Category: Trends

At its heart, it refers to tools that track various changes made to an enterprise’s network defenses — principally firewall and router settings, as well as other security system data — and evaluates the potential impact of proposed changes.

SPOM (let’s use that term for now, since it’s the shortest and goodness knows we *need* another acronym) is sometimes referred to as the “preventative” side of security monitoring because it focuses on how enterprises are enforcing their security policies –and what might happen if they change those policies. This separates SPOM from security information and event management (SIEM), which reports on security-related network activity after it occurs.

“SIEM is a useful tool, but although it’s been around for years, enterprises are finding that their risk is continuing to rise,” says Michelle Cobb, vice president of marketing at Skybox. “It’s collecting data after the fact — after the horse is out of the barn… What we try to do is reduce the window of risk, reducing the possibility that a bad ‘event’ will occur in the first place.”

Unlike SIEM, SPOM enables an enterprise to set an acceptable level of risk and then tune its security systems and configurations to meet that requirement.

Steve Dauber, vice president of marketing at RedSeal Systems, compared the current evolution of security management systems to the evolution of network management systems a decade ago.

“First we had element management systems that collected data from individual devices,” he recalled.

“Then we had enterprise network management systems that collected all the data from the element management systems into a single console, which is basically what SIEM does.

After that, we saw the development of correlation engines, change management, and service-level management, which allowed you to intelligently set specific service levels for critical applications and business services.

SPOM is sort of the service-level management of security — but you’re using risk as the variable, rather than network performance or uptime.” At the core of most SPOM systems is the task of firewall configuration, which is how most enterprises “tune” their level of risk. Coordinating these policies and changes across a whole network of firewalls is no simple task, which is why Tufin’s products are designed to monitor changes in real time, according to Ruvi Kitov, CEO of Tufin.

While the SPOM concept certainly sounds like an attractive one for enterprises that must manage policies and configurations across many firewalls and other security devices, the market for the technology remains nascent. “I think the need for these products is real, but I suspect that many organizations are put off by the associated price tag,” says Andrew Hay, senior analyst for the enterprise security practice at the 451 Group consultancy.

SPOM technology is generally targeted at large enterprises, where collecting and analyzing configuration and management data from a variety of security devices can be daunting. “Obviously, if you have hundreds of firewalls, that price is going to go up. But when you compare it to the cost of a breach, which may be $200,000 or more on average, it’s a pretty good investment.”

RedSeal and Skybox tools are also heavily used by operations staff, but they can also be used to create “dashboards” that allow top executives to monitor the enterprise’s security posture and evaluate potential risks.

“The vendors really should be leading with the compliance pitch,” he says.

http://www.darkreading.com/security_monitoring/security/management/showArticle.jhtml?articleID=227800007&cid=RSSfeed#comments

“These patterns are affected by many factors of relationship and context, and could be used in reverse — to infer the relationship and context.” The more involved the individual is in the “digital” community, the more valuable his or her information pattern becomes.

And because this illegal version of what amounts to a blackhat social CRM database doesn’t cause a computer or mobile device to crash or result in the immediate loss of an antivirus application or the theft of money from a bank account or a gift card, the surveillance would theoretically go unnoticed and therefore garner even more valuable and meaningful behavioral information as time passes. For starters, it would the kind of detailed information that advertisers, marketers and spammers would love to get their hands on but for now have to be content with mass, barnstorming-type email campaigns to accomplish.

http://www.ecrmguide.com/article.php/3908146/new-malware-wants-your-life-not-your-passwords.htm

As per the report, among those who have been already targeted, companies usually reported sustaining around 10 attacks in the last five years.

Cris Paden, a Symantec Spokesman stated that the Stuxnet worm was an instance that politically provoked attacks, while unusual, was real and could be successful, as reported by SCMagazineUS on October 7, 2010.

http://www.spamfighter.com/News-15211-Global-Critical-Infrastructure-Increasingly-Being-Penetrated-By-Cyber-Crooks.htm

These devices can be cell-phone switching systems, power grid controllers and HVAC systems, and they can also be network-equipped television sets, video disc players and DVRs. And we haven’t gotten to the mobile devices that people carry around, such as iPods, smartphones and GPS receivers. At first glance, it’s hard to see how these network-attached devices could threaten your enterprise, but on further inspection, networked devices are perhaps the single greatest area of risk in security today.

I was reminded of the nature of this threat when I was at Best Buy a couple of weeks ago shopping for a new television set. What I hadn’t expected was the flood of new consumer electronics that have reached the market lately boasting network connectivity. Every major vendor of televisions featured 802.11n wireless connectivity on some models, and some had wired Ethernet as well. There were network-aware Blu-ray players in all price ranges. None, as far as I could tell, included any sort of security.

The only reason I can think of that these devices haven’t been used as malware vectors is that the criminals who create malware haven’t gotten around to it. But there will come a time when some devices reach a critical mass, and—because of the unique vulnerability of these devices—start serving up attacks against your network or someone else’s.

In some ways the threat posed by mobile devices is even worse since they have a more direct connection to the Internet.

This is the future that Intel sees, and it’s why the company bought McAfee.

As nice as it might be to have a profitable business selling AV software, it will be a lot nicer for Intel to have the in-house expertise to create hardware-based security for as many of those network-equipped devices as it can supply network interfaces for. Because these devices are already connected, all Intel and McAfee need to do is create an ecosystem of device updating and reporting that not only keeps the protection current but also reports on emerging threats, much as McAfee’s current computer security products do.

http://www.eweek.com/c/a/Security/Intel-McAfee-Merger-Plugs-Network-Security-Hole-696433/?kc=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+RSS%2Feweeksecurity+%28eWEEK+Security%29

To put it plainly, 2009 was the year of IT outsourcing deal renegotiation.

“One of the dominant features of the outsourcing market over the last 12 to 15 months has been the emphasis on cost above all else,” noted research firm Morrison & Foerster in a report on IT outsourcing trends in January.

The difference is that during the boom years of 2002-2008, cost was often down-played by customers and, instead, emphasis was placed on other business benefits such as transformation, concentrating on core competencies, and speed to market.

The analysts explained that this is why so many outsourcing contracts were renegotiated in 2009, with suppliers asked to share some of the pain of their customers.

Morrison & Foerster noted that economists are now talking about a “LUV” recovery from the recession, with the letters representing the “shape” of the recovery: a very slow L-shaped recovery for Western Europe; a slower U-shaped recovery for North America; and a rapid V-shaped recovery for Brazil, Russia, India, China and other emerging economies… In turn, that means service providers will have to carefully consider how to price new transactions in light of the “twin threats of cloud computing and continuing labor cost arbitrage.”

And, if parts of the world economy move at different speeds over the next 12 months, Morrison & Foerster said service providers will need to consider more varied pricing strategies. Flexibility will be the watchword in outsourcing deals in 2010, according to Morrison & Foerster.

“In 2010, we see a continuation of the trend for shorter deals, shorter procurement processes, and an emphasis on making things work rather than engaging in complex strategies,” the analysts said.

This is likely to lead many firms to take their IT services procurement in-house—so-called DIY sourcing.

“While the DIY approach will often result in short-term transactional cost savings, inexperienced purchasers of outsourcing services usually suffer longer-term losses because they fail to identify many of the key components for long-term success.”

For example, with the increased focus on costs, buyers will try and save on governance costs and overlook necessary governance functions. Particularly when customers engage in multisourcing transactions, heightened attention to governance processes is critical.

As the recovery gets underway, banks and insurance companies — which were among the hardest hit verticals of the recession and which put more deals on hold in 2009 than other sectors — are likely to come back to the fold in 2010, particularly toward the second half, according to Morrison & Foerster.

Cloud computing is likely to take center stage in IT outsourcing in 2010, according to experts. At the very least, the dramatically lowered cost of cloud providers will become a lever for customers to use in negotiations with their traditional sourcing providers.

http://itmanagement.earthweb.com/features/article.php/3885751/IT-Outsourcing-Trends-Slow-Growth-Cloud-Computing

“The need for compliance really drove widespread deployment of log management — SIEM tools went everywhere,” says Sam Curry, technology chief marketing officer at RSA. “I think we’re seeing a real shift here, and it may be happening first at small and medium-sized companies because their compliance process is less complex than those at larger enterprises.

“These are categories in which people are actually getting things done, not just marking a checkbox on a form to say they’re doing it,” the SANS study says.

In the RSA study, 89 percent of respondents said the primary use for their SIEM tools is for security operations functions, compared with 54 percent who cited compliance. Moreover, the survey reported that as many as 66 percent of those surveyed ranked real-time monitoring as most important when evaluating a SIEM vendor.

Because of their size, SMBs might be quicker to take advantage of the automated operations capabilities of SIEM and log management tools, Gottlieb says. “They’re going to be quicker to ask for more automation.”

“Most SIEM products require months of tuning after the initial installation — there is no such thing as a fully functional SIEM right after installation,” said security consultant Eugene Schultz in a blog.

But companies that have already purchased and implemented SIEM and log management tools are finding them increasingly useful in the growing tasks of incident response and forensics, Curry says.

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=225300198&cid=RSSfeed