Category: Trends

Ray Stanton, head of business continuity, security and governance at BT, said in a statement: “As threats to information security escalate both from inside and outside the organisation, coupled with an increase in the number of regulations that companies have to comply with, many are realising the role that identity and access management can play in helping organisations address these issues.”

http://www.silicon.com/research/specialreports/idmanagement/0,3800011361,39158187,00.htm

“We’re seeing the bigger players buying out many of the smaller companies. And I think the largest of the security firms are looking to provide a full range of enterprise services,” says C. Warren Axelrod, director of global information security at Pershing, a Bank of New York Securities Group company. “The larger firms, like Internet Security Systems, Symantec and Computer Associates, are buying in many areas to complement what they have. They’re basically vying for control of the security space.” Axelrod is dead on, and consolidation is just as rampant among physical security vendors as it is in the IT world.

The second trend is convergence—the confluence of IT and physical security systems and vendors—which, in some sense, is another form of consolidation, only it’s happening across the line that historically divided those two worlds. Pescatore believes some markets, like those for firewalls and antivirus software, are maturing: “Now you see three vendors splitting 75 to 80 percent of market share and maybe four or five at most splitting the rest.”

Ray O’Hara, senior managing director at Vance, an investigation and consulting firm (which was itself acquired by Canadian company Garda at the end of last year), attributes guard company mergers partly to cost pressures. “If [a customer has] 1,000 guards across the U.S. or the world, there is continued pressure to make that 900 today, not 1,100. Consequently, [guard] companies can only grow by acquisition” rather than by placing more guards within current customers’ businesses”, O’Hara says. Jeffrey Kessler, a senior VP and senior business services analyst at Lehman Brothers who follows the security industry, says the physical security vendor consolidation trend will continue as 1. “Rather than having multiple security suppliers in a region or nationally, it’s becoming more common for companies to solicit regional bids or national bids; there are even a few global bids,” says Don Walker, chairman of Securitas Security Services USA (which made its own major acquisition of Pinkerton in 1999).

First the good: “When I look at [consolidation], it fits in with some of my new strategies to limit the number of vendors and get to as few consoles as possible,” says Jeffrey Bardin, CISO at Hanover Insurance. “We’re seeing some of that,” says James Beeson, CISO of GE Commercial Finance, who is quite content to reinforce that trend by using GE’s purchasing power as a rather massive stick. “In many cases, a big [security company] can be doing antivirus, intrusion prevention services, all sorts of products.”

Happily, consolidation hasn’t put an end to startup activity and the innovation startups foster. Bardin notes, “We’re actually getting bombarded with [phone calls from] many new security technology companies, each with a particular space. “If a hacker knows the anomalies associated with that vendor’s infrastructure, it’s probably easier to break into it, versus, for example, having a Cisco PIX firewall out front as the perimeter firewall and a Check Point firewall internally,” he notes.

As time goes on, the worlds of the corporate and IT security professional are, if not colliding, at least beginning to have some fender benders. And that trend is being reflected among systems integrators, particularly the larger players traditionally associated with physical security, such as ADT, Diebold, Honeywell and Stanley Works. Those companies are working with customers on access control systems, biometrics and IP-network video—technologies that require knowledge of both IT and physical security environments. “If they don’t, they’ll end up being wire hangers and camera hangers at the edge of the network,” says Kessler of Lehman Brothers.

“If you’re involved with integrating the security system with the IT system, and your value proposition is that you’ll be the first responder to anything that goes wrong and you’ll make sure the system stays integrated with the IT system as that system changes, then you can make a higher gross margin on installation and a monitoring fee in some cases,” says Kessler, adding that a 40 percent gross margin can be expected.

(The alliance released the results of a survey conducted by Booz Allen Hamilton, “Convergence of Enterprise Security Organizations,” last November, which shows the convergence trend taking off. It can be found at www.asisonline.org/newsroom/alliance.pdf.)

http://www.csoonline.com/read/030106/vendor_megatrends.html

Companies are still trying to understand what network access control means from a technical and cost perspective, said Dan Thormodsgaard, manager of business development professional services at FishNet Security, a Kansas City, Mo. “The challenge of [network access control] is there really isn’t a business driver to do it. Compliance is a future driver for network access solutions, Thormodsgaard said. “We’re starting to see some avenues for it on the compliance side,” he said.

[Editors note: The last set of statements are not in alignment with al ot of companies out there. Controlling who has access to your network is key. If companies could find easy to use and cost effective solutions to leverage it, they would jump at it. They do exist. Since most viruses and attacks are now starting to orginate from the insider, putting more controls and preventing viruses is a key cost saving business benefit. Using regulations as the driver is a very limited view. Disclaimer: I work for Calance and the opinions expressed here are my own. And yes Calence is a FishNet competitor.]

http://www.securitypipeline.com/news/184429098;jsessionid=1NFW1RNN40UOGQSNDBGCKH0CJUMEKJVN

“Virtualization, simplification, optimization and automation are all key drivers influencing the successful transformation of the U.S. data center,” said IDC analyst Michelle Bailey.

Where mainframes once ruled the data center roost almost exclusively, smaller blades that slide in and out of chassis are becoming more prevalent these days.

Blades, which IDC said grew 49.3 percent as a market year over year and climbed 56.9 percent from 2004 to 2005, boast designs and redundant capabilities to allow one server to keep up and running after another winks out. Blades are arriving en masse at the same time as heavy Web applications, such as customer relationship management or human resource management products from SAP or Oracle.

http://www.internetnews.com/ent-news/article.php/3594871

A proof-of-concept is a first version of malicious code which hackers publish on the internet to show how certain vulnerabilities can be exploited. Worryingly, 12.5% of the threats had code included in disclosure.

In addition, 50% of vulnerabilities had either an exploit and/or proof-of-concept code surface within one week.

http://www.it-observer.com/news/5828/patching_window_getting_shorter/

Bogus emails that form the basis of phishing attacks contain URLs that direct the victim to a single IP address, which hosts the so-called ‘smart redirector’. When the potential victim clicks on the link, the redirector checks all related phishing websites, identifying which sites are still live before redirecting the user to one of them.

RSA Cyota senior product manager Andrew Moloney said: “As anti-phishing vendors become more adept at shutting down phishing websites, inevitably the fraudsters are looking at ways to minimise the effect this has on their hit rates.

According to the Anti-Phishing Working Group, almost 50,000 phishing websites were created last year, with more than 7,000 appearing in December alone.

http://www.theregister.co.uk/2006/03/08/smart_redirect_phish_attack/