In a recent report from Sophos, it appears that the US has overtaken China as the country hosting the most infected websites. If you believe the report, the growth of US-based infected websites has been phenomenal - from approximately 25% in 2007 to about 50% in the first 3 months of 2008. Part of the reason for the dubious distinction of holding top spot is that China is making progress in cleaning up its infected sites.

Another interesting trend in the report is the drop of infected emails - only one infected email in over 2500 compared to one in 909 in 2007. This coincides with the increase in infected websites where one infected webpage is discovered and blocked every 5 sec in 2008 compared with 14 sec in 2007.

Download the report here if you're interested.

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

The news about Salesforce.com's phishing incident broke almost 2 weeks ago on Slashdot...although there were rumors swirling about for a number of days prior to the report. A Salesforce employee fell victim to a phishing attack that captured his company credentials. The attackers used those credentials to harvest customer contact data and began to send phishing attacks to customers, in the form of fake Salesforce invoices. As you might expect some number of customers fell for the scam and yielded their Salesforce account info.

There are a few interesting implications of this phishing attack, none of which pertain specifically to what Salesforce should or could have done.

Implication #1 - this kind of targeted phishing or "spear phishing" is difficult to monitor and eliminate. When a specific target is singled out, the attack tends to proceed undetected for a while before it becomes evident. No specific remedies or signatures are available to address them.

Implication #2 - until now, most highly phishing attacks have been targeted at financial institutions and consumers. Relatively recent examples include the Bank of America "change of email" scam and ADP.
Not surprisingly, SaaS providers may now be next on the list. Although, the value of the information to scammers may not be apparent, it is likely that phishing attacks against SaaS applications that hold identity and proprietary info will be on the rise.

Implication #3 - phishing is only the starting point for the attack. In the Salesforce incident, it was uncovered that some of the customers who were effectively phished, also had keyloggers and other malware downloaded onto their machines. From the Salesforce letter sent to customers -

"...As a result of this, a small number of our customers began receiving bogus emails that looked like salesforce.com invoices, but were not--they were also phishes. Unfortunately, a very small number of our customers who were contacted had end users that revealed their passwords to the phisher... However, a few days ago a new wave of phishing attempts that included attached malware--software that secretly installs viruses or key loggers--appeared and seemed to be targeted at a broader group of customers."

Not a lot of good news there. The point is that in this new Web 2.0, Saas enabled world, there is a Long Tail to this phishing problem...targeted, sophisticated attacks cannot be tackled by simply preaching "security awareness". Nor it is enough to use signature based phishing detection techniques. We need a different approach.

Posted by andreyee in Industry Trends • Privacy/Information Theft • web 2.0 | Permalink | Comments (0) | TrackBacks (0)

Symantec released its Internet Security Threat Report - always a worthwhile read but be forewarned, it's also a decently long document.

A few highlights in report caught my eye. The first is a trend by hackers towards the use of medium severity, gateway attacks instead of direct, frontal attacks of high severity. These "gateway attacks" are of medium severity and used to gain a foothold in a corporate network environment, upon which to launch more significant attacks.

The second trend of using malicious techniques in combination - spamming, Trojans, phishing and bot networks all used in tandem - I think, signals bigger problems for the future. I've seen some of this already.

Finally, in the Futures section of the report, hackers are noted to be moving toward "staged downloaders". It's the idea of modular malware where a small specialized Trojan could perhaps download other malware components such as worms or backdoors. It is estimated by Symantec that as much as 75% of the top 50 malware reported had some sort of staged downloader capability. Think of it as service oriented malware, if you will, but it's another wrinkle in the kind of attacks we can come to expect.

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

I know I haven't blogged in a while but I've been a little preoccupied. As reported on various news outlets including ebizQ, NFR Security will be part of Check Point moving forward.

Let me offer this brief perspective - this is a win-win scenario for both companies. NFR has always had great IPS technology with limited sales distribution channels. Check Point is a very impressive company in terms of its security heritage, expertise and global presence... but it doesn't have an IPS product. Seems like a perfect fit to me.

The bottom line is that the IPS space is consolidating into a big company play. Besides a great product, you need marketing visibility and distribution channels to keep up. Here's another trend - even among best of breed proponents, point products are becoming less interesting. What enterprise security buyers are looking for is a security platform or suite of products that are best in class, yet complementary and integrated.

So I'm back with a renewed commitment to blog more frequently in 2007. Happy New Year.

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

Microsoft has faced criticism over the years for security flaws in its products. In an effort to reclaim lost ground, Microsoft expects that Vista will be significantly more secure and less vulnerable than its predecessors. However, two of the largest security companies, Symantec and Mcafee are asserting that Microsoft is leveraging its dominant position in the operating system arena to create unfair competitive advantage in the security space.

Both companies have taken a very public and aggressive stance in defending their core business. Part of the dispute arose from the limited access that was afforded to the Vista kernel. This will make Vista more secure but also has the potential effect of locking out other anitvirus companies. Most of the debate is going on in Europe, probably leading to a complaint filed with the European Union. Mcafee even took out an ad in the Financial Times to stake out their position. Part of the ad reads as follows:

“Only one approach protecting us all: when it fails, it fails for 97 percent of the world’s desktops...”

Stay tuned, this fight is just getting started...

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

Although not as big as other recent acquisitions of ISS by IBM or Network Intelligence by EMC, Mcafee's acquisition of Citadel Security Software for $60M is more evidence of increasing M&A pickup and ongoing consolidation in the security space. It's also indicative of the need for pureplay security companies to get serious in leveraging acquisitions as a means for product line expansion and growth.

Mcafee will add policy compliance and vulnerability remediation to its extensive portfolio of products that include the Intrushield IPS and its well known antivirus offering. I think it's a good move for any large "pure play" security company like Mcafee to bolster its position by increasing its product portfolio with best of breed technology.

In this regard, it's a solid tactical acquisition for Mcafee.

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

Rumors were flying the latter part of last week about this. EMC made it official today by acquiring Network Intelligence for $175M. The acquisition immediately follows EMC's completion of the RSA Security acquisition for $2.1B. With this acqusition, EMC continues to strongly signal its intention to be a strategic player in the security landscape.

Network Intelligence is a notable company in the SIM (security information manager) space. Unlike some of the other SIM players, Network Intelligence has proven technology and a long history in systems/network event management. When I've discussed SIMs with customers and clients, many have noted Network Intelligence as a company with enterprise proven and scalable technology...so I think this is a good move for Art Coviello and the EMC security division. Prior to the acquisition, they were already working together from a partnership standpoint so the element of "try before you buy" lowers the risk profile for EMC.

Last month, IBM made a strong move into security by acquiring ISS. Now EMC follows up the RSA acquisition with Network Intelligence. Together with Cisco, will this be the new power structure in the security space? How will traditional security pure play companies like Mcafee and Checkpoint respond?

Is there an advantage to the security pure play....will they have a place in the new power structure...is it good for the buying community? I think the answer to that is a resounding YES!

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

I haven't blogged for over a week but what a day to get back into the swing of things!

IBM acquiring ISS for $1.3B is certainly an indication that they plan to be a player in the security space. In particular, this signals their serious intent in being a dominant player in security services - consulting and managed services. It's not about ISS's Proventia line which while interesting as a business is not in line with IBM strategic framework of moving lower margin appliances. IMHO, Proventia as a product line is history.

Here's the deal - IBM has historically resisted into the part of security that involves "keeping the bad guys out" i.e. firewalls, intrusion detection/prevention, etc... Their security strategy is about business-enabling security rather than business-protecting security. I know that's a broad generalization but from what I can tell, they've played in three major arenas - identity management (acquiring Access360 in 2002), security event management (GuardedNet via their Micromuse acquisition) and security services. This acquisition gets them a boost on the services side together with the expertise and software to pull it off. I'm not sure that IBM is done - don't be surprised if they make additional security services/MSSP deals to bulk up their services arm.

This is an acquisition that makes sense but where does that leave ISS's Proventia customers?

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

The 9th annual Global Security Survey from Information Week just came out. As security related surveys go, this is actually one of the best ones around. Much of what is discovered is typically similar from year to year with some variability. However, there are always a few interesting nuggets to glean from reading the survey:

http://www.informationweek.com/story/showArticle.jhtml?articleID=190301155

Here are a few interesting (sometimes troubling) points of note

- Customer Data Breaches are on the Rise. The compromise of proprietary customer data is a big problem that appears to be getting bigger. Notwithstanding greater awareness due to highly publicized cases, 11% of US companies reported that customer data had been compromised in some way in contrast to 6% last year.

- InfoSec Tithe by Country. In the US, 13% of IT budget is directed to information security as compared to 14% for China, 16% for Europe, 17% for India. Is this an indication that we don't take security quite as seriously? I'm not convinced of that but I do find it interesting.

- No Answer to Insider Threats. Apparently, more than half of the respondents believe that security technology, policy, and training are ineffective against insider threats from employees. However, insider security breaches appear to be more of an issue for US companies (24%) than in China (15%) or Europe (11%). A couple of possible explanations for that factoid: One conclusion is that US companies are more willing to disclose or because of regulatory demands, must disclose. Another explanation - US employees are more independent, free thinking and hence more willing to act out of bounds versus employees in China who may be more accustomed to a regimented, authoritarian management structure?? Just interesting...

- Three Biggest Security Challenges? Survey says (Letterman style):
... Number 3: Enforcing Security Policies (36% of respondents)
... Number 2: Raising User Awareness (41% of respondents)
... Number 1: Managing the Complexity of Security (48% of respondents)

I think this speaks to how challenging security is for large enterprises. It's plain difficult with a myriad of platforms to deal with, new apps being deployed and increasing variety of attacks. This means there's a premium for security tools that actually reduce complexity, rather than increase it (which unfortunately, some tools do). Also, per challenge # 2, it's not just about technology, it's about people and processes.

- Viruses, Worms and ID Theft, Oh, My! Finally, what are companies consciously defending against? Here's the breakdown - Viruses/Worms (56%), Spyware (40%), Customer Data Theft (36%). Surprisingly low on the list, Spam (27%), Denial of Service (26%)... which may indicate that corporations believe that they have that licked.

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)