RSA Security made one of these by introducing virtualization intelligence in its Archer compliance suite.

What’s the big deal? IT operations needs standard server configurations to meet compliance mandates and auditors need visibility into both physical and virtual servers. Neither group wants to jump through hoops to get what they need. This is a pretty big deal. When ESG asked security professionals what security-specific developments need to take place in order to enable more widespread server virtualization usage, 27% responded that their organizations needed, “compliance management tools that recognize virtual server events.” This was the third most popular of all possible responses.

RSA is on to something here. When I move workloads to the cloud you can be damn sure that my auditors want to know what’s going on. I’d like to see more vendors follow RSA’s lead and I’d really like to see security and cloud computing vendors start to discuss data standards for compliance, event management, and log file formats as well as secure transport protocols. Alas, I’m getting ahead of myself.

The RSA announcement won’t get much pick up, as it lacks the buzz of some cloudy/virtualization vision thing. Nevertheless, it is exactly what customers are looking for.

You can read Jon’s other blog entries at Insecure About Security.

Hmm. First of all, anyone familiar with ArcSight was sure this was coming. The company is a leader in a growing market segment, has a great Federal business, and is one of few real enterprise players. It is interesting to me that the Wall Street Journal is spreading rumors but that’s another story.

Let me weigh in by handicapping the field:

1. Oracle. This would be a bold strategic move as Oracle plays in security tools and the identity management space, but not the broader security market. ArcSight is an enterprise software company so it fits with Oracle sales and channels. ArcSight also runs on an Oracle database (for better and for worse). To me, Oracle makes sense as a potential suitor.
2. HP. HP people always tell me that they want to be in the security services, not the security products business. The company backed this up when it sold its identity management portfolio to Novell. ArcSight fits with OpenView/Opsware as enterprise software so it may have changed its mind, but HP probably wants to be careful with acquisitions in the wake of the Mark Hurd scandal. Heck, HP put in a bid for 3PAR this week and Wall Street went nuts. Given these factors, I’d be surprised if it were HP.
3. EMC. Forget this rumor. EMC already bought one of ArcSight’s primary competitors (Network Intelligence, now RSA EnVision). There are a dozen security acquisitions I could think of that would make more sense for EMC/RSA.
4. IBM. Great fit in terms of enterprise software but this would be IBM’s third security management offering (the original Tivoli security manager and then GuardedNet which IBM got as a result of the Micromuse deal). Neither of these products have really resonated in the market. If anyone can erase two previous products, IBM can. I rate this one as likely as Oracle.
5. CA. CA’s security presence is really limited to the identity space. Like IBM, CA has tried several times to penetrate the security management market with little success. I can see CA wanting ArcSight but if Oracle or IBM jump in, the price may quickly get too high for CA.

Given the Intel deal, McAfee is likely out of the running. I’ve heard through the grapevine that McAfee made several attempts at ArcSight but the price tag was just too big. Symantec, like IBM and CA, has also developed security management products that haven’t taken off in the market. If Enrique Salem is up for another big acquisition, ArcSight would be a great fit.

Finally, wherever ArcSight ends up, there are plenty of other innovative security management companies that may quickly follow. Feisty Q1 Labs would be a natural for Juniper. Brainy Nitro Security could be a fit for Cisco or CA. LogRhythm could be a good addition for HP, Check Point, Websense, etc.

ArcSight deserves what it gets as it really guided the security market moving forward. Its fate will greatly influence the enterprise security market moving forward.

You can read Jon’s other blog entries at Insecure About Security.

A few financial analysts who cover Intel say that this is about Intel’s mobile device aspirations. Maybe, but McAfee just got into the mobile device security market and my guess is that this business accounts for $5 million in revenue or less.

Sorry Wall Street but that ain’t it at all. I believe that Intel sees the same thing I see. The security market is wildly fragmented with vendors producing tactical point products for its customers. These point products can no longer address the environment of sophisticated and massive threats. In the very near future, enterprise and service provider security technologies must deliver unprecedented levels of scalability, manageability and integration.

Guess what? In today’s market there isn’t a single vendor who can deliver a security product suite anywhere near what’s needed in the market. Get it Wall Street? There is massive emotional demand but no supply. Here’s the kicker — without significant improvements in security, this whole Internet party hosted by companies like Amazon, eBay, Facebook, Google, etc. could get really, really ugly soon.

To be fair, McAfee can’t deliver the level of scale, manageability and integration that the market demands but it’s as close as any other vendor. Combine this with Intel hardware, money, and brainpower and you’ve gotten something.

I believe Intel sees a market opportunity, not a product opportunity. Yes, there is plenty of room to integrate McAfee with mobile phones, microprocessors, and NSPs but this is a footnote to the story.

A few other observations:

1. With its deep pockets, Intel should free McAfee to continue to bolster its portfolio. McAfee should grab ArcSight soon to fill its security management gap with an enterprise leader.
2. The next logical candidates to double down on security are IBM and EMC/RSA. The next logical target, Check Point — maybe others like Fortinet, Sourcefire, RedSeal, Nitro Security, LogRhythm, etc.
3. While Symantec’s position just got stronger, Wall Street is waiting to see how the company will digest, integrate, and build upon recent acquisitions PGP and Verisign.
4. If there is a better CEO success story than Dave DeWalt’s, I’m not aware of it. DeWalt came in a few years ago when McAfee was knee deep in a stock options scandal. He took over, changed the culture, acquired well, pointed the company at the enterprise and voila, sells the whole enchilada to Intel. Not sure if Dave will stick around but I’ll bet HP’s interest in him is sky high.
5. The combination of Intel and McAfee is a “dream team” for the Feds’ cybersecurity efforts. The two together have security software and can throw massive amounts of hardware at monitoring, filtering, and recording all of the traffic on Federal networks. McAfee already gets hundreds of millions from the Feds. I can see this revenue going beyond $1 billion over the next few years.

Read Jon’s other blog entries at Insecure About Security.

http://housecybersecuritycaucus.langevin.house.gov/

As of today, the site is a little light on content with the latest news being an August 2 press release announcing the new web presences. The “facts and figures” and “resources” tabs are full of standard information available on many other sites. There is also a link to the now famous Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th President. A very informative document albeit that is nearly 2 years old.

No, not much here yet, but it’s summertime so I’ll give the congressmen the benefit of the doubt. When the House returns to work, however, I am hopeful that this site will serve a valuable purpose — as an aggregation point for Federal cybersecurity efforts. This should include but not be limited to:

1. Pending legislation: Last time I checked there were 8 bills in various stages making their way through the House and Senate. The House cybersecurity caucus site could be a clearinghouse for information on this activity.
2. Cybersecurity programs. These are happening at DOD, DHS, NSA, and many of the civilian agencies. What do these programs do? How much is being spent? The cybersecurity caucus can help the American people get their arms around how their tax dollars are being spent.
3. The state of cybersecurity in the Federal government. There are lots of sources for the private sector but I’d like to see the house cybersecurity caucus website act as an aggregation point for Federal news. Which agencies are being breached? What is the current status of TIC, CNCI, and Einstein? Yes, this information is available today, but it would be nice to find it without a 1995-like web surfing session.

I’ve met Congressman Langevin several times and I truly believe he is sincere in his desire to rein in the endless Washington lobbying and champion real cybersecurity progress in the U.S. Federal government. The public has a right to demand action while staying informed. Those over 40 remember the infamous DOD “$500 hammers” in the 1980s and don’t want to see real cybersecurity concerns turn into spending boondoggles.

The House Cybersecurity Caucus site could provide a valuable public service if it helps aggregate disparate activities and acts as a Federal cybersecurity information hub. If this site is not intended to do this, then another one should — perhaps White House Cybersecurity Coordinator Howard Schmidt can work with the House Cybersecurity Caucus to make this happen.

Addressing cybersecurity issues demands real information sharing. Not just between security devices and SOCs, but between legislators and citizens. Let’s hope that the House Cybersecurity Caucus or some other Federal government site eschews political agendas and really educates and informs the American public.

Read Jon’s other blog entries at Insecure About Security.

There are a few common themes here. Each vendor is targeting consumers with whiz-bang functionality and lots of applications. Video capabilities are highlighted in all cases.

Given this focus, you would think that mobile devices = consumer devices but this is not the case. Enterprises are also running to and jumping on the mobile device bandwagon in a big way.

ESG Research surveyed 174 IT professionals about their organizations’ adoption and use of mobile devices. Here are a few data points that illustrate growing mobile device usage in the enterprise.

Question 1. What are your organization’s spending plans for mobile devices and mobile device support?

37% spending will increase significantly
45% spending will increase moderately
14% spending will stay flat
3% spending will decrease
1% don’t know

Question 2. How important are mobile devices to your organization’s business processes and productivity?

38% critical
48% important
11% somewhat important
1% not important today but will be important in the future
1% not important today or in the future
1% don’t know

Question 3: Does your organization develop, or plan to develop, specific applications for mobile devices?

28% already develop applications for mobile devices
34% plan to develop applications for mobile devices
26% no plans at this time but interested in developing apps.
11% no plans or interest in developing apps.
1% don’t know

In summary, enterprises are spending more on mobile devices and device support, they believe these devices are “critical” or “important” for the business, and most already develop mobile device applications or plan to do so.

Sounds to me like every IT vendor in the endpoint (PC, laptop, mobile device), network, security, management, and application markets should have a mobile device strategy. Those that either haven’t developed or articulated their strategies are way behind.

Read Jon’s other blog entries at Insecure About Security.

Overview

As July 2010 wound down last week, Juniper Networks made a relatively quiet, but potentially strategic, acquisition. The company announced its intention to acquire SMobile Systems, a privately-held software business specializing in smartphone and tablet computer security, for $70 million USD.  SMobile supports all major wireless devices (Blackberry, Windows Mobile, iPhone, Android, iPad, etc.).  From a market perspective, BT is already bundling SMobile on many mobile phones and Sybase uses SMobile for the security of its mobile application platform.

This acquisition caught many industry watchers by surprise.  Why would Juniper dip its proverbial toe into the mobile device security pool?  Because:

• SMobile bolsters the Juniper software strategy. Led by Juniper’s CEO (and former Microsoft bigwig) Kevin Johnson, Juniper is building upon its core operating system (JUNOS) with a growing portfolio of software assets and industry partnerships.  The SMobile acquisition actually supports this strategy by integrating SMobile with JUNOS Pulse (Juniper’s endpoint software) to create unified endpoint software for network connectivity, security, and acceleration.  Juniper believes this combination offers a unique set of capabilities for enterprise customers and existing partners like Sybase and other ISVs.
• Mobile devices align with Juniper’s service provider market strength. While Juniper has made great strides in the enterprise market, its historical strength is in selling to the global telecommunications industry at large. For the most part, wireless network activity is where all of the action is: growth, investment, services opportunities, etc. As a trusted partner, Juniper can push SMobile/JUNOS Pulse to wireless carrier partners, help them create mobile security services, and boost their critical average revenue per unit (ARPU) metrics.  The BT/SMobile deal illustrates the potential here.

Mobile devices are also network devices used for connecting to applications, streaming real-time content, or downloading files.  Given their network dependence, mobile device security aligns well with the overall Juniper product portfolio and strategy.

The Mobile Endpoint Security Opportunity

At a high level, Juniper’s acquisition makes strategic sense, but Juniper is a company most often associated with core routers and massive perimeter firewalls.  Why jump into mobile endpoint security?  Because:

• Enterprise mobile devices are demonstrating business value.  According to ESG’s research, 37% of large organizations claim that “mobile device spending is growing significantly.” Why?  Mobile devices are becoming essential to business processes.  In fact, 38% of large organizations say that mobile devices are “critical” to their organizations’ business processes and productivity, while another 45% claim that mobile devices are “important” (see Figure 1).  In addition, mobile device use is expanding beyond e-mail—28% of organizations have already developed applications specifically for mobile devices while another 34% plan to do so.  Clearly, the business value of mobile devices will continue to escalate moving forward.

• Mobile device security is a big problem. When IT professionals were asked to identify their organizations’ “biggest mobile device challenges,” “device security” topped the list (see Figure 2). Solving these security challenges is critical to attaining the business process and productivity benefits described above.

• The market is still up for grabs. To date, the mobile device security market remains relatively small, dominated by specialists rather than household security brands like McAfee, Symantec, and Trend Micro. ESG’s data indicates that this is about to change, creating an opportunity for existing enterprise security leaders and service providers. With its acquisition of SMobile, Juniper hopes to gain a first mover market advantage.

It’s hard to characterize mobile device security as a “green field” opportunity, but ESG’s data indicates that rapid growth on the demand side is currently addressed by immature niche solutions from the suppliers.  Juniper hopes that its SMobile acquisition will establish the company as an early mobile device security leader while driving additional enterprise and service provider sales opportunities in the process.

Juniper’s To-Do List

Juniper’s SMobile acquisition is well aligned with its overall strategy and it could help create new synergies for both enterprise and service provider sales.  That said, the mobile device security market is immature and Juniper is not a strong brand in endpoint security software.  To fully achieve its strategic goals, Juniper must:

• Branch out in the enterprise. Juniper’s conversations in the enterprise are anchored in core networking or network security, but mobile device security doesn’t fit neatly in either one of these buckets.  Juniper needs to expand its enterprise footprint, finding ways to engage other interested stakeholders like CISOs, compliance officers, legal departments, and line of business managers.  The goal?  Convince them that Juniper—and its partners—can help them secure and accelerate network business processes.
• Integrate with existing endpoint security solutions. Enterprises want integrated security suites, not additional point tools.  In fact, ESG’s data indicates that 28% of organizations believe that it is “critical” that mobile device security is fully integrated with endpoint security systems.  Since Juniper is not likely to acquire McAfee, Symantec, or Trend Micro, it should extend technical olive branches to these and other endpoint security vendors.  This means opening up—and marketing—JUNOS Pulse APIs, creating data standards, and devising ways to exchange mobile device security data with the endpoint security community at large.
• Develop and market mobile device security solutions with carrier partners. Juniper wins big if its wireless carriers establish lucrative mobile device security services.  To maximize its potential for success, Juniper should co-develop solutions, jointly market these services to its enterprise customers, invest in sales training, establish tiered support options, and dedicate funds for co-branded advertising and PR.
• Get the word out on JUNOS Pulse. Part of the rationale for acquiring SMobile was to grow JUNOS Pulse revenue and build the Pulse development community.  These are worthwhile goals, but outside of Juniper’s inner circle, JUNOS Pulse is all but invisible.  Juniper should use the SMobile acquisition halo effect to double down on Pulse marketing and partner recruitment.  As stated previously, the global endpoint security software community would make a great initial target.

The Bigger Truth

The SMobile acquisition represents a new direction for Juniper Networks as it focuses on network nodes rather than the network itself.  What’s Juniper’s angle, then?  Use JUNOS as the integration glue in order to enable fast, safe, and programmable mobile endpoint connections.

In theory, this is a brilliant move.  As ESG’s data indicates, large organizations are investing in wireless technology and applications, so security is bound to follow. With SMobile in tow, Juniper can:

1. Sell networking and mobile device security directly to enterprise customers, or;
2. Work with wireless carriers on custom offerings made up of JUNOS Pulse, JUNOS, SMobile, and a bit of unique custom software.

Juniper deserves kudos for strategic creativity, but it now faces an execution challenge that is unprecedented in its history.  To succeed, Juniper must look outward to new audiences.  Beyond carriers and traditional enterprise networking customers, it needs to encourage industry support for JUNOS Pulse development, broaden its enterprise reach, and create “skin-in-the-game” programs for its carrier customers.  These moves could help Juniper capitalize on SMobile and position itself for future business moves beyond core networking alone.

1. This is a pretty big deal for three reasons: Traditional firewalls offer limited help. Web 2.0 applications and social networking widgets bypass network firewalls over wide open Port 80, opening the enterprise to a new threat vector. Check Point can now address this vulnerability.
2. Check Point throws its hat into the Palo Alto Networks ring. To date, Palo Alto Networks has created a market with a unique Web application-specific firewall. Check Point can now compete with Palo Alto on specific application security deals or push Palo Alto aside in its installed base.
3. The introduction of the application control software blade is just the latest offering in a growing and integrated portfolio. Very quietly, Check Point has put together exactly what enterprise organizations are looking for — a tightly integrated, comprehensive security suite. If Check Point improves its sales and marketing skills, it could push tactical competitors aside and open itself to extremely big enterprise opportunities.

Check Point’s application control software blade is a winner on its own, and even more so in a broader Check Point security architecture. Gil Schwed and Co. need to broadcast this news.

Read Jon’s other blog entries at Insecure About Security.

There is no shortage of vendors in the security space, but I believe Dell has an opportunity here. Security issues don’t discriminate by organizational size — small companies have to have the same type of protection that larger ones do. That said, security is complex and grows more difficult daily. Dell has the opportunity to help SMBs simplify security by providing tightly packaged and configured end-to-end security solutions. Yes, others can do this too but most security vendors have wide gaps in their portfolios. Dell can sell systems, storage, networks and the whole security enchilada.

In the short-term, Dell will really be another point products security provider so its presence is likely to hurt network security players like Fortinet and SonicWall and the army of endpoint security vendors. In the longer-term, as it adds to its portfolio, broadens its services, and starts to understand security best practices and methodologies like the Consensus Audit Guideline (CAG), Dell can truly be an SMB security partner.

Security provides Dell with a unique opportunity to help customers overcome complex security challenges and increase its value. In this way, security may be even more valuable than its existing hardware portfolio.

Read Jon’s other blog entries at Insecure About Security.

Bad news: Getting this far took far too long. While diplomats debated over wording and process, the state of cybersecurity severely degraded.

It seems that politicians and diplomats are long on protocol and thus missing the forest through the trees. Cybersecurity isn’t like physical border disputes or long-term efforts. Rather, threats morph and grow more dangerous every day. In the meantime, there are no international rules of engagement or agreements for cooperation — and no one nation can solve this problem alone.

What we need here is not long drawn out negotiations and formal agreements but a series of cooperative phases with measurable progress at each milestone.

The U.N. has a chance to really make a difference with cybersecurity. Let’s hope that diplomats realize that we are dealing with a real-time issue and respond with 21st century solutions rather than 19th century pomp and circumstance.

Read Jon’s other blog entries at Insecure About Security.

So what’s needed? The next generation of log management featuring:

1. Consolidation of logs and network flows. Some vendors collect both of these data sources but most don’t. Log and flow data together tells about individual network nodes and where they are connecting, helping me understand the origins and ramifications of an attack. Without this combination, I am filling in the blanks in one area or the other.
2. Location awareness. Yes, I want to know what happened but I also want to know where it happened. An IP address is a piece of random evidence while an IP address in the Ukraine may constitute a crime scene.
3. Deeper granular visibility. The system logs provide the big picture but researchers need to dig into particular sub-routines and processes to get a more accurate understanding of what happened. This requires the correlation of many types of data inputs and visual tools that make these relationships understandable.

Leading log management vendors like ArcSight, LogRhythm, Q1 Labs, and others realize that log management isn’t just about collecting and storing esoteric IT data, it is about providing organizations with the right data and tools to make this data actionable.

It’s time for users and other vendors to realize that the next generation of log management isn’t a visionary concept, it is an absolute requirement.

Read Jon’s other blog entries at Insecure About Security.