Jon's Network

Here is a short podcast on the strategy behind BigFix’s software asset management solution:

How BigFix DSS-SAM Changes the Game of Software Asset Management

According to BigFix research, most organizations overpay for software licenses that they aren’t using. An easy way to save 10-15% off the top of software licensing costs is to use a solution that tracks your assets in real time with useful analytics that you can trust. The flip side to this is that you can also prove you are buying enough licenses which helps when you are audited by your software vendor.

If you are still using spreadsheets to track assets or don’t trust the results of your current asset management software, you may want to try out BigFix.

Say a company is shopping for a new security product. AV or firewall or web filter or whatever. Product A offers 15 of the standard features and costs $X. Product B offers the same 15 plus a couple of fancy dynamic thingies that might increase their security, but costs $X + Y per year.

How should the company decide if those couple of features are worth the extra $Y per year? This is essentially the same problem you are faced with when trying to decide whether or not to buy the warranty at the electronics store or to upgrade the insurance on the rental car.

I think these decisions are to some degree based on a gut feeling on how good Product B is. This gut feeling could be based on anything: how well the customer likes the vendor, the sales team, the marketing, etc.

Perhaps more important is the marginal value of the cash the customer has available. If the customer can’t think of anything they would rather spend Y dollars on, and they would rather spend it on some ostensible security features than leave it in the bank, then they will pay the extra money. In short, the decision is based on the opportunity cost of the extra features.

I’m not sure either of these methods are wrong, but there must be better ways to make these decisions, which may include the above methods.

The Twitter boom has increased the use of URL shortening services such as TinyURL and bit.ly. These services can also be used maliciously by directing users to dangerous websites. The classic convenience/safety trade-off.

bit.ly has made their service safer because they now use Sophos to protect users against visiting webpages that may contain a malware, spam or phishing threat.

Users can also preview webpages by adding a “+” to the end of any bit.ly URL.

Press release here

UPDATE:

Here is the bit.ly announcement. They are also using Verisign’s iDefense IP reputation service and the Websense Threatseeker Cloud service.

Palo Alto Networks releases an Application Usage and Risk Report report twice a year that summarizes the data they collect from traffic assessments (I’m pretty sure this means evaluation units). The Fall 09 report includes data from more than 200 organizations.

Some specific findings from the research include:

• Twitter session use grew more than 250 percent from the Spring 2009 edition of the Application Usage and Risk Report, published in April.
• Facebook use increased 192 percent while Facebook Chat (released in April 2008) was the fourth most commonly detected chat application, ahead of Yahoo! IM and AIM.
• SharePoint collaboration is ubiquitous – bandwidth consumed by SharePoint, specifically the documents component, increased 17-fold from the previous report in April.
• Blogging and wiki editing increased by a factor of 39, while total bandwidth consumed increased by a factor of 48.

Download the Application Usage and Risk Report

Here’s a short article at Businessweek.com about Palo Alto Networks enabling businesses to allow policy-based Web 2.0 use and reduce the odds of something bad happening because of it. The title doesn’t really describe the content of the article.

Consumer Tech Invades the Enterprise

The McAfee Web Gateway was formerly Webwasher, which was bought by Secure Computing, which was then bought by McAfee. I interviewed the product manager for Webwasher here and here. I think most, if not all, of the information still stands. Webwasher was one of the pioneer secure web proxies.

I was enamored with this type of solution a couple years back because I was looking for a way to gain more visibility and control over SSL traffic. At the time, Blue Coat and Webwasher were the only games in town that addressed the problem to some degree. (I don’t think either of them made it particularly easy to use.) The SSL visibility problem has since been recognized by product managers from many vendors and most of them address it at least enough to put it on their datasheets.

[Link:McAfee Web Gateway]

The Blue Coat ProxySG began life long ago as a proxy cache by CacheFlow. Recognizing the market opportunity to secure that traffic they developed more security features and pioneered the secure web gateway. Blue Coat has their own web filter product with a perpetual license (as opposed to a subscription) which can save you lots of money if you own it for a long time. Along the way, they bought an early gateway AV product, Ositis, which became ProxyAV. ProxyAv talks to ProxySG via ICAP to scan traffic for malicious content in a number of ways.

Blue Coat ProxySG is now the reference secure proxy gateway.

[Link: Blue Coat ProxySG]

Here is the Gartner 2008 Secure Web Gateway (SWG) List. It is interesting to see how much merging and acquisition has gone on. This can’t make things easy for the analysts. Maybe that is why the 2009 SWG Magic Quadrant hasn’t been released yet.

Leaders

• Blue Coat Systems
• Secure Computing – Now McAfee

Challengers

• IronPort Systems – Now Cisco
• Trend Micro
• ScanSafe (now Cisco)
• McAfee
• MessageLabs
• Websense

Visionaries

• Aladdin Knowledge Systems
• Finjan – now M86Security (which was 8e6 and Marshal)
• Mi5 Networks – now Symantec
• Facetime Communications

Niche Players

• Barracuda Networks
• ContentKeeper
• CA
• Webroot Software
• Clearswift
• Cymphonix
• Marshal – now M86 Security
• 8e6 Technologies – now M86 Security
• CP Secure (now Netgear)

Total: 21 Vendors

A possible 2009 list without the categorization:

• Blue Coat Systems
• McAfee
• Websense
• Cisco Scansafe and Ironport
• Trend Micro
• Aladdin Knowledge Systems
• M86 Security
• Symantec Mi5 and MessageLabs
• Facetime Communications
• Barracuda Networks (bought Purewire)
• ContentKeeper
• CA
• Webroot Software
• Clearswift
• Cymphonix
• St. Bernard iPrism
• Sophos
• Bloxx

Total: 16 Vendors (not counting the two I added) – 24% reduction in vendors (but not in products)

In October, Gartner released a research note on Next-Generation Firewalls.

In the paper, Gartner states that an NGFW should at least:

• support bump-in-the-wire configuration
• act as a platform for network traffic inspection and network policy enforcement with the following minimum features:
• standard first-generation firewall capabilities: packet filtering, NAT, stateful inspection, VPN, etc.
• integrated IPS and threat prevention (not colocated like a UTM)
• application awareness
• Extrafirewall intelligence: Bring information from sources outside the firewall to make improved blocking decisions, or have an optimized blocking rule base. Examples include using directory integration to tie blocking to user identity, or having blacklists and whitelists of addresses.
• Support upgrade paths for integration of new information feeds and new technigques to address future threats.

The “Extrafirewall intelligence” paragraph is a long-winded way of saying URL filtering and LDAP integration.

Compare this to Gartner’s definition of a Secure Web Gateway from 2008:

Secure Web Gateway’s must, at a minimum, include URL filtering, malicious-code detection and filtering and application controls for popular Web-based applications, such as instant messaging (IM) and Skype.

and their SWG definition from the NGFW paper:

These focus on enforcing outbound user access control and inbound malware prevention during HTTP browsing over the Internet, through integrated URL filtering and through Web Antivirus. They implement more user-centric Web security policy, not network security policy, on an “any source to any destination using any protocol” basis.

The only difference that is that Gartner doesn’t explicitly call for URL filtering or user-centric policy control in their NGFW definition opting for a jargony paragraph on “extrafirewall intelligence” that readers will forget.

I don’t know why. Perhaps if they did, it would be harder to justify the SWG as anything other than a because-your-firewall-should-do-it-but-can’t solution.

NGFWs like Palo Alto Networks are not only replacing firewalls, but also SWGs like Blue Coat. This indicates that at least some customers view SWGs as superfluous in an NGFW environment. Time will tell whether or not SWGs have any merit in a network that is protected by an NGFW. I’m sure there are customers with workflows and requirements specific to URL/web access that could only be addressed by an SWG type solution but the number of customers that opt for SWGs is sure to dwindle in my view.

Download the Garnter NGFW Research Note

Barracuda Networks has acquired Purewire, which offers a web security service. This will be the second service product Barracuda offers, the first being their backup service.

I had never heard of Purewire until today. There are a couple of demos about their web security service available here. They offer the same protection strategy as something like McAfee’s Web Gateway (Webwasher) but probably with less management overhead. In my experience, Webwasher was only a good fit for a large shop with the resources to fiddle with it all the time. With Purewire, Barracuda may be able to offer state-of-the-art web filtering to customers of all sizes with a “turn-key” implementation and management.

There are many, many alternatives for a web security service, but none with the marketing footprint of Barracuda, so this should be good.

via Securosis