Monday, February 18, 2013

What's Hot in Security?

These days, I am getting a lot of calls for security solutions.  I would say we are busier than ever.  Here are what people are asking us for:

1.) SIEM - Tons of customers are either ripping out old log management solutions and replacing them or they are just now getting around to implementing these.  This space is fairly competitive.  I'm running into McAfee Nitro, Dell SecureWorks, LogLogic, LogRythm, Tripwire and of course the one we sell QRadar.
2.) Database Security - This is a really hot area right now.  So many of our customers are trying to put better controls on their databases.  They want to ensure that any unacceptable database queries are stopped or at least alerted on.  They want to ensure that even privileged users (DBAs) are controlled.  They want to mask certain data from being seen in the tables.  They want comprehensive audit reporting.  And they want all this with little to no performance penalty on the database.  I usually only see Imperva and Guardium in this market space although occasionally the Oracle shops tend to go for Oracle's solution.  IBM Guardium rocks in this space.
3.) Application Security - We are working with quite a few customers who develop web applications in house for their Internet/Extranet, etc... There are a few spots where they are looking for help securing these applications.  One is adhoc pen testing.  Simply periodic testing of their web facing applications to ensure there are no new vulnerabilities.  Second is during the software development lifecycle.  It is widely known that its much more expensive to fix a bug after it is already deployed to production than catching it before it makes it to Prod.  So scanning the source code and checking for vulnerabilities during the development process is much less expensive to resolve.  AppScan is tops in this space at detecting and helping to solve these problems.
4.) Identity and Access - Many companies do this already, but I've helped companies who are on their first, second and 3rd deployments of Identity and Access.  So this is not really slowing down.  The interesting thing about this space is that over the last several years there has been a distinguishing line between Governance solutions and User Admin and Provisioning solutions.  Many vendors have both included with-in their respective Identity Management solution, but in almost every case the Governance solution was a different acquisition from the User Provisioning solution.  Anyhow this space is mature.  For larger companies I am always running into Oracle and CA.  We tend to recommend IBM at our company.  But in smaller customers, there are many other options out there such as Microsoft, Sailpoint, Aveksa, Centrify and Courion.  Sometimes we recommend a combination.  We occasionally like an Aveksa + IBM solution for Identity Management.  IBM's most flexible and mature provisioning solution accompanied by the user friendly governance offering from Aveksa is sometimes a great match.  The options are plentiful.
5.) Privileged User Management - This comes up a lot with customers these days.  Controlling what the root and admin users are doing is very important to those who are heavily regulated.  The vendors I run into most in this space are CyberArk and Centrify.  CyberArk seems to be a favorite among many people.  They like the fact that it records video of what the admins are actually doing.  Pretty cool.  Centrify is a nice solution as well.  IBM release a PIM solution at the end of 2012 which integrates its Identity Management offering + ESSO.  Check in and check out the privileged user accounts, audit who uses the accounts and what did they access, etc....

We run into plenty of infrastructure projects as well Firewalls, IDS/IPS, etc...., but every day I get a call about one of the 5 above and not necessarily in that order.  Security is very hot right now.

Tulsa, OK

Visiting some clients this week I figured I would stay in downtown Tulsa.  So I booked a night at the Courtyard.  The Atlas Life building was built in 1922 and they have kept a lot of the charming old doors and some of the decor which is cool.  Unfortunately I drew the short straw on the view from my room.

IBM Security Brand

This is sort of old news, but for some folks its completely new stuff.  For a number of years I worked with IBM products in the Lotus brand and then the Tivoli brand.  Tivoli was a huge brand including many different kinds of software solutions from asset management to security.  I believe there were hundreds of software titles in the Tivoli brand.  The security products I worked with were a handful in the ocean of Tivoli products.  But at IBM there were other handfuls of security products sprinkled through-out the other brands.  With the acquisition of Q1 Labs IBM also announce a new brand called IBM Security.  Like Tivoli, IBM Security is its own business unit at IBM.  Most of the products from all of the other brands that had anything to do with security have been moved with-in the IBM Security organization.  This is good.  It helps IBM and partners articulate a consistent message and strategy to customers.  From support to development the expectation is that all of the products with-in the security organization will gain more consistency in development lifecycle, and will improve integrations between all of the security products.

So for those who are not up to speed on the new product names and versions, I'll mention some here

IBM Security Identity Manager (SIM) formerly known as IBM Tivoli Identity Manager
IBM Security Access Manager for eBusiness (SAM) formerly known as IBM Tivoli Access Manager for eBusiness
IBM Security Access Manager for Enterprise Single Sign On (SAM ESSO) formerly known as IBM Tivoli Access Manager for Enterprise Single Sign On
IBM Security Directory Server formerly known as IBM Tivoli Directory Server

You kind of get the idea.  The acronyms are as silly as ever.

But there are other products from IBM which we are doing much more with:

IBM Security Identity and Access Assurance for one is a bundle of all of the IAM products and later in the year will likely include a SIEM solution again.

QRadar SIEM is a top notch security intelligence solution in the SIEM space and probably one of the best acquisitions IBM has made in security.

InfoSphere Guardium is another great IBM product top notch in data security.

AppScan is also head and shoulders above its competition in many ways and the market shows it.

So with all of these great solutions under one brand and the security division being led by a security guy, it has been very busy for us IBM leaning security people lately.

End of Life or New Beginning

I was inches from killing this blog once and for all.  For the past 2 years it sat idle collecting spam mainly.  Every now and then I would meet someone in my IBM circles who would say, "hey I think I've read your blog".  I'd replay, yeah I should really get out and do something about that thing.

Anyhow, Lots of reasons to not keep this thing going.  For one, I found it hard to mention in too much detail the kinds of things I was doing at customers sites.  Just trying to cleans the information was a task.  Second, it really did not attract a whole lot of input from the outside.  More often then not, someone was asking me a question about a problem they were having which would lead me on a wild goose chase to try and find a solution.  I hate not replying to people, but then again, I have a full time job already.  Thirdly, the material is a bit boring at times.

Well, times change and in my current role I actually do have more I could blog about than before.  But it still takes effort to get out here and say something half way intelligent.

So here it goes.  I'm going to try this again for a while and see if I can keep it up.  If it goes stagnant again, I'll just kill it altogether.