Global and local regulations are evolving across all industries and sectors. Here is a selection of the ever-increasing number of regulatory frameworks:
- All sectors and industries –
Enterprise Risk Management (ERM), Electronic discovery (e-discovery), Financial Statements (IFRS,GAAP), Sarbanes Oxley (SOX), EuroSox, Customer Data Privacy and Protection (EU e-privacy), Business Continuity Management, Data Protection Act (EU, UK, Germany), IT Security, IT Controls and Compliance (ITIL, CobiT, ISO), Payment Card Industry Data Security Standard (PCI DSS). Read more…
在云计算时代,基于IP的安全策略效用将大打折扣,随时随地的数据和服务访问要求安全访问控制要能够基于“用户”和“数据”。同时,为了强化“用户”和“数据”的访问控制,双因子认证将会变得更加普遍,甚至成为缺省设置,例如网络访问与下一代身份证ID之类的硬Token结合在一起。当然,为了保护公民隐私,在实名制的ID认证和实际的网络身份之间有必要在技术上实现一种匿名层(Anonymization)…
上面都是技术层面上的讨论,事实上,最为脆弱的部分并不在于技术,而是在于社会工程打击的目标 – 缺少安全意识和技能的“人”。就如同大家在车站机场商场等公开场合到处可见的“注意保管您的随身物品”提醒牌,互联网上要安全冲浪、保护隐私最重要的就是要有“意识”。撇开普通老百姓,从政府、企业、组织等高度来看,就是要让安全意识从安全经理和安全主管那里,外延到最高管理层、财务和业务负责人、所有的普通员工等。
这是个典型的“说起来容易做起来难”的事,难在有钱有权的没有动力,有动力没有资源。大洋对岸从去年开始设立了全国的安全月 – 十月份。今年的主题是 – 我们共同的责任 (Our Shared Responsibility)。这个事情值得我们借鉴。
今天在浏览Beaker的博客时,看到一则很有趣的活动。Beaker在推动一个叫做Hackid的公益项目 – 安全从孩子们抓起。
Hackid通过举办以孩子们为主的技术沙龙和动手活动,来激发孩子们对于基础电子、互联网、创新等的兴趣,提高孩子们的动手能力,提升孩子们对于互联网基础知识的了解…下面是其官方页面中的活动内容介绍: Read more…
最近美国IT企业并购可谓遍地开花,这边Intel刚刚宣布购买McAfee,那边Dell和HP还在为存储服务商3PAR打的不可开交(让我想起去年NetApp和EMC争夺Data Domain的案例),3PAR的股票从两个星期前的10美元不到已经涨到接近28美元。今天华尔街日报又传出安全厂商ArcSight正在和Oracle, IBM, HP, EMC和CA等潜在买家接洽,消息传出后ArcSight的股票(ARST)应声涨了30%。
Arcsight的潜在买家中没有Cisco,这让我比较吃惊。ArcSight是做SIEM (Security Information and Event Management)的,和Cisco的MARS直接竞争,我一直觉得Cisco是ArcSight最合适的买家。Symantec的产品和ArcSight也有很好的整合度,本来也是一个潜在的买家,不过在Mcafee被收购后,它自身可能也难逃最终被收购的命运。相对而言,ArcSight产品的整合度和Oracle的Enterprise Manager或者HP的OpenView就没有那么高。
信息安全这几年来一直是一个增长很快的领域,并且正在成为企业整体解决方案中不可或缺的一部分,这也是为什么近几年IT巨头纷纷出手收购安全公司。此外,独立的安全公司规模往往较小,比较容易被收购。比如安全行业的”巨头” Symantec的市值也不过110亿美元,为IBM的1/15,HP的1/9,Oracle和Cisco的1/10。抚今追昔,下面我们来看看最近几年美国的IT巨头们都收购了哪些安全企业:
IBM:
- 2010年7月:BigFix (Security Management)
- 2009年11月:Guardium (Database Security)
- 2007年6月:Watchfire (security testing)
- 2006年 8月:ISS
Cisco:
- 2009年12 月:Scansafe (Saas WebSecurity)
- 2007年11 月:Securent (Entitlement Management)
- 2007年1月: IronPort (Email and Web Security)
HP:
- 2010 年8月: Fortify (Software Security)
- 2009年11月:3Com (Tippingpoint)
- 2007年6月:SPI Dynamics (Web Security Testing)
Intel:
EMC:
- 2009年5月:Configuresoft (Change and Compliance management)
- 2006年6月:RSA Security
最后来说说我比较熟悉的Oracle:
Oracle除了今年5月份收购英国的数据库防火墙公司Secerno外,其在安全领域的并购主要集中在身份管理(Identity Management)领域。当然,Oracle对Sun和BEA的收购也为其带来了一些安全产品。 目前Oracle在安全方面的产品主要集中在Database Security,Identity Management和Enterprise Manager这三个产品线。尤其在Identity Management领域,在收购Sun后,Oracle俨然已经成为这个领域最有实力的厂家。
抚今追昔之后,让我们再来展望一下未来,看看还有哪些安全企业可能被IT巨头们收入囊中。下面是几个我认为最可能被收购的安全公司:
- Symantec (SYMC): Symantec除非自己做大做强,否则难逃被并购的命运。不过其110亿美元的市值有些高,使得眼下其被收购的吸引力不大。估计等它的股票再跌一跌,到市值相对便宜的时候就会有IT巨头出手。
- Sourcefire (FIRE): 不到7亿美元的市值,今天Arcsight的消息出来之后其股票也跟着涨了11%,来看华尔街对其被收购的预期比较大。
- Fortinet (FTNT): 13亿美元的市值。Fortinet的创始人早期创立了Netscreen,后来卖给了Juniper,不知道若干年后会不会把Fortinet再卖给Cisco或者Juniper?
- Palo Alto Networks (private):小型的防火墙公司,产品很有特色。不知道会不会被Cisco或者Juniper收入囊中。
- Qualys (private):一直有Qualys将要上市的传言,不过近来美国股市表现不佳,短期内其上市的可能性不大。如果拖延太久而VC又想早日套现的话,Qualys也很可能被收购。
Last week, Symantec(NASDAQ:SYMC) acquired the security businesses of VeriSign (excluding iDefense). There have been tons of news reports and comments by market observers and analysts. In general, given that both negative and positive comments are valid, the below chart gave a different perspective to evaluate the acquisition strategy of Symantec.
It’s a 5 year stock price chart of Symantec, with comparison against that of CA(NASDAQ:CA), McAfee(NYSE:MFE), and Nasdaq.
The overall changes in 5 years are:
- Symantec down by: -35.14%
- CA down by: -30.60%
- McAfee up by: +21.87%
- while Nasdaq up by: +9.67% Read more…
Another way of thinking about it, specifically that if you want security then you must control the future, if you want to control the future then you must be able to draw conclusions from what you know, if you want to draw conclusions then the basis for those conclusions must be reproducible, and if you want reproducible bases you have to have a measurement regime.
- Dan Geer
- Good enough is good enough.
- Good enough always beats perfect.
- The really hard part is determining what is good enough.
- by Ravi Sandhu
You can download the whole paper here.
This morning, you might have noticed that the blog title was changed to “Cloud & Telecom Security”. Yes, it’s true.
From one or two years ago, my interests and focus have changed to around cloud computing and telecom or ICT security, while P2P was touched very occasionally. I believe the new title can reflect the new focus better and hope you like it.
今天著名安全媒体SCMagzine公布2010年各安全奖项入围名单,最后的大奖将于2010年3月2日在旧金山公布。
从这次的入围名单上看,安全大厂如Cisco,Juniper,Symantec,等成为最大的赢家,到处闪现他们的身影。功夫不负有心人,这次Cenzic, HyTrust,e-DMZ, Palo-Alto等新秀也终于展露头角。BigFix能够获得优秀安全公司入围,你觉得有些惊奇吗?Dave Cullinane凭借云安全联盟CSA的快速成长和成功,荣获最佳CSO/CISO入围。
希望看到我们中国的企业也成为国际战场的逐鹿者!
Reader Trust Awards
Best Anti-Malware Solution
Astaro Internet Security for Astaro Security Gateway
AVG Technologies for AVG Internet Security Business Edition
Cisco for Cisco IronPort S-Series Secure Web Gateway
ESET for ESET NOD32 Antivirus 4
McAfee for McAfee Web Gateway
Symantec Corp. for Symantec Endpoint Protection Small Business Edition Read more…
By this acquisition, HP enters enterprise networking market with strong threat management product line from Tippingpoint.
The vulnerability and threats research of DVLabs will greatly improve HP’s capability and image at these areas, so that HP’s competition against IBM will become more effective. X-Force of ISS is one of the critical advantages of IBM over HP, at overall one-stop IT arena.
Historically, after the acquisition of an independent security company, their selling model and focus will change to more aligned with major businesses. As for HP’s scenario, their security product lines, including the IPS/UTM, focuses on their global enterprise customers and outsourcing partners. The security department, mostly, will lose some momentum to find and obtain new customers, instead, they will be more interested at existing customers, bundled within other bigger IT/service orders. Read more…
Categories: -English-, Cloud, Security, Telecom Tags: 3Com, Cisco, Cloud, HP, Huawei, IBM, IPS, Security, Tippingpoint
Actually, the whole thread was originated with a message at discuss@securitymetrics.org “Request for ideas” by Dimitrios Stergiou. Dimitrios likes to have some recommendations for his master program. By a sudden idea, I dropped him a message to recommend him to work on this true or false problem at security metrics.
It’s true or false: 70% of security incidents are due to insider threats?
I just read one book, “The New School of Information Security”, by Adam Shostack, Andrew Stewart, Addison-Wesley, 2008, where I found one interesting argument by the authors. The authors doubt the statement that 70% of security incidents are due to insider threats. You know, many consultants and books, articles regard this statement as one basic hypothesis at security. What’s your idea about it?
Completely a surprise, I found Adam, Andew, Dan and many experts jumped in to this discussion thereafter. A lot of fresh ideas emerged at discussion threads. In order to get more experts into this topic, I submitted a discussion at SecurityMetrics group, LinkedIn.
This RSA/IDC report has some information related to this topic – Insider Risk Management: A Framework Approach to Internal Security(Thanks to Hammud). It is a good reference. In summary it told us two things that: Read more…
That’s an excellent post on the vision of WAF and vulnerability assessment. I agree to the points that “accuracy” should be the top priority of remote web assessment and integration between VM and WAF.
However, this gives us another hint – we need a commonly adopted standard format to exchange the message – similarly what the industry did on IDMEF before. It’s not an optimistic goal from historical perspective. So in short term, before that standards, integration inside one single vendor and product alliance will be the pioneer on the automation/ integration between VM+WAF.
CNCERT/CC 2009 Conference
CNCERT/CC 2009 Conference will be held at Oct.21, Changsha, Hunan Province, China. This is the consecutive 6th conference since 2004. Here is the English agenda.
This annual event is generating more and more influence to not only China information security community, society, industry, but also the related parties at Asia Pacific and even worldwide. You can find a number of famous regional CERT organizations and reps from carriers, large enterprises, vendors, say, SingCert, ThaiCert, VNCert, China Telecom, China Mobile, China Unicom, ICBC, CCB, etc. Read more…
10月13日到14日, 两周后, SC Magazine举办的World Congress大会将在纽约举行. 会议地点: Read more…
数月前,应该是二月份,有个帖子讲2009年的安全市场预期,中间和大潘讨论到了2009年的前景,我们俩“谨慎地”预测了一下:“赵博谨慎看多,潘总静候春天”。昨天读到安永公司的一份2008年安全市场调查报告,其中有几个数字很有趣,我把它们转帖过来:
Historically, the IT function is one of the frst to feel the pressure to reduce expenditures, and traditionally,information security has been closely linked with IT. Our survey confrms the link between IT and information security is still very strong (71% of respondents meet monthly with IT), but the pressure to reduce costs does not appear to be carrying over to the information security function. In fact, only 5% of respondents indicate they will be reducing annual expenditures for information security and 50% plan to increase their investment in information security as a percentage of total expenditures.In addition, only 33% of respondents cite adequate budget as a challenge to delivering their information security initiatives. Read more…
据Wired报道,美国Homeland Security Advisory Council已经提交草案,建议将目前国家威胁预警系统从5种减到3种。
“9·11”恐怖袭击事件发生后,美国建立了一套5级国家威胁预警系统,用绿、蓝、黄、橙、红5种颜色代表从低到高的5种危险程度。橙色这一警戒级别要求美国联邦和州政府以及企业都增加一系列相应的安全措施。布什政府过去曾4次提高恐怖威胁警告级别。
这次调整建议的主要出发点是5种颜色级别过于繁杂,不利于准确传递威胁信息,容易在大众中造成不必要的疑虑和担心。Homeland Security Advisory Council建议化繁为简,将预警级别调整为以下三个:
- 黄色(警戒)表示保持常态警惕恐怖攻击
- 橙色(升级)表示基于特别具体的情报,提高了保护措施
- 红色(高级警报)表示最大限度的保护措施以对抗就要发生的恐怖攻击 Read more…
Recent Comments