最近美国IT企业并购可谓遍地开花,这边Intel刚刚宣布购买McAfee,那边Dell和HP还在为存储服务商3PAR打的不可开交(让我想起去年NetApp和EMC争夺Data Domain的案例),3PAR的股票从两个星期前的10美元不到已经涨到接近28美元。今天华尔街日报又传出安全厂商ArcSight正在和Oracle, IBM, HP, EMC和CA等潜在买家接洽,消息传出后ArcSight的股票(ARST)应声涨了30%。
Arcsight的潜在买家中没有Cisco,这让我比较吃惊。ArcSight是做SIEM (Security Information and Event Management)的,和Cisco的MARS直接竞争,我一直觉得Cisco是ArcSight最合适的买家。Symantec的产品和ArcSight也有很好的整合度,本来也是一个潜在的买家,不过在Mcafee被收购后,它自身可能也难逃最终被收购的命运。相对而言,ArcSight产品的整合度和Oracle的Enterprise Manager或者HP的OpenView就没有那么高。
信息安全这几年来一直是一个增长很快的领域,并且正在成为企业整体解决方案中不可或缺的一部分,这也是为什么近几年IT巨头纷纷出手收购安全公司。此外,独立的安全公司规模往往较小,比较容易被收购。比如安全行业的”巨头” Symantec的市值也不过110亿美元,为IBM的1/15,HP的1/9,Oracle和Cisco的1/10。抚今追昔,下面我们来看看最近几年美国的IT巨头们都收购了哪些安全企业:
IBM:
- 2010年7月:BigFix (Security Management)
- 2009年11月:Guardium (Database Security)
- 2007年6月:Watchfire (security testing)
- 2006年 8月:ISS
Cisco:
- 2009年12 月:Scansafe (Saas WebSecurity)
- 2007年11 月:Securent (Entitlement Management)
- 2007年1月: IronPort (Email and Web Security)
HP:
- 2010 年8月: Fortify (Software Security)
- 2009年11月:3Com (Tippingpoint)
- 2007年6月:SPI Dynamics (Web Security Testing)
Intel:
EMC:
- 2009年5月:Configuresoft (Change and Compliance management)
- 2006年6月:RSA Security
最后来说说我比较熟悉的Oracle:
Oracle除了今年5月份收购英国的数据库防火墙公司Secerno外,其在安全领域的并购主要集中在身份管理(Identity Management)领域。当然,Oracle对Sun和BEA的收购也为其带来了一些安全产品。 目前Oracle在安全方面的产品主要集中在Database Security,Identity Management和Enterprise Manager这三个产品线。尤其在Identity Management领域,在收购Sun后,Oracle俨然已经成为这个领域最有实力的厂家。
抚今追昔之后,让我们再来展望一下未来,看看还有哪些安全企业可能被IT巨头们收入囊中。下面是几个我认为最可能被收购的安全公司:
- Symantec (SYMC): Symantec除非自己做大做强,否则难逃被并购的命运。不过其110亿美元的市值有些高,使得眼下其被收购的吸引力不大。估计等它的股票再跌一跌,到市值相对便宜的时候就会有IT巨头出手。
- Sourcefire (FIRE): 不到7亿美元的市值,今天Arcsight的消息出来之后其股票也跟着涨了11%,来看华尔街对其被收购的预期比较大。
- Fortinet (FTNT): 13亿美元的市值。Fortinet的创始人早期创立了Netscreen,后来卖给了Juniper,不知道若干年后会不会把Fortinet再卖给Cisco或者Juniper?
- Palo Alto Networks (private):小型的防火墙公司,产品很有特色。不知道会不会被Cisco或者Juniper收入囊中。
- Qualys (private):一直有Qualys将要上市的传言,不过近来美国股市表现不佳,短期内其上市的可能性不大。如果拖延太久而VC又想早日套现的话,Qualys也很可能被收购。
Last week, Symantec(NASDAQ:SYMC) acquired the security businesses of VeriSign (excluding iDefense). There have been tons of news reports and comments by market observers and analysts. In general, given that both negative and positive comments are valid, the below chart gave a different perspective to evaluate the acquisition strategy of Symantec.
It’s a 5 year stock price chart of Symantec, with comparison against that of CA(NASDAQ:CA), McAfee(NYSE:MFE), and Nasdaq.
The overall changes in 5 years are:
- Symantec down by: -35.14%
- CA down by: -30.60%
- McAfee up by: +21.87%
- while Nasdaq up by: +9.67% Read more…
Another way of thinking about it, specifically that if you want security then you must control the future, if you want to control the future then you must be able to draw conclusions from what you know, if you want to draw conclusions then the basis for those conclusions must be reproducible, and if you want reproducible bases you have to have a measurement regime.
- Dan Geer
- Good enough is good enough.
- Good enough always beats perfect.
- The really hard part is determining what is good enough.
- by Ravi Sandhu
You can download the whole paper here.
This morning, you might have noticed that the blog title was changed to “Cloud & Telecom Security”. Yes, it’s true.
From one or two years ago, my interests and focus have changed to around cloud computing and telecom or ICT security, while P2P was touched very occasionally. I believe the new title can reflect the new focus better and hope you like it.
今天著名安全媒体SCMagzine公布2010年各安全奖项入围名单,最后的大奖将于2010年3月2日在旧金山公布。
从这次的入围名单上看,安全大厂如Cisco,Juniper,Symantec,等成为最大的赢家,到处闪现他们的身影。功夫不负有心人,这次Cenzic, HyTrust,e-DMZ, Palo-Alto等新秀也终于展露头角。BigFix能够获得优秀安全公司入围,你觉得有些惊奇吗?Dave Cullinane凭借云安全联盟CSA的快速成长和成功,荣获最佳CSO/CISO入围。
希望看到我们中国的企业也成为国际战场的逐鹿者!
Reader Trust Awards
Best Anti-Malware Solution
Astaro Internet Security for Astaro Security Gateway
AVG Technologies for AVG Internet Security Business Edition
Cisco for Cisco IronPort S-Series Secure Web Gateway
ESET for ESET NOD32 Antivirus 4
McAfee for McAfee Web Gateway
Symantec Corp. for Symantec Endpoint Protection Small Business Edition Read more…
By this acquisition, HP enters enterprise networking market with strong threat management product line from Tippingpoint.
The vulnerability and threats research of DVLabs will greatly improve HP’s capability and image at these areas, so that HP’s competition against IBM will become more effective. X-Force of ISS is one of the critical advantages of IBM over HP, at overall one-stop IT arena.
Historically, after the acquisition of an independent security company, their selling model and focus will change to more aligned with major businesses. As for HP’s scenario, their security product lines, including the IPS/UTM, focuses on their global enterprise customers and outsourcing partners. The security department, mostly, will lose some momentum to find and obtain new customers, instead, they will be more interested at existing customers, bundled within other bigger IT/service orders. Read more…
Categories: -English-, Cloud, Security, Telecom Tags: 3Com, Cisco, Cloud, HP, Huawei, IBM, IPS, Security, Tippingpoint
Actually, the whole thread was originated with a message at discuss@securitymetrics.org “Request for ideas” by Dimitrios Stergiou. Dimitrios likes to have some recommendations for his master program. By a sudden idea, I dropped him a message to recommend him to work on this true or false problem at security metrics.
It’s true or false: 70% of security incidents are due to insider threats?
I just read one book, “The New School of Information Security”, by Adam Shostack, Andrew Stewart, Addison-Wesley, 2008, where I found one interesting argument by the authors. The authors doubt the statement that 70% of security incidents are due to insider threats. You know, many consultants and books, articles regard this statement as one basic hypothesis at security. What’s your idea about it?
Completely a surprise, I found Adam, Andew, Dan and many experts jumped in to this discussion thereafter. A lot of fresh ideas emerged at discussion threads. In order to get more experts into this topic, I submitted a discussion at SecurityMetrics group, LinkedIn.
This RSA/IDC report has some information related to this topic – Insider Risk Management: A Framework Approach to Internal Security(Thanks to Hammud). It is a good reference. In summary it told us two things that: Read more…
That’s an excellent post on the vision of WAF and vulnerability assessment. I agree to the points that “accuracy” should be the top priority of remote web assessment and integration between VM and WAF.
However, this gives us another hint – we need a commonly adopted standard format to exchange the message – similarly what the industry did on IDMEF before. It’s not an optimistic goal from historical perspective. So in short term, before that standards, integration inside one single vendor and product alliance will be the pioneer on the automation/ integration between VM+WAF.
CNCERT/CC 2009 Conference
CNCERT/CC 2009 Conference will be held at Oct.21, Changsha, Hunan Province, China. This is the consecutive 6th conference since 2004. Here is the English agenda.
This annual event is generating more and more influence to not only China information security community, society, industry, but also the related parties at Asia Pacific and even worldwide. You can find a number of famous regional CERT organizations and reps from carriers, large enterprises, vendors, say, SingCert, ThaiCert, VNCert, China Telecom, China Mobile, China Unicom, ICBC, CCB, etc. Read more…
10月13日到14日, 两周后, SC Magazine举办的World Congress大会将在纽约举行. 会议地点: Read more…
数月前,应该是二月份,有个帖子讲2009年的安全市场预期,中间和大潘讨论到了2009年的前景,我们俩“谨慎地”预测了一下:“赵博谨慎看多,潘总静候春天”。昨天读到安永公司的一份2008年安全市场调查报告,其中有几个数字很有趣,我把它们转帖过来:
Historically, the IT function is one of the frst to feel the pressure to reduce expenditures, and traditionally,information security has been closely linked with IT. Our survey confrms the link between IT and information security is still very strong (71% of respondents meet monthly with IT), but the pressure to reduce costs does not appear to be carrying over to the information security function. In fact, only 5% of respondents indicate they will be reducing annual expenditures for information security and 50% plan to increase their investment in information security as a percentage of total expenditures.In addition, only 33% of respondents cite adequate budget as a challenge to delivering their information security initiatives. Read more…
据Wired报道,美国Homeland Security Advisory Council已经提交草案,建议将目前国家威胁预警系统从5种减到3种。
“9·11”恐怖袭击事件发生后,美国建立了一套5级国家威胁预警系统,用绿、蓝、黄、橙、红5种颜色代表从低到高的5种危险程度。橙色这一警戒级别要求美国联邦和州政府以及企业都增加一系列相应的安全措施。布什政府过去曾4次提高恐怖威胁警告级别。
这次调整建议的主要出发点是5种颜色级别过于繁杂,不利于准确传递威胁信息,容易在大众中造成不必要的疑虑和担心。Homeland Security Advisory Council建议化繁为简,将预警级别调整为以下三个:
- 黄色(警戒)表示保持常态警惕恐怖攻击
- 橙色(升级)表示基于特别具体的情报,提高了保护措施
- 红色(高级警报)表示最大限度的保护措施以对抗就要发生的恐怖攻击 Read more…
关于印发《企业内部控制基本规范》的通知
【时间:2008年07月10日】
为了加强和规范企业内部控制,提高企业经营管理水平和风险防范能力,促进企业可持续发展,维护社会主义市场经济秩序和社会公众利益,根据国家有关法律法规,财政部会同证监会、审计署、银监会、保监会制定了《企业内部控制基本规范》,现予印发,自2009年7月1日起在上市公司范围内施行,鼓励非上市的大中型企业执行。执行本规范的上市公司,应当对本公司内部控制的有效性进行自我评价,披露年度自我评价报告,并可聘请具有证券、期货业务资格的会计师事务所对内部控制的有效性进行审计。执行中有何问题,请及时反馈我们。 Read more…
It’s reported that the U.S. Department of Homeland Security was looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. It’s an inspiring finding from unique viewpoint. A slight bite by injection into the grid might lead to an overwhelming avalanche. Isn’t it horrible?
However, what I am thinking is that Internet cloud services have many similarity to those of power grid, ie. these threats and potential attacks are very possibly valid to Internet clouds. What and how Internet clouds respond/react to these potential similar attacks to those against power grid? Yes, those dominant cloud service providers have very robust and strong infrastructure all over the world, how large the bandwidth, how many the servers, how many square feet the data centers, blah blah. Further, there are automatic load balancing and distribution system among those distributed data centers. Once one set of servers and/or circuits, the services would be transfered to other servers and circuits automatically. Your services WILL be there, keeping the same, or NOT? Read more…
Recent Comments