The high-end of the firewall market has really been dominated by two companies: Crossbeam Systems (with Check Point Software) and Juniper Networks. Over the past few years, these two firms won most of the high revenue/high margin enterprise and service provider deals.

Of course, others took notice and wanted their own piece of the pie. Cisco came out with its ASA 5580 a few years back. Network security guru Sourcefire introduced a high-end hardware architecture and a firewall in 2011. Finally, Check Point jumped in with its own high-end hardware as well.

As if this space wasn’t crowded enough, F5 Networks threw its hat in the ring this week with the announcement that its Big-IP 11.1 software passed the ISCA Labs test for network firewalls.

This may seem like just another feature for Big-IP but it’s not. F5 has a unique position amongst its competitors because:

READ MORE …

As they grapple with a growing crop of increasingly sophisticated threats that know no political borders, nations must dramatically improve their framework for coordinating on cybersecurity policy and preventing and responding to attacks, according to a new study sponsored by security software vendor McAfee.

McAfee commissioned the Security and Defense Agenda (SDA), a prominent think tank based in Brussels, to canvas global leaders and cybersecurity experts for the report entitled, “Cybersecurity: The Vexed Question of Global Rules,” released at an event here on Monday.

The authors of the report emphasized the need for sharing information about threats in real time, both among nations around the globe and between the public and private sectors in any given country.

READ MORE …

The Internal Revenue Service and the Department of Justice teamed up for a coast-to-coast crackdown on identity thieves this week.

The coast-to-coast law enforcement onslaught arrested 105 people in 23 states and included indictments, arrests and the execution of search warrants involving the potential theft of thousands of identities and taxpayer refunds, the IRS stated. In all, 939 criminal charges are included in the 69 indictments and information related to identity theft.

READ MORE …

Can industry heavyweights Google, PayPal, Microsoft and AOL — along with 11 others in high-tech such as Facebook and LinkedIn, as well as the financial world’s Bank of America and Fidelity Investments — succeed in stopping phishing attacks right in their tracks? In uniting behind an effort called DMARC.org unveiled today, the group says it can through policy-based steps filter out spoofed email that attackers use for phishing.

“Whether you are an enterprise or offering a consumer service, you can apply this policy now,” says Brett McDowell, senior manager of customer security initiatives at PayPal, who is chairman of the organization DMARC, which stands for “Domain-based Message Authentication, Reporting and Conformance.” The DMARC.org site today published guidelines and the specification for its technology, which makes use of the well-known standards Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), two basic approaches widely used today for authenticating email.

READ MORE …

Two recent studies show that if organizations simply focused on IT security basics, they’d make great strides in reducing their risk of embarrassing, avoidable and often costly data breaches.

Security firm Imperva examined attack trends across 40 applications and monitored millions of attacks that targeted web applications for the six-month period spanning June through November of last year. The firm found that attackers like to target five relatively common application vulnerabilities: remote file inclusion, SQL injection, local file inclusion, cross site scripting and directory traversal attacks. The majority of these attack vectors have been significant problems for years.

Rafal Los, chief security evangelist, HP Software Worldwide, says the industry’s inability to rid itself of lingering and well-understood software vulnerabilities isn’t a problem due to lack of technology. “It’s now a behavioral problem. Development organizations have more resources than ever to create a rational, security-infused software development lifecycle (SDLC) which doesn’t ‘bolt-on’ security at the very last stages,” says Los. “Until security becomes a fundamental business objective, the behaviors that today lead to things like SQL injection will continue. We need to “hack” the business relationship – from there I firmly believe things will finally start to get better.”

READ MORE …

Keeping it simple isn’t safe online.

As we leave a season of significant growth in online shopping, another story questions the security of online shopping.

Zappos, a popular online retailer, revealed Jan. 15 that more than 24 million of its customers’ records were stolen by hackers. Although full credit card content was encrypted due to compliance requirements enforced by Visa and MasterCard, other data such as customer e-mail addresses, shipping and billing addresses, phone numbers, the last four digits of the credit card and passwords were compromised.

The passwords, which are commonly used by consumers on various Internet sites, are the biggest concern. The password data were cryptographically scrambled, but hackers have free easy access to tools to descramble them.

READ MORE …

The European Commission has put forward the suggestion as part of a new directive and regulation.

The new rules include users’ “right to be forgotten” and an obligation on organisations to report data breaches “as soon as possible”.

The boss of one tech-focused organisation described the proposals as a “tax” on firms holding customer data

READ MORE …

The European Parliament’s website fell under a distributed denial-of-service attack (DDOS) on Thursday in what the organization classified as retaliation for the shutdown of the Megaupload file-sharing site and an anti-counterfeiting trade agreement.

The Parliament issued a statement saying it had acted to reduce the impact of the attacks, but the site was still down as of mid-afternoon Thursday.

Take the data breach quiz

Anonymous, a loose-knit group of hackers and digital activists, has undertaken a series of DDOS attacks against government websites and other organizations following last week’s international take-down of Megaupload, whose operators are wanted by U.S. authorities for alleged copyright infringement related offenses.

READ MORE …

Cloud computing can and does mean different things to different people. The common characteristics most share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and dislocation of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.

READ MORE …