04:48 AM

Rethinking Security Technology

Emerging products find new approaches to some old security problems

12:48 PM -- Call it security: the next generation.

Over the past week, security vendors and startups have been launching a wide swath of products and technologies. Normally, this means we're getting rev 6 of Release 3.5.2. But this week, we've seen some genuine innovation -- and perhaps more importantly, some new approaches to solving some very old problems.

Just when you thought firewalls had dead-ended, for example, startup Palo Alto Networks launched a new firewall, the PA-4000, which can identify -- and restrict -- more than 400 types of application traffic. Instead of just two settings for Port 80 ("off" or "on") this firewall enables enterprises to allow, block, or truncate the use of all sorts of applications, including those running over SSL. If it works as promised, the PA-4000 could breathe new life into the firewall market. (See Startup Puts New Spin on Firewalls.)

Another startup, Sentrigo, launched a new product that could change the way enterprises attack the database security problem. Instead of relying on appliances that restrict network flow to and from the database -- or supplementary applications that suck up database server cycles -- Sentrigo's Hedgehog takes a software-only monitoring approach, attaching sensors to the database's cache memory. This method of securing the database could help keep insiders from tampering with the database and reduce server overhead. (See A New Approach to Database Security.)

How about a new take on virtual private networks? Recently, the old VPN has begun to look tired, because of its inability to adapt to mobile devices and its assumption that most of its users would be fixed-location employees. Yet Stonesoft is introducing a new SSL VPN product that works with a wide variety of mobile devices and lets companies give limited access to customers and trading partners. (See Stonesoft Seeks to Open Up VPNs.)

This rethinking of old problems isn't limited to the vendor community. Next week, analyst firm Enterprise Strategy Group is releasing data from a new survey that takes a hard look at how companies secure their intellectual property. Its conclusion: It's time to scrap the manual processes that dominate the IP discovery and classification process, and put in some real automation. (See Securing the 'Company Jewels'.)

Enterprises, meanwhile, are rethinking their approaches to one of the world's oldest problems: physical theft. After being burned several times in the last week, companies are beginning to recognize that one of the most common causes of "data loss" doesn't come from hackers, but from the theft of portable storage media. (See Stop, Thief!)

In an industry where end users often seem to be banging their heads against the same old brick walls (See People, Not Passwords, Are the Problem), it's refreshing to see that some companies are stepping back and thinking about new roads, rather than just repaving the cow paths. Here's hoping the trend continues.

— Tim Wilson, Site Editor, Dark Reading

  • Enterprise Strategy Group (ESG)
  • Palo Alto Networks Inc.
  • Sentrigo Inc.
  • Stonesoft Corp.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Who Does What in Cybersecurity at the C-Level
    Steve Zurier, Freelance Writer,  3/16/2018
    New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
    (ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    How to Cope with the IT Security Skills Shortage
    Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
    Flash Poll
    [Strategic Security Report] Navigating the Threat Intelligence Maze
    [Strategic Security Report] Navigating the Threat Intelligence Maze
    Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    Published: 2017-05-09
    NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

    Published: 2017-05-08
    unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

    Published: 2017-05-08
    A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

    Published: 2017-05-08
    Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

    Published: 2017-05-08
    Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.