A Lighter Look at RSA 2013 San Francisco

RSA 2013 San Francisco was well attended.  There were over twenty thousand attendees.  Over 350 vendors participated in the trade show portion AhnLab owned the view from outside Moscone Center with flags promoting  their presence at the event.  Former Secretary of State Condoleezza Rice was the featured keynote speaker, the last day of event.   You know you’ve been in security for awhile when you go to one booth and recognize a few people that you’ve worked with, at different companies.

Advanced Persistent Threats (APTs), seemed to be the acronym du jour for RSA 2013 San Francisco this year.  There were a number of firewall vendors, as well.  Websense had a huge wall touting the results of a Miercom   test with their Web Security Gateway Anywhere appliance, versus a handful of competitors.  In looking at 2.26 million URLs, they identified and blocked over 132 thousand bad URLs.  The least effective result was achieved by FireEye who blocked 171 with their Web MPS 1300 appliance.  The report is available on the Websense web site.  Other companies in the test included Blue Coat, Cisco IronPort, and McAfee.  Germany had a pavilion with a number of companies.  China did as well.  Huawei,  from China, had a large booth in the corner of the exhibition hall.  No 60 Minute people were around.  The usual antivirus and internet security vendors were present; Trend Micro, McAfee, Symantec, Sophos, and ESET were there. NSS was distributing their latest firewall report.  WatchGuard was probably not pleased with the result.

However, enough about security.  What were the tchotchkes like?  Dentists appeared to sponsor many of the giveaways, since candy was rampant.  The usual pens and stress balls were all over the place.  More than a handful of booths were giving away quite nice water bottles.  Three motorcycles, including a Harley Davidson, were being given away.  The event was lighter than usual on tee shirts this year, but they were available at the Check Point, Kaspersky, AhnLab, and Trend Micro booths.  .  AhnLab had a slot machine with the grand prize being $10 thousand.  Light sabers were being given away.  A wookie and Leia (cinnabon hairstyle and all) were hanging in one booth along with the white storm troopers.   

There was a huge line for autographed copies of Kevin Mitnick’s latest book, The Art of Deception.  Likewise for Bruce Schneier and his latest book.  A $35 mini speaker was another giveaway at one booth, a company branded Rubik’s cube at another.  One company gave away a 3 feet long remote control helicopter at the end of each presentation.  Very cool.  Copious amounts of food and alcohol was served Monday evening during the two-hour preview to the show.  One company had a box to put one of your tchotchkes in.  A lucky person was going to win the whole box.  Seinfeld’s “no soup for you” guy was at the show for people wanting to have their picture taken with him.  Kaspersky himself showed up at the Kaspersky booth.  The Kaspersky  booth was serving most excellent kaspertinis at the show on Wednesday.  Bravilna.

Secure Web Gateway Market Heating Up – Websense Version 7.7

The Secure Web Gateway market is livening up.  On Monday, San Diego based Websense announced Version 7.7 of Websense Triton and their Websense   Secure Web Gateway.  They state that their Websense Triton solution is the first to provide data-aware defenses necessary to prevent the advanced attacks that lead to data theft.

Websense also announced that the 7.7 release contains 10 new advanced malware and data theft advances, including spear phishing protection with cloud sandboxing, and a new forensic reporting dashboard with in-depth security intelligence.

These new defenses also  include    detecting criminal encrypted uploads; advanced malware payloads and command-and-control recognition; optical character recognition (OCR) of text within images for data-in-motion; drip (stateful) DLP detection; password file theft detection; and geolocation awareness.  These are powered by   Websense’s real-time inline ACE (Advanced Classification Engine) security engine and Websense’s imbedded Data Loss Prevention (DLP) engine.

.

Spear phishing protection with cloud sandboxing is part of the arsenal.  Websense's   cloud sandboxing capability identifies suspicious links in emails for real time analysis.  When email recipients click on an embedded URL, Websense analyzes the website content and browser code in real time, in a cloud environment, to ensure safety in any location at any time.

The Websense TRITON Advanced Malware Threat dashboard   profiles security incidents, provides in-depth forensics, and data theft capture.  With severity levels and the ability to export incidents to SIEM solutions, Websense users know who was attacked, how the attacks function, where those communications were being sent, and what data was targeted.

Blue Coat Systems is promoting that their   Unified Web Security Solution, combining cloud services and on-premise appliances delivers the “No Boundaries, Always On protection”.  The cornerstone of their protection, their Secure Web Gateway appliance(s) (ProxySG) and their real-time WebPulse technology, a defense that utilizes   the information provided by 75 million users. 

Historically, Blue Coat has been an appliance-focused company.  They are now more heavily promoting their hybrid and cloud technology, due in large part to San Jose, CA based Zscaler.  Blue Coat  introduced their Unified Web Security Solution in March and are now more heavily promoting their cloud service, along with a 30-day trial.

According to the Gartner “Market Share: Security Software, Worldwide, 2011 Report (March 29, 2012), Inc., Blue Coat is the leader with 17 percent of the $1.95 billion Secure Web Gateway market.  This combines both appliances and software solutions.  In the appliance segment of the market, Blue Coat has about  44 percent of the market, leading its closest competitor by more than 30 percentage points.

Zscaler is the cloud-based canon in the mix.  Actually, they use a jet in their imagery.  Zscaler offers a pure cloud based solution.   They dislike hardware and consider Capex (Capital expenditure) to be a four letter word. They’re   the newcomer to the Leader’s portion of the Gartner Magic Quadrant for Secure Web Gateways.  Gartner considers them the Leader with respect to Completeness of Vision.  Cisco is given credit for having the best Ability to Execute, with Blue Coat and Websense sandwiched between the two.  Mc.Afee is  off to the left in the Leader portion of the Magic Quadrant.

The Zscaler  message – “Attention  all Blue Coat Customers, if you’re  the victim of underperforming proxies lacking sufficient security or if you have lost budget support  due to the high cost of multiple appliances, call the Zscaler Security Help Line.”  They offer five flavors of cloud based web security suites http://www.zscaler.com/products_web_security.html  Add on’s include email protection, mobile protection, and Data Loss Prevention (DLP).

One of their promotions has been to offer their solution free for six months to prospects.  The focus being on Blue Coat customers.

So where will this play out?  Blue Coat is 20% leaner and meaner, following their purchase by equity investment firm Thoma Bravo.  They have a hybrid solution.  They have a cloud solution.  They haven’t done a great job of promoting these.  They have a leading WAN solution but that merits a separate discussion. 

It should be an interesting summer for these companies.

Websense has upgraded their product line.  Their solutions have been available as appliances, SaaS, software,  and a Hybrid.  Like Zscaler, they offer email security, as well.  This is a hole in the Blue Coat product line.

Zscaler has their sight on Blue Coat, almost exclusively. They want share. They have a reputation for playing a bit loose regarding number of data centers around the world. But,  hey! It's marketing.   Blue Coat and Websense go after each other.  McAfee and Cisco, the other two companies in the Leaders portion of the quadrant, are relatively quiet in comparison.  Not quite in the shadows – Barracuda Networks, whose strategy tends to be to deliver the low cost solution. Also, Palo Alto Networks. Palo Alto Networks’  Next Generation Firewall provides filtering and like Websense,   automated sandbox analysis of suspicious files.  They also provide limited DLP protection, as well. They are now starting to move forward on the plans to go public.

   

Application control is a topic for another blog. 

Security Predictions 2012 - The Crystal Balls Come Out

Leading – edge. Intuitive – interface. Plug – and play. Thought – leadership. It’s that time of the year. The quiet period between RSA/SC Magazine Awards US and Interop – Las Vegas/SC Magazine Awards UK, when you’ll often find internet security vendors look at their crystal balls and make their threat predictions for 2012. M86 Security has just released their nine page Security Predictions 2012. Definitely worth saving along with other security vendor predictions for 2012. Save them in a folder, and then peruse at the end of the year. Alternatively, place bets with your IT and security buds as to which vendor will be the most accurate in 2012. These prediction pieces and surveys help the vendors to demonstrate thought leadership in the security space. Some UK sites are irreverent when the survey pieces come out. Not mentioning by name, but think vulture head.

Below are links to some other security predictions for 2012 from SANS, Security Week, WatchGuard, Websense, McAfee, Trend Micro, and Sophos.

M86 Security predictions for 2012 are:

• Targeted Attacks Grow More Damaging and Complex
• Illicit Social Media Scams Escalate
• Mobile Malware Menaces Users and Organizations
• Third-party Software Exploits Gain Traction
• Exploit Kits and Malware Reuse Proliferate
• Compromised Websites Serving Malicious Content Accelerates
• Botnet Disruption Attempts Short-lived
• Spam Rebounds to Distribute Damaging Malware
• Major Sporting Events Draw Major Cyber Attacks
• Attacks on Cloud Services Inevitable

http://docs.media.bitpipe.com/io_10x/io_103522/item_503511/m86_security_labs_predictions_2012.pdf

http://www.sans.edu/research/security-laboratory/article/security-predict2011

http://www.securityweek.com/securityweeks-2012-it-security-predictions

http://www.watchguard.com/predictions/

http://www.websense.com/assets/reports/2012-Predictions-WS-Security-Labs.pdf

http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf

http://www.trendmicro.co.uk/media/misc/trend-micro-2012-security-predictions-en.pdf

http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf

Light reading for now and the end of the year. As an aside The SC Magazine Awards UK will be on April 24. Finalists are at

http://kensek.blogspot.com/2012/02/2012-shortlist-sc-magazine-2012-awards.html