Gartner to outline security trends in upcoming Information Security Summit

When it comes to information security, should companies be buying best-of-breed products from a number of vendors or stick with a single vendor for cost or other reasons? And what are the latest trends gaining momentum today in IT security?

Those questions and many more will be in the spotlight at the upcoming Information Security Summit in Washington, D.C. later this month where Gartner analysts share their views on what enterprises want and vendors can deliver in a world fraught with hackers on one side and regulatory pressures on the other.

Plain and simple, "what's driving customers is data security, in terms of infrastructure protection and compliance," says Adam Hils, the research analyst who will present Gartner's security-market forecast at the conference.

Some Gartner research shows IT security customers are torn by whether to stick with one vendor or go with standalone/best of breed products when it comes to basic buying strategies. Gartner advocates "best of breed — as long as it works with what you have," Hils says.

IT security customers are inclined as never before to a one-vendor strategy — it may be because of budget pressures since there's the perception that this may be cost-savings — but Gartner's advice is to keep the focus on best-of-breed, particularly when a major upgrade is envisioned and new technologies are on the horizon.

A good example is "the next-generation firewall, which combines the network firewall and intrusion-prevention system," Hils says. Vendors in this arena vary widely in terms of their equipment, although most of them aren't yet doing it all that well — though Hils said Juniper seems to be in the forefront for now.

According to Gartner, some of the most exciting areas today are managed services, or security as a service, where customers expect vendors to undertake full-time management responsibilities, either through support of dedicated customer equipment or by delivering cloud-based services.

While e-mail antispam and security filtering is becoming widely adopted, another area, security information and event management (SIEM), which involves complex aggregation and analysis of log data from many data sources, is also gaining uptake from customers, Hils says.

Large firms, including IBM and Symantec, offer managed SIEM services, but several smaller security firms, including SecureWorks, are providers, too. LogLogic is also one whose technology is often used by other providers.

While advanced SIEM equipment is still seen as a big-ticket item afforded mainly by large enterprises, increasingly there are options, like TriGeo, aimed at the small-to-midsized business market, Hils says. The wider SIEM adoption is being driven by compliance pressures, such as the Payment Card Industry (PCI) data-security standards, for log management, he notes.

Chris Whitener, HP's security strategist who plans to attend the Gartner event, agrees regulatory concerns pay a big role in driving SIEM adoption. He said HP has a close partnership with SIEM vendor SenSage, offering its technology in a hardware appliance because regulations governing the financial and oil industries ask for a separate logging system. "A lot of the regulation asks for the SIEM to be separate, not with the rest of the data warehouse," Whitener says.

HP both makes security products of its own, including encryption tools, and also re-sells third-partner security products or adds them as blades (McAfee security being one) for its ProCurve switches. So HP is somewhat philosophical about the best-of-breed vs. single security vendor argument.

"Look, I recently visited a bank that had 200 security vendors and they were going nuts," says Whitener, adding HP's approach as a systems integrator is to offer a "security blueprint" backed by its own evaluations of third-party security products.

Not surprisingly, enterprise customers do keep score on what security vendor has won their business.

When Gartner asked 468 IT professionals to name their "primary provider" of security software and appliances, the main picks were Symantec, Microsoft, McAfee, Cisco, Trend Micro and IBM, each with 5% or more of responses, though more than a dozen other vendors were cited as well.

The most mentioned for managed security service providers in that survey were Symantec, IBM ISS, VeriSign and AT&T by 9% each or more, though 20 others were also named, including Verizon Business, T-Systems and Unisys.

Apple is sued after pressuring open-source iTunes project

The operator of a technology discussion forum has sued Apple, claiming that the company used U.S. copyright law to curb legitimate discussion of its iTunes software.

The lawsuit, filed Monday, could test the limits of the U.S. Digital Millennium Copyright Act (DMCA). It centers around an open-source effort to help iPods and iPhones work with software other than Apple's iTunes. Last November Apple's lawyers demanded that the Bluwiki.com Web site remove a project called iPodhash, saying that it violated the DMCA's anti-circumvention provisions.

The lawsuit was filed jointly in U.S. District Court for the Northern District of California by the Electronic Frontier Foundation (EFF) and attorneys representing OdioWorks a small Herndon, Virginia, company that runs Bluwiki. Lawyers argue that the iPodhash discussions were about reverse-engineering software, not breaking copy protection, and ask for a court ruling to clarify the matter.

The EFF has previously argued that reverse engineering in order to build new products is permitted under the DMCA. However, this case is a little different, according to Fred von Lohmann, an attorney with the digital civil liberties organization. "This is the first time I've seen a company suggest that simply talking about reverse engineering violates the DMCA," he said. "All of the previous cases have been cases that involved actual successful reverse-engineered tools."

Bluwiki is a free wiki service that hosts discussion pages for a number of projects. After Apple's November takedown letter, three Web pages that talked about a cryptographic function used by iTunes were removed from the Bluwiki Web site.

Open-source developers have been working on breaking cryptographic mechanisms used by iTunes since 2007. That's when Apple first introduced a special operation, called a checksum hash, into its products to ensure that Apple's devices were communicating with iTunes and not some other type of software.

Developers reverse-engineered Apple's checksum mechanism, but in late 2008 the company introduced a new version of the crypto-technique with its iPod Touch and iPhone products. That's what was being discussed when Apple filed its takedown notice.

The EFF and OdioWorks say iPodhash was trying to get the iPod and iPhone to work with other software such as Winamp or Songbird, and that the work would also help iPod and iPhone users who ran the Linux operating system, because Apple doesn't ship a version of iTunes for Linux.

However, in a Dec. 17 letter to the EFF, Apple's law firm said that the EFF is "mistaken" to assume that this technology is only used to authenticate the iTunes software. The work also threatens Apple's FairPlay copy-protection system, the letter states.

Apple did not respond to requests for comment on the lawsuit.

In an interview Monday, OdioWorks Founder Sam Odio said that he believes that the iPodhash's lead developer, who went by the pseudonym Israr, would pick up the discussion if OdioWorks and the EFF win the case. "What this guy was doing was legitimate," Odio said. "He was just trying to reverse engineer Apple's products to try to get them to work with Linux and other third-party software"