"Shares of Internet Security Systems (ISSX:Nasdaq - commentary - research) sank Tuesday after an analyst downgraded the stock to a sell rating, citing more intense competition in the intrusion-detection market and customer dissatisfaction."
More woes for ISS and the IDS market in general. Despite the stock analyst concern and the Gartner "IDS is Dead" report from earlier in the summer, don't be so fast to give up on IDS entirely. While point products that deliver high levels of false positives are arguably not delivering enough value to justify the price point, the technology itself is useful.
To ensure that enterprise dollars will be spent, though, these products need to get smarter (reduce fale positives, provide better tuning) and integrate more competely with enterprise monitoring systems and SIM (Security Information/Event Management), such as the IBM Tivoli and CA, Unicenter. Islands of security and intrusion information are not enough any longer.
Having said that, don't assume ISS or any point product is necessarily down for the count. Remember all the noise about the demise of the point product vendor and rise of "one stop security shopping" in the late 90s?
At the time NAI looked like a good bet for the future and Checkpoint like a has-been. While a holistic view of the enterprise is critical to security, it doesn't mean companies will adopt less effective technology just because it comes from their "one stop" supplier. Innovative technology that delivers value and protection, even from a smaller, focused vendor, still has a place in the security world.
Customers read the reports and are influenced by marketing, yes, but at the end of the day they buy and maintain products that get the job done because they have a network to protect.
So while ISS CEO Tom Noonan's anger at the reports is understandable, the best way for him to rebut the findings is to hone the ISS IDS products and increase customer satisfaction and new adoptions. A large, contented customer base is something few analysts can take pot shots at.
"Following the virus and worm devastation wrought by Blaster and SoBig this past week, Microsoft Corp. on Friday admitted that it has finally bitten the bullet and committed to automatic security patch updates for its SQL Server database."
It's about time. But MS' reluctance to do this earlier isn't surprising. Automated updates are great when they work properly, but if not implemented securely can lead to security vulnerabilities. The risk of a trojan automatically 'patching' a SQL server isn't one many of us would like to ponder. So, kudos to MS for making the committment and here's hoping they are careful with the implementation so that the patch process brings increased security, rather than increased risk.
Quotes from FCC Chairman Michael Powell on the FCC's rules released on local telephone and broadband: "FCC Releases Rules on Local Phone, Broadband Competition."
Makes you wonder when the Chairman has such an uncomplimentary view of the rules. A lot of the rules pertain to discounts and sharing requirements of existing networks. If you're interested in the full report, the FCC has all 576 pages available for download here: www.fcc.gov, along with comments from Powell, and Commissioners: Abernathy, Copps, Martin and Adelstein.
Both HP and IBM have recently announced enhancements to their Utility Computing offerings for the "Adaptive Enterprise." In short, the approach is supposed to allow companies to use their resources, both hard and soft, in a more cost-effective manner. Using systems, "on-demand" on an as needed basis.
From a security perspective these solutions could have positive impact. Currently, to create redundancy for business continuity and test beds, organizations often need to have separate hardware and software for each backup system, testing server farm, and staging area.
With Utility Computing, the same servers being used on Monday for testing or staging could be called up on Tuesday to provide backup processing power or on Wednesday to serve as roll-over machines should a farm of production servers go down.
It all sounds a bit 'future world' for administrators who have had to rollover systems in times of crisis and feel more comfortable with completely HA-ready system duplicates. But it's not as out there as it may appear. Re-using hardware is something that can reduce costs if done wisely.
Is Utility Computing ready for prime-time security? In my opinion, not quite yet. But it's promising and a goal to work towards as companies continue to look for efficiencies across the enterprise.
If you're responsible for the security of an IIS server, Mark Squire's got a very useful article on how to leverage scripts and policies to make your job easier over at the Security Focus site. Take a look.
"During Q2, worldwide shipments of 802.11-based kit were up six per cent on the first quarter's figure and a massive 69 per cent up on the same period last year.
However, Wi-Fi revenues totalled $149 million during the quarter up just two per cent from Q1's total of $146 million, and ten per cent above Q2 2002's $134.1 million."
In other words, more units are shipping, but the competitive price pressures are shrinking the profit margin. Good news for buyers. And an indicator that the major manufacturers of wi-fi products, such as Cisco and Netgear, will probably continue to have an edge over niche competitors. When profit margins go down, the ability to ship more units becomes critical.
By now, you've probably heard about the "Blaster Worm" (also known as: Lovsan), it takes advantage of a buffer overrun vulnerability in the RPC (remote procedure call) interface on Windows 2000 and XP operating systems and has been causing problems since Monday.
A new worm isn't the most interesting news in the world, but this one is worth noting because of the severity of the vulnerability, an attacker can seize "complete control over a remote computer" and because MS released a patch for the vulnerability back in the middle of July, weeks before the worm started to spread.
That customers didn't rush to apply the patch is no surprise. Not only are administrators busy attending to other matters, but they're often loathe to apply a patch for a 'theoretical risk', one that isn't being exploited yet, for fear of 'breaking' working systems. Yet the results of not patching are now being felt by a number of consumers and enterprises. According to this eWeek article, "Blaster is also being blamed for some service problems on Comcast Corp.’s cable modem network."
This incident is yet another highlight of the fact that intelligent patching strategies are a critical component for enterprise network health. Whether it's subscribing to a service that offers the intelligence or putting in place a home-grown solution, the end point is still the same: whenever possible patch systems before vulnerabilities are exploited.
For more on the worm itself, check out:
Symantec Anti-Virus Research Center
McAfee Virus Information Center
TrendMicro Virus Encyclopedia
For more on intelligent patch management:
MS Whitepaper, "Improving Patch Management"
Computerworld's "Five Tips for Effective Patch Management"
And some vendors to explore:
Informed Security Patch Management
Ecora Patch Manager
The Register reports that "Merrill Lynch today introduced a company-wide ban on access to third-party email services from corporate PCs.
In a memo to staff, the investment banker said it was prohibiting workers from picking up or sending email through Hotmail, Yahoo, AOL and the like because of "regulatory requirements" and as a means to cut off a possible route by which viruses might enter its network."
Will this be effective and should your own company follow suit? Good questions. While shutting off standard email access to third party providers is a good way to keep non-work related email communication at a minimum, it's not a slam-dunk for security.
If the corporate email gateway is inspecting all incoming mail for viruses, it shouldn't matter what email provider they're coming in on.
Secondly, this kind of restriction often gives rise to 'work arounds' from employees. Users could begin accessing their email accounts through encrypted SSL or using encryption for personal email to circumvent the policy and defy detection.
That's not to say putting a policy like this into place doesn't make sense. But don't forget to factor in the ways employees may attempt to get around it when setting and enforcing the policy. And definitely don't stop inspecting all incoming mail, no matter what account it's to, for possible viruses. Sure, it might be more common for something nefarious to be attached to an HTML-format email for Viagra spammed out to aol accounts, but a virus can also be lurking in an approved corporate memo from an internal, infected machine.
"Linux took another step in its evolution Tuesday when IBM and SuSE Linux announced that the open source operating system had achieved an international security certification used by the federal government."
NW Fusion has an article up titled "SSL-based VPNs are superior." The conclusion by the arguably biased author, Chris Hopen, CTO of Aventail an SSL VPN provider, is yes. But it all depends on one's definition of superior and particularly on a corporation's business needs.
For 'anywhere' access that doesn't require software, other than a browser, on the client-side, SSL VPNs are definitely a fantastic option. But for companies that aren't able to feed all their remote access needs through a browser presenation layer, SSL VPNs can be restrictive.
For a more in-depth look at this issue check out this month's Information Security Magazine cover feature VPNs: Tunnel Visions, by Lisa Phifer.
And don't forget, the definition of superior directly relates to how well a technology meets your business needs.