This document discusses various topics related to information security. It provides an agenda that includes information security, communication/networking, and green IT. It also includes to-do lists for 2009 related to applications and infrastructure. Additionally, it discusses trends in information security such as the security market size, security in the news, and security trends. It provides information on various security-related topics such as the underground economy, technologies categorization, security ratios in Israel, and sophisticated threat environments.
1. Your Text here Your Text here
Shahar Geiger Maor
VP & Senior Analyst
shahar@stki.info
Visit My Blog: http://shaharmaor.blogspot.com/
1
2. Agenda
Information
1 Information Security Security
2 Communication
Networking Networking
Your Text here Your Text here
3 Green IT Green IT
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 2
3. 2009: Application to-do-list
a. Flexible staffing based on good temps vendors
b. Contract renegotiations and multisourcing of temps
c. Requirement and portfolio management and rationalization
d. Maintenance and requirement release management
e. Application integration, reuse, atmaa and SOA
f. Automating and outsourcing testing
Your Text here Your Text here
g. ERP instance consolidation
h. Application Hosting and SaaS
i. New licensing strategies
j. Self service software (even e-learning)
k. User authentication and password management
l. Automated compliance software
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 3
4. 2009: Infrastructure to-do-list
a. Desktop simplification
b. End-user help desk
c. Green IT and recycling
d. Consolidation of servers, storage and end ser platforms
e. Demand management
Your Text here Your Text here
f. Storage management and rationalizing
g. Exception oversight
h. Bandwidth prioritizing
i. Open source software
j. Print management
k. Hosting and utility computing
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 4
5. Information Security
Information
Security
GRC and Security market size (Ms of $)
Your Text here 2008 2009 Your Text here 2010
Governance & Risk Management
(also BCP) 35.0 42% 50.0 50% 75.0
Security (projects) 95.0 -10.53% 85.0 11.76% 95.0
Security (Software) 90.0 -5.56% 85.0 -5.88% 80.0
Total 220 0% 220 14% 250
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 5
6. Information
Security/Privacy In the News Security
-Trends
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 6
7. Information
Security Trends Security
-Trends
Cloud
Outsourcing cyber crime Virtualization
computing
Sensitive or
Inability to properly
confidential
identify and
Your Text here information may Your Text here
authenticate users
not be properly
End-user’s to multiple systems
protected
organization is
External threat of
unable to control
organized cyber
the data
criminal syndicates
management
environment Unauthorized
Third parties might
parties might be
be able to access
able to access
private files without
private files without
authorization
authorization
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 7
8. Information
Security Trends Security
-Trends
Data breaches
involving Peer-to-peer file Web 2.0 and
Mobility
personal sharing mesh-ups
information
Unsupervised
Use of P2P monitoring of
Your Text here Sensitive or might result in Your Text here
confidential the loss of employees’ use
Inability to
information that sensitive or of Web 2.0
properly
ends up in the confidential applications can
identify and
hands of cyber business result in the loss
authenticate
of critical
remote users criminals and information confidential
identity thieves including trade
secrets business data
on the Internet
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 8
9. Information
Underground Economy Security
-Trends
Items for sale on underground servers, appearance and price:
Your Text here Your Text here
Source: Symantec
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 9
10. Information
Underground Economy Security
-Trends
Items for sale on underground servers, appearance and price:
Your Text here Your Text here
Source: Symantec
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 10
11. Information
Technologies Categorization 2009 Security
-Trends
Business Value
Investment
to make money Remote
Access
Cut costs, Increase Manage Sec.
productivity IAM/IDM Services IT Project
Business
SSO Cloud Project
App.
Your Text here Anti Your Text here
Sec. DLP Size of figure =
Commodity IT X Mobile
complexity/
EPS SIEM/SOC Sec.
Services cost of project
DB
Vir.
Network NAC
Sec. Sec.
Security
Investment
for regulations
GRC
Using Implementing Looking
Market Maturity
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 11
12. Information
STKI Madad 2008-2009
Security
-Trends
Network DLP Hardening
Market Players
5% 4% 3%
5%
Access
GRC 18%
5%
Miscellaneous EPS/Anti x
6% Your Text here Your Text here
14%
NAC DB Protection WAF & Apps
6% 7% 11%
Management Trends
8% 8%
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 12
13. Information
Security Ratios Security
-Trends
Organization Type Ratios of Security
Personnel (Israel)
Average Public Sector 0.1% of Total Users
Your Text here Your Text here
Sensitive Public Sector 0.5% of Total Users
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 13
14. Information
Sophisticated Threat Environment Security
-Trends
First-Stage Second-Stage
Writers Middle Men End Value
Abusers Abusers
Hacker or Fame
Tool Writers
Direct Attack
Compromised
Host and
Application Theft
Malware Machine Extortionist
Writers Harvesting DDoS for Hire
Botnet Creation Espionage
Worms Spammer Text here
Your Text Information
here Your
Harvesting Botnet Extortion
Management
Viruses Internal Theft Phisher
Abuse of Commercial
Privilege Personal Sales
Trojans Information Pharmer/DNS
Poisoning Fraudulent
Sales
Information
Spyware Brokerage Identity Theft
Click Fraud
Electronic IP
Leakage Financial Fraud
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 14
Source: Cisco Israel
15. Information
Application Security Security
-App. Sec
STKI observation: Secure development should be an
integral part of any new project and therefore should be
calculated within the project’s budget. STKI survey shows
that spendings on secure development scale from 0% of
total project budget (Main-Frame based projects) up to
10% ( core web applications projects) of total project
budget. here
Your Text Your Text here
Average spending on secure development is 5% of total
project budget (including: training, code review and
penetration tests)
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 15
16. Information
Web Applications - Vulnerabilities Security
-App. Sec
Probability to detect vulnerabilities of
different risk degree (results of 32,717 sites
and 69,476 vulnerabilities of different
degrees of severity)
Your Text here Your Text here
% Sites (All) % Sites (Scanned) % Sites (Black & Whitebox)
Source: http://www.webappsec.org/projects/statistics/
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 16
17. Information
Web Applications -Vulnerabilities Security
-App. Sec
Vulnerability frequency by types:
1. Cross-Site Scripting and SQL Injection vulnerabilities usually appears due to
system design errors
2. Information Leakage and Predictable Resource Location are often connected with
improper system administration (for example, weak access control)
Your Text here Your Text here
Source: http://www.webappsec.org/projects/statistics/
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 17
18. Information
Application Security –Dev. LifeCycle
Security
-App. Sec
Security & Privacy Training Security
Security Security Security Final
Security & Security
& & Public Security
Security & Security Arch & Privacy & Push Security RTM
Privacy Privacy Release Servicing &
& Cost Privacy Attack Surface Best Dev
Docs
Best
Privacy
Privacy
& Or
Response
Privacy Analysis Design Review Practices
and Tools
Test
Response
Review Pen
Privacy RTW
Execution
Kickoff Best Risk For Plans Reviews
and Tools Practices Testing
Practices Analysis Product
Traditional Microsoft Software Product Development Lifecycle Tasks and Processes
Your Text here Your Text here
Design Code
Feature Lists Testing and Verification Product Support
Specifications Signing +
Quality Guidelines Service Packs/
Checkpoint RTM
Arch Docs QFEs Security
Development Express
Schedules Functional Bug Fixes Signoff
Updates
Specifications of New Code
Support
Requirements Design Implementation Verification Release &
Servicing
Source: MICROSOFT SECURITYremove source or attribution from any graphic or(SDL)ofGUIDE
Shahar Maor’s work Copyright 2009 @STKI Do not DEVELOPMENT LIFECYCLE portion graphic 18
19. Application Security Information
Security
–Israeli Players and Positioning -1Q09
-App. Sec
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 19
20. Information
Web Application Firewall Security
-App. Sec
What is it?
"An intermediary device, sitting between a web-client
and a web server, analyzing OSI Layer-7 messages for
violations in the programmed security policy. A web
application here
Your Text
firewall is used as a security Your Text here
device
protecting the web server from attack.― (WASC)
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 20
21. Web Application Firewall
Information
Security
–Israeli Market Players
-App. Sec
Solution What Should I Know? Representatives/
Integrators
Applicure - dotDefender Host based Israeli WAF provider (On Apache and 2BSecure,
(Apache and IIS) IIS web servers). Awarded Frost & Sullivan Award Comtec,
for Successful Technology Innovation (Oct 08) Overline,
Msecurity,
Comda, New age
Barracuda - Web Provides single point of protection for inbound Trek-IT, ABnet
Application Firewall here
Your Text and outbound traffic for all Web applications. Text here
Your
(fromerly Appliance that has SSL Acceleration and Load
NetContinuum) Balancing capabilities.
Breach Security - Typically deployed in an out-of-line mode so it Direct sales
WebDefend present no latency threat to the network. Can
locate indications for poor web applications
design. Not quite common in Israel
Citrix - Application Strong attack detection and protection, traffic Aman Computers
Firewall (Formerly Teros) throttling and blocking. Excellent integration with
the NetScaler suite. Weak GUI compare to other
solutions. No projects in Israel yet.
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 21
22. Web Application Firewall
Information
Security
–Israeli Market Players
-App. Sec
Solution What Should I Know? Representatives/
Integrators
Cisco* - ACE XML A key component of the Cisco ACE family. It Bynet, Taldor,
Gateway enables efficient deployment of secure, reliable, Bezeq Int.,
and accelerated XML applications and Web 2BSecure
services. Few Deployments in Israel
IBM* –Data Power Powerful XML FW with added values of WAF, load Tangram
balancing and applications acceleration. Very (Matrix), Elad
Your Text here strong presence in Israel as a XML FW solution. Group
Your Text here
Microsoft –IAG WAF IAG comes with built-in web application firewall Elad, Matrix,
for known web applications like: Outlook Web DBNet, HP,
Access, Share Point, iNotes, Domino Webmail, M-Security,
Microsoft CRM and more. Quite successful in Securenet
Israel
Protegrity - Defiance Based on KaVaDo, Strong presence worldwide, 012 Smile, Matrix
but few Israeli clients
Radware - AppXcel WAF Based on Imperva Bynet, Netvision
*Both Cisco ACE XML Gateway and IBM Data Power are not pure WAF players, but were added to the list
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 22
23. Web Application Firewall
Information
Security
–Leading Players -1Q09
-App. Sec
Solution What Should I Know? Representatives/
Integrators
F5 - Application Security One of the best WAFs around. Features a good Trek-IT (Dis.),
Manager (ASM) policy toolset for adaptive learning. Offer strong Artnet,
integration to the TMOS family of products. Taldor, Spider,
Superb load balancing capabilities. One of two Bezeq Int., One
Your Text here leading solutions in Israel. Strong market Your Text here
NewAge, Netcom
presence
Imperva – SecureSphere The first in the Israeli market. Imperva has an Comsec (Dis.),
array of out-of-the-box policies and attack Netcom, Bynet,
signatures as well as superior learning mode . A Taldor, NewAge,
leading DB protection solution. Has a significant 012 Smile
market share
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 23
24. Information
Network Security Security
-Network Sec
Enterprise FWs have long become an essential security
foundation
FW selection should consider:
• Capabilities (especially deep inspection, blocking
Capabilities and throughput speed)
Your Text here Your Text here
• Ease of deployment
• Integration with other network infrastructure
• Cost
The perimeter defense is not dead. Instead it got
thickened: Network complexity triggered the use of
virtual FWs running over one machine
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 24
25. Information
Network Security Security
-Network Sec
Business operations and networks have become very
complex
FW solutions should have strong management and
configurations capabilities in order to adjust themselves
(Next Generation FW): New versions Text here offer a
NGFW Your Text here Your of FWs
built in IPS solution. This convergence is logical since
both FW and IPS solutions are latency-sensitive and can
work together in high speed
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 25
26. Information
Israeli FW Market: Leading Solutions
Security
-Network Sec
Network FW market share as % of total deployments
100%
90%
80%
70%
60%
50% 92%
Your Text here Your Text here
40%
30%
20%
10% 22%
0% 20%
14% 30%
CheckPoint Cisco
Juniper
Fortinet
Other
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 26
27. Israeli FW Market: Information
Security
Leading Solutions and Integrators -Network Sec
Checkpoint Juniper Cisco Fortinet
Bynet x x x
Taldor x x x
Bezeq Int. x x x
Netvision x x x
Netcom x x
012Smile x x
2Bsecure x
Your Text here x Your Text here
Artnet x x
IBM x
EDS (HP) x
Ness x
One x
Spider x
Matrix x
WE x
ICT x
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 27
28. Information
Israeli IPS Market: Leading Solutions Security
-Network Sec
IPS market share as % Of total respondents
40%
35%
30%
25%
20% 38%
Your Text here Your Text here
15%
10% 21% 32%
5%
0% 9%
McAfee
IBM (ISS)
Juniper
Other/None
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 28
29. Israeli IDS/IPS Market: Information
Security
Leading Solutions and Integrators -Network Sec
McAfee IBM(ISS) Juniper Tipping point
(3COM)
Bynet x x x
2BSecure x x
Netcom x x
Aman x
Netvision x
Your Text here Your Text here
Ness x
Taldor x
Spider x
Calcom x
WE x
Matrix x
One
Securenet x
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 29
30. Information
Network Access Control
Security
-Network Sec
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 30
31. Information
NAC Insights Security
-Network Sec
NAC has not been ―fully digested‖ by Israeli customers in
2008. There should be more activity in 2009
NAC can be deployed less expensively when it is an
embedded feature of an existing vendor and customers
take notice of it
Some network and security vendors alreadyText here
Your Text here Your have
solutions that can be part of the NAC process (AC, IPS) –
An important starting point for market domination
Israeli customers first priority: implement a guest
networking control
Network or Security?
NAC is a Layer 2 vs. Layer 3 match
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 31
32. Information
NAC –Solutions Security
-Network Sec
Solution Value for Customer Notes
Access Layers – •Multiple switch vendor support Strong Israeli
Port Nox (Israeli •Agentless presence.
vendor) •Score based authentication Integrators:
•No 802.1x authentication Netcom, Netvision,
2BSecure, Trustnet
CheckPoint –NAC •Strong personal firewall and VPN client software Strength in NAC
(Israeli vendor) Text here
Your player Your Text depends on ability
here
•EPS & NAC functionality in a single endpoint client to compete in the
•OPSEC Alliance Endpoint
•ease of implementation in remote access applications Protection market!
CP is not a first
choice
Cisco -CNAC •Both Appliance & infrastructure-based approach Few projects and
•Support of non-traditional endpoints POCs in Israel.
•Large install base in Israel –cost effective solution Natural first choice
for many users
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 32
33. Information
NAC –Solutions Security
-Network Sec
Solution Value for Customer Notes
Enterasys -Sentinel •Cross-vendor platform Penetration mainly on
•MAC, 802.1x authentication and Enterasys install base in
more Israel. Netcom, Artnet
•Guest registration module are strong integrators
ForeScout -CounterACT (Israeli •Out-of-band NAC appliance No packet filtering
vendor) Your Text here •integration with a number of capabilities.
Your Text here
remediationdirectory solutions Few clients in Israel
•Built-in RADIUS proxy for 802.1X
support
HP Pro-Curve - •Both appliance-based and HP Pro-curve is gaining
Endpoint Integrity Agent ground in the Israeli LAN
•Strong management system market and therefore
(Identity Driven Manager) becoming an important
NAC player.
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 33
34. Information
NAC –Solutions Security
-Network Sec
Solution Value for Customer Notes
Insightix –NAC (Israeli •Real-time "state" of all devices connected Few implementations in
vendor) to the network Israel and abroad.
•Agentless visibility functionality Integrators: Bynet and
•Cross-vendor platform Overline
Juniper -UAC •Impressive array of enforcement options Some of the features
•supports third-party HW via 802.1x require other Juniper
Your Text here Your Text here in the
components
network (FW, IDS…)
McAfee -MNAC •comprehensive client security suite Best fit McAfee clients.
•One of the better integration strategies Strong EP player with NAC
with Microsoft NAP functionality
Microsoft -NAP •Has one of the strongest access and Integrate with many other
enforcement architectures NAC solutions. contributor
•Uses Forefront and AD for superior to the standardization of
policy management NAC
34
35. Information
NAC –Solutions Security
-Network Sec
Solution Value for Customer Notes
Nortel -SNA •Cross-platform device support unmanaged
•Appliance that collects contextual user and device
infrastructure information from multiple support -via NAP
network sources
Symantec -SNAC •Pure software-based solution Very good solution
•Provide strong threat protection solutions for EPS customers
Your Text here •One of the most comprehensive reporting Text here
Your
and auditing frameworks
XOR –SWAT •MAC based NAC Dozens of
(Israeli •Provides access control for switches and implementations in
vendor) devices that don’t support 802.1x Israel
•Cost effective 80-20 solution
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 35
36. Information
STKI Israeli Positioning
Security
-Network Sec
Not a technological positioning, refers only to Israeli market•
Focused on enterprise market (not SMB)•
Vendor A
Not an STKI recommendation•
Market Presence (X) Vendor B
Local Support
Market share - existing and new sales (more emphasis)
Mind share (how user organizations rate vendors)
Local Support (Y) – is influenced by (X) Worldwide
Leader
Experience & technical knowledge, localization,
support, number and kind of integrators
Worldwide leaders marked, based on global positioning
Vendors to watch: Are only just entering israeli market
so can’t be positioned but should be watched
Vendors to Watch:
Vendor C
Market Presence
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 36
37. NAC Information
Security
-Network Sec
- Israeli Market Positioning 1Q09
Vendors to Watch:
HP Procurve
Check Point
Microsoft
Local Support
Cisco
Player
Symantec
Worldwide
Juniper XOR SWAT
Access Layers Leader
Enterasys Leap
McAfee
ForeScout
Insightix
Nortel
This analysis should be used with its
supporting documents
Market Presence
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 37
38. Information
Endpoint Security Security
-EPS
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 38
39. Information
Endpoint Security -Threats Security
-EPS
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 39
40. Information
Endpoint Security -Protection Security
-EPS
Organization
Outside
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 40
41. Information
Endpoint Security -Protection Security
-EPS
Organization
Outside
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 41
42. Information
Endpoint Security -Protection Security
-EPS
Anti X
DLP
Organization
NAC
Outside
Your Text here Your Text here
Manageability
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 42
43. Anti -X Suites Information
Security
- Israeli Market Positioning 1Q09 (Enterprise Leaders Only) -EPS
Symantec
Local Support
McAfee
Trend Micro Player
Worldwide
Leader
Microsoft
This analysis should be used with its
supporting documents
Market Presence
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 43
44. Data Centric Security Data Centric
Security
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 44
45. Data Centric
Data Centric Approach Security
Your Text here Your Text here
Build a wall – “perimeter “Business of Security” – Security
security” is built into the business process
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 45
46. Data Centric
Data Centric Security Arena Security
DLP ERM
Database
Encryption
Protection
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 46
47. Data Centric
Data Centric Approach Security
Business
Efficiency
Ubiquitous Regulatory
access to
Your Text here
information Business Compliance here
Your Text
Goals for
Security
Today
Protection Protection
from of Assets
Financial from
Loss Threats
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 47
48. Data Centric
Data Centric Approach Security
Develop practical
end–to-end solutions
that will protect your
information right
now with what you
Identifying, Defining
now have
& Assessing your Provide a pure and total
Data, Intellectual focus on this complex,
Capital and mission-critical area
Your Electronic Assets
Text here Your Text here
Security is
Business perspective an End-to-end view and full
approach – top down life-cycle security
ongoing
Process
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 48
49. Data Centric
Data Leak/Loss Prevention Security
-DLP
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 49
50. Data Centric
Data Leak /Loss Prevention Security
-DLP
DLP is an overall framework into which different elements fit
There are three types of data that may leak:
• Data at rest
• Data in transit
• Data on endpoints
Your Text here Your Text here
No single DLP focus area is full proof, an optimal solution
should cover all three areas
DLP is a growing area, and vendors react accordingly
It is suggested to use full-suite vendors in order
to avoid integration problems
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 50
51. Data Centric
DLP –Market Status Security
-DLP
DLP Deployments Status -Israel 1Q09
Solution Deployed
20%
Your Text here
PlanYour Text here
to Deploy
Not "There" Yet Soon
60% 20%
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 51
52. Data Centric
DLP–World Trends Security
-DLP
Your Text here Your Text here
Source: Aberdeen Research
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 52
53. Data Centric
DLP –Market Status & Players Security
-DLP
World Leaders (consolidation in progress…):
• Symantec (Acquired Vontu, 2007, 350$ M)
• Websense (Acquired PortAuthority 2007, 90$ M)
• Reconnex (Acquired by McAfee, July 2008, 46$ M)
• Tablus Text here
Your (Acquired by RSA, 2007, 40$ M) Your Text here
• Vericept ? Workshare?
Main drivers for DLP are:
• Regulations such as Payment Card Industry (PCI),
Accountability Act (HIPAA)
• e-mail security, instant messaging (IM) and
endpoint monitoring solutions
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 53
54. Data Centric
DLP - Israeli Market Positioning 1Q09 Security
-DLP
Vendors to Watch:
ProofPoint
Workshare
IBM (ISS)
Local Support
Player
Worldwide
Leader
Websense
Fast
Movement
McAfee
Verdasys
Symantec
This analysis should be used with its
supporting documents
RSA
Market Presence
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 54
55. Data Centric
ERM
Security
(Enterprise Rights Management) -ERM
Enterprise Rights Management (ERM) technology—also
known as Enterprise DRM or Information Rights
Management (IRM)
What is it?
• ERMYour Text hereencrypting files that contain Your Text hereand only
entails content
allowing those users or devices that have proper
credentials to decrypt the files and access the content
Awareness of ERM has increased
ERM has been growing steadily since it became a
technology category unto itself about five years ago
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 55
56. Applications and File Formats Data Centric
Security
Used in ERM Implementations -ERM
Your Text here Your Text here
Source: Gilbane Group
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 56
57. Data Centric
ERM –How Does it Work?
Security
-DLP
SQL Server
Active Directory 1. New user is authorized to use RMS
2. The User defines set of rules and content
usage rights for the data he wants to
share – He is the data owner
RMS Server 3. User distributes data to relevant recipients
Your Text here Your Text here
4. When recipient tries to open a file –a
1 4 request is sent to the RMS Server in
order to authorize/deny access
5. RMS enforces rules made by the data
2 3 5 owner
Data owner Recipient
Source: Microsoft Israel
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 57
58. Data Centric
ERM -Israeli Market Players Security
-ERM
Microsoft -Rights Management Services
EMC- EMC Documentum IRM Product Suite
Oracle - Oracle Information Rights Management
Adobe –Adobe LifeCycle Rights Management
SU:
IsraeliYour Text here Your Text here
Secure Islands -A provider of an advanced information
protection and control (IPC) solution
Covertix –Develops innovative software technology to
track, monitor and control documents and files within
and outside the organization
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 58
59. Data Centric
Security
DB Protection –Market Status -DB
Protections
DB Protection Deployments Status -Israel 1Q09
Leading Israeli Players: Not "There"
•Sentrigo Yet
49%
•Imperva Plan to
•Oracle DB Vault Deploy Soon
•Guardium Text here
Your 30% Solution Your Text here
Deployed
20%
DB encryption: OtherDo Not
Decru –by NetApp Know
1%
Ged-i (Israeli SU): offers
high-level encryption to
Storage Data
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 59
60. Data Centric
Security
Masking of Production Data -Data
Masking
What is it?
• The process of data masking is designed to ―de-identify‖ data,
such that the data remains based on real information, but no
longer has any practical usage or application
What is the need?
• The drive to outsource and offshore application development
and Your Text here
testing work means that organizations will have little control
Your Text here
over who gets to see their data
• Test environments are not physically as secure as production
systems
What can go wrong?
• Sensitive data might be downloaded to laptops and stolen
• Employees might misuse sensitive information and engage in
fraudulent activity
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 60
61. Data Centric
Security
Masking of Production Data -Data
Masking
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 61
62. Data Centric
Security
Masking of Production Data -Data
Masking
Your Text here Your Text here
Source: Securosis.com
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 62
63. Data Centric
Security
Masking of Production Data -Data
Masking
Israeli market players (alphabetize):
• Compuware (File-AID) –Few
implementations
• DataVantage (Global)
Your Text here Your Text here
• IBM (Optim) –Few POCs
• Informatica (PowerCenter) - Few POCs
• Oracle (Enterprise Manager Data Masking) –
For Oracle DBs only
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 63
64. SIEM/SOC SIEM/SOC
Your Text here Your Text here
64
65. SIEM/SOC SIEM/SOC
What is SIEM?
• Security Information & Event Management
What is SOC?
• Security Operation Center
• Collects and analyzes all log data and basic event management
Your Text here Your Text here
• monitors and manages all aspects of enterprise security in real
time, from a single, centralized location
• The NOC of security
Why do we need it?
• Need for real-time awareness of internal/ external threats
• Ensure business continuity and comply with regulations
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 65
66. Silos of Redundant Information SIEM/SOC
Management
Your Text here Your Text here
Source: Network Intelligence
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 66
67. An Enterprise Platform for Compliance SIEM/SOC
and Security
Your Text here Your Text here
SIEM
Source: Network Intelligence
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 67
68. SIEM/SOC -Israeli Trends SIEM/SOC
CA has been the first to enter the market and gained
considerable market share in the high-end market
ArcSight was introduced two years later. This solution was
easer to deploy and much easer to manage
End ofYour Text here
2007: Symantec SSIM and RSA Envision were
Your Text here
introduced to the market, both easy to deploy, scalable
and relatively intuitive
CA has lost some of it market share to the other new
comers
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 68
69. SIEM/SOC -Israeli Players SIEM/SOC
Solution Leading Integrators
ArcSight We (Exclusive representative)
CA 1. Netcom
2. TrustNet
3. Ness
Cisco 1. Bynet
Your Text here 2. Netcom Your Text here
RSA 1. TrustNet
2. Xor
3. Bynet
IBM Ness
NetIQ Calcom (Exclusive representative)
Symantec 1. Netcom
2. Bynet
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 69
70. SIEM/SOC SIEM/SOC
- Israeli Market Positioning 1Q09
Vendors to Watch:
IBM -MSS
TriGeo
Local Support
ArcSight Player
Worldwide
Leader
RSA
Fast
Symantec
Movement
CA
IBM
Cisco
This analysis should be used with its
NetIQ supporting documents
Market Presence
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 70
71. Next Generation SIEM/SOC: MSS
SIEM/SOC
-MSS
What does MSS offer?
-Comprehensive solution for security management:
• Firewall/EP Management Service
• Intrusion Detection & Prevention Management Service
• Vulnerability Management Service
Your Text here Your Text here
Why should we go there?
• Cost effective!
• Use of best-of-breed security
Why shouldn’t we?
• Who owns my data?
• No one else in Israel goes there…yet
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 71
72. SIEM/SOC
MSS Trends in Israel -MSS
STKI observation: MSS is well accepted in SMB
organizations, but Israeli CISOs in enterprises still
strongly oppose this trend
The current economic downturn should encourage
Your Text here Your Text here
some enterprises to reconsider MSS
MSS providers addresses the management (CFOs and
CEOs) in order to attract new clients
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 72
73. SIEM/SOC
MSS –World Leaders -MSS
Delivery
Great Potential for:
•Current world leaders (IBM, Symantec)
• local ISPs
•Network integrators
•Traditional OS players
Market Penetration
(Source: Frost and Sullivan)
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 73
74. Identity & Access Management (IDM/IAM)
IDM/IAM
Your Text here Your Text here
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 74
75. IDM Global Mega Trends IDM/IAM
Fraud and identity theft will increase strong
authentication use
Strong authentication and SSO will strengthen their ties
Context-based authorization will put risk analysis here
Your Text here Your Text into
access control decisions
Physical and logical security will continue to converge
Federation will slowly grow
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 75
76. IDM/IAM Savings IDM/IAM
Your Text here Your Text here
Source: http://blogs.technet.com/mcs-ireland-infrastructure/default.aspx
Shahar Maor’s work Copyright 2009 @STKI Do not remove source or attribution from any graphic or portion of graphic 76