Endpoint Security Demands Organizational Changes

Pity endpoint security software. Venerable antivirus have gotten a bad reputation for being an ineffective commodity product. This situation is illustrated by some recently published ESG research (Source: ESG Research Report, Advanced Malware Detection and Protection Trends, September 2013 ). Security professionals working at enterprise organizations (i.e., more than 1,000 employees) were given a series of statements and asked whether they agreed or disagreed with each. The research revealed that:

Topics: End-User Computing Information and Risk Management Security and Privacy

Big Data Security Analytics Meets Identity and Access Management (IAM)

While most enterprise organizations have SIEM installed, they now realize that these venerable security systems cannot address today’s dangerous threat landscape alone. As a result, many are adding network forensics and big data analytics systems for capturing, processing, and analyzing a whole bunch of additional security data.

In the majority of cases, big data security analytics systems are applied to data such as network packets, packet metadata, e-mails, and transaction systems to help security teams detect malware, phishing sites, and online fraud. Great start, but I’m starting to see another burgeoning focus area – IAM. Of course, many large organizations have IAM tools for user provisioning, SSO, and identity governance, but tracking all the instantiations of user activity remains elusive. In a recent ESG research survey, security professionals were asked to identify their weakest area of security monitoring. More than one-quarter (28%) pointed to “user behavior activity monitoring/visibility,” – the highest percentage of all categories.

Topics: IBM End-User Computing Data Management & Analytics Information and Risk Management Enterprise Software Security and Privacy Security big data security analytics Courion Sailpoint compliance IAM Governance cybercrime Anti-malware

Enterprise Mobility and the Cloud highlight Microsoft TechEd Conference

This year's TechEd conference was enlightening in Microsoft's approach to the topic of mobile security. The core message of endpoint device flexibility and security was simple, but the breadth of Microsoft's coverage is underestimated. For example, Microsoft Enterprise Mobility Suite includes layered protection with identity management, device management, application protection, and file rights management for $4 per month per user for up to five devices.

Topics: Cloud Computing End-User Computing Endpoint & Application Virtualization Private Cloud Infrastructure mobile Public Cloud Service

Fusion-io's VDI Reference Architecture Promises to Change the VDI Game

Virtual desktop environments can present one of the most challenging workloads an infrastructure must deal with. Random, shifting I/O and bottlenecks in the storage domain will have a significant impact on performance. Delivering an exceptional user experience is essential to the success of desktop virtualization deployments because users are becoming conditioned to the performance of flash drives in their business and personal computers. Users demand performance equal to or better than what they already have.

Topics: Storage End-User Computing Endpoint & Application Virtualization IT Infrastructure Compute ESG Lab

Antivirus Software Is Not Quite Dead Yet

In a Wall Street Journal article published earlier this week, Symantec SVP Brian Dye, is quoted as saying that “antivirus is dead.” Dye goes on to proclaim that “we (Symantec) don’t think of antivirus as a moneymaker in any way.”

I beg your pardon, Brian? Isn’t Symantec the market leader? Just what are you saying? In lieu of specific answers to these questions, the blogosphere and Twitter have become a grapevine of rumors – about Symantec, AV, etc. Panic and wild predictions abound. Dogs and cats living together in the streets . . .

Topics: End-User Computing Palo Alto Networks Cisco Information and Risk Management Sourcefire FireEye McAfee Security and Privacy Security endpoint security Malwarebytes Kaspersky Triumfant Guidance Software Crowdstrike trend micro Symantec RSA Security Cylance Bit9 Carbon Black Anti-malware

Desktops and Apps On the Go

I still remember the day I had to feed the PC with 20+ 3.5” disks to load it up with Windows 95. The ultimate result of the install was fantastic for time, but the process was like watching paint dry! I didn’t have to worry much about laptops, and cell phones were just beginning to take hold…but I did carry a beeper. Wow have times dramatically changed. I am headed off to attend Citrix Synergy and Microsoft TechEd with a sharp focus on:

  1. The choices businesses have with alternative desktop and application delivery models. Which use cases they may map to and how aggressive (or not) IT is planning and adopting new delivery models.
  2. Determining how critical heterogeneous device support may be becoming and the different approaches Citrix and Microsoft may take in a world where Apple-, Google-, and Microsoft-based devices are sprinkled throughout most businesses.
  3. The criticality of an app store. The app store works extremely well for consumers, but are businesses looking for the same experience? And, if so, how can they apply it to their unique businesses?
  4. Potential new application development trends. I’m curious to see if businesses are looking closer at web designed apps, mobile apps, Windows apps, etc., and which development tools they are using to create the new generation of applications.
  5. Device management. MDM (mobile device management) and MAM (mobile application management) sure seem to capture a lot of market and investor attention, but are these quickly becoming commoditized or are they true differentiators in the market?

I have my theories on all of these, and I'm excited to spend some seat time with the folks at Citrix and Microsoft as well as end-user attendees to see how they are prioritizing mobile workspaces and what each of these companies has in store. Please keep checking in to my blog and follow me on twitter (@markbowker) to keep track of real-time information we may glean from these events.

Topics: End-User Computing Endpoint & Application Virtualization mobile applications

Managing IT Risk Associated with Mobile Computing Security

When BYOD was coming to fruition a few years ago, it had a sudden and deep impact on IT risk. Why? Many CISOs I spoke with at the time said it was purely a matter of scale. All of a sudden, large enterprises had thousands of additional devices on their networks and they struggled to figure out what these devices were doing and how these activities impacted organizational risk.

Topics: IBM End-User Computing Check Point Fortinet Cisco Information and Risk Management mobile Security and Privacy Security BYOD Citrix data security Fiberlink android Dropbox Good Technology Airwatch Blue Coat CISO Bit9 Anti-malware Facebook

Security Vendors Are Racing Toward a New Anti-malware Technology Model

While the calendar still indicates that we are in Q1 2014, the security industry continues as a nexus of M&A activity. The year started with FireEye grabbing Mandiant, and proceeded to Bit9’s merger with Carbon Black, and yesterday’s announcement that Palo Alto’s intent to acquire Cyvera.

These are the most recent deals but similar M&A activity is well established. In 2011, Sourcefire acquired cloud-based AV startup Immunet. Just last year alone, McAfee purchased ValidEdge in February, IBM snapped up Trusteer in September, and Blue Coat grabbed Norman Shark just before the Christmas holiday.

Topics: End-User Computing Endpoint & Application Virtualization Information and Risk Management Security and Privacy

If I Were the Next CEO of Symantec

As you’ve probably noted by now, Symantec just announced that CEO Steve Bennett is out and is being replaced by board member Michael Brown on a temporary basis. The board will now conduct a search for a permanent CEO.

Under Steve Bennett, Symantec announced a new strategy called, “Symantec 4.0,” intended to streamline the organization, cut costs, and push organic innovation. A good plan, but my guess is that things weren’t moving forward as fast as the board wanted so it decided to make a change. As an outsider, it did seem like Symantec circled the wagons, focused on internal operations, and kept its eyes off the market. Thus, the company now looking for its fourth CEO in the past five years.

Topics: Storage End-User Computing Data Management & Analytics IT Infrastructure Information and Risk Management Enterprise Software mobile Security and Privacy

Google Glass, Wearable Tech, and Big Data

Despite working in tech for nigh-twenty years, I’m not a classic early adopter. I’ve certainly played regularly on the bleeding edge, but also prefer technology that works reliably and has real lasting value.

Some ways I’ve been early:

  • First programmed on a TRS-80 with a phone coupler and audio cassette storage
  • Had a Compaq portable and an Atari 2600
  • Read Neuromancer when it came out
  • Played online games on BBS forums as early as 1990
  • Used e-mail regularly since 1991
  • Ran phone lines between dorm rooms to network Macs via 2400 baud modems
  • Got a cell phone in 1996
  • Moved to SF in 1997 for the dot com boom
Topics: Big Data End-User Computing Data Management & Analytics Enterprise Software mobile social google