Integration and Intelligence, Part 3: Toward Dynamic Defense


Last week, two vendor announcements were made that, on the surface, appear to be unrelated. Both, however, reflect larger trends that I’ve been following here – and despite appearances to the contrary, they also have some interesting traits in common. On Wednesday, Blue Coat announced its intent to acquire Solera Networks and its deep security [...]



By | May 29th, 2013|Security|1 Comment

Security in 2013: The “Productization” of Big Data


(UPDATE: This week, both IBM and EMC's RSA Security Division announced new Big Data initiatives in security. More to come on this front...) In my last post, I noted that I expect intelligence and the coordination and integration of defense technologies to be key drivers of the IT security market in 2013.  This is not [...]



By | January 29th, 2013|Security|1 Comment

Validating the Rise of Data-Driven Security: EMC/RSA Acquires Silver Tail


This morning, EMC’s RSA Security Division announced its intent to acquire Silver Tail Systems. The press release is here. I’ve written about Silver Tail before, going back to one of my first posts on the rise of data-driven security. In a five-part blog series introduced by that post, I described how data-driven security is evolving [...]



By | October 30th, 2012|Security|0 Comments

When Breaches Affect a Lot More than the Victim: How Much Security Is Enough?


Another report of a breach at a technology vendor much of the industry depends upon for security and trust; this time, Verisign. The most immediate concern about this incident was that the attacks in question occurred in 2010, and were not widely known until Reuters discovered the disclosure in the company’s reporting as required to [...]



By | February 3rd, 2012|Security|0 Comments

EMC/RSA Acquires NetWitness: Data-Driven Security Goes Mainstream


No sooner had the ink dried on RSA's disclosure of the nature of the attack that resulted in its high-profile breach than NetWitness, RSA's partner in investigating this incident, announced its acquisition by RSA parent EMC. (Given the fact that the deal is already closed, it's safe to assume that due diligence well preceded this event.) [...]



By | April 4th, 2011|Security|2 Comments

RSA Describes Breach Attack (and the Problem with APT)


Catching up after a long weekend spent (mostly) offline, and digesting RSA’s Friday disclosure regarding its recent breach. In the plus column for RSA: At least they made an effort to communicate some detail, albeit late, and at no small risk to their reputation no matter how their statement would be received. They were reasonably forthcoming [...]



By | April 4th, 2011|Security|0 Comments

RSA SecurID Breach Update: (Some) Additional Info Provided to Customers


A short while ago, RSA released an additional customer advisory (customer login required) regarding the breach of SecurID information disclosed last Thursday. In my updated initial take on the breach, I noted that: To date, RSA has disclosed no detail about exactly what was compromised or how, leaving customers with no actionable information regarding their [...]



By | March 22nd, 2011|Security|0 Comments

RSA Breach of SecurID Information: Initial Take


(Updated: Commentary on RSA's disclosure and SecurCare advisory of March 17) Yesterday, RSA Security disclosed that it had been the victim of a security breach that, according to Executive Chairman Art Coviello's open letter to customers, resulted in the exposure of information "specifically related to RSA's SecurID two-factor authentication products." Coviello's letter goes on to [...]



By | March 18th, 2011|Security|0 Comments
Load More Posts