From: http://www.eweek.com/c/a/Security/McAfee-Makes-Cloud-Computing-Security-Play-649121/?kc=rss
McAfee is taking a swing at securing cloud environments with a new service aimed at software-as-a-service providers.
Dubbed the McAfee Cloud Secure program, the service is essentially designed to compliment annual audits of security and process controls many cloud vendors undergo for certification purposes. With McAfee Cloud Secure, McAfee officials said they will partner with certification providers and offer an additional layer of security by providing a daily scan of application, network perimeter and infrastructure vulnerabilities.
Those that pass will receive a "McAfee SECURE" stamp of approval.
Securing cloud environments was one of the big topics at the RSAsecurity conference earlier this month. According to a survey by IDCon attitudes towards the cloud, 87.5 percent of participants said security concerns were the most significant challenges to cloud adoption.
"SAAS vendors have a difficult time convincing prospects that their services are secure and safe," said IDC analyst Christian Christiansen in a statement.
The McAfee offering is a step in the right direction however, he said.
While McAfee and other vendors have talked in the past about providing security from the cloud, this announcement marks an example of a growing focus in the industry on providing solutions to secure cloud environments themselves.
“McAfee looks at the cloud really from three different angles, which is security from the cloud, in the cloud and for the cloud,” explained Marc Olesen, senior vice president and general manager of McAfee’s software-as-a-service business, in an interview with eWEEK.
“What’s really been out there today are (annual) process certification audits…that address the process controls and security controls that cloud providers have in place,” Olesen said. “This has typically been an ISO-27001 certification or an SAS-70 certification that cloud providers are using, and we feel that that’s very important, but it’s just a start.”
Showing posts with label Vendor. Show all posts
Showing posts with label Vendor. Show all posts
Monday, March 22, 2010
Tuesday, January 5, 2010
Major Christmas e-Card Spam Campaign
From the Blue Coat Security Blog: http://www.bluecoat.com/blog/major-christmas-e-card-spam-campaign
During the holidays, the Blue Coat Web Filter™ team continues to keep an eye on things, both the results of the various WebPulse™ automated processes and the various data streams that the human analysts monitor. One trend worth remarking on has been a flood of "e-Card" spam in our honeypots. This began a few days before Christmas, and is still continuing.
As it turns out, this will also give me a chance to talk a little bit about a category of software we call "Potentially Unwanted Software". (Or "PUS" for short.)
The spam e-mails' subject line varies, but it's typically something like "[name], Someone sent you a Christmas Card".
The actual body of the e-mail doesn't contain a card, but instead invites you to "Send Cards for Christmas[...] Everyone has email, send them an eCard they'll love, save money on postage."
The spam comes from a variety of constantly changing domains (e.g., familyvalues1b.com, lifepartner1d.com...), and clicking the link inside routes you through about four hidden-relay sites to eventually reach the e-card site.
WebPulse™ already knew about most of the spam relay sites (I've added the new ones), and also has some interesting information about the e-card site.... It turns out to have been on Santa's "Naughty List" for more than six months, when one of our analysts noted that the Toolbar it wants you to install garnered a lot of hits in virus scanners. The majority of those hits were categorized as Adware/Spyware type software, which fits in with our P.U.S. category. This analysis was confirmed by a second analyst a couple of months later, who took a deeper look.
We define the P.U.S. category as "Sites that distribute software that is not malicious but may be unwanted within an organization such as intrusive adware and hoaxes." (Where "not malicious" means something like "doesn't deliberately harm/crash your computer, or steal your banking passwords" -- that would clearly be Malware.)
Adware is software that sits on your computer, watches where you go on the internet, and serves you extra ads beyond those normally found on the web sites, often in the form of pop-up or pop-under ads. (This is something different from web-ad sites that use "beacons" on multiple client sites to track your visits and decide which ads you see as part of the pages you visit. While these may still be a privacy concern for you, if they don't install software on your computer, they're not P.U.S.) Adware may sometimes be a legitimate method of "payment" for "free" versions of software. More often, it's an intrusive privacy risk.
P.U.S. is also frequently criticized for "bloating" your computer (consuming too many resources) and slowing it down.
Due to the annoyance, performance hit, privacy concerns, and an overall "shadiness factor", I always recommend that our customers block the P.U.S. category. (Exceptions may always be made, of course, by "whitelisting" particular sites where you've checked out the software and EULA, and feel that the benefits outweigh the risks -- the customer is always in control of what gets blocked.)
This month, due to their behind-the-scenes involvement in a deceptive and unwanted spam campaign, with fake/junk domains and a series of shady relays, we've added a Suspicious rating to the parent site as well. (Just call it a little "Christmas e-Card" of our own.)
During the holidays, the Blue Coat Web Filter™ team continues to keep an eye on things, both the results of the various WebPulse™ automated processes and the various data streams that the human analysts monitor. One trend worth remarking on has been a flood of "e-Card" spam in our honeypots. This began a few days before Christmas, and is still continuing.
As it turns out, this will also give me a chance to talk a little bit about a category of software we call "Potentially Unwanted Software". (Or "PUS" for short.)
The spam e-mails' subject line varies, but it's typically something like "[name], Someone sent you a Christmas Card".
The actual body of the e-mail doesn't contain a card, but instead invites you to "Send Cards for Christmas[...] Everyone has email, send them an eCard they'll love, save money on postage."
The spam comes from a variety of constantly changing domains (e.g., familyvalues1b.com, lifepartner1d.com...), and clicking the link inside routes you through about four hidden-relay sites to eventually reach the e-card site.
WebPulse™ already knew about most of the spam relay sites (I've added the new ones), and also has some interesting information about the e-card site.... It turns out to have been on Santa's "Naughty List" for more than six months, when one of our analysts noted that the Toolbar it wants you to install garnered a lot of hits in virus scanners. The majority of those hits were categorized as Adware/Spyware type software, which fits in with our P.U.S. category. This analysis was confirmed by a second analyst a couple of months later, who took a deeper look.
We define the P.U.S. category as "Sites that distribute software that is not malicious but may be unwanted within an organization such as intrusive adware and hoaxes." (Where "not malicious" means something like "doesn't deliberately harm/crash your computer, or steal your banking passwords" -- that would clearly be Malware.)
Adware is software that sits on your computer, watches where you go on the internet, and serves you extra ads beyond those normally found on the web sites, often in the form of pop-up or pop-under ads. (This is something different from web-ad sites that use "beacons" on multiple client sites to track your visits and decide which ads you see as part of the pages you visit. While these may still be a privacy concern for you, if they don't install software on your computer, they're not P.U.S.) Adware may sometimes be a legitimate method of "payment" for "free" versions of software. More often, it's an intrusive privacy risk.
P.U.S. is also frequently criticized for "bloating" your computer (consuming too many resources) and slowing it down.
Due to the annoyance, performance hit, privacy concerns, and an overall "shadiness factor", I always recommend that our customers block the P.U.S. category. (Exceptions may always be made, of course, by "whitelisting" particular sites where you've checked out the software and EULA, and feel that the benefits outweigh the risks -- the customer is always in control of what gets blocked.)
This month, due to their behind-the-scenes involvement in a deceptive and unwanted spam campaign, with fake/junk domains and a series of shady relays, we've added a Suspicious rating to the parent site as well. (Just call it a little "Christmas e-Card" of our own.)
Thursday, December 17, 2009
Cisco / Ironport integration goes one step further
Ironport has announced that its support website has moved under Cisco's support website today. Anyone using the Ironport website for support will now have to get a Cisco support login, and visit the support resources at that location.
It appears the Ironport acquisition is now almost fully complete at Cisco.
It appears the Ironport acquisition is now almost fully complete at Cisco.
Wednesday, December 16, 2009
Blue Coat starts a security blog
Blue Coat Systems, started up a new security blog, in addition to the security alerts they already send out to their customers. For those that are interested in hearing what Blue Coat's top engineers and product managers have to say about the latest security threats, you can visit their security landing page to read the blog, see the security alerts, and view some graphical information about the latest malware threats.
Thursday, November 5, 2009
Blue Coat Acquires S7
On Thursday, the company said it would acquire S7 Software, a services company based in Bangalore. Blue Coat is paying US$5.25 million in cash for the 65-person company.
S7 specializes in migrating applications from one platform to another. Blue Coat sells network security and performance monitoring appliances, but it is buying S7 because of the company's software development expertise.
Blue Coat also announced it is restructuring its business, and Blue Coat will shift an undisclosed number of engineering jobs from its Sunnyvale, California, and Austin, Texas, offices to S7's offices in Bangalore and other locations. With new hires and S7 additions, the company's total headcount reduction as part of the restructuring will be around 10 percent.
S7 specializes in migrating applications from one platform to another. Blue Coat sells network security and performance monitoring appliances, but it is buying S7 because of the company's software development expertise.
Blue Coat also announced it is restructuring its business, and Blue Coat will shift an undisclosed number of engineering jobs from its Sunnyvale, California, and Austin, Texas, offices to S7's offices in Bangalore and other locations. With new hires and S7 additions, the company's total headcount reduction as part of the restructuring will be around 10 percent.
Tuesday, November 3, 2009
M86 Buys Finjan Security
M86 (formerly Marshal8e6 - the merger of Marshal and 8e6 Technologies) announced today the acquisition of Finjan Security, a web and email security vendor. This latest deal confirms that the security industry consolidation continues.
Finjan brings to the table a secure Web gateway product and software-as-a-service solutions, M86 said in a statement. Under the merger, which is effective immediately, Finjan will maintain a development center and operations in Netanya, Israel.
The U.S.-based Finjan SW will remain an independent company to retain its malware detection intellectual property, according to a statement.
M86 was created a year ago with the merger of Marshal and 8e6. In March 2009, the combined company acquired behavioral malware detection company Avinti.
Last week, Cisco Systems said it was buying Web-based security software company ScanSafe. And earlier in October, Barracuda Networks, which makes security appliances, announced its purchase of Purewire, a Web security-as-a-service provider.
Meanwhile, vulnerability management provider Rapid7 recently acquired Metasploit, an open-source penetration testing framework and exploit database.
Finjan brings to the table a secure Web gateway product and software-as-a-service solutions, M86 said in a statement. Under the merger, which is effective immediately, Finjan will maintain a development center and operations in Netanya, Israel.
The U.S.-based Finjan SW will remain an independent company to retain its malware detection intellectual property, according to a statement.
M86 was created a year ago with the merger of Marshal and 8e6. In March 2009, the combined company acquired behavioral malware detection company Avinti.
Last week, Cisco Systems said it was buying Web-based security software company ScanSafe. And earlier in October, Barracuda Networks, which makes security appliances, announced its purchase of Purewire, a Web security-as-a-service provider.
Meanwhile, vulnerability management provider Rapid7 recently acquired Metasploit, an open-source penetration testing framework and exploit database.
Tuesday, October 27, 2009
Cisco to Acquire SaaS Web Security Leader ScanSafe
This morning, Cisco announced its intention to purchase ScanSafe, a provider of SaaS Web Security. It's another announcement in a string of acquisitions in the web security space, the most recent was Barracuda's announcement of their intention to purchase PureWire, another SaaS Web Security provider.
ScanSafe is based in London and San Francisco, and its Web security solutions are targeted at organizations ranging from global enterprises to small businesses.
From the announcement:
There's definitely more interest lately in Web Security, and I think you'll only see more in the acquisition arena, in addition to new offerings from various vendors. With malware being as prevalent in web pages as in email, this trend can only continue.
ScanSafe is based in London and San Francisco, and its Web security solutions are targeted at organizations ranging from global enterprises to small businesses.
From the announcement:
"With the acquisition of ScanSafe, Cisco is executing on our vision to build a borderless network security architecture that combines network and cloud-based services for advanced security enforcement," said Tom Gillis, vice president and general manager of Cisco's Security Technology Business Unit (STBU). "Cisco will provide customers the flexibility to choose the deployment model that best suits their organization and deliver anytime, anywhere protection against Web-based threats."
Web security is a large and expanding market expected to grow to $2.3 billion by 2012. By acquiring ScanSafe, Cisco is building on its successful acquisition of leading on-premise content security provider IronPort. The acquisition brings together the Cisco IronPort(TM) high-performance Web security appliance and ScanSafe's leading SaaS Web security service. This combination will expand Cisco's security portfolio to offer superior on-premise, hosted, and hybrid-hosted Web security solutions.
"ScanSafe pioneered the market for SaaS Web security and continues as a leader in this rapidly growing market," said ScanSafe CEO Eldar Tuvey. "At a time when enterprises are increasingly focused on a flexible and mobile workplace, the need for hybrid-hosted Web security solutions is greater than ever. By joining the Cisco team we will be able to offer even better and more flexible protection to our customers."
ScanSafe's service will be integrated with Cisco® AnyConnect VPN Client, the newest virtual private network (VPN) product from Cisco, to provide the industry's leading secure mobility solution. In addition, ScanSafe's global network of carrier-grade data centers and multi-tenant architecture will further enhance Cisco's ability to provide new cloud-security services for customers anywhere in the world.
Upon the close of the acquisition, the ScanSafe team will become part of Cisco's STBU, reporting to Gillis.
The ScanSafe acquisition demonstrates Cisco's commitment to security and its ability to use its financial strength to quickly capture key market transitions through its build, buy, and partner strategy. Under the terms of the agreement, Cisco will pay approximately $183 million in cash and retention-based incentives. The acquisition is subject to various standard closing conditions and is expected to close in the second quarter of Cisco's fiscal year 2010.
There's definitely more interest lately in Web Security, and I think you'll only see more in the acquisition arena, in addition to new offerings from various vendors. With malware being as prevalent in web pages as in email, this trend can only continue.
Thursday, October 22, 2009
Using Reverse Proxies for Front Ending Exchange
The Microsoft Exchange Team Blog wrote this week on the topic of Exchange 2010 (and 2007) Client Access Servers in the perimeter network, similar to the way "FE" (front end) servers are placed for Exchange 2000/2003. Their recommendation? Don't do it.
Instead the recommendation is to use reverse proxies. Their explanation:
If Microsoft recommended FE servers to be in the perimeter network for 2000/2003, what are the other reasons they've changed their stance for Exchange 2007 and 2010? Here's some of the more detailed rationale:
It looks like Microsoft is coming around to what we've known here all along, which is the proxy is still the best solution for securing web traffic coming into and out of the organization.
(Side note: I love the title of their blog "You had me at EHLO" - as a former postmaster, I can really appreciate it.)
Instead the recommendation is to use reverse proxies. Their explanation:
Reverse Proxies are built to be put in the perimeter network or at the edge of the network. They include many security features and flexibility for customers to determine the level of defense-in-depth which is right in any particular environment.
If Microsoft recommended FE servers to be in the perimeter network for 2000/2003, what are the other reasons they've changed their stance for Exchange 2007 and 2010? Here's some of the more detailed rationale:
The E2000/E2003 FE servers were there to authenticate users and proxy traffic to the BE server where the traffic was actually interpreted and responded to. For example, the FE servers in E2000/E2003 don't do any Outlook Web Access (OWA) rendering. That all takes place on the BE servers.
The E2007/E2010 CAS role on the other hand contains all middle-tier logic and rendering code for processes like OWA, Exchange ActiveSync (EAS), Exchange Web Services (EWS), and more.
It looks like Microsoft is coming around to what we've known here all along, which is the proxy is still the best solution for securing web traffic coming into and out of the organization.
(Side note: I love the title of their blog "You had me at EHLO" - as a former postmaster, I can really appreciate it.)
Tuesday, October 13, 2009
Barracuda snags Purewire in Web security play
It was announced today that security appliance maker Barracuda Networks has acquired Purewire, a Web security-as-a-service provider. The acquisition gives Barracuda the SaaS offering. Barracuda also reported that the deal provides some additions to its security researcher and threat detection capabilities.
Barracuda offers lower end e-mail, Internet, Web, and instant messaging protection in appliance form factors, much of it based on open-source software. Purewire launched its Trust Web reputation service earlier this year.
Barracuda offers lower end e-mail, Internet, Web, and instant messaging protection in appliance form factors, much of it based on open-source software. Purewire launched its Trust Web reputation service earlier this year.
Friday, September 18, 2009
Websense to Revise OEM Royalty Revenue Recognition Policy
Apparently Websense found it needed to revise its revenue recognition policies this week around some OEM agreements they acquired when they purchased SurfControl. This revenue recognition policy is forcing them to go back to 2007 and to reduce the amount of recognized revenue.
From the press release:
Obviously this doesn't affect users of Websense or SurfControl software, but does change numbers for those of you interested in the company from an investment point of view. It also shows they have lower market share numbers (based on revenue) than previously thought, if that makes a difference in your purchasing plans.
From the press release:
As a result of this change, the company's financial statements for the fiscal years ended December 31, 2007 and 2008 and for the fiscal quarters ended March 31, 2008, June 30, 2008, September 30, 2008, March 31, 2009 and June 30, 2009 should no longer be relied upon.
Obviously this doesn't affect users of Websense or SurfControl software, but does change numbers for those of you interested in the company from an investment point of view. It also shows they have lower market share numbers (based on revenue) than previously thought, if that makes a difference in your purchasing plans.
Friday, June 12, 2009
IPv6 Proxy
Blue Coat Systems, the technology leader in Application Delivery Networking, today announced that it will demonstrate a secure migration path for applications and services from IPv4 to IPv6 during Interop Tokyo, 10-12 June, 2009. The technology demonstration will be part of ShowNet, Interop Tokyo’s network that will showcase the interoperability of emerging technologies and service architectures, such as virtualization, cloud computing and IPv6.
In the early design stages of the Internet, IPv4 (Internet Protocol Version 4) was created to enable devices to communicate with one another and supported roughly 4 billion IP addresses. However, the exponential growth in the number of communications devices using IP addresses is exhausting the available supply, which is expected to last through the next 12 to 24 months. At that time, only IPv6 addresses or existing IPv4 addresses will be available for use by new communications devices, and as a result, organizations will need to be able to transparently resolve IPv6 address requests, a problem that has been magnified by the growing adoption of Web-based services.
“While some organizations, particularly service providers and governments, have been preparing their networks for the transition to IPv6, the same attention hasn’t yet been paid to applications, creating potential security and services continuity challenges for businesses,” said Qing Li, Blue Coat Systems senior technologist and co-author of a two-volume reference series on IPv6. “The lack of true IPv6 application-oriented solutions, coupled with an economic climate of constrained IT budgets, will force organizations to investigate migration strategies in contrast to full-scale upgrades.”
With an intelligent IPv6 proxy appliance acting as an intermediary, the retrieval of applications, services and data in either an IPv4 or IPv6 environment is transparent to the users. This migration strategy ensures business process continuity without the complications associated with address translations, rewriting applications or upgrading the underlying network infrastructure. Additionally, secure proxy appliances are already an integral part of networks, so this migration path represents the least intrusive transition, enabling organizations to maximize return on existing and new network infrastructure investments and to scale networks in line with changing business requirements.
“To successfully navigate the transition to IPv6, organizations need a strategy that enables the secure migration of business applications and services without the need to rewrite them for an IPv6 environment,” continued Qing. “By utilizing an intelligent IPv6 proxy appliance to bridge IPv4 and IPv6 networks at the application layer, organizations can maintain their existing network and application configuration while enforcing compliance with corporate IT policies.”
In the early design stages of the Internet, IPv4 (Internet Protocol Version 4) was created to enable devices to communicate with one another and supported roughly 4 billion IP addresses. However, the exponential growth in the number of communications devices using IP addresses is exhausting the available supply, which is expected to last through the next 12 to 24 months. At that time, only IPv6 addresses or existing IPv4 addresses will be available for use by new communications devices, and as a result, organizations will need to be able to transparently resolve IPv6 address requests, a problem that has been magnified by the growing adoption of Web-based services.
“While some organizations, particularly service providers and governments, have been preparing their networks for the transition to IPv6, the same attention hasn’t yet been paid to applications, creating potential security and services continuity challenges for businesses,” said Qing Li, Blue Coat Systems senior technologist and co-author of a two-volume reference series on IPv6. “The lack of true IPv6 application-oriented solutions, coupled with an economic climate of constrained IT budgets, will force organizations to investigate migration strategies in contrast to full-scale upgrades.”
With an intelligent IPv6 proxy appliance acting as an intermediary, the retrieval of applications, services and data in either an IPv4 or IPv6 environment is transparent to the users. This migration strategy ensures business process continuity without the complications associated with address translations, rewriting applications or upgrading the underlying network infrastructure. Additionally, secure proxy appliances are already an integral part of networks, so this migration path represents the least intrusive transition, enabling organizations to maximize return on existing and new network infrastructure investments and to scale networks in line with changing business requirements.
“To successfully navigate the transition to IPv6, organizations need a strategy that enables the secure migration of business applications and services without the need to rewrite them for an IPv6 environment,” continued Qing. “By utilizing an intelligent IPv6 proxy appliance to bridge IPv4 and IPv6 networks at the application layer, organizations can maintain their existing network and application configuration while enforcing compliance with corporate IT policies.”
Tuesday, June 9, 2009
McAfee announces new whitepaper on browser attacks
Last week, security company McAfee announced the availability of a new whitepaper on browser attacks. McAfee discusses the evolution of the browser from a simple tool to the fully functional software platform it is today. With corporate users, now using browsers to perform a significant amount of their daily work on the web, it's more important now than ever to secure the safety of the browser against more frequent, and more dangerous attacks.
These security observations should be no surprise to any proxy administrator, who's been battling the threats on browsers and their end-users browsing the web for some time now. But the paper is good reminder and a good overview of the new threats that do exist in the web world, and should help justify the dollars we're spending on our proxy implementation, regardless of the vendor we're using.
Other areas the paper covers include:
• The shift in spam to mainly malicious web link usage
• “Web 2.0” sites—whether weblogs, social networking or portal sites—are increasingly spammed with links to malicious sites
• Legitimate sites are compromised and misused to either host malicious code or link to a malicious website
• Use of malicious video banners placed in advertisement networks
• Use of popular search terms to advertise and drive (search query) traffic to a malicious website. In a recent case in Germany, attackers used Google AdWords to attract users who searched for “flash player” to the attacker’s fake Adobe-look-alike site
These security observations should be no surprise to any proxy administrator, who's been battling the threats on browsers and their end-users browsing the web for some time now. But the paper is good reminder and a good overview of the new threats that do exist in the web world, and should help justify the dollars we're spending on our proxy implementation, regardless of the vendor we're using.
Other areas the paper covers include:
• The shift in spam to mainly malicious web link usage
• “Web 2.0” sites—whether weblogs, social networking or portal sites—are increasingly spammed with links to malicious sites
• Legitimate sites are compromised and misused to either host malicious code or link to a malicious website
• Use of malicious video banners placed in advertisement networks
• Use of popular search terms to advertise and drive (search query) traffic to a malicious website. In a recent case in Germany, attackers used Google AdWords to attract users who searched for “flash player” to the attacker’s fake Adobe-look-alike site
Thursday, June 4, 2009
Empty PDF delivers nothing but pain
Sophos reported on their blog this week on the new exploits in PDF files that seem to be the latest fad among hackers.
From their blog:
You'll notice in Sophos' description one key to this malware is visiting an external site. We've talked about this in the past, but this post is a good reminder about keeping URL databases on the proxy up to date, as well as having real time rating systems for new unclassified websites.
Sophos also offers one other recommendation for helping prevent this type of malware from infecting your site:
And of course anti-virus/malware at the proxy and the desktop doesn't hurt either.
From their blog:
... the Adobe PDF format allows for simple documents to be constructed with as little as a text editor and some off-the-shelf tools. When packaged up with stock heap-spraying javascript to trigger a known vulnerability in a particular flavor of PDF Reader a ready-made malware delivery mechanism results.
...
Opening the document renders an innocent blank page however the embedded JavaScript (if enabled) begins to execute, first decoding itself and then spraying the heap with shellcode in order to gain control of execution, or alternatively, visiting a site which determines the best exploit to server to continue the infection.
You'll notice in Sophos' description one key to this malware is visiting an external site. We've talked about this in the past, but this post is a good reminder about keeping URL databases on the proxy up to date, as well as having real time rating systems for new unclassified websites.
Sophos also offers one other recommendation for helping prevent this type of malware from infecting your site:
Disabling JavaScript handling in your favourite PDF reader is also an excellent way to avoid this particular malware deployment.
And of course anti-virus/malware at the proxy and the desktop doesn't hurt either.
Tuesday, June 2, 2009
Websense announces 20,000 websites compromised
Websense sent out a news announcement on May 29, 2009, stating that over 20,000 legitimate websites were compromised with an injection of malicious javascript pointing to an exploit site.
While this announcement sounds threatening, it should have been little concern to most proxy administrators if they were running an up to date proxy that knows how to block malicious websites that are embedded in webpages. This feature is available on high end proxies (like the Blue Coat ProxySG) and allows the end-user to view the content of legitimate websites while at the same time blocking the embedded malicious website.
If you're not sure if your proxy supports blocking of embedded websites, check with your vendor soon, especially if you're at risk of hitting one of these 20,000 websites.
While this announcement sounds threatening, it should have been little concern to most proxy administrators if they were running an up to date proxy that knows how to block malicious websites that are embedded in webpages. This feature is available on high end proxies (like the Blue Coat ProxySG) and allows the end-user to view the content of legitimate websites while at the same time blocking the embedded malicious website.
If you're not sure if your proxy supports blocking of embedded websites, check with your vendor soon, especially if you're at risk of hitting one of these 20,000 websites.
Saturday, April 11, 2009
McAfee slaps brand on Secure Computing products
For those of you keeping up on the acquisition news, McAfee's recent purchase of Secure Computing has finally moved down to the product lines. Some Secure partners were sent notice of it this past week, and informed of the changes in naming of the Secure products. SearchITChannel blogged about these changes:
SearchITChannel's writer seemed a little concerned that something was being lost in the renaming, and the new names do seem to lose Secure's identity. But maybe that's the point, as they're now McAfee.
So, say goodbye to IronMail and hello to McAfee Email Gateway.
So long Webwasher; hey to McAfee Web Gateway.
Sayonara to Sidewinder and howdy to McAfee Firewall Enterprise.
...
Securify morphs into McAfee User Behavior Analysis. SnapGear is now McAfee UTM Firewall. Secure Web SmartFilter is now just McAfee SmartFilter.
SearchITChannel's writer seemed a little concerned that something was being lost in the renaming, and the new names do seem to lose Secure's identity. But maybe that's the point, as they're now McAfee.
Friday, April 10, 2009
Web Filter Appliance Adds Feature To Protect Against Proxy Abuse
School Guardian, an SME and education focused Web filter appliance announced they have added a feature to help prevent proxy abuse, a significant problem in the K-12 market. We've talked about the use of anonymous proxies in previous posts here, and some of the solutions around it using features like real time rating of new websites/proxies. From The Journal:
School Guardian, in its latest version offers a feature known as SSL Interception, which helps to prevent students from using anonymous proxies such as Ultrasurf and Vtunnel.
While SSL Interception has long been a feature of Enterprise proxies, this is a nice enhancement for the K-12 market.
School Guardian, in its latest version offers a feature known as SSL Interception, which helps to prevent students from using anonymous proxies such as Ultrasurf and Vtunnel.
These sites allow users to engage in online activities "anonymously," so that sites they visit and Web filters that monitor their activity will not know the Web address where the activity originates.
The current standard for blocking access such sites is to use "SSL certificate checking," which confirms the validity of a site's electronic certificate. However, advances in Web security technology have sparked corresponding advances in methods to undermine such technology, and today site content can be encrypted against filters, and obtaining an electronic certificate is easier than ever.
While SSL Interception has long been a feature of Enterprise proxies, this is a nice enhancement for the K-12 market.
Tuesday, April 7, 2009
Websense Launches New Appliance
Websense, a well known vendor in the web filtering space announced their first appliance this week, the V10000. Websense's URL filtering database has been available on a number of proxy servers, including Blue Coat's ProxySG as well as in a standalone software package available for Windows and Unix platforms.
Some insight on why Websense chose to go the appliance route from Channel Insider:
The question here is whether Websense is too late to the game with a market that already has plenty of appliances, even ones that already run Websense software. A new product is always one that IT departments are wary of, so Websense's ability to succeed in a new market will remain to be seen.
Some insight on why Websense chose to go the appliance route from Channel Insider:
Websense, which recently completed a rebranding of the company, is trying to turn perceptions that it’s simply a Web filtering company that denies access to gross amounts of content and Websites to a technology provider that protects users without totally impeding Web access. The V10000 moves the company in that direction by providing security that strips or blocks malicious content from popular social networking sites—such as Facebook or Twitter—without impeding access or functionality.
The appliance, powered by two quad-core Intel Xeon processors and 16GB of DDR2 memory, sits at the gateway and provides application-layer inspection of all Web, peer-to-peer and instant messaging traffic. The appliance provides integrated Web proxy and cache management, giving users the ability to monitor and inspect SSL-encrypted traffic. Appliance management is through a Web-based console that enables granular policy configuration and compliance reporting.
The question here is whether Websense is too late to the game with a market that already has plenty of appliances, even ones that already run Websense software. A new product is always one that IT departments are wary of, so Websense's ability to succeed in a new market will remain to be seen.
Monday, March 23, 2009
The Gartner Phenomenon
It's not unusual for larger enterprises to use Gartner's opinions on IT products to help influence their purchasing decision. In the proxy world, Gartner publishes a Magic Quadrant for Secure Web Gateway, which covers web security devices, of which most are proxies.
For those unfamiliar with the Magic Quadrant, the idea is that each product/company gets put into one of four corners; "leaders", "challengers", "visionaries", and "niche players". In general most companies look to try to get into the "leaders" quadrant, and as far to the right and as far up as possible.
Typically if a company is in the "leaders" quadrant, that means they not only have significant market share, but they are also driving product direction and have a completeness of vision. If a company is in the "challengers" quadrant, they have market share, but typically it appears they don't have as much vision in driving new features in the product category. In the "visionaries" quadrant, the company tends not to have the market share, but has the vision and understanding of the product category. "Niche players" is the category for companies that don't have an overall market share or vision, and may play only in one small part of the market.
Companies change positions in the Magic Quadrant from year to year, so it's always interesting to see if they've gained market share and if they've somehow improved their vision. While the Magic Quadrant can help you make a decision on a product, it always pays to also make your own evaluation when choosing a product or solution.
For those unfamiliar with the Magic Quadrant, the idea is that each product/company gets put into one of four corners; "leaders", "challengers", "visionaries", and "niche players". In general most companies look to try to get into the "leaders" quadrant, and as far to the right and as far up as possible.
Typically if a company is in the "leaders" quadrant, that means they not only have significant market share, but they are also driving product direction and have a completeness of vision. If a company is in the "challengers" quadrant, they have market share, but typically it appears they don't have as much vision in driving new features in the product category. In the "visionaries" quadrant, the company tends not to have the market share, but has the vision and understanding of the product category. "Niche players" is the category for companies that don't have an overall market share or vision, and may play only in one small part of the market.
Companies change positions in the Magic Quadrant from year to year, so it's always interesting to see if they've gained market share and if they've somehow improved their vision. While the Magic Quadrant can help you make a decision on a product, it always pays to also make your own evaluation when choosing a product or solution.
Monday, March 9, 2009
12 Hot Web Security Products for the Mid-Market
CRN published a slideshow of the 12 Hot Web Security Products. It's a slide show of 12 of the top web security vendors, and there's no surprises in the list. The gamut of products, while described as "mid-market" really crosses from SOHO (small office/home office) all the way up to large enterprise.
What's interesting about this list is 10 of the products on the list are offered up as appliances, 2 as software-only, and one as Software as a Service (SaaS) [It adds up to 13, because one vendor is available as an appliance or software]. This list just goes to show that there's still an extreme bias towards appliances, especially ones that target a dedicated functionality. There's no revelation here, as appliances have been a particularly effective way to deploy security, allowing best of breed security applications to be put into the network with ease of use, high performance, and scalability.
What's interesting about this list is 10 of the products on the list are offered up as appliances, 2 as software-only, and one as Software as a Service (SaaS) [It adds up to 13, because one vendor is available as an appliance or software]. This list just goes to show that there's still an extreme bias towards appliances, especially ones that target a dedicated functionality. There's no revelation here, as appliances have been a particularly effective way to deploy security, allowing best of breed security applications to be put into the network with ease of use, high performance, and scalability.
Thursday, February 12, 2009
BlueCoat: Creating an economic advantage for users in 2009?
One of our favorite proxy vendors, Blue Coat Systems, has been at it again making news about their new Application Delivery Network vision that I've previously blogged about.
This time they took it to the analysts at a New York City Briefing Event and shared their roadmap and vision about proxies and how they relate to the vision of Application Delivery Networks. You can read all about it in ZDNet's review of the event.
This time they took it to the analysts at a New York City Briefing Event and shared their roadmap and vision about proxies and how they relate to the vision of Application Delivery Networks. You can read all about it in ZDNet's review of the event.
Subscribe to:
Posts (Atom)
Posts
