In this year's information security ! Products and Services are building security into the cloud before adding their applications on it. It looks like the days where companies were retrofitting the security on their products after being attacked are behind us. Cloud Security Alliance Summit provided latest findings from CSA working groups on Cloud Threats, Metrics, and Control Mappings. Speakers addressed best practices with encryption, virtualization to and electronic discovery., the main focus was about securing the cloud. A lot has changed in the industry's perspective on
IBM had a big presence at the conference. Guardium's general manger spoke at a session at IBM booth on real time database monitoring and security. The acquisition of Guardium is a significant boost to the portfolio of IBM security products. Guardium's chief executive Ram Metser's comment “IBM has a very far-reaching vision for trusted information at the enterprise level,’’ regarding this acquisition is absolutely right. Guardium's products have two parallel functions. On the one hand, they carry out real-time monitoring to detect and prevent suspicious activity and, on the other, they automate and streamline tasks. This product is getting integrated with Information Management (IM) portfolio. IBM's booth for IPS, AppScan and Tivoli Identity products did attract huge crowds at the conference.
My focus at the conference was on securing web 2.0 sites. Last year I did not find any
out of the box product for content filtering on in-bound traffic. This
year a booth with bold banner "Deep packet Inspection" caught my
attention. The product manager at this booth said his company Bivio
networks has several network appliances which covers both breadth and
depth of traffic inspection. Bivio has a content URLs filtering
appliance for in-bound traffic! The price of this appliance could
vary any where between 100 to 200 k depending upon the capacity of the
There were several vendors with products for securing virtual machines. Organizations
using hypervisor technology and hardware design are much better
equipped to handle challenges of securing the Virtual systems. Many
security problems are changed by virtualization in the data centers.
Anti-virus tools and data leak prevention tools now have to gain
visibility to internals of virtual machines.