It has been quite a while! Let me recap selected security
news from vendors I’ve talked with in the past couple of weeks to get up to
date with current events. In most cases I had to wait for their embargoes to
lift – my apologies if I have announced anything early J!
Palo Alto Networks and VMware announce that next generationfirewalls from PAN will embrace VMW’s NSX to secure traffic between virtualmachines as well as between virtual data centers. I thought this was great as it allows vCenter to orchestrate application security
policy both within and between perimeters. In the long run, with software
defined networks, security policy will have to travel with the application to
be enforced locally. This agreement nicely positions Palo Alto and VMware toadd much needed flexibility in securing applications as they evolve from
physical to virtual to cloud environments. Love this one!
NetCitadel announced ThreatOptics to enhance an organization’s ability to respond to incidents. What I like about
the vision is that instead of layering analytics on mountains of SIEM data,
NetCitadel kicks off when a network sandbox such as FireEye or Palo Alto Networks
WildFire reports an anomaly. ThreatOptics then reaches out to affected
endpoints with a dissolvable agent to grab detailed host information that it
can then combine with what the network sees to give security organizations better
intelligence to prioritize and respond to incidents. I believe that launching
investigations based on observed suspicious behavior is a concept with impact –
it will be fun to watch NetCitadel run with it!
Mojave Networks, nee Clutch Mobile, is stepping beyond mobile
device management to offer a cloud-based security service for mobile devices.
This makes perfectly intuitive sense to me - as most of the action for mobile and
tablet devices takes place in the cloud that’s where security should be!
Dumping a lot of security apps onto your device can’t be the right approach
with issues of battery life, compatibility with popular applications, and
constant upgrades. I like where Mojave is going and the team they’ve assembled.
I wish they would extend their focus beyond small and medium enterprises to
address larger security concerns of larger enterprises, but the market will
soon speak to that.
Adallom is a freshly
launched company with a clever idea to protect SaaS applications. It is a tough
problem as IT needs to protect the business, but does not need to get involved
in personal use issues. The Adallom solution piggybacks on the identity process
to audit cloud activity and implements heuristic profiles similar to those that
have proven successful in detecting credit card fraud. The company still needs
to execute, but they have a great idea and experienced leadership so I look for
more from this exciting company as they move forward!
Prelert announced Anomaly Detective 3.0, a special Splunk
application
that, based on learning a machine’s and network’s normal behavior, promises to
reduce a high volume of security alerts to an actionable level of incidents. It
is an interesting approach to combat the flood of data and alerts that security
teams now have to deal with. I like Splunk a lot (as do lots of others) partly
because of the balance it strikes in delivering value to both IT and security
operations. It looks like Prelert is going to stick to its security roots, but
the Splunk bandwagon is a good one to hitch onto.
Posts
