Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Eric Ogren

Security Impact

Security vendors are showing movement!

3 comments

TAGS:applications, information, reputation, security
IT TOPICS:Security, Servers & Data Center, Storage

There have been some nice movements in the security space over the past couple of weeks that show large security vendors separating from the smaller tactical players. This is a trend I expect to see more of as IT investments become conservative and security solutions become integrated with the global business.

Cisco Ironport has enhanced its reputation-based anti-spam service to also block web exploits. The motivation behind this move is that attacks are infecting endpoints via legitimate web pages so quickly that it neuters signature protection and URL filtering defenses. The pragmatic step is to continuously assess web sites for malware, augment signatures with reputation oriented, and nail exploits before they reach corporate endpoints. I liked Trend Micro's efforts in this space before, I like Ironport's capability now, and I like Symantec's directions. Cloud-oriented services are essential in an enterprise security portfolio - you're in trouble if your IT security strategy is to rely solely on the distribution of timely attack signatures.
Symantec announced it's Information Risk Management strategy with immediate products to protect unstructured data via Brightmail messaging security, Vontu DLP, and Enterprise Vault secure storage. Protecting a corporation's sensitive data requires a fundamentally different approach and mindset than that required for protecting against malware. While malware can be identified and outright blocked, organizations need to safely share information to stay in business. If you are looking to protect data, I'd start with those experienced in management of the full data lifecycle.
IBM announced SecureStore to assist retail organizations in securely managing their business assets. The one thing that IBM does better than anybody is to start with an analysis of the business. IBM SecureStore is a combination of services first to understand the business directions, and then applied technology to secure the business. It is a lesson we all can learn from - organizations always look at the bottom-line first.
Imperva is bringing its end -to-end application security (web servers and databases) down to mid-tier enterprises. This is one case where Gartner got it all wrong - they tried to artificially create a database auditing market category based on dubious requirements. Of course, database auditing belongs to the database vendors which explain why IPlocks is gone, Symantec is out of the business, AppSec and Tizor have new CEOs, and I only see Guardium making money on the golf course. The ability to audit the entire transaction path, from the user to the very back end, is important and is what I recommend IT looks for.

Email this

Digg this

What People Are Saying

Add new comment

Full end to end is the only solution

Submitted by Rafael on October 9, 2008 - 5:40 A.M.

The niche database auditing compliance market never took off as expected.

Imperva had the right approach from the beginning, customers don't want to try and cross-correlate data from different reports from different products.

Guardium has a very nice reporting interface, but they don't extend beyond the actual database transactions.

Tizor has good performance and scalability, but they long ago became an also-ran in this race. Their reports have always been sub-par and it took them too long to figure out a local auditing strategy.

IPLocks was doomed from beginning with their approach.

Reply | Report this comment

1) Let's see, users are

Submitted by Anonymous on October 9, 2008 - 12:56 P.M.

1) Let's see, users are potentially pooled at: their ISP, the Web server, middleware, app tier, and database. Yet with a glorified firewall Imperva parses through all that?

My goodness boys, you've drunk the Kool-Aid ;-) It's snake oil.

2) So, do the Db vendors own auditing (you'd really recommend _auditing_ Oracle with Oracle??) or does Imperva owns auditing? You suggest both.

3) Any auditor will tell you that the most important thing to audit are privileged users. How do propose to audit a Db admin sitting at the database over the network?

Reply | Report this comment

Well, that's the point isn't it?

Submitted by Eric Ogren on October 10, 2008 - 12:42 P.M.

Hey Anon,

That is actually one of the points. Is it really productive to have vendors go to great lengths to write agent software to audit DBAs with physical access to the database?? Of all the things an enterprise would want to pay money for, how high would this rank? Gartner made that a huge differentiator, which the auditors picked up. It's not that it is bad, but at the end of the day the business has many greater security needs that must be addressed.

Keeping things in context is one of the hardest things about security. Corporations are consolidating data centers, reducing server expenses with virtualization, accelerating performance to get data closer to the user, and scanning their environment to audit their vulnerability posture. There are lots more examples.

By itself database auditing is a fine idea, but in context it seldom helps evolution of the business infrastructure. That's why the capability has niche appeal to those with double-secret needs or desires.

There is a simple measure: customer dollars. While vendors say "you must deploy database auditing", customers are clearly saying "no we don't, you don't understand". Hard to argue with that one.

Reply | Report this comment

More organizations relocating virtual objects for secure operations

Security and the cloudy cloud: A revolution for the infrastructure?

Starvation by virtual invisibility

Employees cause most corporate data loss

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Eric Ogren's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

How Do You Rank as an Innovation Leader? Download Recent Study.

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

No Payments for Up to 6 Months on Orders over $500.

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

New Analytical Platform Options. Download Data Sheet and More.

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

Security vendors are showing movement!

What People Are Saying

Full end to end is the only solution

1) Let's see, users are

Well, that's the point isn't it?

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Eric Ogren's Archive

IT Topics

Sponsored Links