Tuesday, November 26, 2013

Last week's security vibes


It has been quite a while! Let me recap selected security news from vendors I’ve talked with in the past couple of weeks to get up to date with current events. In most cases I had to wait for their embargoes to lift – my apologies if I have announced anything early J!

Palo Alto Networks and VMware announce that next generationfirewalls from PAN will embrace VMW’s NSX to secure traffic between virtualmachines as well as between virtual data centers. I thought this was great as it allows vCenter to orchestrate application security policy both within and between perimeters. In the long run, with software defined networks, security policy will have to travel with the application to be enforced locally. This agreement nicely positions Palo Alto and VMware toadd much needed flexibility in securing applications as they evolve from physical to virtual to cloud environments. Love this one!

NetCitadel announced ThreatOptics to enhance an organization’s ability to respond to incidents. What I like about the vision is that instead of layering analytics on mountains of SIEM data, NetCitadel kicks off when a network sandbox such as FireEye or Palo Alto Networks WildFire reports an anomaly. ThreatOptics then reaches out to affected endpoints with a dissolvable agent to grab detailed host information that it can then combine with what the network sees to give security organizations better intelligence to prioritize and respond to incidents. I believe that launching investigations based on observed suspicious behavior is a concept with impact – it will be fun to watch NetCitadel run with it!

Mojave Networks, nee Clutch Mobile, is stepping beyond mobile device management to offer a cloud-based security service for mobile devices. This makes perfectly intuitive sense to me - as most of the action for mobile and tablet devices takes place in the cloud that’s where security should be! Dumping a lot of security apps onto your device can’t be the right approach with issues of battery life, compatibility with popular applications, and constant upgrades. I like where Mojave is going and the team they’ve assembled. I wish they would extend their focus beyond small and medium enterprises to address larger security concerns of larger enterprises, but the market will soon speak to that.

Adallom is a freshly launched company with a clever idea to protect SaaS applications. It is a tough problem as IT needs to protect the business, but does not need to get involved in personal use issues. The Adallom solution piggybacks on the identity process to audit cloud activity and implements heuristic profiles similar to those that have proven successful in detecting credit card fraud. The company still needs to execute, but they have a great idea and experienced leadership so I look for more from this exciting company as they move forward!

Prelert announced Anomaly Detective 3.0, a special Splunk application that, based on learning a machine’s and network’s normal behavior, promises to reduce a high volume of security alerts to an actionable level of incidents. It is an interesting approach to combat the flood of data and alerts that security teams now have to deal with. I like Splunk a lot (as do lots of others) partly because of the balance it strikes in delivering value to both IT and security operations. It looks like Prelert is going to stick to its security roots, but the Splunk bandwagon is a good one to hitch onto.