News
4/5/2008
12:03 PM
Terry Sweeney
Terry Sweeney
Commentary
50%
50%

In Lockstep At RSA

Just a few days before the RSA show begins in San Francisco, it's HP and not EMC that's talking loudest about storage and security. Why is that odd? Maybe because EMC owns RSA.

Just a few days before the RSA show begins in San Francisco, it's HP and not EMC that's talking loudest about storage and security. Why is that odd? Maybe because EMC owns RSA.Recall about two years ago when all the major storage vendors went security shopping (or were acquired). Symantec bought Veritas, NetApp got Decru, and EMC scooped up RSA. The age of compliance and data privacy and malicious activity demanded the twinning of storage and security, the vendors said, and analysts and the trade press dutifully repeated it.

I don't think it's any less true. But it makes me wonder why EMC's being so circumspect with regard to RSA, especially after EMC chairman Joe Tucci's cameo at last year's RSA event. I guess you don't mess with a well-known brand name in a market that's as reticent or buttoned-down as security.

One other interesting addition to this year's RSA agenda: National politicians. Michael Chertoff, the head of the Department of Homeland Security, will deliver a keynote Tuesday and has even deigned to a sit-down with the press afterward. On Friday, Nobel laureate Al Gore grabs the mic, and with any luck, will not talk about how security products can reduce their carbon footprint. These two book-ended speakers remind us it is indeed an election year.

But for the next 72 hours, HP has the security microphone to itself with its new encryption product and key manager. We can expect to hear from IBM, Microsoft, Symantec, and others (probably even EMC) about data protection; compliance and policy enforcement; more secure USB drives; and the like. Two years after the storage=security consolidation, it also will be a good chance to see just how closely linked these two technologies really are.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8893
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-8894
Published: 2015-01-28
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

CVE-2014-8895
Published: 2015-01-28
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.

CVE-2014-8917
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media A...

CVE-2014-8920
Published: 2015-01-28
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.