[SecurityRatty] tag: industry

"Catch Me, Yes YOU Can": Realized Threats at the Corner Store

Thu, 09 Oct 2008 20:00:00 +0000

just returned from the Payment Card Industry's 2008 Members Council Meeting in Orlando, Florida. We had a blast despite the mood being somewhat dampened as a result of the uncertainty of the global financial markets (heartfelt thanks to those wise souls who've been living outside of their means and taking undue personal and commercial financial risk...). Anyhew, I met so many interesting people from both merchants and from the card brands like Visa, MasterCard, American Express, Discover & JCB International Co., Ltd.

EM7 helping customers make the Deloitte Technology Fast 50?

Thu, 09 Oct 2008 18:15:42 +0000

Now in its 14^th year, Deloitte’s Technology Fast 50 program recognizes the fastest growing technology companies in a given geographic area. The basis of the selection is a company’s revenue growth over a five-year period. These companies can be public or private and can encompass all technology, media, telecommunications and life sciences industry sectors. Not all the regions have reported winners, but the results are in for Virginia and Maryland and we’re happy to say EM7 customers are very well represented by the ones that made it.

Congratulations to:

EM7 at the Merkle NOC

And we must point out that Hughes topped the Maryland Technology Fast 50 list with an astounding growth rate of 138,762% over the past 5 years! Wow, it would be tough for any company in the world to beat that growth rate, but all kudos must go to Hughes and this incredible achievement. I’m sure we’ll see them on the National Technology Fast 500 list coming out soon.

Now I would like to say that without ScienceLogic and EM7 much of this would not have been possible, but of course that statement would be an incredible stretch. What I can say is that our product and our technology has had a profound impact on the operational efficiency for HughesNet, so perhaps you can give us, using a basketball analogy, 12 assists in the game.

Interesting to note, several other award winners are in the midst of product evaluations as we speak. I think that EM7 Meta-Appliances are a strategic weapon within each of these businesses to leverage our technology in interesting ways which create huge organizational value and operational efficiencies.

So to all those companies who have won this year… a BIG congratulations from the bottom of my heart. For our existing customers who made the list this year… keep working hard so you can make it again next year. For ScienceLogic, stay tuned in: We were not quite big enough to make the list last year, however I am very excited about our growth in 2008 and am quietly confident that you will see us on the Virginia Fast 50 list next year!

M&A Patterns in the Security Space

Wed, 08 Oct 2008 10:12:27 +0000

Mergers and acquisitions in the information security industry always come in waves, just like they do in the IT industry. After every wave, there is always talk of "consolidation" and "enterprises want one stop shopping" and that talk is always proven wrong. Just as in the overall IT industry, the majority of mergers and acquisitions do not succeed and the ones that do are all about rationalization, not consolidation adjacent areas of the market coming together into platforms that make sense to deliver security controls that have lower total cost of ownership to deal with older threats or provide more effective security against evolving threats.

There are some clear failure patterns for mergers and acquisitions in the security space:

Those that only have the single vendor argument as justification see Symantec exiting the network security space it got by acquiring Raptor and Recourse and CA selling what was left of SilentRunner.
Those that are essentially two sinking ships roping themselves together too numerous to mention.

Some clear patterns that can lead to success:

Host or network based security "platforms" acquiring technology to add protection vs. building it themselves: firewall companies acquire and integrate network IPS, AV companies acquiring anti-spyware and host-based IPS to integrate into end point protection platforms.
Major IT platform companies acquiring let the good guys in technology such as IAM products to embed access control and authentication capabilities into these business-driven products

Easily six out of 10 mergers fit the failure pattern. Plus, after every wave of acquisitions, for every company that disappears two or three new ones pop up. That's one of the reasons why the information security space is so interesting and complex between changing threats, changing business practices, and changing technology, nothing stays still.

Are Business Risk and Technical Security Part of a Natural Fourier Series?

Wed, 08 Oct 2008 06:25:03 +0000

Decade after decade politics moves from regulated economies to de-regulated economies. Changes are usually are triggered by “unpredictable events” (in political speak). We are almost certainly about to go onto a period of heavy government regulation of the financial services industry where “unpredictable events” or “failure” in plain English is blamed on inadequate of regulation. [...]

Information Assurance Education: A Work In Progress

Wed, 08 Oct 2008 00:42:06 +0000

The recognition that we need improved computer security education has increased over the past several years. Recent cyberattacks in Georgia and Estonia exemplify the new threats faced by economies that rely on the Internet. Thus, more people see the need to protect cyberspace—which translates into improving computer security in all aspects of computer use—as crucial for everyone, not merely for those who work with technology. In this column, we reflect on emerging opportunities and challenges in instruction as well as the need for increasing the partnerships among industry, government, and academia to foster mutual understanding of challenges and joint participation in solutions.

CAN-SPAM: What went wrong?

Sun, 05 Oct 2008 20:00:00 +0000

Five years ago, the U.S. tech industry, politicians and Internet users were wringing their hands over the escalating problem of spam.

Major Industries Drop The Ball On Data Security

Fri, 03 Oct 2008 10:10:17 +0000

Verizon, recently analyzed "four years of data from over 500 cases worked by the Verizon Business Investigative Response team," to produce a report that gives an in-depth look into how data breaches are occurring in four major industry groups: financial services, food and beverage, retail, and technology services.

XRumer Spambot Cracks Captchas

Fri, 03 Oct 2008 07:40:21 +0000

We’ve known CAPTCHAs are insecure for some time, but now even the CAPTCHA-alternatives (often based on identifying cats from dogs or other animals) have proven insecure. Gmail, Windows Live hotmail and other popular sites were hacked as early as February. Recently another defeat has come in the form of XRumer, a spam bot that posts messages on blogs and through email in order to boost search engine rankings.

What’s the solution? Ars Technica suggests there might not be a good one, in part because malware distributors can go so far as to hire real people to do their dirty work:

Instead of trying to build better CAPTCHA-cracking programs, the malware industry went out and got itself some humans of its own. This effectively bypasses the primary security strength of the CAPTCHA system and leaves it entirely dependent on what we’ll call secondary security characteristics. CAPTCHAs are often complex (particularly these days), which does increase the chance that they’ll be misread (and returned incorrectly), while the font and display of the characters themselves are at least somewhat unfamiliar to the CAPTCHA crackers sitting on the other side of the world.

Sometimes those captcha phrases are pretty incoherent to me too. When I post over at Craigslist sometimes it says I’ve gotten its Captcha wrong, and I end up wondering if secretly I’m a bot?? Apparently not a very smart one either.

Credit-card security standard issued after much debate

Tue, 30 Sep 2008 20:00:00 +0000

The Payment Card Industry Security Standards Council, the organization that sets technical requirements for processing credit- and debit-cards, today issued revised security rules, while also indicating next year it will focus on new guidelines for end-to-end encryption, payment machines and virtualization.

IBM software bundle targets retail theft, data breaches

Tue, 30 Sep 2008 20:00:00 +0000

IBM is targeting retail security with a package of software and services designed to prevent physical loss of merchandise, protect against electronic threats and comply with credit card industry regulations.