Cloud & Telecom Security

The traditional security products, including firewall, IDS, and anti-virus are very familiar to us. They are occupying most of security market share. And we know the UTM, IPS, and SOC are the ongoing stars. However, what’s about the future? From the view of ISO/OSI model, we know we have done too much on the network layer; we had focused on this layer and developed lots of products based on it.

Maybe the reason is like this: in the past, we implement the IT infrastructure without security built in it. Internet spread widely in few years as security just can’t keep up with it. This has brought a lot of breaches or exposure at the networking layer. Read more…

坦白说，这个帖子是很久很久以前的冷饭，在记事帖中放了很长时间。2008年很快就要过去了，于是就想把他们先贴上来，因为也不知后面什么时间能够把他们补齐完成。

艰难的2008

2008年8月11日，应该说是中国安全业界的一个大日子，国内第一家安全公司IPO – 卫士通信息产业股份有限公司在深圳证券交易所挂牌交易。首先祝贺一下！ Read more…

看完皓月所写的“防火墙、UTM产品OEM第三方产品或嵌入第三方反病毒引擎的利弊分析”，掩卷而思，这些观点印证了前些天和朋友们探讨的若干观点。近几年，防火墙和入侵检测系统IDS演变到防火墙FW、入侵防御系统IPS和统一威胁管理UTM系统的三国争霸，UTM将会代替防火墙的声音获得了不少关注。从皓月的这篇文章中，你能发现很多更深层次的思索。

皓月认为：基本上第一阵营、第二阵营传统信息安全厂商中的一半以上OEM飞塔的防毒墙，而采用嵌入引擎的方式则种类繁多，包括国外的卡巴斯基、赛门铁克、 Sophos、F-Prot以及国内的金山、安天等在内，而三线厂商则更有采用廉价但粗糙的开源的反病毒引擎ClamAV的解决方案。 Read more…

In China, UTM (Unified Threats Management) has been rocketing in recent months, not only in the media, but also in the real market transactions. International vendors, such as Fortinet, Watchguard, Sonicwall, ZyXel, bomb the newspapers, journals and other soft-ad everyday, while Cisco, Juniper, Symantec, Securecomputing, McAfee and etc. keep talking on their vision of UTM directions. Of course, the prediction of IDC’s report on UTM market that UTM will occupy 57.6% of total firewall, vpn, and anti-virus market share is one of the main stir and encouragement to the investment. Then, how is everything going about those local security vendors? Yes, they won’t just stand by and watch the growth, instead they are deeply involved in this arena.

During the past 1-2 years, most of those major players in China security market have been brewing and rolling-out their UTM products. Kingsoft is one of the top three local anti-virus vendors in China(the other two is Rising and Jiangmin). Recently, they inked the agreement with xScreen on the UTM product OEM cooperation. In conjunction with their desktop antivirus/firewall/IDS, anti-virus gateway and server protection, no one would like to ignor their competition in the total security solution for SMB.

According to the UTM description by IDC, anti-virus is one basic function of UTM devices, ie. it’s easier for those anti-virus vendors to turn to catch up UTM market. So it’s an easy job to predict that Rising/Jiangmin/CA-JC won’t wait long time to sell their UTM.

As to the UTM market, OEM is doomed to be a good choice for those vendors who want to break into this market. Because a single core technology within a UTM, such as firewall, VPN, IDS engine, and anti-virus engine, is a little bit overwhelming for an average vendor to develop from the much beginning. As a proof of my point, IDC’s report list reflect the anti-virus engine OEMed in the major UTM products. So again it’s easy to predict there are more and more vendors choose OEM to enhance their features and shorten the rolling-out time. It must leave such technology companies as xScreen a big space to make money and grow.

[Tags]Security,China,UTM[/Tags]

时间如白马过隙，匆匆忙忙中2005年就结束了，现在2006年的时针转的似乎比去年更快。有朋友提醒说总该回首一下、前瞻一下，拖了一段时间，总算写下几段文字，也算对自己和朋友有个交代。

2005年不能算是安全市场的丰收年，写下战国七雄的文字后，未料到其中已有玩家遭遇“宏智”-like的不幸，我自认不是乌鸦嘴，这事肯定与我无关，-:(

还是看看后面的技术发展吧。我借用了Gartner公司的新技术发展曲线，将若干我想到的安全技术都拎出来，给他们找了个位置。欢迎大家批评、评论。

请看： Read more…

According to IDC, UTM (Unified Threat Management) security appliances are defined as:

UTM security appliance products include multiple security features integrated into one box. To be included in this category, as opposed to other segments, the appliance MUST contain the ability to perform network firewalling, network intrusion detection and prevention, and gateway antivirus (AV). All of the capabilities in the appliance need not be utilised, but the functions must exist inherently in the appliance. In these products, the individual components cannot be separated.

Basically, UTM security appliances are charactered as some integration of the follow 6 features in one boxes:

• * Firewall – these devices are typically deployed at the network perimeter, and therefore robust, stateful firewall capabilities with NAT are required.
• * VPN – often deployed as branch office solutions on a corporate WAN, the ability to create a small number of secure VPN tunnels is essential.
• * IDS/IPS – a firewall only enforces policy, and if that policy includes allowing inbound HTTP traffic to Web servers on the DMZ, then there is nothing the firewall can do to prevent HTTP exploits from subverting the target Web server. The IPS capability will detect and block such attempted exploits at the network perimeter, preventing the malicious traffic from ever reaching the server. An IDS-only capability can detect exploits and raise alerts, but will be unable to block the malicious traffic.
• * Anti Virus – gateway Anti Virus prevents inbound virus traffic at the edge of the network, thus reinforcing desktop security solutions and blocking viruses before they reach the desktop. This solution can also prevent infected machines from propagating viruses outside the corporate network.
• * Anti Spam – gateway Anti Spam can tag inbound e-mail, allowing it to be handled more effectively by desktop filtering solutions, or can block suspected spam mails completely. This solution can also prevent internal hosts from sending spam mail outside the corporate network.
• * URL Filtering – using a constantly-updated database of categorised URLs, a gateway URL filtering solution can prevent employees from accessing objectionable or inappropriate Web sites from the corporate network
• * Content Filtering – by scanning Web and mail traffic for specific content, a gateway content filtering solution can prevent objectionable or inappropriate material from passing into, or out of, the corporate network.