Monday, February 18, 2013

What's Hot in Security?

These days, I am getting a lot of calls for security solutions.  I would say we are busier than ever.  Here are what people are asking us for:

1.) SIEM - Tons of customers are either ripping out old log management solutions and replacing them or they are just now getting around to implementing these.  This space is fairly competitive.  I'm running into McAfee Nitro, Dell SecureWorks, LogLogic, LogRythm, Tripwire and of course the one we sell QRadar.
2.) Database Security - This is a really hot area right now.  So many of our customers are trying to put better controls on their databases.  They want to ensure that any unacceptable database queries are stopped or at least alerted on.  They want to ensure that even privileged users (DBAs) are controlled.  They want to mask certain data from being seen in the tables.  They want comprehensive audit reporting.  And they want all this with little to no performance penalty on the database.  I usually only see Imperva and Guardium in this market space although occasionally the Oracle shops tend to go for Oracle's solution.  IBM Guardium rocks in this space.
3.) Application Security - We are working with quite a few customers who develop web applications in house for their Internet/Extranet, etc... There are a few spots where they are looking for help securing these applications.  One is adhoc pen testing.  Simply periodic testing of their web facing applications to ensure there are no new vulnerabilities.  Second is during the software development lifecycle.  It is widely known that its much more expensive to fix a bug after it is already deployed to production than catching it before it makes it to Prod.  So scanning the source code and checking for vulnerabilities during the development process is much less expensive to resolve.  AppScan is tops in this space at detecting and helping to solve these problems.
4.) Identity and Access - Many companies do this already, but I've helped companies who are on their first, second and 3rd deployments of Identity and Access.  So this is not really slowing down.  The interesting thing about this space is that over the last several years there has been a distinguishing line between Governance solutions and User Admin and Provisioning solutions.  Many vendors have both included with-in their respective Identity Management solution, but in almost every case the Governance solution was a different acquisition from the User Provisioning solution.  Anyhow this space is mature.  For larger companies I am always running into Oracle and CA.  We tend to recommend IBM at our company.  But in smaller customers, there are many other options out there such as Microsoft, Sailpoint, Aveksa, Centrify and Courion.  Sometimes we recommend a combination.  We occasionally like an Aveksa + IBM solution for Identity Management.  IBM's most flexible and mature provisioning solution accompanied by the user friendly governance offering from Aveksa is sometimes a great match.  The options are plentiful.
5.) Privileged User Management - This comes up a lot with customers these days.  Controlling what the root and admin users are doing is very important to those who are heavily regulated.  The vendors I run into most in this space are CyberArk and Centrify.  CyberArk seems to be a favorite among many people.  They like the fact that it records video of what the admins are actually doing.  Pretty cool.  Centrify is a nice solution as well.  IBM release a PIM solution at the end of 2012 which integrates its Identity Management offering + ESSO.  Check in and check out the privileged user accounts, audit who uses the accounts and what did they access, etc....

We run into plenty of infrastructure projects as well Firewalls, IDS/IPS, etc...., but every day I get a call about one of the 5 above and not necessarily in that order.  Security is very hot right now.

No comments: