Sun is going to release a major update of its Solaris 10, introducing a native patching system: Sun Update Connection.
The product, already available as stand-alone package, is comparable to Microsoft Windows Update or Novell Red Carpet Enterprise.
At this point I hope Sun will also realize a centralized patching management system as flexible as Microsoft WSUS today is.
Tuesday, October 25, 2005
Tuesday, October 11, 2005
NetIQ offering free risk management and assets security essays
With a perfect timing, after my yesterday post about SEMs products, NetIQ released 3 large whitepapers about risk management, assets protection and corporate standard compliancy:
All essays are written by Rebecca Herold for RealTimePublishers.com and don't have a single advertising line or references to NetIQ products.
RealTimePublishers produces high quality education material (ebooks, whitepapers, videos) without commercial products references, available free of charge for privates, while companies can use it as indirect marketing tool by paying.
IBM adopts this technique since years with its RedBook publishing line.
In my humble opinion this is the most intelligent approach to sensitize people on problems where a solution is available.
There are no needs to write a propaganda document re-interpretating reality to push something: if a product is competitive and your essay effective readers won't have doubts about what to choose.
- The Practical Guide to Assuring Compliance
- The Practical Guide to Managing Risks
- The Practical Guide to Securing Assets
All essays are written by Rebecca Herold for RealTimePublishers.com and don't have a single advertising line or references to NetIQ products.
RealTimePublishers produces high quality education material (ebooks, whitepapers, videos) without commercial products references, available free of charge for privates, while companies can use it as indirect marketing tool by paying.
IBM adopts this technique since years with its RedBook publishing line.
In my humble opinion this is the most intelligent approach to sensitize people on problems where a solution is available.
There are no needs to write a propaganda document re-interpretating reality to push something: if a product is competitive and your essay effective readers won't have doubts about what to choose.
Sun replace Trusted Solaris
Sun changed its mind about Trusted Solaris 10, already in development, and announces that will stop producing this operating system version for military uses.
Instead of Trusted Solaris since middle 2006 we'll have Solaris Trusted Extensions, installable on any Solaris 10 (SPARC e x86) system, including Open Solaris.
Solaris 10, which actually is under evaluation for Common Criterial EAL4 certification, already includes 85% of Trusted Solaris 8 (the last one released) and these new extensions will fill the missing 15%.
This move, together with the official support for the JASS, seems the best approach to provide a flexible hardening toolkit to users.
At this point companies have valid reasons to seriously consider this operating system adoption.
And now that Check Point supports VPN-1 on Solaris 10 there are few reasons to not choose it.
Instead of Trusted Solaris since middle 2006 we'll have Solaris Trusted Extensions, installable on any Solaris 10 (SPARC e x86) system, including Open Solaris.
Solaris 10, which actually is under evaluation for Common Criterial EAL4 certification, already includes 85% of Trusted Solaris 8 (the last one released) and these new extensions will fill the missing 15%.
This move, together with the official support for the JASS, seems the best approach to provide a flexible hardening toolkit to users.
At this point companies have valid reasons to seriously consider this operating system adoption.
And now that Check Point supports VPN-1 on Solaris 10 there are few reasons to not choose it.
Check Point now supporting VPN-1 NGX on Solaris 10
A very expected news for a lot of customers: finally Check Point supports last VPN-1 family on Sun Solaris 10 familiy.
This support extension also includes Microsoft Windows Server 2003 SP1 and is provided by the just released Hotfix Accumulator (HFA) 01 for NGX [R60].
At this point I'd bet a huge grown of Solaris 10 x86 con VPN-1 NGX HFA01 in enterprise front-end firewall solutions.
This support extension also includes Microsoft Windows Server 2003 SP1 and is provided by the just released Hotfix Accumulator (HFA) 01 for NGX [R60].
At this point I'd bet a huge grown of Solaris 10 x86 con VPN-1 NGX HFA01 in enterprise front-end firewall solutions.
Monday, October 10, 2005
Security Event Managers comparison
One of the most interesting security categories for me is surely the Security Event Managers (SEMs) one, already covered in a previous post.
2 weeks ago InfoWorld published a very interesting comparison between 5 products of this category:
Very interesting mainly because prices are mentioned: obtaining informations about these products (as well as obtaining evalutation versions) often is an hard task to accomplish.
Very interesting also because InfoWorlds reported every product events/second rate and because the lab environment is detailed.
But the most interesting thing at all maybe is that none of the 5 products is at the same time easy to use, flexible and highly scalable. And this make my idea about this market segment even stronger: it's still everything but filled and it really lacks of mature solutions.
Obviously to have a more complete idea the comparison should include other 7 main SEMs:
I hope InfoWorld will include them in a next revision of this test.
2 weeks ago InfoWorld published a very interesting comparison between 5 products of this category:
- ArcSight Enterprise Security Manager 3.0
- e-Security Sentinel 5.1
- Micromuse neuSecure 3.1
- Network Intelligence 7550-HA
- Symantec Security Information Manager 9550
Very interesting mainly because prices are mentioned: obtaining informations about these products (as well as obtaining evalutation versions) often is an hard task to accomplish.
Very interesting also because InfoWorlds reported every product events/second rate and because the lab environment is detailed.
But the most interesting thing at all maybe is that none of the 5 products is at the same time easy to use, flexible and highly scalable. And this make my idea about this market segment even stronger: it's still everything but filled and it really lacks of mature solutions.
Obviously to have a more complete idea the comparison should include other 7 main SEMs:
- Computer Associates eTrust Audit
- IBM Tivoli Risk Manager
- Intellitactics NSM
- NetForensics nFX OPS
- NetIQ Security Manager
- Open Service Security Threat Manager
- Trigeo Security Information Manager (ex Contego)
I hope InfoWorld will include them in a next revision of this test.
Cisco to put PIX in End of Life
Some of you probably already know in May Cisco launched a new appliance model, ASA 5500 series, integrating firewall (same engine offered by PixOS 7.0), VPN IPSec and SSL gateway (putting in End of Life VPN Concentrator 3000 series, even if they dropped PPTP clients support), IPS sensor (putting in End of Life IDS 4200 sensors series) and antivirus. Cisco also integrated a virtualization technology inside this new product to segment connected networks, thanks to the TopSpin acquisition at the beginning of 2005.
Now Cisco is expected to announce the End of Life of the probably most famous firewall in the world, PIX.
In Network Admission Control (NAC) phase 2, the Cisco endpoint security strategy, ASA appliances will become the architecture's key component, providing a way to block network access to non-secured machines, interacting with routers, switch and obviously policy servers.
Transforming 3 different platforms in endpoint security gateways was probably less expensive than creating a new one, already designed for this role, and unifying existing security features, selling a brand new appliance.
By the way this is the actual market trend: from Symantec Gateway 5400 series to Astaro AA, up to Check Point that, after acquiring Snort, is expected to launch an all-in-one product as soon as possible.
Now Cisco is expected to announce the End of Life of the probably most famous firewall in the world, PIX.In Network Admission Control (NAC) phase 2, the Cisco endpoint security strategy, ASA appliances will become the architecture's key component, providing a way to block network access to non-secured machines, interacting with routers, switch and obviously policy servers.
Transforming 3 different platforms in endpoint security gateways was probably less expensive than creating a new one, already designed for this role, and unifying existing security features, selling a brand new appliance.
By the way this is the actual market trend: from Symantec Gateway 5400 series to Astaro AA, up to Check Point that, after acquiring Snort, is expected to launch an all-in-one product as soon as possible.
Thursday, October 06, 2005
Check Point acquiring SourceFire
This news is a bomb under several aspects:
SourceFire is the company founded by Marty Roesch, creator of worldwide famous Snort IDS, to sell appliances based on the intrusion detection engine.
Just this night I was writing about a famous security project, Nessus vulnerability scanner, going to abandon GPL license to become a commercial product. And being ironic I speculated Snort could be the next one (removing the sentence just before publishing). Now this announcement.
Martin immediately reassured community about the fact Snort will stay free and GPLed. But the whole thing is stunning: in my Check Point experience till today I never saw even the smallest feature released for free. Figure out with an open source license.
From a strategic point of view Israelites were very smart (quite the opposite of someone else) acquiring first ZoneLabs and then SourceFire.
Everything is converging to application inspection and endpoint security, two points where the company is going since VPN-1 NG FP2 times (the first time the engine SmartDefense was introduced).
In the near future it's quite probable Snort engine will be merged with VPN-1 SmartDefense/Application Intelligence engine, and in a second time integrated in endpoint security solutions like Integrity and Interspect.
If Check Point is farsighted will let Snort to the community, using it as a big selling point. If its not, 2 years at maximum and the project will be closed.
And while someone speaks about open source as ecosystem I'm afraid to say again who is the next one?
Update: As never said: US Government hindered the acquisition (Check Point is an Israeli company, could this be a factor?) until Check Point retired it.
Bad news for Check Point, even worst for Marty. Maybe not so bad for the open source community (even if nobody will tell you).
SourceFire is the company founded by Marty Roesch, creator of worldwide famous Snort IDS, to sell appliances based on the intrusion detection engine.
Just this night I was writing about a famous security project, Nessus vulnerability scanner, going to abandon GPL license to become a commercial product. And being ironic I speculated Snort could be the next one (removing the sentence just before publishing). Now this announcement.
Martin immediately reassured community about the fact Snort will stay free and GPLed. But the whole thing is stunning: in my Check Point experience till today I never saw even the smallest feature released for free. Figure out with an open source license.
From a strategic point of view Israelites were very smart (quite the opposite of someone else) acquiring first ZoneLabs and then SourceFire.
Everything is converging to application inspection and endpoint security, two points where the company is going since VPN-1 NG FP2 times (the first time the engine SmartDefense was introduced).
In the near future it's quite probable Snort engine will be merged with VPN-1 SmartDefense/Application Intelligence engine, and in a second time integrated in endpoint security solutions like Integrity and Interspect.
If Check Point is farsighted will let Snort to the community, using it as a big selling point. If its not, 2 years at maximum and the project will be closed.
And while someone speaks about open source as ecosystem I'm afraid to say again who is the next one?
Update: As never said: US Government hindered the acquisition (Check Point is an Israeli company, could this be a factor?) until Check Point retired it.
Bad news for Check Point, even worst for Marty. Maybe not so bad for the open source community (even if nobody will tell you).
Microsoft ISA Server 2004 earns Common Criteria EAL 4+
It's a pity this news passed under silence.
Even if ISA Server 2004 still has a questionable approach to some traffic filtering aspects, it earned the Common Criteria EAL4+ certification level, the highest assigned till now in the Boundary Protection Devices and Systems category.
Consider how other products in this category were certified as:
To say the truth isn't clear if the certification is applied to Standard, Standard SP1 or Enterprise version so I imagine we are talking about the first one.
To have more news about the tested platform (OS + hotfixes) check the related Common Criteria Guidance here.
Even if ISA Server 2004 still has a questionable approach to some traffic filtering aspects, it earned the Common Criteria EAL4+ certification level, the highest assigned till now in the Boundary Protection Devices and Systems category.
Consider how other products in this category were certified as:
- Microsoft ISA Server 2000 - EAL2
- Check Point VPN-1 NG AI R55 (with HFA_14) - EAL4
- Cisco Pix (with PixOS 6.2(2)) - EAL4
- Juniper Netscreen (with ScreenOS 4.0.2r7.0) - EAL4+
- StoneSoft StoneGate 2.0.5 - EAL4+
- Symantec Enterprise Firewall 8.0 - EAL4
To say the truth isn't clear if the certification is applied to Standard, Standard SP1 or Enterprise version so I imagine we are talking about the first one.
To have more news about the tested platform (OS + hotfixes) check the related Common Criteria Guidance here.
Tuesday, October 04, 2005
Franken PIX and IDS
For those who don't know is possible to build a cheap Cisco PIX clone.
A 16Mb PIX ISA Flash card will be enough, with a specific kind of compatible hardware and obviously PixOS images.
The clone is usually called Franken PIX.
In the same way is possible to build a Cisco IDS (ex NetRanger) clone, the so-called Franken IDS.
The 4.x platform version of this IDS is based on Linux (while the 3.x one was based on Solaris) and this means cloning it will be simpler than cloning PIX.
To assemble a Franken IDS you'll need a compatible PC with a specific kind of network interface cards and the platform recovery image.
An hacking to some configuration files will also be necessary so that installer will recognize your hardware as a Cisco appliance.
Obviously using IDS and PIX platforms images on this harware is out of Cisco agreements :)
A 16Mb PIX ISA Flash card will be enough, with a specific kind of compatible hardware and obviously PixOS images.
The clone is usually called Franken PIX.
In the same way is possible to build a Cisco IDS (ex NetRanger) clone, the so-called Franken IDS.
The 4.x platform version of this IDS is based on Linux (while the 3.x one was based on Solaris) and this means cloning it will be simpler than cloning PIX.
To assemble a Franken IDS you'll need a compatible PC with a specific kind of network interface cards and the platform recovery image.
An hacking to some configuration files will also be necessary so that installer will recognize your hardware as a Cisco appliance.
Obviously using IDS and PIX platforms images on this harware is out of Cisco agreements :)
Monday, October 03, 2005
Symantec: Resistance is futile. You will be assimilated.
In the last 5 years Symantec has systematically acquired a big part of key companies in the IT security industry. Alone or through the Veritas acquisition.
In order:
The last one in chronological order is Sygate (endpoint security), dated August 2005.
Where Symantec is going? Someone could say is going to beecome the Microsoft of security. But in facts I personally believe it's going nowhere: the unbelievable amount of products and services available are never been integrated and in some cases even ceased the development after the acquisition.
The result is a complex and chaotic commercial offering, with some redundant solutions and many obsolete products.
If you ever visited the enterprisesecurity.symantec.com site you know what I'm talking about.
Though the potential is huge.
And meanwhile more and more vulnerabilities surface on most known company's products (just because the most known are the most spread).
Symantec I strongly suggest you to dedicate to development, to security and to integration of your products. And to the semplification of your commercial offering.. Not to the wild acquisition.
First update: Someone in Symantec possibly heard me, since the WholeSecurity (endpoint security) acquisition has been just announced.
And it's really strange since they just acquired Sygate for endpoint security.
Maybe they should have said just another one and we'll stop...
Second update: I don't know if this is just a coincidence or what: after Sygate and WholeSecurity now Symantec is acquiring BindView (policy compliancy and other services). In just one month.
At this poin we just need to wait they will go for Check Point or Enterasys.
Third update: New year, old habits for Symantec: on January 2006 they acquired IMlogic (istant messaging security).
I think I'll stop to track them cause it's becoming boring...
Fourth update: Instead focusing on integration, as I suggested, Symantec prefers to shut down business units. Another demostration of how weak the company strategy is.
In order:
- February 2000 - L-3 Network Security (vulnerability assessment)
- November 2000 - Network Storage Management Group of Seagate
- December 2000 - AXENT Technologies (IDS, content filtering, authentication, etc.)
- July 2001 - Foster-Melliar (security consulting)
- October 2001 - Lindner & Pelc (security consulting)
- July 2002 - Mountain Wave (audit and event managementi)
- August 2002 - Riptech (IDS), Recourse Technologies (honeypot and IDS), SecurityFocus (security awareness)
- October 2003 - Safeweb (SSL VPN)
- December 2003 - PowerQuest (storage management)
- January 2004 - Ejasent (application virtualization)
- February 2004 - ON Technology (updates management)
- June 2004 - Brightmail (antispam)
- July 2004 - TurnTide (antispam), Invio Software (automation tools)
- September 2004 - KVault Software Limited (email storaging)
- October 2004 - @stake (security consulting, creators of L0phtCrack), LIRIC (security consulting)
- December 2004 - Platform Logic (endpoint security)
- April 2005 - DataCenter Technologies (storage management)
- May 2005 - XtreamLok (antihacking systems)
- July 2005 - VERITAS (storage management)
The last one in chronological order is Sygate (endpoint security), dated August 2005.
Where Symantec is going? Someone could say is going to beecome the Microsoft of security. But in facts I personally believe it's going nowhere: the unbelievable amount of products and services available are never been integrated and in some cases even ceased the development after the acquisition.
The result is a complex and chaotic commercial offering, with some redundant solutions and many obsolete products.
If you ever visited the enterprisesecurity.symantec.com site you know what I'm talking about.
Though the potential is huge.
And meanwhile more and more vulnerabilities surface on most known company's products (just because the most known are the most spread).
Symantec I strongly suggest you to dedicate to development, to security and to integration of your products. And to the semplification of your commercial offering.. Not to the wild acquisition.
First update: Someone in Symantec possibly heard me, since the WholeSecurity (endpoint security) acquisition has been just announced.
And it's really strange since they just acquired Sygate for endpoint security.
Maybe they should have said just another one and we'll stop...
Second update: I don't know if this is just a coincidence or what: after Sygate and WholeSecurity now Symantec is acquiring BindView (policy compliancy and other services). In just one month.
At this poin we just need to wait they will go for Check Point or Enterasys.
Third update: New year, old habits for Symantec: on January 2006 they acquired IMlogic (istant messaging security).
I think I'll stop to track them cause it's becoming boring...
Fourth update: Instead focusing on integration, as I suggested, Symantec prefers to shut down business units. Another demostration of how weak the company strategy is.
Subscribe to:
Posts (Atom)