Monthly Archives: July 2016

  • 0

MarketFocus – Double Vision

Category : Gigamon

A report on how your peers get visibility into their network. Recognizing a breach in your network requires visibility into the traffic itself. SC Magazine asked its readers just how much visibility they have into their network activity.

The answers might surprise you.

This SC Magazine survey, sponsored by Gigamon, was based on 294 responses from a broad cross-section of company sizes and revenues and eight industry verticals, including federal and state and local government, technology services, finance, education, manufacturing, medical and health care, legal/real estate and retail and wholesale distribution.

See more at: https://www.gigamon.com/resources/analyst-industry-report/marketfocus-double-vision#sthash.jK0zigTk.dpuf


  • 0

Imperva now a three-peat Gartner Magic Quadrant Leader (and get ready the cloud is coming fast)!

Category : Imperva

Gartner’s 2016 Magic Quadrant(MQ) for Web Application Firewalls(WAF) has been released, and we at Imperva are very proud to be the only vendor in the Leaders quadrant for the third straight year.

Chest thumping aside, the strategic planning assumption in the report is that: “By year-end 2020, more than 70% of public web applications protected by a web application firewall (WAF) will use WAFs delivered as a cloud service or internet-hosted virtual appliance — up from less than 25% today.”1

This is a trend that we at Imperva have seen reflected in our business in two ways over the past six to nine months.

First, our Imperva Incapsula Cloud based WAF is experiencing very strong growth and we’re seeing more and more enterprise customers with joint deployments of Imperva SecureSphere appliance (not necessarily on-prem) and cloud-based Incapsula WAF. The most common variants of this are SecureSphere for “core” applications that are tightly controlled by the enterprise and Incapsula for “satellite” applications that aren’t as tightly controlled (usually either partner owned applications or highly distributed applications owned by the business) and SecureSphere for WAF and Incapsula for DDoS prevention. As we continue to innovate on both fronts, you are likely to see us cater joint management, administration and provisioning solutions that help our hybrid customers get the most possible value from both platforms.

Second, demand for our solutions to protect applications deployed in IaaS environments is also expanding rapidly. We’ve had Imperva Incapsula customers in AWS nearly since inception of the services (and current customers there number in the thousands). We delivered our first SecureSphere solution for IaaS environments (SecureSphere WAF for AWS) in 2014 and have continued to add capability, most recently announcing integration with Azure Security Center just last week. IaaS is a highly dynamic market, so expect us to continue to innovate on this front as well.

But, it’s not actually only about the cloud. Our vision for WAF is that the customer should get to choose how and where to deploy it. After all, if the solution won’t fit the protected environment, it can’t protect that environment. So as we bring new joint solutions to market, expect us to unbind the security policy from security enforcement points, making it possible to manage your application security from a centralized console and choose the right kind of enforcement mechanism for your problem set. We feel we’re leading the pack on making this vision a reality and look forward to helping customers on their transition to cloud computing. A transition that will not only provide critical agility and innovation for the business, but also an opportunity to increase the security for critical business data and applications.

If you’d like to read more about the WAF market or dig into the details, download the complete Gartner MQ for WAF here.


  • 0

General Principles for Managing Cyber Risk

Category : FireEye

Evidence is in the headlines: the risk of cyber crime is growing, not only in quantity, but frequency, distribution and impact.

Businesses are feeling the pressure, with 39% of companies considering data breaches as the second greatest potential threat to their reputation.

While the financial and reputation damage of a breach can be immense, there are steps you can take to protect yourself.

Download the paper and learn about:

  • Four types of cyber risk
  • Seven things you can do to better manage cyber risk
  • Five questions to ask that will help you stay on the right track

  • 0

McAfee Network Security Platform: Five Times a Winner

Category : McAfee

NSS Labs Recommends McAfee NSP NS9100 for Data Center Security

That’s the takeaway from NSS Labs’ just-released test report on high-throughput intrusion prevention systems (IPS) for the data center, in which the McAfee Network Security Platform (NSP) NS9100 appliance won a hard-earned “Recommended” rating.  This is the fifth time that McAfee NSP has achieved this level of excellence from NSS Labs for IPS overall.   As a combination of blocking, throughput and TCO, McAfee NSP clearly delivers industry leading security for todays and tomorrows Data Center.

Screen Shot 2016-07-08 at 8.24.19 AM

NSS Labs’ 2016 Security Value Map (SVM) for Data Center Intrusion Prevention System (DCIPS)

Data center applications make unique demands on an IPS system as traffic levels can be significantly higher than at the corporate perimeter. Also, traffic mixes can vary with security strategies, which may prioritize specific servers, protocols, or applications. Latency is also of great concern, as application performance may be adversely affected if an IPS introduces significant delays.   While handling the rigors of a physical network is key, one must keep in mind the growing trends of the virtual Data Center.   As the only dedicated IPS certified for VMware’s NSX SDN solution, McAfee NSP finds itself as the security platform of choice for growing your physical Data Center into tomorrow’s virtual software defined data center (SDDC).

IPS Testing Criteria

To discover what the current crop of IPS solutions offers data center security teams, NSS Labs tested a cross section of products claiming effective threat blocking and high throughput capabilities. Each system was subjected to a library of server exploits curated for malicious behaviors that range from opening reverse shell, executing arbitrary code, installing a payload, or rendering a system unresponsive. Selection criteria also included evasive tactics such as IP packet fragmentation, stream segmentation, RPC fragmentation, URL obfuscation, and FTP evasion — deployed singly or in layers.

These threats were embedded in multi-Gigabit traffic streams designed to stress the inspection engine and reveal its performance and behavior in a range of real-world operating scenarios.  To complete the assessment, NSS Labs investigators also evaluated each IPS for stability and reliability, ease of management and configuration, and total cost of ownership.

The Envelope Please!

Tested with tuned policy settings, the Network Security Platform NS 9100 blocked 99.4 percent of all exploits in the NSS library and effectively detected and countered all of the evasion techniques employed.

Testers pegged the NS9100’s overall throughput at 19.949 Gbps, almost twice our advertised capacity for this appliance. This calculated rate represents the average of NSS Labs’ real-world protocol mix tests and its 21 KB-response HTTP capacity test.

Finally, the NS9100 passed all assessments for stability, reliability, configurability and manageability.  Based on current street pricing, three-year TCO was calculated at just $12 per protected Mbps of data center traffic.

The NSS Labs Security Value Map (SVM) report is available here. I recommend you read it and hope you’ll join me in a sincere “Well Done” to everyone on the McAfee Network Security Platform product team.


  • 0

EMM and the Law

Category : Mobile Iron

EMM is the recommended approach for implementing the foundational Critical Security Controls for mobile devices as required by California law. As of 2016, California requires all companies, no matter where they are based, to implement a minimum set of mobile security controls if they process sensitive personal information about California residents. This is an example of a broader trend of EMM becoming a best practice for compliance with a company’s security and privacy obligations. This white paper is for Mobile IT and information security professionals and their legal and compliance teams. It covers:

  • The foundational security controls now required by law
  • How these controls are applied to mobile
  • Best practices to achieve compliance
  • The central role of Enterprise Mobility Management (EMM)

Download now


  • 0

Protect Your Business from Email and Web Attacks

Category : FireEye

Embracing modern business practices, mobile and remote working, bring your own device (BYOD), social networking, and more can certainly make you more productive. But if you’re fighting today’s sophisticated cyber threats with outmoded security your business and network are vulnerable – every single day, in many ways.

Read the ebook and learn:

  • How your daily work activities, including email and website browsing, could be exposing you to risk
  • How advanced cyber attacks search for exploits and steal your data
  • How you can protect your business from known and unknown email and web attacks

  • 0

Imperva Ups the Ante for CASB with Its Enterprise Integrations

Category : Imperva

Goodbye, Point Solution.  Hello, Integrated CASB.

When Imperva made the first acquisition of a Cloud Access Security Broker (CASB) vendor by purchasing Skyfence over two years ago, it was to support the Imperva strategy of helping our customers secure data and apps wherever they are – in the cloud or on-premises. Following Imperva’s acquisition, Microsoft, Cisco, Blue Coat (now Symantec) and Palo Alto Networks have all made CASB product acquisitions.

While the vendor landscape has evolved, so have customers’ expectations of their CASB.  Many IT security teams have moved well beyond the need for simply identifying Shadow IT use and are more focused today on enabling IT-sanctioned apps such as Office 365, Workday, Google Apps, Salesforce, and Dropbox, to name a few. Securing these sanctioned cloud applications is not a binary “block or allow” problem, but rather an issue of enablement – use cases include securing access for the right people, monitoring user and admin activity, dealing with anomalies and mobile users, preventing data leaks and ensuring data in the cloud is protected. Many of these security use cases are strengthened by integrating a CASB with existing threat intelligence and breach prevention technologies already deployed.

The Imperva Skyfence approach to enabling sanctioned cloud apps is two-fold. First, build the best CASB offering that helps organizations actually improve their security posture by adopting cloud apps. When you migrate from your on-premises Exchange servers to Office 365 you should expect to be more secure as a result, not less secure. CASBs can help you achieve this. Secondly, innovate through integration with existing Imperva products. In our view, a CASB need not be another point solution, but rather, an integral component of a larger data and application security infrastructure working collectively to help you safely adopt sanctioned cloud apps. The new integration of Skyfence with Imperva ThreatRadar – along with previous integrations with Imperva Incapsula and Imperva CounterBreach – supports this vision.

ScreenHunter_1007 Jul. 22 16.55

A Sense of Community:  Skyfence Integration with Crowd-Sourced Threat Intelligence

Cyber-attacks often involve the use of anonymous proxies or Tor sites in order to hide the true identity of the hacker and to disrupt forensics investigations. The motive to deliberately use these anonymizer frameworks – specifically to hide the user’s identity – doesn’t make sense for legitimate employees who are accessing enterprise cloud apps to get their jobs done. Therefore, this anonymized access should be highly visible and treated as potentially hostile by IT security staff.  Increasingly, hackers are attempting to steal organizational data by accessing cloud app accounts via compromised credentials while employing these same identity-hiding techniques. The bad actors and cyber criminals usually target the valuable data (e.g., PII, PCI DSS) that can be monetized – and chances are that this data is often stored within your authorized cloud apps. Imperva Skyfence mitigates this risk with the IP reputation and threat intelligence database of Imperva ThreatRadar which includes:

  • Globally crowd-sourced attack signatures from worldwide SecureSphere Web Application Firewall (WAF) deployments to arm ThreatRadar with near real-time attack vectors your peers are already seeing.
  • Imperva Defense Center expertise: Imperva’s premier security research team curates threat data from multiple sources and delivers attack signature updates, pre-defined security policies and compliance reports made available via the Skyfence management interface. The Imperva Defense Center also discovers and provides advisories covering application and cloud vulnerabilities.
  • Feeds from third-party sources to get best-of-breed reputation data, geo-location data, and threat intelligence.

Read our blog for a deeper dive on ThreatRadar for Skyfence.

The Inside Outsider: Skyfence Integration with CounterBreach Helps Prevent Insider Breaches

The biggest threats to enterprise security are often people – potentially even the people already on your payroll. Employees certainly need legitimate access to sensitive and valuable data stored in databases, file shares and SaaS applications such as Office 365, Dropbox and Workday. However, when insiders abuse this access, or when insiders’ accounts are compromised by outside attackers, your data is exposed. Accurately identifying potential data breaches requires deep contextual understanding of not just user activity, but the data users typically access and how they access it. With Imperva CounterBreach, security teams can analyze the data access behavior of particular users with a consolidated view of database, file and cloud app activities. This allows security teams to investigate incidents and anomalies specific to the individual, view the baseline of typical user activity and compare a given user with their baseline or their peer group. Every Skyfence implementation includes connectors that integrate with the CounterBreach API out-of-the box – making it much easier to correlate user-based anomalies across cloud and on-premises activity.

Performance Matters: Skyfence Delivered on Imperva Incapsula Reduces Latency and Enhances Security

Proving that you can have your cake and eat it, too, the unique integration with Imperva Incapsula ensures that every Skyfence customer instance benefits from enhanced security without sacrificing performance. In fact, the integration can actually minimize app latency while providing protection against DDoS and bot attacks for Skyfence customer tenants. This is important, since deploying a proxy between users and their apps essentially opens a hole in the security for that app and potentially makes the proxy a point of attack. This product integration, or “CASB hardening” capability, is delivered for every customer at no additional cost.

Expect More from Your CASB.

The majority of Skyfence customers have more than one Imperva product. They realize that Internet-facing SaaS applications have become a prime target for cyber-attacks, because these apps are easily accessible and they contain sensitive corporate data. The portfolio of Imperva products – Skyfence, Incapsula, ThreatRadar and CounterBreach – goes far beyond the security offered by a stand-alone CASB and together can help better detect and prevent threats related to these authorized cloud apps.


  • 0

Seven Keys for Protecting Your SMB against Cyber Attack

Category : HP Security

Talk of Chinese hackers infiltrating government systems and news of big corporate data theft may steal the headlines, but SMBs are the real victims of cybercrime most of the time.

A recent Data Breach Investigations Report published by Verizon showed that 71 percent of cyberattacks actually occur at businesses with less than 100 employees. An astonishing 85 percent of SMBs interviewed for the report acknowledged that they had suffered a security breach in the past year, while only a little more than half of 1 percent of enterprises reported the same. Another survey, the 2016 State of SMB Cybersecurity, offered a slightly lower SMB breach rate of 50 percent, but it found that only 14 percent of SMBs said their defenses against cyber attack were highly effective.

“Unfortunately, SMBs are a growing target for cybercriminals,” says Mark Nunnikhoven, vice president of cloud research at security firm, Trend Micro. “The mix of valuable customer and business data with limited defenses makes SMBs easier to victimize when compared to larger enterprises.”

With 60 percent of SMBs going out of business within six months of a cyber attack, according to the Endurance Group research, it isn’t hyperbole to suggest that cybersecurity is one of the most pressing issues smaller firms face.

So unless your SMB is among the 14 percent that stand confidently behind their security practices, you might want to review these seven best practices for keeping your business safe.

1. Get Passwords Right

The problem starts with bad passwords. The CIO report found that 59 percent of SMBs have no visibility into employee password practices and hygiene, and 65 percent that have a password policy do not strictly enforce it.

All it takes is one breakable or stolen password for cybercriminals to infiltrate your business, and there’s a big black market for stolen password lists.

Always change the default password on new devices, and use unique passwords for every service and device. Use different password reminder strategies to mix it up, and of course include letters, numbers and special characters in cryptic combinations.

2. Secure Email Closely

Although services such as Slack are coming into wide use, email still is the nerve center for most SMBs. It also is one of the primary vectors for cybercriminals. So if you secure only one thing, make it your company’s email.

“The vast majority of attacks start via email,” says Nunnikhoven at Trend Micro. “Investing here will pay off significantly for SMBs.”

3. Limit Software Usage and Keep Systems Updated

They may seem annoying, but automatic software updates are your friend. A 2016 Hewlett Packard Enterprise Cyber Risk Report found that the top 10 vulnerabilities exploited in 2015 were more than a year old, and 68 percent were more than three years old. Software vulnerabilities are a fact of life, but most get patched fast. The trouble starts if your company doesn’t download the update and keep your system running the latest software. Updates aren’t about features, they’re about security.

“Turn on automatic updates for all of your laptops, tablets, etc.,” stresses Nunnikhoven. “Keeping software up to date reduces the number of vulnerabilities that cybercriminals can take advantage of.”

Another defense is minimizing the threat surface by only installing apps and software you actually use—and only giving your data to a limited number of cloud services. The less software, the less threat potential.

4. Identify and Focus on Key Data

“The first important thing SMBs can do to reduce a security risk is to identify what are the most important data assets in the business that need protection,” says Michael Kaiser, the executive director for the National Cyber Security Alliance. “This could be customer data, employee data or intellectual property. Knowing what that data is and where it is on the network, and ensuring that all measures are in place to protect it, is one of the best ways to reduce the risk of a loss.”

Prioritization also is important for SMBs, according to Josh Goldfarb, chief technology officer for emerging technologies at security firm, FireEye.

“Instead of trying to protect everything all the time (which is often an extremely difficult and costly undertaking), an organization can focus on protecting the most critical and sensitive data first,” says Goldfarb. “As resources allow, additional data can be protected based on its priority.”

5. Establish a Security Plan with a Reporting Mechanism

When security threats emerge, and they probably will, your business will be much better placed to handle the threat if there is an incidence response plan in place and a clear way that employees can signal a breach or possible security issue.

“The days of deploying security technologies and walking away are gone,” says Goldfarb. “Develop and follow an incident response plan to ensure that you are continually evaluating and mitigating risk to the organization.”

6. Educate Your Staff

Human error is the most likely cause of security failure. CIO found that the most prevalent attacks against SMBs are web-based and phishing or social engineering.

“The user is often considered the ‘weak link’ in any security posture,” says Farshad Ghazi, enterprise global product manager for Hewlett-Packard Enterprise Security. “A cybersecurity education program that focuses on the employee themselves, not just the organization, can be effective and relevant.”

7. Outsource Your Security

Most SMBs wouldn’t dream of handling their own legal issues, but most still take care of their own IT security. Endurance Group found that 83 percent of small businesses handle security in-house.

With the number of threats rising, and systems more complex than ever, your business should consider outsourcing security to a firm that specializes in hardening businesses against cyberattack.

Cybersecurity is a lot like insurance. It can seem like an unnecessary cost center, but going without it is a dangerous game. This is especially true for SMBs in 2016


  • 0

Hardware’s Innovation Theorem

Category : F5

I recently finished reading Fermat’s Last Theorem (Simon Singh) which, you might be surprised to learn, was full of drama, intrigue, murder, and mistresses. Really. The history of math is quite full of people who despite their prodigious understanding of concepts we mere mortals don’t truly grok, are just people after all.

But that’s not really the point today. The point is that for over 350 years, mathematicians have been driven to try to prove (or disprove) what was known as Fermat’s last theorem. More of a conjecture, the brilliant (amateur) mathematician noted that while the Pythagorean Theorem was nearly axiomatic, it only worked for squares. That is, you can’t find an answer to: an + bn = cn  when “n” is any number other than “2”. What really drove mathematicians wild, apparently, was that Fermat noted he had a truly delightful proof for this but the margin of the book in which he was commenting was too small for it.

And they couldn’t find the proof anywhere.

So mathematicians set about trying to prove or disprove it. Long story short, someone finally did. But in order for him to do that he had to combine two completely different disciplines of math. Disciplines that did not exist when Fermat made his claim. Some of which can be traced to attempts to solve Fermat’s Last Theorem as well as other challenging mathematical problems. One of the disciplines used to solve Fermat’s last Theorem included the study of elliptical curves. If that sounds familiar it’s because elliptical curves are the foundation for ECC (Elliptic Curve Cryptography) which is increasingly favored today as a replacement for the older, more vulnerable encryption schemes.

Basically, one of the benefits of solving a problem in one mathematical discipline is that it often spurs innovation in other, related but distinctly separate, mathematical disciplines.

Now, you’re probably wondering why, then, the reference to “hardware” in the title. Hardware is hardware, right? I mean, what possible innovation can hardware spur that’s relevant in today’s software-eating-everything-to-deliver-apps world?

Software, of course.

It turns out that when you build your own hardware to ensure the capacity and speed needed for those services deployed on the north-south data center runway, you also have to build out the software that goes along with it. See, hardware by itself is just resources, for the most part. That, too, is changing but that’s a blog for another day. For the most part, the reality is that hardware provides resources. Software is the magic that turns those resources into consumables that are ultimately used for the services that secure and deliver apps every second of every day across the Internet. So when someone is heralding the arrival of new hardware in then networking world, it is also heralding the announcement of new software. Because without the software, custom hardware doesn’t do much.

Now here’s where the innovation crosses the hardware-software divide. That software can be lifted and shifted from its original hardware to commodity hardware (COTS). That’s your general purpose servers, so named because they aren’t really optimized for anything because they have to support everything. But the software that was previously running on purpose-built hardware is optimized, and the tricks and tips the engineers have learned and tweaked over time get transferred to the software version, too.

And many of them are actually more applicable than you’d think. See, there are chips from folks like Intel that are used in custom built hardware that are also present in commodity systems. But for the most part the performance or capacity enhancing characteristics of those chips aren’t used by most software because, well, it wasn’t written with that hardware in mind. But some systems were, and that means that when that software is lifted and shifted to commodity hardware, it retains a lot of its performance and capacity advantages over other software built to do the same thing that doesn’t use the special hardware.

Trying to solve the performance and capacity challenges associated with software (way back in the 1990s) led to the extensive use of hardware in the network, including new internal architectures related to how data was passed around the system. Those tricks and techniques are being translated back into software, now, to improve performance and capacity. When folks are tasked with designed high-speed, high-capacity software because no platform exists for the hardware they’re developing for, they come up with new ways to do things. They challenge old assumptions and discover better ways of manipulating, inspecting, and modifying data as it’s passing through the system. They figure out new algorithms and better data structures that improve on memory management and protocol parsing.

While most people don’t associate hardware with innovation, the reality is that just like math, solving a problem in one discipline leads to innovation in other disciplines. That’s something we see all the time as we lift and shift the software that is BIG-IP on our custom hardware platforms to that of the commodity hardware used in private, on-premise and public cloud environments. The lift and shift requires work; the software has to be adapted to fit into virtualized, containerized, and cloudified form factors. But the innovations resulting from the new hardware remain, providing for faster, more scalable, and more efficient operation on commoditized platforms, too.

Developing new hardware, and adapting software to its new capabilities, ultimately means innovation in the software, whether that software is running on custom or commodity hardware. And that’s why it’s exciting when new hardware is introduced. Because it’s the harbinger of innovation.

That’s Hardware’s Innovation Theorem. Just as solving Fermat’s Theorem is going to lead to more innovation across mathematics and echo those advances into the realm of cryptography and security, solving the challenge of adapting software to new custom hardware will lead to more innovation in that software and echo across the realm of on-premise and cloud data centers for years to come.


  • 0

OpenStack: Open for Mainstream Adoption

Category : NetApp

Billed as the most important gathering of IT leaders, telco operators, cloud administrators, app developers, and OpenStack contributors focused on the future of cloud computing, OpenStack Summit Austin hosted over 7,800 attendees this year. Clearly enjoying what Gartner calls the slope of enlightenment, does this year’s record-setting attendance signal mainstream adoption for OpenStack? And if so, what do enterprises need to accelerate their adoption? Let’s examine some key findings.

With a clear signal that widespread adoption is underway, a reported 50% of Fortune 100 companies have deployed OpenStack, with one third running it in a production environment. The top three application workloads running on OpenStack are:

  • Software dev/test/QA and CI – 63%
  • Infrastructure services (i.e. public and private cloud products and services) – 49%
  • Web services and e-commerce – 38%

Major companies like WalMart.com and AT&T actively operate OpenStack deployments in production environments. Walmart indicated that they are seeing greater agility and performance over other mainstream solutions, while AT&T has deployed Open Stack successfully across 20-plus global data centers. Other major enterprises with deployments include SONY, SAP, VW, Cerner, AMEX, Apple, and Comcast.

With mainstream adoption clearly underway, how can enterprises that have yet to make a move begin to take advantage of OpenStack?

Standing up an OpenStack deployment environment from the ground up is challenging for most companies. While at the conference, I saw no less than seven companies actively recruiting OpenStack developers on-site including Canonical, Red Hat, RackSpace, and Mirantis. OpenStack deployment expertise is clearly in demand.

If you want to rapidly gain experience on OpenStack, you have three main options. You can (1) use an OpenStack public cloud environment; (2) hire a systems integrator to stand up a private cloud environment; or (3) purchase a preconfigured converged infrastructure solution from a vendor like NetApp. NetApp’s FlexPod® Datacenter with Red Hat Enterprise Linux OpenStack platform is a Cisco Validated Design (CVD) that provides a converged infrastructure platform.

All three options allow you to reduce deployment time, project risk, and the cost of IT while providing the promise of standardizing on an open platform and APIs that power a global network of public and private clouds. It’s time to implement OpenStack in your environment


Support