- +
Understanding the Project Management Office 05/02/2008 12:59:53
Excellence in project management is essential, but PMOs can do as much harm as good. Here we examine the fundamentals and scope a proper role for a PMOExcellence in project management is essential, but PMOs can do as much harm as good. Here we examine the fundamentals and scope a proper role for a PMO - +
Clouding the Future 04/02/2008 13:16:21
Outlook: mostly fine, with clouds increasing later and the chance of jargon rain likelyI was just beginning to contemplate the formulation of the thought to back up my files when my desktop suddenly died. While waiting for it to rebuild, I read an article telling me that the desktop computer was dead - +
IS's Seven Levers of Growth 04/02/2008 13:12:50
CIOs and their IS organizations need to play a greater part in enterprise top-line growth. The challenge is to understand that growth and contribute in the right wayGrowth remains the top priority for most business executives. In most enterprises, this means make more profits - +
Process Trip 04/02/2008 13:07:03
Why Maritz Travel revamped key business processes — and how business and IT came together to make it workWhen Rich Phillips became COO OF Maritz Travel about two and-a-half years ago, he sat down and took a hard look at the big industry picture - +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Wireless LANs: Is my enterprise at risk?
CRM your salespeople will love
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Solve Exchange Storage Problems Once and For All: A New Approach without Stubs or Links
Email Archiving Technical Overview
Email Archiving Implementation: Five Costly Mistakes to Avoid
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Cutting printer costs
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
What is true enterprise security and how do you get it? Bogus promises by vendors are all too common. In this recent Network World chat, outspoken security analyst Nick Selby humorously tackles the truth about data leakage products, smartphone protection, hotspot threats and the word "solution." Nick Selby leads The 451 Group's Enterprise Security Practice. Selby also serves as The 451 Group's Director of Research Operations and is on the faculty of the Institute for Applied Network Security.
Security start-ups promising protection from bot attacks seems to be the rage. I'm skeptical. Should I be?
Well, the only alternative answer to your question would be my advising you to be gullible, so I think I'll go with A, yes you should be skeptical. Bot attacks are launched by people exploiting vulnerabilities for profit. The cost of an owned Windows box is really low - in Dan Geer and Dan Conway's recent Owned Price Index, he states the cost as US$0.04 - so the costs involved in getting a lot of them to do something awful is fairly low and the chance you'll be caught even lower. When companies come out and state that they can promise protection from botnets, I'd start by asking lots of questions and being very careful about believing the answers. Not saying they're lying, just saying that what they're promising is to fix a constantly moving target.
What is the biggest load of nonsense that security vendors are pushing at us?
This will sound like semantics but it's been the devious insertion by vendors of the use of the word "solution" and its take up by buyers. I could say that a farm that's biodynamically sustainable and militarily defensible is a "hunger solution," but calling an IDS a "solution" is a little ridiculous. It's saying, 'Oh, good, they've solved the problem of intrusion! Good for them!" It's truly insidious that people are now referring to products of some genuine but specific value as something that has solved a problem. Enterprise IT is like New York City - it will be great when it's finished.
Along those lines, what about data leak protection - is it a "product/solution" or is it all hype?
That they can stop intentional theft of data, and that they can - in a vendor's own words, 'Stop all leakage and loss in any language, via any channel'. What utter tosh! Anti-data leakage (ADL) boxes and agents are great at reducing noise, at stopping stupid and inadvertent leaks which are clearly the most prevalent source of confidential and regulated data dissemination BY VOLUME (not by severity). That says a lot. But protecting your data is about far more than just stopping accidental leakage, it is about understanding how your company does business and the processes by which it turns information that it processes into checks made payable to it. On March 31, we're releasing a long format report on this very subject called Mind The Gap. It sets forth a no-cost framework to help end users get a better grasp on how to prioritize and understand the flow of data through their organizations. It then helps them prioritize the problems and use information to get vendors of four classes of related products (ADL, disk encryption, port and device control and database transaction monitoring) to better understand their needs to start addressing the problems of unprotected data in the enterprise.
If a vendor (say a start-up) comes up with what they feel is a new approach to addressing security concerns, or a specific issue (say, stronger user authentication), what would you call it if not an authentication solution?
I'd err on the side of "product", seriously.
Are integrated end-point security suites (i.e. Symantec/McAfee) as effective as best-of-breed 'solutions'?
Not sure about the exact answer as I would say that it varies. But as far as the "is the agent dead?" kind of question, I would say that, interestingly enough, we find that we are seeing greater demand -- in fact increasingly shrill and irritated demands - from the enterprises to get agents right, unified and functional. We saw GE chuck out Symantec and the Miami Dade School System chuck out McAfee because of dissatisfaction with agent unification and performance, updates, customer support and stability. But we are also hearing from end users that they are desirous of ADL and port and device control and disk encryption agents to be unified with antimalware and host behavior-based IPS and the like. Guardium and Imperva tell us that their agent uptake for database servers is now through the roof. (Disclosure: Guardium is a 451 customer; Imperva is not.) So we say that there is tolerance for agents provided that they work, play nicely with other programs and don't blue screen Windows.
We see ADL as an important part of something bigger - and that something bigger is likely to be the second tier antimalware vendors who know a thing or two about building agents. So in that list we would out AhnLab, Hauri, Grisoft (AVG), Panda, Trend Micro, Sophos, Kaspersky, BitDefender, GFI Software and other companies (disclosure: Sophos is 451 customer) as tops in looking to extend their antimalware agents to look at data leakage. We've seen Utimaco (a 451 customer) and other disk encryption vendors doing the same thing. So are agents dead? No. It's just that most IT people wish they were. However were it not for that latter bit, companies like BigFix (a 451 customer) and Lumension (not a customer, and a company whose name sounds like a prescription sleep aid) would have less to do.
HauteSecure released a new version of its anti-drive-by-download product recently. Is there really a market for browser plugins that do this sort of thing?
Well, if you ask the guys at Finjan, Grisoft (AVG), Symantec and McAfee then the answer is yes. But the real issue I suppose is the reactive nature of this. I like the power of the gang by companies like Prevx and indeed Haute of trying to use the users to gather intel and feed a central hive to disseminate. But at the end of the day it's reactive and therefore by definition behind the eight-ball from the get go - whaddaya think?
Do you think security vendors are creating problems then, to which they have the solutions for? That sounds very cynical...
I am not seeing the connection between what I said and what it seems like you thought I said. . . As we all know, Microsoft is to blame for everything. What I do mean to say is that security vendors often have very valid things to say about very real problems, but they get so caught up in the cycle of hype and marketing that they forget to speak English. Take the anti-data leakage guys - they solve an enormous problem, yet they insist on saying that they solve the WHOLE problem, ALL OF IT! It's disingenuous and needlessly distracting.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
F-Secure achieves excellent results in Internet security suite comparison 2008-10-10 14:37:00+10
M2M Connectivity announces the new Sierra Wireless MC8792V embedded module for 900 MHz 3G/HSPA networks 2008-10-10 08:51:00+10
Pitney Bowes MapInfo Launches New Version of AnySite 2008-10-10 05:58:00+10
IOGEAR Gears Up in Australia 2008-10-09 20:18:00+10
Internet Service Providers offer new unlimited Online Backup from F-Secure 2008-10-09 19:42:00+10
Dude! You Say I Need an Application-Layer Firewall?!
Proxy firewall technologies have proven time and again to be more secure than “stateful” firewalls. They will also prove to be more secure than “deep inspection” firewalls. High-performance proxy firewalls are available today which are easily capable of handling gigabit-level traffic. Discover more by reading on.
