for now its differentiators are worth examining for forward-thinking security teams.

Monday, June 28, 2010

CoreTrace webcast on June 28th!

There has been a ton of interest in application whitelisting lately, especially with security-savvy organizations reacting to the Cisco Security Agent end of life scheduled for the end of 2010. Those folks know that they cannot rely totally on AV, but they also know they need a proactive approach that can be managed across the enterprise without breaking the bank.

CoreTrace is a leading application whitelisting vendor that does some pretty cool stuff at low levels. The webcast on Tuesday, June 28th is well worth an hour. Check out all of the details here:

http://www.coretrace.com/resources/webinars/CoreTrace_Webinar--Transitioning_from_Cisco_Security_Agent.aspx

Tuesday, June 1, 2010

Early Vibe: Armorize


Armorize is a web application security company that is being introduced to North America after gaining market traction in Asia/Pacific. The new management team is blessed with venture capital, noteworthy reference accounts, and an experienced engineering organization in Taipei. The focus on detecting actual malware residing on web sites addresses a critical security problem, where attacks such as drive-by downloads from trustworthy web sites infect customer endpoints. While vulnerability scanning is an important best practice, the Ogren Group believes malware scanning, if executed properly, addresses a sharper pain that gives enterprises a compelling reason to buy.

The main attraction for Armorize is a cloud-based service approach that finds the presence of malware on enterprise web sites. The HackAlert service is for security teams that need to react with a heightened sense of urgency to clean an infected web site to protect customers. Ferreting out vulnerabilities is good application hygiene to patch holes before exploits find them, but actually detecting infections solves more immediate customer needs. The cloud-based service approach makes perfect sense for organizations requiring continuous vigilance for malware.

Armorize also offers a code scanning product, CodeSecure, which examines web application software for security faults. This complements the malware scanning by offering Armorize customers a long-term end-to-end solution to hardening web applications. Organizations with custom developed applications will use this product early in the engineering cycle to ensure that web applications will be more resilient to attacks – and less likely to incur expensive emergency security fixes.

A significant challenge for Armorize will be to develop a pricing model that encourages customers to frequently scan for malware, while also being compensated for resources consumed by the Armorize data centers and a business model that aligns the HackAlert service with the CodeSecure offering. The Ogren Group believes the management team understands the web security space well enough to solve these problems, and will find a way to bundle code scanning with malware scanning for a comprehensive web security subscription service. Armorize has an interesting idea focusing on malware instead of vulnerabilities and with execution is well positioned to have a positive impact on improving enterprise’s web application security.

Friday, May 7, 2010

Live Web Seminar with Bit9

I will be talking about the failure of HIPS to provide a scalable endpoint security and the acceptance of application whitelisting as a foundational layer in conjunction with AV. One of the big problems with HIPS is that it is prohibitively expensive from an administrative standpoint. I think it is an interesting topic since I have some experience with with is now Cisco CSA. I hope you can join us on May 19th at 2:00ET.

"While significant enterprise security resources are devoted to prevention of malicious code infections, malware continues to frustrate security teams. Traditional anti-virus approaches have proven to be ineffective against modern attacks, and organizations that have tried host intrusion prevention find that technology is not an effective part of the endpoint security solution. Application whitelisting monitors endpoints in real time to ensure that only authorized programs can run, and that those programs have not been modified by malware."

Friday, February 26, 2010

Using user communities to bolster security offerings

Social networking ideas are coming to security, with efficiencies that are likely to .

Secure Passage is introducing a program whereby members can share configuration rules and policies to allow tight alignment between firewalls, routers, and other network devices. This is a really good idea that allows its customers to quickly tighten the security and compliance of their networks while reducing the chances of creating gaping holes in their security profiles. Secure Passage may also find that customers are extending the product into applications and server settings, which could lead SP to a nice growth path.

Computerworld post ...

I thought the Alexa statistics on web site usage were pretty cool. I have always liked numbers and statistics. I did some exploring on US-China-India numbers on web site visitors for a Computerworld article and found the following (hopefully the formatting does not get screwed up):

Company USA India China
Check Point 22.3% 13.8% 4.8%
Cisco 32.2 12.5 4.7
EMC 39.8 13.2 9.8
IBM 18.4 12.5 19.3
Microsoft 20.6 7.5 7.0
NetApp 40.6 18.8 4.9
Symantec 25.3 13.3 3.2
Websense 30.3 7.8 23.9

Lockheed-Martin 49.5 7.0 11.3
Pfizer 47.6 12.9 5.7
Whitehouse.gov 65.7 3.4 3.9

There could be lots of business reasons for some of these numbers such as sales model, or amount of off-shore manufacturing partners, etc. However, the number of visitors from China and India is frequently significantly greater than the number from large industrialized countries including England, Germany and Japan.

If you are in security, you better know your business.

Friday, January 22, 2010

Computerworld blog entry

After an 11 month hiatus, I have returned to the Computerworld blog. I had a lot of fun writing for them before and I am thrilled that they would have me back! Here is the first posting of 2010 ...

"Application service providers offer a centralized control point to deliver secure services for millions of its subscribers. Let’s hope that more social networking application providers follow Facebook’s and Comcast’s example by making it easy to acquire endpoint security software, and by enhancing its own internal vigilance. In the meantime, consumers with a paid anti-virus subscription are advised to act quickly in getting free protection from the likes of Avast!, AVG, or Microsoft..."