ChannelWorld August 2012 by Sreekanth Sastry

Obstacles to the IS Function Top Five Security Challenges

SECURITY SURVEY: The worldâ&#x20AC;&#x2122;s largest information security survey reveals new opportunities for channel partners. PAGE 28

ft the

38%

24%

Clo ud com pu tin g

% 20

c) et O, CS

Insufficie nt capex

alent) or equiv

O, IS (C

Ins uff icie nt op ex

% 42

hip (CIO

ip sh er ad Le

14%

% 19

Regulatory requirements

La ck of vis ion or un de rst an din go f th ef utu re

% 27

ive ct fe ef an of k c La

e us ta da nd sa es cc fa go rin ito on M

End -us er a cce ss

gy te ra st

con tro ls a nd ide ntit y

31 %

) Board, etc

Absence or shortage of in-house exp ertise

26%

ChannelWorld

ip (CEO, Leadersh

% 31

30%

STRATEGIC INSIGHTS FOR SOLUTION PROVIDERS | COVER PRICE Rs.50

JUNE 2012 VOL. 6, ISSUE 3

CHANNELWORLD.IN

Obstacles to the IS Function Top Five Security Challenges

SECURITY SURVEY: The world’s largest information security survey reveals new opportunities for channel partners. PAGE 28

ft the

38%

24%

Clo ud com pu tin g

% 20

c) et O, CS

Insufficie nt capex

alent) or equiv

O, IS (C

Ins uff icie nt op ex

% 42

hip (CIO

ip sh er ad Le

14%

% 19

Regulatory requirements

La ck of vis ion or un de rst an din go f th ef utu re

% 27

ive ct fe ef an of k c La

e us ta da nd sa es cc fa go rin ito on M

End -us er a cce ss

gy te ra st

con tro ls a nd ide ntit y

31 %

) Board, etc

Absence or shortage of in-house exp ertise

26%

ChannelWorld

ip (CEO, Leadersh

% 31

30%

STRATEGIC INSIGHTS FOR SOLUTION PROVIDERS | COVER PRICE Rs.50

ANUJ GUPTA,

Director, MIEL E-Security, started an ‘Emerging Technologies Services’ division to stay relevant with his customers’ changing demands.

Inside AUGUST 2012 VOL. 6, ISSUE 5

News Analysis

Can enterprises prevent cyber attacks by leveraging big data? PAGE 10 The Grill: Amnon Bar-Lev, President, Check Point, explains why partners should align with their ‘big security’ vision. PAGE 13

SECURITY SPECIAL

SECURE

PROFIT Trend-watching channel partners are moving to more lucrative security markets to safeguard their futures. Have you? >>> Page 20

On Record: Jagdish Mahapatra, MD, India & SAARC, McAfee, reveals changes he sees for partners post the merger with Intel. PAGE 16

Feature

CSOs combine new technologies and policies to secure data within the organization. PAGE 38

Face Off

Between Blue Coat and Websense on secure gateway services. PAGE 48

Don’t Miss...

Case study: Essen Vision helps DHFL cut spam with the cloud. PAGE 36

CHANNELWORLD.IN

Make your Customers’ Data centers your profit center Juniper can show you how Juniper Networks Partner Advantage represents a new level of engagement. It offers innovative methods for driving incremental revenue and bettering the bottom line. Juniper Partner Advantage has been designed to help our partners cultivate deep customer relationships and, at the same time, effectively respond to the macro trends that are driving change across the entire industry. It’s all about scaling with precision, investing with impact, and recognizing achievement. It’s a tool for growing network architecture expertise, and differentiating partners based on the value they add. Bottom line, it’s about evolving to help our customers adapt. And it represents an unparalleled refocusing on mutual opportunity. Contact us to find out more.

+ Þ Inbound Response Management Priya Sharma v:1800 209 3062 f:022 66765553

JN_CW_AD_V1.3.indd 6

8/13/2012 12:58:27 PM

n EDITOR’S NOTE

Vijay Ramachandran Missing Connection

T’S ALWAYS fascinating to watch environments in flux

and see Heisenberg’s Uncertainty Principle at work. With technology it’s often possible to pin down either the speed of change or where exactly an organization is on the path to change, but not both simultaneously. From buzzword to acceptance is typically a tortuous evolution, but sometimes, just sometimes, this process acquires a cyclonic booster shot of energy that leaves both wreckage and rainbows in its wake. Take Bring-YourOwn-Device or BYOD, for instance. The pace at which it’s morphing from consumer IT to enterprise enabler is polarizing CIO’s opinion of it. Often enough an organization gets its start when a CEO or MD brings in a smart device and asks for mail to be configured on it. The next thing CIOs do is roll out a devices policy double quick with a provision to issue devices to a bunch of staffers. Then follows a mad scramble to secure data and devices with terms like MDM, SSL VPN, HTML 5, App Encapsulation and VDI flying around. Our research clearly shows that mobility spends have shot through the roof in the past six months, yet I don’t see too much ‘BYOD’ happening! Indian enterprises and their IT teams are just not

comfortable with the idea of an alien (read outside IT control) device entering the system. That explains the outright purchase of smart handhelds and tablets, and the de rigueur slapping on of middleware that allows remote wipes and rights allocation. Some organizations do indeed give their employees a choice of devices, but most, if not all, are wary of how much core data access is permitted. Surprisingly, software services outfits are among the most regressive when it comes to this; settling for approvals and mail access but little else. Security is the most oft-quoted reason for this (like a re-run of what cloud computing hype was met with five years ago).

n Mobility is driving

high-impact business change in Indian enterprises. Why are so few solution providers along for the ride?

At the polar extreme are services organizations, particularly those that are into media or financial services or those that have large rural footprints—their CIOs talk of App Stores and User Experience Labs and of extending the paradigm to include customers. Take a Mumbai-based auto insurance player, for instance. Using apps that help customers file claims over their smart devices and keep their appraisers speeded up claims processing by 40 percent. Or, consider one of the biggest of Indian ad agencies which untethered its clients and employees from VC rooms and allowed them to do multipoint VC off their mobiles, tablets and notebooks, wherever they were—in office or on the move. And, at a low, low cost. Effective, frugal, high business impact. In these challenging times, that’s music to the ears of CFOs, CEOs and CIOs. That’s what mobility means to your clients. So what should it mean to you? A big, interesting

and lucrative opportunity, at the least. Yet, most enterprises build their mobility solutions in-house, since they seldom come across an integration partner who understands their domain and has the ability to leverage mobile technologies. The CIO of a Delhi-based Broadcast Media house simply coded his apps by himself, when no solution provider was forthcoming. Others are turning to juryrigged, and often inelegant solutions, that involve browser-based access or even extending desktop virtualization to devices. Why is it that solution providers are still hesitant to offer mobility solutions? Well for one, the technology refresh rate is both brutal and rapid. It’s not enough to specialize in developing for a specific device or OS, you need to have figured most of the current and near-future landscape. Then there is always the fear that you’ll lose your experts to your rivals (or that they might be tempted to set up shop themselves). Despite these issues, I see you missing out on a line of business that will be critical to Indian enterprises in the foreseeable future. And, if IT departments of your clients are figuring this conundrum out, how tough can it be?  Vijay Ramachandran is the Editor-in-Chief of ChannelWorld. Contact him at vijay_ ramachandran@idgindia.com

AUGUST 2012

INDIAN CHANNELWORLD

FOR BREAKING NEWS, GO TO CHANNELWORLD.IN

Inside INDIAN CHANNELWORLD n AUGUST 2012

■ NEWS DIGEST 05 Sneaking in the Backdoor |

A new Web-based social engineering attack that relies on malicious Java applets attempts to install backdoors on Windows. 06 Yahoo! Well, Not So Much Anymore | A Yahoo security

breach that exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect data.

solution providers are still hesitant to offer mobility solutions? 15 Sue Strodl: There’s a marked change in information security and security specialists need to evolve effectively, not just in terms of IT alone, but in business as a whole. Can they step up to the challenge?

■ THE GRILL 13 Amnon Bar-Lev, President,

Check Point Software Technologies,

06 Websense Secures the Gateway | Websense has

added new capabilities to its Web Security Gateway, including a way to detect “criminal encryption” and data theft that might be done in images instead of document formats. 08 Time to Chuck Your Security Model | The IT security

model that has admins tending mobile devices using fixed security firewalls and gateway infrastructure should be replaced, according to a Forrester report.

Cover Photograph by KAPIL SHROFF & Cover Design by UNNIKRISHNAN A.V

■ NEWS ANALYSIS

10 Preventing a (Big) Data Breach | Is it possible for enterprises to prevent cyber attacks by leveraging big data? 12 Access Denied: BYOS Can Wait for Now | Security and

compliance reservations have prompted firms to deny no-holdsbarred-cloud access to employees.

■ OPINION

01 Editorial: Mobility is driving high-impact business change in Indian enterprises, observes Vijay Ramachandran. But, why is it that

13 explains why partners should align with the company’s ‘big security’ vision.

■ FAST TRACK

35 Pratik Patel, managing

director and CEO, Solutions Enterprise, says that they want to create a win-win situation for all security-oriented stakeholders in the industry to help stay ahead.

SECURITY SPECIAL

■ COVER STORY

20 Secure Profit

In the last few months, the security market has undergone a sea change. New technology trends—including mobility, the cloud, and social media—have changed the way organizations look at security. More importantly, they have changed the security products Indian companies are willing to invest in. Find out which security technologies forward-looking channel players are betting on to secure the future of their businesses.

■ CASE STUDY

36 On Sure Ground Mumbai-based Essen Vision Software proves that it’s crucial to be around for a customer in need—the key to being a successful solution provider. They demonstrated this by helping DHFL beat its security challenges by moving to the cloud.

FOR BREAKING NEWS, GO TO CHANNELWORLD.IN

Inside

CHANNELWORLD Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India

CHANNELWORLD.IN Publisher, President & CEO Louis D’Mello Associate Publisher: Rupesh Sreedharan

INDIAN CHANNELWORLD n AUGUST 2012

n EDITORIAL

42 Shahjahan Moosa,

director, N&N Systems and Software, believes that it is important to evolve in business to drive profits and compete well. The company was the first to create an anti-virus in India, claims Moosa.

■ FEATURE

■ ON RECORD

16 Jagdish Mahapatra, managing director,

India & SAARC, McAfee, takes on market spec-

38 The New Perimeter NEW TECHNOLOGIES: CSOs are mixing

an assortment of technologies, approaches and policies to shore up defenses on the changing corporate boundary. CSOs are adviced to take a defense-in-depth approach that deploys multiple layers of security, so that malware and other threats that slip by the first line of defense get caught by the second or third.

■ FOCAL POINT

43 Outfox Insiders INSIDER THREATS: Cyber crimes

ulation around McAfee —and reveals changes he sees for partners post the merger with Intel.

■ FACE OFF 48 Secure Perimeters: Who excels at

securing Web gateways as a service: Blue Coat or Websense?

committed by trusted insiders are a big problem. The perpetrators run the gamut, from accounting staff to senior executives to IT employees. But the good news is that if you put the appropriate insider threat detection and prevention countermeasures in place, you can reduce the threat dramatically. Here’s how you can secure your organization.

Editor-in-Chief Vijay Ramachandran Associate Editor Yogesh Gupta Deputy Editor Sunil Shah Assistant Editor Online Varsha Chidambaram Special Correspondents Radhika Nallayam, Shantheri Mallaya Principal Correspondents Aditya Kelekar, Gopal Kishore Correspondents Ankita Mitra, Aritra Sarkhel, Kartik Sharma, Shubra Rishi Senior Copy Editor Nanda Padmanabhan, Shreehari Paliath Copy Editor: Vinay Kumaar n DESIGN

Lead Designers Jinan K.V., Jithesh C., Suresh Nair Senior Designer Unnikrishnan A.V. Designers Amrita C. Roy, Lalita Ramakrishna, Sabrina Naresh n SALES

AND MARKETING

President Sales & Marketing: Sudhir Kamath VP Sales Parul Singh GM Marketing Siddharth Singh Manager Key Accounts: Sakhee Bagri, Varun Dev, Jaideep M. Manager-Sales Support Nadira Hyder Marketing Associates: Anuradha Iyer, Benjamin Jeevanraj n CUSTOM SOLUTIONS & AUDIENCE DEVELOPMENT

Senior Manager Projects: Chetan Acharya, Pooja Chhabra, Ajay Adhikari, Ajay Chakravarthy Manager Tharuna Paul Senior Executive Shwetha M. Project Co-ordinator Archana Ganapathy, Saurabh Patil, Rima Biswas n FINANCE

ADVERTISERS’ INDEX D-LINK (INDIA) LTD. . . . . . . . . . . . . . . . . . . 18 & 19

Netgear Technologies India Pvt. Ltd . . 9 + Cover on Cover

Emerson Network Power India Pvt. Ltd . . . . . . . BC

Quick Heal Technologies (P) Ltd. . . . . . . . . . . . . . 7

IBM India Ltd . . . . . . . . . . . . . . . . . . . . . . . . . . . . IBC

Ricoh India Ltd . . . . . . . . . . . . . . . . 3 + flap on cover

n OFFICES

Juniper Networks India Pvt.Ltd . . . . . . . . . . . . . IFC This index is provided as an additional service. The publisher does not assume any liability for errors or omissions.

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company. Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. Editor: Louis D’Mello, Printed At Manipal Press Ltd, Press Corner, Manipal-576104, Karnataka, India.

& OPERATIONS

Finance Controller: Sivaramakrishnan T.P. Sr. Manager Accounts: Sasi Kumar V. Sr. Accounts Executive: Poornima Manager Credit Control: Prachi Gupta Sr. Manager Products: Sreekanth Sastry Asst. Manager Products: Dinesh P. Sr. Manager Production: T.K.Karunakaran Sr. Manager IT: Satish Apagundi Bangalore IDG Media Pvt. Ltd. Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, India. Tel: 080-30530300. Fax: 080-30586065 Delhi IDG Media Pvt. Ltd. DLF Corporate Park, Tower 4 B, 3rd Floor, Room 301, MG Road, DLF Phase 3, Gurgaon- 122001, Haryana Tel: 0124- 3881015 Mumbai IDG Media Pvt. Ltd. 201, Madhava, Bandra Kurla Complex, Bandra East, Mumbai 400051.

News

WHAT’S WITHIN

PAGE 06: Yahoo! Well, Not So Much Anymore PAGE 08: Time to Chuck Your Security Model PAGE 10: Preventing a (Big) Data Breach PAGE 12: Access Denied: BYOS Can Wait for Now

Illustrations by UNNIKRISHNAN A.V

F I N D M O R E A R T I C L E S AT CHANNELWORLD.IN

MALWARE

Sneaking in the Backdoor

NEW WEB-BASED

SE C U R IT Y SPEC IA L

social engineering attack that relies on malicious Java applets attempts to install backdoors on Windows, Linux and Mac computers, according to security researchers from antivirus vendors F-Secure and Kaspersky Lab. The attack was detected on a compromised website in Colombia, F-Secure senior analyst Karmina Aquino, said in a blog post. When users visit the site, they are prompted to run a Java applet that hasn’t been signed by a trusted certifi-

cate authority. If allowed to run, the applet checks which operating system is running on the user’s computerand drops a malicious binary file for the corresponding platform. The files are dtected by F-Secure as“Backdoor:OSX/ GetShell.A,” “Backdoor: LinuxGetShell.A” and “Backdoor:W32/GetShell.A.” Their purpose is to connect to a command-and-control server and look for additional malicious code to download and execute. However, since F-Secure researchers began monitoring the attack, the remote

control server hasn’t pushed any additional code, Aquino said. It appears that the attack uses the Social Engineer Toolkit (SET), a publicly available tool designed for penetration testers, Aquino said. However, the chances of this being a penetration test sanctioned by the website’s owner are relatively low. “I don’t think it’s a penetration test,” says Costin Raiu, director of the global research and analysis team at antivirus vendor Kaspersky Lab. Researchers at Kaspersky are monitoring two separate websites that contain this malware; one is the Colombian website also found by F-Secure, while the second belongs to a water park in Barcelona, Spain. Kaspersky’s researchers are in the process of analyzing the backdoor-type malware downloaded by the malicious shell code on Windows and Linux. This is not the first time that security researchers have discovered a multiplatform attack. In 2010, a similar Java-applet-based social engineering attack capable of executing malicious code on Windows, Mac OS X and Linux computers, was used to distribute the Boonana Trojan program.

AUGUST 2012

— By Lucian Constantin INDIAN CHANNELWORLD

SAFETY TIPS

Security Protocol An industry consortium dedicated to assuring the security of software has issued guidelines to lower the risk vulnerabilities that could be exploited by attackers will wind up in finished code. In particular, the Software Assurance Forum for Excellence in Code (SAFECode) is addressing how to prevent vulnerabilities that may worm their way in during the Agile software development process.

SAFECode’s new paper, “Practical Security Stories and Security Tasks for Agile Development Environments,” presents Agile teams with a list of specific goals they may be trying to achieve at the outset and tasks necessary to achieve each one. The organization is made up of some major vendors: Adobe, EMC, Juniper, Microsoft, Nokia, SAP, Siemens, and Symantec. — ByTim Greene

HACKING

Yahoo! Well, Not So Much Anymore

that an “older file” containbreach that exposed ing roughly 450,000 user 450,000 usernames names and passwords was and passwords stolen from its Contributor from a site on the huge web Network, a subset of Yahoo’s portal indicates that the massive network of sites. company failed to take even Membership in the Conbasic precautions to protect tributor Network consists the data. of freelance journalists who Security experts were write content for Yahoo befuddled as to Voices. The netwhy a company work was estabas large as Yahoo lished following would fail to Yahoo’s 2010 passwords and cryptographiacquisition of Asusernames were stolen by a hacker group cally store the sociated Content. called D33Ds passwords in Less than five Company. its database. Inpercent of the stead, they were stolen data had left in plain text, which valid passwords, Yahoo means a hacker could easily said. “We are taking imread them. mediate action by fixing “It is definitely poor sethe vulnerability that led to curity,” Marcus Carey, a sethe disclosure of this data, curity researcher at Rapid7, changing the passwords of said. “It’s not even security the affected Yahoo users 101. It’s basic application and notifying the compadevelopment 101.” nies whose users’ accounts Yahoo declined a remay have been comproquest for an interview, and mised,” the statement said. only emailed a statement The breach had ramificaconfirming the breach that tions far beyond Yahoo, occurred. The company said because the portal allowed YAHOO SECURITY

450K

people registering with the Contributor Network to use credentials from other sites to log in. Carey identified some of the other sites as Google’s Gmail, Microsoft’s Hotmail, AOL, Comcast and Verizon. A hacker group called D33Ds Company took credit for the breach, and posted a statement on its website saying the attack was a warning. “We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call, and not as a threat,” the group said, according to media reports. “There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.” The Yahoo breach occurred a month after professional social networking site LinkedIn acknowledged that 6.5 million usernames and passwords were stolen and posted on a Russian hacker forum. In that case, the passwords had been stored using a cryptographic method called hashing.

Websense Secures the Gateway

Murray, senior director of product management at Websense. With Web Security Gateway Version 7.7, there’s a way to “detect the presence of non-standard encryption methods” that criminals may use to try and send stolen data back using botnet command-and-

INDIAN CHANNELWORLD AUGUST 2012

 Microsoft announced

the final list of 11 select technology startups to be incubated at the Microsoft Accelerator for Windows Azure in Bangalore. The program received more than 200 applications from early stage startups, with exciting ideas across ecommerce, healthcare, education, digital media, mobile etcetra.

 Sophos revealed that Asia is responsible for relaying 49.7 percent of all spam captured in SophosLabs’s global network of spam traps in the second quarter of 2012. Sophos published in the latest ‘Dirty Dozen’ of spamrelaying countries.  McAfee announced

the McAfee Profitability Stack that integrates the company’s richest profitability programs from around the world into one comprehensive global offering. It includes deal registration, incumbency advantage, tiered pricing, teaming plans, rewards, and rebates.

— By Antone Gonsalves

DATA LOSS PREVENTION

Websense has added new capabilities to its Web Security Gateway, including a way to detect “criminal encryption” and data theft that might be done in images instead of document formats. “Criminals are looking at new ways to go undetected so they can harvest information from companies,” said Patrick

Short Takes

WELL-GUARDED: Version 7.7 will prevent data breaches.

control systems, he said. In addition, the updated gateway now has a data-loss prevention (DLP) capability that lets it look for confidential

information transmitted in images, as opposed to document files. Data in images might be sent as screen shots or fax copies of checks, for example. If a malicious insider is taking photos of sensitive data in image form, the Websense Security Gateway could detect that. The updated security gateway capabilities are available now in the Websense V5000, which starts at $6,000 (Rs 3.3 lakh and the V10000 which starts at $16,000 (Rs 8.8 lakh) — By Ellen Messmer

MOBILE ARCHITECTURE

Time to Chuck Your Security Model

HE IT security

model that has admins tending mobile devices such as laptops and smartphones using fixed security firewall and gateway infrastructure is obsolete and should be replaced by a new ‘stateless’ approach, a Forrester report has suggested. According to Prepare For Anywhere, Anytime, AnyDevice Engagement With A Stateless Mobile Architecture, the stateful model made sense when computers sat in defined locations and could be managed using conventional network infrastructure, but mobility has changed the game. This ‘stateful’ approach is management-heavy, expensive and inconvenient, propped up by quick fixes such as inefficient mobile VPNs, the report said. Worse, a growing band of devices—the BYOD dimension—were sneaking past management altogether, creating holes in the security posture of organizations. In Forrester’s use of the term, ‘stateless’ means not making any assumptions about the device based on its type, location, apparent privileges to demand services and application access; these parameters should always be assessed anew each time the devices connected, said Forester. In a sense, then, management is abolished to be replaced by device inspection, based on dynamic device inspection and ‘zero trust’. Where such assessment happened was also worth 8

looking at, with cloud security services such as single sign-on (SSO) a good option as these approach authentication in a stateless manner that made no assumptions about such trust. If this sounds abstract, the premise of the analysis is essentially plausible; security architectures must take account of mobility because eventually almost all business devices will to some extent be mobile. “Mobility holds the promise of fostering new innovations, reaching new audiences, and most importantly, creating never-before-seen user experiences and business opportuni-

Around

TheWorld Stepping Down: Symantec’s President and CEO Security software vendor Symantec said that Enrique Salem, its president and CEO, had stepped down with immediate affect, after the company reported that its revenue for the quarter ended June 29 grew just 1 percent YoY to $1.7 billion, while its profits sagged by 10 percent, falling to $172 million. Symantec said its board of directors has appointed Steve Bennett, the current chairman of the board, to also hold the posts of president and CEO. — IDG News Service

INDIAN CHANNELWORLD AUGUST 2012

ties,” said report-author, Chenxi Wang. “A stateless architecture will engender big changes in IT operations and expectations of control, but the end result will be a coherent strategy that allows IT to provision services to any device dynamically.” The reality is that for

Twitter Suffers Malware Spam Outbreak

A widespread spam attack linking to malware has broken out on Twitter, according to the security firm Sophos. The malicious tweets often read “It’s you on photo?” or “It’s about you?” The tweets and URLs often include a user’s Twitter handle. “The attack itself is very simple, relying on people’s natural curiosity about anything they think mentions them. Including the target’s Twitter username in the link is an added hook to reel people in,” Richard Wang, head of Sophos’ US labs, said in a statement. The links in the spammed tweets lead to a Trojan that ultimately redirects users to Russian websites containing the Blackhole exploit kit, Sophos said. —Cameron Scott

today’s networks and admins the attractive vision of abandoning device management for a more dynamic security model is still some way off—networks encompass generations of legacy systems, so ditching the stateful model is a long-term issue. — By John E.Dunn

Researcher Creates a Rakshasa

Security researcher Jonathan Brossard created a PoC hardware backdoor called Rakshasa that replaces a computer’s BIOS and can compromise the operating system at boot time without leaving traces on the hard drive. Rakshasa, named after a demon from the Hindu mythology, is not the first malware to target the BIOS. It differentiates itself from similar threats by using new tricks to achieve persistency and evade detection. —Lucian Constantin

CHANNEL DIRECTIONS

CUSTOM SOLUTIONS GROUP NETGEAR

SERVING SMB CUSTOMERS LIKE NO OTHER BRAND CAN NETGEAR gets under the skin of the Indian SMB customer to truly understand their specific and multiple needs. The result are products and prices few can match.

SUBHODEEP BHATTACHARYA

Regional Director, India & SAARC, NETGEAR Technologies Subhodeep Bhattacharya has 19 years of experience in IT, with an exposure to sales, product management, marketing, and business unit leadership. In the past, he has worked at HCL, CMC, Compaq, and HP. An engineer by training, he has a post-graduate management degree. What innovative value proposition does NETGEAR offer the Indian market, one that will make channel partners sit up and listen? The value proposition is simple—to serve SMB customers in a way that no other brand can. We produce a large spectrum of products—from switching to storage, and from wireless to security for the SMB market. These products have an unflinching commitment to quality, come with certifications and ratings, and are covered by industry-leading warranties. And perhaps most importantly, they are available at highly-competitive prices. We also approach product design differently: We don’t ask our customers to pay for features they will never use. This is important because customers don’t want technological marvels, they want products that will deliver what they need—competently.

Why do you think storage products have a bright future among Indian SMB customers? The explosion of data is a wellknown fact. There are expensive and complicated storage products for enterprise-class customers, and then there are ubiquitous backup solutions for individual users. The segment in between those two groups—SMBs— requires products that are smart, that are neither too simple nor too complex. Storage needs to be secure and easy to deploy. It should also allow for flexibility in choice of storage drives. Rack mount and desktop NAS boxes, which are reliable and inexpensive, are already growing fast in the SMB segment. What, according to you, is changing in the SMB market? SMBs have always been price savvy, but today, the need for smarter solutions is escalating too. Customers are looking for products that are pre-configured and require minimum customization to do a pre-defined job well. The other change is the growing importance of manageability and security, both which call for an entirely new class of products. In short, SMBs need smart technology at the right prices. Can you give a few examples of SMBcentric innovation from NETGEAR? NETGEAR has teams of engineers whose main task is to develop SMBcentric products. Let me give you some examples. We ship our ReadyNAS boxes with an in-built video surveillance solution which our customers can enable and just add cameras to before they are ready to roll. We have gone a step further and introduced

Vuezone remote video monitoring products which have completely wire-free cameras! We also have one of the most exhaustive line-ups of switches ranging from entrylevel 4-port to 10G aggregators. For SMBs that need enterprise-class storage at SMB prices, we have launched ReadyDATA 5200 which scales up to 180TB with support for SAS, SATA and SSD—at an industry leading price point of less than $10,000 (about Rs 550,000) for the chassis. In this changing market, what strategy do you think channel partners should adopt to be more profitable? First, change is continuous, and one should use this constant churn to get ahead. There are just two things that bother me, both as someone who drives a sales team, and as an OEM driving business through the channel. The first is the habit of playing it safe. The second is the expectation that you’ll get better results by repeating what you’ve done in the past. I have seen a number of partners who use their great relationships with customers to position a leading brand, then fight with other partners to win and earn a pittance. And they repeat this over and over again. I think it’s best to give a customer a fresh story, introduce a new value proposition, and make more margins. That’s change in itself!

This interview is brought to you by the IDG Custom Solutions Group in association with

n NEWS ANALYSIS

Preventing a (Big) Data Breach

ed firms such as Red Lambda and Palantir are tackling this today with math-heavy analytics aimed at spotting anomalies. The “bad” attacker intent on hiding is an anomaly to the generally “good” behavior of network users inside the network, behind which the attacker often hides, according to some. Today, stealthy attackers are getting past traditional defenses, such as intrusion-prevention systems, firewalls and antivirus, pointed out Gartner analyst Neil MacDonald, who spoke about this during the RSA panel. TACKLING APTs

Is it possible for enterprises to prevent cyber attacks by leveraging big data? By Ellen Messmer

HE BUZZ in security

circles about big data goes something like this: If the enterprise could only unite its security-related event data with a warehouse of business information, it could analyze this big data to catch intruders trying to steal sensitive information. This is the security angle to the big data hopes that are rising along with the popularity of vast big data repositories, often based on the open-source scalable software Hadoop, being adopted in enterprises. This is leading to anticipation a new type of “data scientist” job will emerge in IT around Hadoop. Among security professionals and analysts, there’s now talk

INDIAN CHANNELWORLD AUGUST 2012

that big data will also lead to security-focused data scientists who will have the tools and knowledge to pinpoint attacks by intruders out to steal highly sensitive data. Catching cyber-thieves in the act across sprawling networks has proven hard to do, and big data is offering new hope. But is it warranted? Scott Crawford, analyst with consultancy Enterprise Management Associates, thinks so. “Statistical analysts will identify anomalies but not understand the security,” he commented during an analysts’ panel at the RSA Conference. Crawford predicted eventually there will emerge “a market for security algorithms” for big data. He not-

These devastating attacks to infiltrate and steal highly sensitive data, sometimes called advanced persistent threats (APT), are driven by human actors able to effectively hide their malevolent presence within networks. Today, says MacDonald, we just don’t know what “goodness” and “badness” looks like in terms of network activity. “You have to know what goodness looks like” to understand “deviations from goodness,” he points out. Big data is offering new possibilities for security analysis, which could mean that one type of security tool used today, security information and event management (SIEM), and tools like it that may not properly adhere to that genre, will have to evolve, analysts contend. To some extent that has started already today, says MacDonald, pointing to RSA’s threat-detection product NetWitness and the HP ArcSight SIM, among others. Some start-ups, including CrowdStrike, are claiming they will tackle the APT problem in new ways.

ROLE OF SIEM Will SIEM evolve to be able to process business-related big data or not? And is the idea that data be added into more traditional SIEM data from a variety of firewalls, servers, IPS and the like to provide meaningful intelligence on an attacker simply a pleasant illusion? “People can’t get the answers they want from SIEM tools,” said Forrester analyst John Kindervag. Of all the analysts on the RSA panel, Jon Oltsik with Enterprise Strategy

Group, appeared the most skeptical about big data fixing the APT problem. “My fear is we’ll capture more data and not know what to do with it,” Oltsik commented. He said chief information security officers (CISO) in the enterprise today aren’t sold on the idea that big data is going to somehow be a special boon to security. “When I talk to CISOs and ask about big data, they laugh,” he said. But, Zions Bancorporation has set up a massive

repository for proactively analyzing a combination of real-time security and business data in order to identify phishing attacks, prevent fraud and ward off hacker intrusions. Announced last October, it’s based on the Zettaset Data Warehouse which makes use of Hadoop for data-intensive distributed applications. Preston Wood, chief security officer at Zions, has described it as a way to augment a SIM tool and look at massive amounts

BIG DATA ANALYTICS DEFINING NEW MALWARE STRATEGY

OOD intelligence has long been a decisive factor in the battle against malware. But with threats multiplying exponentially, analyzing information may become just as important as gathering it. What the future holds for anti-malware is an open question. Signature-based file scanning, the most common method of dealing with infections in the past, is becoming less effective due to the sheer volume of malware produced. But for lack of a better strategy, many enterprise anti-virus products still rely on it to a large extent. Things are changing, however. Anti-virus vendors are beginning to realize that to stay ahead of the bad guys (or at least, not too far behind), it’s necessary to look deeper into what malware is doing and where it came from, and hopefully, predict where it might spring up in the future. Dave Millier, CEO of Sentry Metrics, a Toronto-based security consulting firm and managed services provider, says that many vendors are no longer focusing on the threats coming in “one at a time” and are starting to collect the data and look at wider trends

over time. The technology that makes this possible is relatively new, he says. “You’re seeing more data collection at the network level, where you’re trying to use a lot of information from a security point that we didn’t used to be able to use.” One of the vendors he works with is Sourcefire, a company that has begun to view malware as fundamentally a “big data” problem. Sourcefire recently came out with a cloud-based enterprise security product called FireAMP, which widens the security net by looking at “fuzzier” malware signatures and broader global patterns for suspicious activity. Significantly, FireAMP is able to take a retrospective look at what occurred during an outbreak across a network, a capability that can be important not just for corporate security purposes, but also for legal reasons. “We’ve focused very heavily on turning our cloud-based platform into what I like to call a flight recorder for the endpoint,” says Oliver Friedrichs, senior vice president of Sourcefire’s cloud technology group.

“In the future, if there is a breach, we can tell you how that threat actually got in, where it went, who patient zero was, for example, the very first person who got infected, and where that threat actually spread and how much damage was caused.” Tom Moss, director of products and services at Trend Micro in Canada, describes it as a “fight fire with fire strategy.” “As much as the botnet controllers are kind of using the cloud or using the internet to control large numbers of machines, we use the network of machines that our customers have to collect intelligence about how malware is behaving, who it’s trying to communicate with.” Millier says that while analytics is becoming a part of the fight against malware, the IT security industry faces the same big data challenges as everyone else. He says that overall, the various tools we’re using to gather and analyze security data have improved considerably in recent years. The depth and breadth of the intelligence is far greater. — By Brian Bloom

of historical business data for security purposes. SIEM vendors, including NetIQ , say they know the buzz around big data and security is just beginning. “This is where SIEM has to go,” said Matt Ulmer, director of product management at NetIQ , maker of the SIEM called Sentinel. Ulmer said the industry is starting on a path to re-invent SIEM by incorporating business intelligence. Big data could detect what’s out of a normal pattern, says Ulmer. “But how do you define the good?” Ulmer asked, pointing out an attacker “will take over an account, so the question is, is that the employee or the attacker?” He said stealthy attack actions may only pop-up for a few seconds at most every day, so the goal is to define the trusted insider from the attacker. Big data may be able to provide a lot of assistance in that. But Ulmer adds that there appear to be many practical reasons why the big data concept for security is going to be faced with obstacles. One obstacle is the current push to put enterprise data into cloud computing, which is making it harder for the traditional SIEM approach, which has been used on premises inside the enterprise network. Another obstacle is that security managers hopeful about big data will be in the position of drawing up data-management strategies and recommendations about something that remains very cutting-edge today. In an era where other corporate issues, such as whether to adopt BYOD for mobile devices are already a big topic with management, adding big data could be a hard sell. 

AUGUST 2012

INDIAN CHANNELWORLD

n NEWS ANALYSIS

Access Denied: BYOS Can Wait for Now

Security and compliance reservations have prompted firms to deny a no-holds-barredcloud access to employees. By Antony Savvas

HE MAJORITY of

firms block staff access to bring your own services (BYOS) in the cloud, such as Google Docs and Dropbox, because of security and compliance fears. Remote synchronization services over the Web, including a number of free ones, have been available to PC and mobile users for years, with consumers particularly latching onto 12

the systems, but companies aren’t so keen, according to research. The research from data governance software firm Varonis Systems, questioned 100 US IT decision makers in May 2012, and found that 80 percent of companies do not allow their employees to use cloud-based file synchronization services. But it also found that 70 percent of companies

INDIAN CHANNELWORLD AUGUST 2012

would use these services if they “were as robust as internal tools”. For the research, decision makers were interviewed about the “emerging shift” from bring your own device (BYOD) to bring your own services (BYOS). Despite the flexibility and ease-of-use promised by BYOS, only 20 percent currently allow these services due to fears of data leakage, security breaches

and compliance issues. To protect themselves against these perceived threats, 59 percent of organizations use a combination of policies backed up with blocking techniques to “stem the tide of enterprise files spilling onto external servers and devices”, said Varonis. A further 20 percent rely on policies alone to stop “the mass leakage of proprietary and regulated data”. In stark contrast, another 20 percent of companies have no measures in place at all to prevent their staff from accessing file synchronization tools, leaving their employees free to take confidential data outside the company with them. Of these firms, 70 percent were not concerned about having no controls in place to defend themselves against potential critical information leakage or loss. David Gibson, vice precident of strategy at Varonis, said, “As workers are increasingly required to divide their time between working on the move, at home and in the office, companies and employees yearn for the ease-of-use and convenience of file sync services.” He said, “Even organizations that block these services may have employees using them when they’re not connected to the corporate network, breaching the defences of a corporation, and introducing a host of new vulnerabilities.” Gibson said the challenge for companies was to provide a BYOS platform to staff that had the robust controls of its internal systems while empowering staff to do their work from any location and on any device safely. 

Dossier Name: Amnon Bar-Lev Designation: President Organization: Check Point Software Technologies Present Role: He is responsible for worldwide sales, global partner programs, business development and technical services. He brings 15 years of high-tech sales, marketing, and management experience to the organization.

Photograph by KAPIL SHROFF

n THE GRILL

Amnon Bar-Lev

President, Check Point Software Technologies, explains why partners should align with the company’s ‘big security’ vision.

In India, Check Point is better known for its hardware appliances and endpoint security than as a vendor that cuts across security products including GRC, DLP, etc. Is that the aim or is that something you want to change? We are already focusing on being ‘the big security player’. We ventured into the appliance market only four years ago from being a purely softwarefocused company. Now, we have a dual strategy of delivering software or full appliance. The enterprise market has voted for appliances, and more than 85 percent of the products (unit-wise) that we sell are sourced from appliances. The major value, however, comes from software, and hence we launched the software blade architecture to deliver a comprehensive solution for security needs. We have an expansive portfolio including firewall, IPS, DLP, application control, UTM services, and an antibot solution. The best part is that everything is managed from the same management architecture. It sounds like Check Point is the silver bullet Indian enterprises are looking for. I don’t think any organizations can AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

Career Graph: Prior to joining Check Point, Bar-Lev was founder and CEO of Xpert Integrated System, a provider of security, business-continuity and infrastructure solutions. He began his career with the Israeli Air Force where he held several positions within the operational and administration units.

n THE GRILL | AMNON BAR-LEV but most solutions are expensive and take time to implement. We could have bought some company but most vendors— including the market leader— had 150 customers. That was certainly not our intent. With over 1, 50,000 customers, we aim to have thousands of customers for DLP. Instead we introduced a simple software blade which runs on an integrated or dedicated system. It is an inexpensive, effective, and easy to implement offering and that’s a market differentiator. We are winning deals every quarter; in a market other vendors have struggled to break into for years.

CIOs are undecided about how best to protect mobility or the cloud. The market needs to be educated more and it might stretch sales cycles.

have a silver bullet. We execute two things well: Providing infrastructure for security, and providing major functionalities in solutions. We don’t aspire to be a single-point for what the customer needs and probably will not do that in future either. Different vendors are pushing DLP differently. What’s unique about your DLP strategy and why should CIOs favor your offering over the competition’s? Many CIOs concur with the need for DLP, 14

INDIAN CHANNELWORLD AUGUST 2012

Symantec’s DLP is struggling against Websense, McAfee let Snapgear UTM go, and HP acquired ArcSight. It seems ever harder for multi-technology vendors to ensure market leadership for many product lines. I don’t deny that it’s always a challenge to stay ahead. I think that if you have to maintain different technologies, then you need to invest a lot in knowledge. It is imperative for my people, partners, and customers to understand our technologies. We invest continuously through training programs in across geographies. We had a complaint in India about more partner training which we addressed effectively. It is a never ending journey. The UTM landscape has fewer vendors today possibly because it threatens to become a commodity. Is UTM still a moneyspinning playfield for partners? UTM is really only a part of the solution. It is a very basic commodity with limited flexibility, which fits branch offices better than it does enterprises. With software blade architecture, every technology has individual kernels to ensure business continuity. This distinction frequently creates confusion in the market over our hardware appliance strategy. UTM is really consolidation without best-of-breed. We are in that space but delivering much more than just UTM. With today’s tighter IT budgets and a threat landscape populated with new challenges like the cloud, BYOD and virtualization, how can CIOs justify their security investments? You can’t tell when you have invested enough in security. I’ve always

compared security investments with the army. How many tanks or airplanes do you need to ensure safety? For security, the issue is not about investing more; the idea is to invest smart. We can secure enterprise infrastructure on IPS, DLP, secure gateways with over 40 percent savings. One can add functionality through blades in an inexpensive manner and consolidate an enterprise’s security posture. We clearly see a big move towards the private cloud, where we have Check Point Virtual Systems to simplify security and deliver cost savings. ‘ThreatCloud’ is our cloud offering which facilitates collaboration between all our gateways through real-time security intelligence. CIOs and CSOs are perennially battling the best-of-breed versus single-vendor conundrum. What works better today and where is Check Point heading? If you are big enough—and with constant innovation and investments in R&D—you can be a market leader and consolidate. Then there is no contradiction between consolidation versus best-of-breed. I am not declaring that we are by nature best-of-breed. But we can be best-of-breed and consolidate. Symantec or McAfee are focused on end-point security and I don’t see them competing in our core business activity, which is network security. Do new threats like BYOD and the cloud mean stretched sales cycles and lower business revenues for the channel? There is no organization which will adopt mobility or cloud in its entirety. People continue to buy traditional models. The foremost concern around BYOD, mobility, and the cloud is not threats or malware; it’s data-leakage and dataloss. CIOs are often undecided about the best way to protect mobility or the cloud amidst various products and different approaches from vendors. The market needs to be educated more and it might stretch sales cycles. Our software blade architecture really represents a massive potential for partners to do up sell in their existing accounts. I assure competent partners can double business with us if they follow up on opportunities for support, refresh of hardware and up sell of blades.  —Yogesh Gupta

n OPINION

SUE STRODL

Finding the Right Fit

Sue Strodl is Risk PartnerBusiness Banking at National Australia Bank.

E ALL know that the unrelenting pace of tech-

nology change has driven many organizations to rethink business strategies and models to embrace new capabilities and extend their market reach. Increasingly, this means the

boundaries between IT and business are being blurred. Many companies would collapse—even in the short term—without their IT. Furthermore, the changing technology and business world comes with an overlay of a growing regulatory, audit, compliance, and threat landscape. This presents a challenge to managing the resource-strapped information security. Keeping across evolving technology on all its levels is nothing new for information security specialists; this is, after all, bread and butter—their passion, and what they have always done best. But to step into the shoes of the business and its consumers and consider security in terms of agility, flexibility, compliance, awareness, strategic direction, pragmatism, and so on, is another ball game entirely. These are whole new skill sets for most information security specialists that they now require to be effective in their work. That these remain elusive (I would suggest) is, in large part, because we are stuck in the past and not thinking outside the square. Despite business powering onwards and upwards with new technologies, business structures tend to remain static. This is no exception for information security. If I have already urged a review of the positioning of information security in the organizational structure, it follows that I also urge a review of what an information security specialist is, and what their skills look like. There is so much more to know and understand now, and so many skills that

haven’t figured in this space until recently. Soft skills and non-technical skills are now critically important in handling the creeping scope of information security—and to overcome the general reticence of business stakeholders to engage. But how often does one find a masterful technologist that is also a masterful administrator, communicator, business driver, or compliance expert? They exist, rarely. In my opinion, the changing needs of the business must be supported and guided by a holistic information security capability that can no longer subscribe to the traditional one-size-fits-all team model, but rather a combination of complimentary skill-sets. Information security can comprise virtual members and perhaps outsource some functions. I’m not saying get rid of the information security team but rather leverage and diversify. This approach certainly works in other areas of the business and IT, and can also be a successful model for information security—in fact I would suggest this is the ideal model. Done correctly, an incorporated information security structure will be targeted, agile,and efficient. Benefits are many, including broader exposure of information security practices and more timely risk management, increased business engagement, relevance and awareness with the ultimate benefit being business cost savings. Sharing the load makes sense—after all security is everyone’s responsibility.  AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

There’s a seachange in information security and security specialists need to evolve effectively, not just in terms of IT alone, but in business as a whole. Can they step up to the challenge?

P h o t o g r a p h b y S R I V AT S A S H A N D I LYA

trying to create a synergy with Intel at the country level. Intel has huge mindshare across large enterprises as well as SMBs. With a leader on board now, you will see a more cohesive strategy around channels and markets. We are also seeing partners focusing increasingly on security, especially the large infrastructure partners.

ON RECORD n

Jagdish Mahapatra, MD, India & SAARC, McAfee, takes on market speculation around McAfee —and reveals changes he sees for partners post the merger with Intel. By Radhika Nallayam

INDIAN CHANNELWORLD AUGUST 2012

In the last two years, and before you took over the Indian operations, McAfee India has seen a lot of people move at the top. How have you ensured that the brand hasn’t been impacted among your enterprise customers and your channel? MAHAPATRA: There has been a gap in leadership at McAfee India for almost two years with Indian operations being managed from Singapore. That said, there is a lot of value that McAfee, as a brand, has already created in India. We’ve always had great brand recall among our customers and partners. From a strategy and execution point of view, we are far more energized and confident now. We now also have the advantage of leveraging Intel as a brand, post the acquisition, and we are

Let’s talk about the acquisition. It’s been over a year since the Intel-McAfee merger. What’s changed for enterprise channel partners? MAHAPATRA: The acquisition resulted in a lot of interesting products and features that both customers and partners have benefited from. Today, there are products that come in bundles, so a partner (of either Intel or McAfee) has a choice of buying Intel products with McAfee. From a go-to-market perspective, Intel will continue to focus on its business on the computing side and McAfee will focus on security. But at the technology level, we will continue to merge and you’ll see new products being launched. So, if you’re an Intel partner, for every chip you sell, you will get a higher attach rate for selling security. If you’re a McAfee partner, you’ll have the serious competitive advantage of being able to sell something that’s not available in the industry. In most cases, an acquisition results in the merger of channels. Why is it different here? And, post the acquisition, McAfee’s channel partners haven’t really seen positive changes in terms of new opportunities. Why?

JAGDISH MAHAPATRA | ON RECORD n MAHAPATRA: We don’t

want to merge the channels. We want more partners selling security, some of which will come from the Intel channel base as well. But we don’t want to go and tell Intel partners to start selling security or vice versa. Everybody has a core competency and we must respect that. Besides, McAfee has a B2C model that sells to consumers, enterprises and SMBs. The Intel model has always been through OEMs. We want to keep them separate. That said, there are synergies that we could leverage at the channel level, because distributors are common and even some

The growth (CAGR) of security solutions worldwide among the SMB segment. SOURCE: AMI PARTNERS

Post the acquisition, there’s been speculation that McAfee’s market share is on the decline and that McAfee is losing key accounts to competition, especially in the anti-virus space. Can you comment? MAHAPATRA: First let me say that Indian customers

Some of your Tier-II partners believe that the SMB market seems to have become less of a focus for McAfee India. Do you agree? MAHAPATRA: I don’t think that’s true. If you look at our revenue worldwide, it is fairly equally distributed among enterprise, SMB, and consumer markets. Our SMB customers normally focus only on end-point security, which really limits the potential of a partner to sell security offerings to them. We are educating our SMB customers about more innovative ways of managing their end-points. For partners, we have come out with fairly aggressive promos in terms

partners are common. We will definitely work with Intel’s channel, but in a synergetic way, where we share common channel partners. The idea is to leverage common partners first, before reaching out further. The future definitely is quite positive for McAfee’s channel and they will see more bang for their buck. For the same effort, our partners can get better returns, in the long run. In the short run, I agree they haven’t seen anything positive so far. That’s mainly because the acquisition took almost 18 months to complete and things are just settling down.

have been very positive about this acquisition. Most of them are Intel customers as well. Second, in the last three years, the security market in India has been growing approximately at the rate of 17 percent year-on-year. During the same period, McAfee has been growing at a CAGR of 30 percent. So the logical conclusion is that we have been gaining market share, which makes that piece of speculation absolutely untrue. In India, and globally, I can tell you that we will continue to outgrow the market for the next three years.

of deal registrations. The SMB market is a lot about new customer acquisitions and expansion, and we are doing a lot of work in that area. I don’t think we will ever lose focus on the SMB segment in India. We see a lot of potential and we will come up with a lot of awareness programs designed for SMBs. McAfee’s exit from the UTM market comes as a surprise especially because UTM has a fairly good uptake among Indian SMBs. MAHAPATRA: We acknowledge the fact that India has a very strong UTM base. We exited the UTM market because it did not

What will drive your next phase of growth in India? MAHAPATRA: McAfee is the only security vendor which has got equal presence in all four threat vectors: The end point, the network, e-mail and web-traffic. This, coupled with ease of management, is our biggest differentiator. We are betting big on network security, which amounts to the largest part of our revenue worldwide including India. Apart from our IPS offerings, new products like Application Control are going to be game changers. Database security is another area where we see a lot of opportunities. Post the acquisition of NitroSecurity, we have some compelling offerings around security information and event management (SIEM) and it’s taking off really well in India. We also foresee phenomenal growth prospects for our cloud offerings, especially in the SMB market. 

AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

We don’t want to merge the [Intel and McAfee] channels. We want more partners selling security but we don’t want to tell Intel partners to sell security or vice versa. Everybody has a core competency and we must respect that.

fit into our overall philosophy of products. We have always believed in the concept of having dedicated appliances and we will continue to focus on that because that is where we see real value and RoI for our customers. UTM is a mishmash of everything in one box. And, as a customer, you don’t get everything that you need in that box. UTM is definitely a key part of the SMB intake in India but we believe that it’s important for us to educate our customers that UTM can only address about 30 percent of an organization’s security challenges. We want to demystify the concept of UTM.

HOTLINE

TUSHAR SIGHAT, CEO, D-Link (India)

FINANCIALS

D-Link India Posts Strong Financial Results in 2011-12 D-Link, the end-to-end networking solutions provider for consumers and businesses, recently announced its financial results for the year ending 31st March 2012. The company posted strong financial results for 2011-12; it witnessed 74 percent growth in revenues and 106 percent growth in net profits.

“We are extremely delighted with the unprecedented growth in the fourth quarter and the financial year,” said Tushar Sighat, CEO, D-Link (India). “We have delivered strong financials this year and have successfully demonstrated continued growth over consecutive quarters; we have witnessed

steady growth in revenues and in profits. Our growth is largely attributed to our strong network of partners and their trust that we enjoy. Their contribution in each aspect of business has propelled revenues and helped gain market share.” Commenting on the company’s growth plans Sighat

added: “We already enjoy good market share in the SMB and SME space, along with an excellent channel eco-system. Now, we would like to increase our market share among the enterprise markets and have already deployed a dedicated team focused towards this goal. Also, our R&D department is working continuously towards introducing more innovative product and solutions. Our customers can definitely look forward to cutting-edge products from D-Link.”

D-LINK’S BUMPER QUARTER AND YEAR QUARTERLY REVENUE 2011-2012

74%

Year-on-year increase in revenue in 2011-12 (from ` 127 crore to ` 221 crore)

106% Year-on-year

increase in net profit after tax (PAT) for 2011-12 (` 3.4 crore to ` 7 crore)

61 Cr

`299

151%

Increase in quarterly revenue from ` 28 crore (Q4 last year) to ` 71 crore (Q4 this year) A New Record

71 Cr

54 Cr

Lakh: D-Link’s quarterly net profit after tax (PAT) from ` 8 lakh (Q4 last year). A New Record

36 Cr

Year total 2011-12:

` 222 crore

CUSTOM SOLUTIONS GROUP

PRODUCT SHOWCASE

D-LINK DNS-1200-05 SERVICE & SUPPORT

Exclusive Service Support for Enterprises In a bid to sharpen its focus on its enterprise business, D-Link (India) has recently charted an extensive growth strategy for 2012-13. While the company already has aggressive sales and marketing plans, it is now also extending exclusive service support to its enterprise business customers. Under the program, D-Link (India) has announced ‘Next Business Day Warranty’ support for its enterprise product line.

Backing its Guarantee: D-Link’s recently launched ‘Next Business Day Warranty’ aims to offer enterprises the highest quality of assistance.

With the Next Business Day On-Site Warranty, D-Link will ensure the highest quality of assistance and support to its enterprise customers. This will help them get their networks back up and running within a short period of time in the event of any technical failure. D-Link’s Next Business Day Warranty offers on-site hardware replacement. Also, under the Next Business Day (NBD) warranty, product failure due to defects in materials or workmanship of any internal component will be replaced with an equivalent product, within 24 hours provided all standard criteria are met. The Next Business Day Warranty offered by D-Link will be valid up-to a period of 13 months, given that product is registered with the company within a stipulated time-frame from the date of purchase. In its very first phase, the Next Business Day Warranty support is being made available on D-Link’s range of managed switches. It has already been launched throughout the country.

The ShareCenter Pro (DNS1200-05) is the first in a line of SMB network storage launched by D-Link. This model is used to address the mid-range SMB unified network storage market. D-Link DNS-1200-05 is a five-bay NAS equipped with a powerful quad-core CPU which results in superior performance and provides a wide range of SMB features.

D-LINK DSN-6410

GLOBAL UPDATES

D-Link Gets into Gartner’ Niche Player’s Quadrant According to Gartner’s latest report, D-Link has been positioned in the Niche Players quadrant for the category of Wired and Wireless LAN Access Infrastructure. In recent years, D-Link Challengers

has been transforming from a networking equipment vendor to an end-toend solutions provider. This transformation came to fruition with the establishment of D-Link’s One-Stop framework

Leaders

Ability to Execute

D-Link finds a home in Gartner’s Niche Players quadrant for Wired and Wireless LAN Access Infrastructure. Niche Players

Visionaries

Completeness of Vision

for business, a comprehensive solution that provides all of the critical elements of a networking and IP surveillance infrastructure. In a separate market share report by Gartner, D-Link also obtained the lead position in worldwide Wireless LAN standalone access point unit shipments for enterprises in Q1 of 2012. As an established vendor of wired and wireless LAN solutions, D-Link’s market position is a reflection of the company’s priority to provide end-to-end solutions tailored to the needs of its customers.

The DSN-6000 series storage system from D-Link is an intelligent, highperformance and HA capable multiple Gigabit Ethernet storage solution designed for enterprise businesses looking to improve the reliability, availability, service, and performance of their storage systems. It provides a range of benefits and features including its ability to use familiar, proven, and widespread networking technologies like IP and Ethernet for storage solutions.

n COVER STORY | SECURITY SPECIAL

SECURITY SPECIAL

SECURE

PROFIT The security market is undergoing change and if you want to ensure the future of your business, it’s time to look beyond commoditized technologies to new feeding grounds.

By Yogesh Gupta

Photograph by KAPIL SHROFF

ARREN BUFFETT said it

best: “In a chronically leaking boat, energy devoted to changing vessels is more productive than energy devoted to patching leaks.” Actually, there might be a way to improve Buffett—by asking people in leaking boats to hightail it out of there. Little is more evocative of a sinking boat than today’s market for basic security technologies. Profits from security technologies like anti-virus and firewalls just don’t cut it any more, especially when, as in the last few months,

INDIAN CHANNELWORLD AUGUST 2012

the enterprise security landscape has witnessed a giant transformation with the advent of new technologies. Here’s the bottom line: Making real money is no longer about anti-virus and firewalls—and if you’re smart, you’ve already moved on to more lucrative security technologies. If you haven’t, the question is, where are these new goldmines? And what does it take to profit from them?

THE SLOW DECLINE At Mumbai-based MIEL e-Security, director Anuj Gupta, has been no-

ticing a trend. Anti-virus (AV) and unified threat management (UTM), which used to contribute 65 percent to the firm’s security revenues, had now fallen to less than half—about 30 percent. “UTM and AV had become commodities, resulting in a dirty price war,” he says. From a channel partner’s perspective, the sale of more commoditized security products doesn’t make a great deal of sense. The value of products like AV and UTM are shrinking by the day, given the number of foot soldiers needed to support customers.

The committed focus across emergent security technologies like database security, DLP, SCADA, and SIEM will increase our profitability and more importantly enhance the companyâ&#x20AC;&#x2122;s credibility with enterprise customers. ANUJ GUPTA, DIRECTOR, MIEL E-SECURITY

n COVER STORY | SECURITY SPECIAL

VISHAL BINDRA CEO, ACPL Systems

My Top 4 Security Bets v CLOUD SECURITY v DLP v UTM v VIRTUALIZATION SECURITY 22

INDIAN CHANNELWORLD AUGUST 2012

“Both pre and post sales support, and doing POCs, started to make less business sense,” says Gupta. So MIEL e-Security, which derives over 40 percent of its revenues from security, began to focus its sights on richer feeding grounds. Last year, director Gupta formed a separate division called ‘Emerging Technologies Services’ that focuses primarily on new security areas including DLP, SIEM, database security and cyber

security for SCADA systems. (To see demand for DLP solutions, read DLP in High Demand) Today, the new division is 30-strong and has been extensively cross-trained on new technologies, says Gupta. And it’s beginning to makes its presence felt in the market with the acquisition of marquee customers. But with investments in expensive resources and a well-defined roadmap, it will take time to nourish, says Gupta. MIEL e-Security isn’t the only one seeing lower value from basic security technologies. So is ACPL Systems, a Delhi-based firm that specializes in security. “There’s enough market pull for (for AV and UTM) to boost your top lines, but margins have shrunk. In no way do they contribute anything to the bottom line,” says CEO Vishal Bindra. Prabhakar S., CEO, Esteem Infotech, a security-focused company in Bangalore, is less forgiving. “A twodigit profit for an AV solution priced at Rs 200 will not help your top line or bottom-line,” he says. Down in Chennai, N.K. Mehta, CEO and MD of Secure Network Solutions, is also seeing signs of that dirty price war Gupta refers to. “UTM is a price-sensitive market because there are so many vendors,” he says. Neither is his company banking on AV to bring the bacon home. “We don’t position it as a standalone and only implement it if it is part of gateway-level deal,” says Mehta. Part of the problem is that the impressive amount of competition in the market for basic security technologies forces partners to undercut prices, which erodes profitability. “AV is not a high margin business,” says Nilesh Kuvadia, MD of Barodabased ITCG Solutions. That said, it will be some time before channel players give up on these products. At Chennai-based Digital Track Solutions, for example, UTM and AV still contribute the lion’s share to the company’s security kitty. Even Kuvadia who believes that AV is not a “high margin business” says, “AV is an evergreen product which will be in demand as threats from various corners emerge.”

My Top 4 Security Bets v DLP v IPS v LOGGING & REPORTING v UTM

N.K MEHTA, CEO & MD, Secure Network Systems

fact, he believes that demand for UTM from enterprises will only grow over the next three to four years. “End user service organizations are looking into tier-II and tier-III cities. UTM is a sin-

Strategies that Will Fatten Your Margins Three ways to expand your margins—whether you’ve transitioned to new technologies or not. Get Rid of Sales People: At Bangalore-based Esteem Infotech, CEO Prabhakar S. has a novel approach to sales: He has no sales people. “We are not a sales organization but a technical consulting organization,” he says. “We got rid of sales people a few years ago because it made little sense to carry the overheads. We have 16 qualified techies—the company’s senior resources—who face the customers. They do not carry any targets,” he says. A few months ago, he created a new division (storage and virtualization), with the money he saved eliminating sales staff. Up Sell: Delhi-headquarted Futuresoft Solutions follows a twopronged approach to sales: Sell up and sell wide. But CEO Vipul Datta, has a fondness for the former strategy. With existing clients, “there’s no question of your brand or capabilities. That initial bit of

selling—and the effort and cost associated with it—is much less than what’s needed to map to the requirements of a new customer and showcase value to them.” It’s a strategy that he is using with one of his clients, among the country’s largest media houses. “We catered to the top five companies— which form 80 percent—of that organization and now we are reaching to the remaining 20 percent,” he says. Have Dual Targets: In the last two quarters, Baroda-based ITCG Solutions has put in place a policy it thinks will ensure better margins. “Every sales person is given targets for the top line and the bottom line,” says Nilesh Kuvadia, MD, ITCG Solutions. “Calculating both the bottom-line and the top line is much better because then we know our shortfalls.” — By Yogesh Gupta

AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

Others like Vipul Datta, CEO of Delhi-headquarted Futuresoft Solutions, which made Rs 50 crore in 2011-2012, refute the idea that security products like UTM will go out of fashion. In

gle box that gives 80 percent functionality and can be managed remotely. The cost of ownership and support is very low from an enterprise perspective,” he says. If you’re getting a sense of wistfulness, an unwillingness to give up on basic security technologies from channel partners, you aren’t far from the truth. That feeling is strong among companies like ACPL Systems. On the one hand CEO Bindra says he doesn’t understand why margins for AV should be so low since “it is a highservice business. AV is becoming more complex as one needs to know about malware, different OSes, the internal Windows network, and many more things.” Yet, on the other hand he has seen revenues from AV slip. Five years ago, anti-virus made up 80 percent of ACPL’s revenues. Today, that’s fallen to 10 percent. “It’s sad,” he says. “Dwindling margins on run-rate and basic solutions have forced us to drift towards database security, DLP, IPS, and Web security. Today, we’d rather drive up the tech curve fast than compete with hordes of partners.” Bindra is among a small band of channel partners who have begun to de-risk their security businesses by broadening into new, more profitable areas. It’s hard to find fault with the strategy if you go by the numbers. According to the Indian Information Security Survey 2012—one of the largest if not the largest security survey in the world—security budgets of the organizations across industries and revenue sizes are showing a definite shift towards newer technologies and technology trends including cloud computing, BYOD (bring your own device), social media, and data security. (Read full survey on page 28).

n COVER STORY | SECURITY SPECIAL At MIEL e-Security, Gupta is seeing even more opportunities. “Websense DLP has good services revenues,” says Gupta. “SCADA security is complex but we are a niche practice and are building a security consultancy with a 360-degree approach to it. SIEM (security information, and event management), privileged identity management and IRM (information risk management) are other technologies in demand which form part of the new group. Besides McAfee Sentrigo, we are evaluating other vendors for database security.” There’s an added benefit to floating towards non-basic solutions: It opens up your market. “We are now building security practices with which we can go global,” says Gupta. “We are undertaking assignments outside India with Websense DLP,” he says.

My Top 4 Security Bets v CLOUD SECURITY v DLP & IRM v END-POINT SECURITY v UTM

S.T. MUNEER AHAMED, MD, Digital Track Solutions

INDIAN CHANNELWORLD AUGUST 2012

DLP in High Demand Which data-protection mechanisms are you considering implementing? 72% Data loss prevention 50% Data masking 33% Tokenization 33% Point-to-point encryption 22% Outsourced processing and storage

DATA IS THE KEY Over the past few years, organizations have traversed the security gamut starting from network security, through Web security and application security, and now to data security. The growing focus on data is apparent from the 73 percent of Indian organizations who say they will increase investments in data protection enhancement during the coming year, according to Indian Information Security Survey 2012. That’s a development Prabhakar from Esteem Infotech was tracking for

35%

Of Indian organizations do not have DLP tools in place, but say it’s a top priority over the next 12 months. SOURCE: INDIAN INFORMATION SECURITY SURVEY 2012

a while before he decided to get into the data security game. Four years ago, the Bangalore-based company moved to DLP, encryption and application control. “Though customers were conservative, we foresaw the best opportunity with these new technologies,” says Prabhakar. Two years ago, the company deployed 20,000 licenses of McAfee Application Control for Mphasis’ offices across the globe. And today, DLP and encryption contribute to over 40 percent of the Rs 11 crore in revenues it made in the last financial year, says Prabhakar. Esteem Infotech is definitely an early-mover. But if you missed that first boat, don’t worry, it still isn’t too late. According to the survey, over 72 percent of Indian organizations plan to implement DLP as a way to protect data in next 12 months. This sharpening focus on data security is a transition channel partners are beginning to see among their customers. “They (CIOs) cannot control what happens in the network but what’s happening to the data is their concern, says ACPL’s Bindra. Earlier, he says, HR and business development managers weren’t really interested in application or network security. But, now, more data is being owned by company stakeholders and others. “When we talk of DLP, DRM (digital rights management), and BYOD, these groups are much more involved,” he says. Not all channel partners are seeing the same migration to data security, though. “DLP, and the cloud is fine for big enterprises.” says Mehta from

n COVER STORY | SECURITY SPECIAL

My Top 4 Security Bets v APPLICATION CONTROL v CLOUD SECURITY v DLP

P h o t o b y S R I V AT S A S H A N D I LYA

v ENCRYPTION

PRABHAKAR S, CEO, Esteem Infotech

Secure Network Solutions in Chennai. Focused primarily on SMBs, the company, made Rs 15 crore last financial, hasn’t seen a swap between orders for gateway security or UTM and the cloud or DLP. “Customers want DLP but they are not sure if they want it at the gateway or at the desktop level. DLP is a wide open ocean. That said, gateway DLP is showing some demand,” he says. Thanks to Wikileaks, there is a growing awareness of data security— 26

INDIAN CHANNELWORLD AUGUST 2012

and the importance of data availability solutions—even among small business units, says Sudhir Kothari, CEO and MD, Embee Software. “We talk to customers about the ROI of solutions like IRM, DLP, and high availability solutions, which gives us maximum return and loyalty among customers,” he says.

SALES CYCLE TRADEOFF Shrinking demand for AV, UTM and firewall products is only one reason

that channel partners are gravitating towards higher-end security technologies. Here’s the other: The latter offers fatter margins. Many of the firms deploying technologies like DLP tend to have a bottom-line focus, not a top line one. “Security margins were at decent double-digit levels a few years ago as low-end margins among other software products drove most SIs to drift towards security. Partners make decent margins from services in DLP, SIEM or technologies which demands skilled manpower and technical competency,” says says Harish Tyagi, CEO, Taarak India. All of the firm’s business, including services and consulting expertise, comes from security. But as enticing as it is to fatten the bottom line by pushing new technologies, it takes planning and a willingness to accommodate tradeoffs. “You need to prepare accordingly and you need to do it before you go back to your customer,” says ACPL’s Bindra. “Web applications, firewalls, DLP, IRM all have a direct impact on business as their implementation cycles are longer,” says Bindra. That’s a sentiment that S.T. Muneer Ahamed, MD, Digital Track Solutions echoes. At the network security and storage solution company, Ahamed says they’ve noticed that overall margins of new technologies are better than basic security technologies, but sales cycles are longer. Some of that extra margin comes from the fact that customers also see security products like AV, firewalls, and UTM as commodities—but not so technologies like DLP. Continued on page 32

Stay informed.

Stay Ahead. I

nformation drives businesses and we cannot stress more on the criticality of having it at your finger tips. The challenge is to have relevant information that equips you with the power to stay ahead. ChannelWorld delivers the power of relevant information to your inbox. ChannelWorld ON-RECORD Bringing you the latest interviews from the Industry leaders, once a week. ChannelWorld FACE-OFF Two opposing views by industry leaders defending their turf. Delivered once a month. ChannelWorld UPDATE A daily digest of all the relevant news that impacts the Solution providersâ&#x20AC;&#x2122; business.

ChannelWorld.in

Log on and Register Yourself

n COVER STORY | SECURITY SURVEY

LANDSCAPE

tc) Board, e

expertise Absence or shortage of in-house

La ck of vis ion or un de rst an din go f th ef utu re

% 31

e us ta da

con tro ls a nd ide nti ty

31 %

End -us er a cce ss

gy te a r st

Regulatory requirements

nd sa es cc fa go rin ito on M

% 27

S eI tiv c fe ef n fa ko c La

Clo ud com pu tin g

% 20

24%

Obstacles to the IS Function Top Five Security Challenges

ft the IP

38%

26%

ip (CEO, Leadersh

alent) or equiv

Insufficie nt capex

14%

% 42

hip (CIO Leaders

c) et O, CS O, IS (C ip sh er ad Le

% 19

Ins uff icie nt op ex

30%

Types of Security Incidents 40% Removable storage exploited

Number of Security Incidents

36% Data exploited

Incidents

2010

2011

2012

32% Mobile device exploited

0 or none

24%

29%

23%

27% Application exploited

1 to 2

29%

31%

23%

3 to 9

18%

20%

18%

10 to 49

10%

12%

50 or more

15%

26% Human (social engineering)

Donâ&#x20AC;&#x2122;t know

14%

24% Paper-based data exploited

INDIAN CHANNELWORLD AUGUST 2012

27% System exploited 27% Network exploited

Over the Next 12 Months, Security Spending Will... 11% Increase more than 30%

28%

36%

Increase 11-30%

What’s Driving Your Security Spending? Business continuity / disaster recovery 47%

14%

Increase up to 10%

Stay the same

Decrease

How is the Effectiveness of IS Spend Measured? 45% Professional judgment

Economic conditions 46%

43% Reduced security incidents/breaches

Internal policy compliance 43%

42% Improvement against security metrics

Outsourcing 41% Regulatory compliance 41% Company reputation 40%

SOCIAL MEDIA How does your company manage the sharing of sensitive data through social networking platforms?

34% Total cost of ownership

ECIAL ITY SP SECUR

Change and business transformation 43%

33% Return on investment (ROI) 28% Payback period 25% Net present value

50%

OF INDIAN ORGANIZATIONS PLAN TO IMPLEMENT AN ENTERPRISE

SOCIAL NETWORKING PLATFORM FOR EMPLOYEE COMMUNICATION AND COLLABORATION

61% 56% Monitor to ensure movement of sensitive assets is restricted

Policies and procedures of acceptable use

Classify and manage data

ONLY 26%

BUT INCLUDE SOCIAL NETWORKING/WEB 2.0 TECHNOLOGIES IN THEIR

SECURITY POLICIES

77% DON’T HAVE

AND SOCIAL NETWORKING MEDIA IN THEIR

50% 50% Establish user roles

23% ALREADY HAVE THIS IN PLACE

SECURITY POLICIES

28% Security awareness training

THE GOOD NEWS IS THAT

62%

PLAN TO INCREASE SPENDING TO ENHANCE SOCIAL

MEDIA SECURITY IN THE NEXT YEAR

n COVER STORY | SECURITY SURVEY

MOBILE Initiatives to Tackle Mobile Security Risks Mobile security strategy

50% 44% 37%

Mobile device management software Ban of user-owned devices in the workplace/network access Protection of corporate e-mail and calendaring on employee-and user-owned devices

46%

29%

OF INDIAN ORGANIZATIONS INCLUDE MOBILE DEVICES IN THEIR SECURITY POLICIES.

Mobile Device Malware Detection 38% Have in place 32% Outsource

43%

80%

Of Indian companies plan or already allow staffers to use personal devices to access

39%

Of Indian organizations encrypt data on smartphones

66%

Of Indian organizations will increase spending on security enhancements/applications for mobile devices in the next year

28%

Of Indian organizations have had a mobile device (smartphone, tablet computer) exploited

Top priority over the next 12 months

Increased Use of Mobile Technologies by Customers Will be aâ&#x20AC;Ś 36% Significant challenge 37% Challenge 27% Not a Challenge

CLOUD 27%

Don’t know

46%

45% Pla Ser tformvice as-a -

Difficulty with data security compliance

42%

Potential Issues With the Cloud

Yes

ureruct ice t s a v r 51% Inf -a-Ser as

50%

Reduced ability to negotiate and enforce data protection

Do You Use the Cloud?

29%

Limitation of liability

27%

78%

15% 19% Don’t Know

Cloud’s Impact on Security

tter s be i y t i ur Sec

Sec urit y

Methodology

18%

66%

No change

Difficulty/challenge in building internal skills and knowledge

is w ors

The Global Information Security Survey 2012 is a global survey by PricewaterhouseCoopers (PwC) and CSO Magazine. It was conducted online during the months of May and June this year. The Indian results are based on the responses of 738 India CEOs, CFOs, CIOs, CSOs, VPs, IT directors. The study represents a broad range of industries including BFSI (15%), construction (9%), education/ non-profit (4%), healthcare (5%), manufacturing (15%), services (20%), technology (23%), and telcos (5%).

32%

Uncertain ability to enforce security policies at a provider site

13% Uncert to reco ain ability ver dat a

Risks to ning trai e t Cloud qua iting 20% InadeIT aud Strategy 13% and 14% Proximity of your data Questionable privileged to someone else’s access control at provider’s site site

ECIAL ITY SP SECUR

Difficulty with governance, oversight, and monitoring

Software-as-aService

n COVER STORY | SECURITY SPECIAL

Cloud Computing: Heating Up Organizations that have cloud computing in their security policy. 24%

17%

2011

2012

No.1

The “uncertain ability to enforce security policies at a provider site” has been the top security risk to cloud strategies for three years running. SOURCE: INDIAN INFORMATION SECURITY SURVEY 2012

From page 26

“Many customers expect free implementations of AV and firewalls,” says Prabhakar at Esteem Infotech. “However, they are willing to pay a premium for a professional implementation. After we complete a DLP project, for instance, we have documentation that goes into 70 to 80 pages, and we also provide training to the employees of our customer,” he says. Esteem Infotech caters to customers for DLP, encryption, and application control with a minimum of 501 end points. The margins that qualified partners expected is justified, says Bindra, since security is an industry where skilled manpower and consulting services come at a premium. His company, for example, recently won three DLP orders in the span of a month—orders that were sold by other partners who could not implement or showcase the value of the technology. “It is no more a plain vanilla sell,” agrees Prabhakar. It’s even less of a plain vanilla sell if you’re pitching to SMBs. But it’s a strategy with an upside. Security consulting services which are tailored to customer demands is a big differentiator for SMBs, says Mehta at Secure Network Solutions. “If a customer wants the ability to replace an appliance within a couple of hours, that’s something no vendor can accomplish. So we charge a premium,” he says. “Many customers who have bought solutions from 32

INDIAN CHANNELWORLD AUGUST 2012

other partners approach us after a year for services. Services (including consultancy) have doubled in the

My Top 4 Security Bets v DLP v SIEM v SSL-VPN v WEB APPLICATION SECURITY HARISH TYAGI, CEO, Taarak India

past year and we see the same this year too,” he says. “If you’re selling to the SMB segment, it is especially important to understand that strategy’s impact on your sales cycle. The sales cycle for SMB and the mid-market is usually one to two months compared to three to four months for the enterprise market and this affects margins,” says Tyagi of Taarak India.

PROFITING FROM THE CLOUD According to the Indian Information Security Survey 2012, a majority of Indian business and IT leaders (52 percent) say that cloud computing represents the top security risk for their organizations. Only 16 percent say their security posture has gotten better after their companies moved to the cloud. (To see demand for way to secure the cloud, read Cloud Computing: Heating Up). Any way you look at it, this creates a sizeable business opportunity for partners who can demonstrate that they know their way around the cloud. Gupta’s MIEL e-Security is one of those that has moved quickly on the opportunity. Last year, the company launched a cloud-based, end-point compliance product it calls MEDS. The in-house solution is targeted

My Top 4 Security Bets v CONTENT MANAGEMENT/ BYOD / MDM v DLP v IDENTITY ACCESS MANAGEMENT v PARAMETRIC SECURITY

at the mid-market and enterprises and already has over 35 customers, says Gupta. They’ve also taken the product to the Middle East and other countries. Now, he is onto his second cloud project. “We are evaluating e-mail archival solutions over the cloud with Symantec Messagelabs,” he says. Other companies, however, are having a harder time profiting from

the cloud. Although Chennai-based Digital Track Solutions has over a decade of experience in the security market and is aggressively encouraging its customers to go cloud, it’s a challenge to find new customers, says managing director Ahamed. But he isn’t throwing the towel in yet. “Customers are confident in our cloud pitch and, more importantly, the security around it,” he says. To

BYOD AND MORE BYOD is another definite trend according to the Indian Information Security Survey 2012. This fact is evident from the number of organizations putting policies in place AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

VIPUL DATTA, CEO, Futuresoft Solutions

help drive sales the company has created a strategy in which senior sales people up sell DLP and the cloud to existing accounts, while new recruits have to pitch these technologies to new accounts. At Esteem Infotech, Prabhakar isn’t wasting any time ramping up to the potential of the cloud. “We are geared to graduate to cloud security in next six months,” he says. “Many partners who ventured earlier have made good money. If we do not get aggressive on it, then we will lose a big opportunity.” Prabhakar isn’t the only one who wants some of that first-mover advantage sweetness. “We face less competition as DLP and cloud computing is still relatively a niche solution,” says Ahamed. “There is great support from OEMs to sell these products including lots of training.” Even Datta at Futuresoft Solutions, who says his focus is to help his customers as they consolidate their architecture—and not necessarily drive emerging technologies like DLP, GRC, and cloud computing— says there’s money to be made from the cloud. “Large enterprises will not shift quickly to the cloud. But distributed organizations (with less than 20 users) are exploring cloudbased services mainly in the FMCG, financial, and hospitality sectors,” he says.

n COVER STORY | SECURITY SPECIAL

My Top 4 Security Bets v ANTI-VIRUS v BYOD v CLOUD SECURITY v UTM

NILESH KUVADIA, MD, ITCG Solutions

some good wins with Symantec solutions,” says Datta. His company, Futuresoft, he adds, has changed its whole approach, making content management the large story, a story that covers content protection and content lifecycle management. The security market that caters to BYOD is still immature. And, therein lies a chance for channel players who want to be seen as forerunners and, by extension, experts. “Close to 90 percent of applications cannot be ported on devices because of ‘dis-fragmented’ solutions. There is

BYOD: The Next Big Thing What initiatives has your organization launched to address mobile security risks?

27%

Of Indian organizations have included the use of consumer devices on the enterprise network in their security policies. 34

INDIAN CHANNELWORLD AUGUST 2012

97%

Of Indian organizations have launched some initiative to counter mobile security risk. SOURCE: INDIAN INFORMATION SECURITY SURVEY 2012

ECIAL ITY SP SECUR

to secure smart phones and tablets. Over 46 percent of Indian enterprises say they are making mobile device malware detection a top priority in the next 12 months. Another 66 percent say their companies are slated to increase spending on securing mobile devices. (To see demand ways to secure BYOD strategies, read BYOD: The Next Big Thing) Some of those plans are already translating into business for channel partners. “We are focusing heavily on securing mobile devices in large enterprises and we have

no comprehensive solution in the market that can cover the length and breadth of BYOD,” says Gupta at MIEL e-Security. That isn’t stopping, however, him dipping into the pool. Mobile device management (MDM) will soon be part of the ‘Emerging Technologies Services’ group, he says. The lack of maturity in the market also makes this a perfect time for talented channel partners to be seen as thought leaders—and therefore offer consultancy services. “It is no rocket science to implement the technology but the thought processes and HR policies have to be in place for an enterprise,” says Bindra of ACPL Systems. Kuvadia at Baroda-based ITCG Solutions says they have initiated BYOD projects with a few customers and reports that security is a challenge. He also says that security enhancements in tier-II and tier-III cities are slower than in metros. Authentication and IRM is another emerging opportunity, one that Digital Track Solutions has already latched onto by tying up with ArrayShield and other vendors. “Hopefully, we’ll get an early bird advantage,” says Ahamed. Mehta at Secure Network Solutions in Chennai says he sees rising demand in logging and reporting thanks mainly to compliance. In the meanwhile, back at MIEL e-Security, Gupta says that between 15 and 20 percent of the company’s security revenues are already coming from the ‘Emerging Technologies Services’ division. “It will contribute over 50 percent in next couple of years,” he predicts. This isn’t a boat he’s going to miss. 

n FAST TRACK

REVENUE SPLIT

Solutions Enterprise

50%

Security / Networking (Products & Services)

Software Development

46%

KPO Services SOURCE: SOLUTIONS ENTERPRISE

SECURITY ROADMAP

P h o t o g r a p h b y V I S A K A VA R D H A N

Revenue 2011-12: Rs 33 crore (unaudited)

Snapshot Founded: 2008 Headquarters: Ahmedabad

HMEDABAD-BASED SOLUTIONS Enterprise

Private Limited (SEPL) understands the meaning of forward-looking like few others. That’s one of the reasons the young company—it’s only four years old—ponied up Rs 25 lakh to set up a Juniper PoC lab for security to help customers find a best-fit solution for their needs. “We want a win-win situation for all our stakeholders through our solutions, not merely the products. We hope the PoC labs achieve this objective,” says Pratik Patel, MD and CEO, SEPL. With its first lab up and running in Ahmedabad, SEPL now intends to set up PoC facilities in Mumbai, followed by other cities in the near future, says Patel. Eventually, the PoC driven by Juniper will be thrown open to other vendors too, he adds.

Branches: Mumbai, Pune, Delhi, Bangalore, Hyderabad, London Other Key Executives: Yogesh Patel, Director; Sanjay Bharti, Manager-Sales and Marketing Revenue 2009-10: Rs 18 crore

Employees: 412 Key Principals: Juniper, Cisco, Wyse, VMware, Infoblox Key Business Activities: Managed services, remote infrastructure management, systems integration, managed hosting services, network and security management, BPO (Accounting) Website: www.sepl.net

SEPL’s primary focus is security, so it’s alignment with Juniper Networks for networking and security is vital to its growth. “Network and security

As part of its security roadmap, SEPL is in the process of venturing into security compliance management. “Compliance measures and their management can be a major pain-point for customers,” says Patel. “We are soon going to announce a suite of products that will assist in setting up security measures and create the rules, analysis of impact of certain rules within a framework, regular reporting, back-ups, and standardization as a part of our services portfolio.”  — Shantheri Mallaya

We want to create a win-win situation for all securityoriented stakeholders, says Pratik Patel, MD and CEO, SEPL. AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

Revenue 2010-11: Rs 25 crore

contribute to over 50 percent of our toplines,” says Patel, adding that they also “work with a few other vendors for complementing security solutions.” SEPL started out life providing managed network, security and infrastructure services to clients abroad; and breaking into India wasn’t a bed of roses. “When we decided to enter the domestic market, the biggest challenge was to educate customers about us as a service provider,” recalls Patel. But that’s in the past. Today, SEPL, with about Rs 32 crore in annual revenues, is growing healthily. Its estimated topline growth for 2012-13 is about 35 percent. It helps, admits Patel, is that there’s a growing acceptability to the idea of outsourcing IT services.

Photograph by SHAILESH

n CASE STUDY

Always putting the customer in front: Ronny Ferrao, COO, Essen Vision (L), and Satish Kotian, Head-IT, DHFL.

SURE ON

GROUND

DHFL beats its security challenges by moving to the cloud. And it couldn’t have been done without Essen Vision. By Shantheri Mallaya

UMBAI-BASED ESSEN Vision

Software proves that it’s crucial to be around for a customer in need—the key to being a successful solution

INDIAN CHANNELWORLD AUGUST 2012

provider. Essen Vision demonstrated this by supporting one of its long time customers, Dewan Housing Finance, as it transitioned to Symantec’s cloud.

SPAMMED! DHFL, India’s second-largest private housing finance company, has its finger on the pulse of the market with branch offices, service centers and regional processing offices spread across India. But, a few years ago, some of DHFL sharp focus on growth was being diluted by operational issues. Like other companies that depend heavily on e-mail, DHFL found that it was vulnerable to spam attacks. In 2010, the problem had become severe: The company was dealing with over six lakh e-mail messages a month, 20 percent of which was spam. On an average, employees received around eight to 10 spam messages a day. Soon, DHFL’s small IT team was inundated with calls from frustrated users as spam clogged the company’s e-mail bandwidth. At about the same time, DHFL’s IT team found that its resources were over-burdened with approximately

“Though we largely remained in the background, our presence was felt throughout the time the customer moved to the secure solution.” — Ronny Ferrao, COO, Essen Vision Software two man-hours a week being allocated to operational duties to deal with security issues. This proved to be an expensive activity for the company and put a drain on resources, which led DHFL to go on a quest to streamline cost structures while maintaining service levels. “It was time to seriously look at a stable and viable alternative,” says Satish Kotian, Head-IT, DHFL.

ZERO INVESTMENT

Snapshot Key Parties: Essen Vision Software, DHFL

Location: Mumbai Implementation Time: Three months Key Technologies: Secure messaging solution on the cloud

Main Vendors: Symantec People Involved: Ronny Ferrao, COO, Essen Vision Software; Satish Kotian, Head-IT, DHFL Key Challenges: Moving from an onpremise, third-party-managed e-mail service to Symantec’s cloud Post Implementation ROI: Safer, more secure access, no additional costs, savings on capex, reduction in TCO

RELATIONSHIP MANAGER “We played the role of relationship manager. Our conversations with DHFL helped us understand DHFL’s pain-points in the e-mail system and what they needed,” says Ronny Ferrao, COO of Essen Vision. The project, negotiations for which began in March 2010, culminated in May 2010 with the deployment. Essen Vision emerged as a key local cocoordinator for the project right from the PoC to post-deployment support, though the solution was largely discussed with Symantec. Essen Vision worked with DHFL’s internal IT team to help them move smoothly to the cloud. For minor troubleshooting, Essen Vision’s assistance is at hand. DHFL, however, has to turn to Symantec in the event of major escalations. “We are fortunate that there have been no such eventualities till date. We also know that Symantec is very efficient and is just an e-mail away for any problem whatsoever,” says Kotian. The SI partner, being the local cocoordinator, has a splendid relationship with the vendor and the customer, both of which are big advantages. “Though we largely remained in the background, our presence was felt throughout the time the customer moved to the secure solution. There were creases in transactions such as billing across overseas datacenter locations that we facilitated with ease. We are easily accessible and also a support for troubleshooting,” says Ferrao. Essen Vision, from its end, is looking at a continued relationship with DHFL. “We are old partners of DHFL and have a strong relationship with them. We are looking at other areas of co-operation. We see a lot of opportunity, and are in talks with DHFL for some other projects through Symantec,” says Ferrao. On his part DHFL’s Kotian says, “We have a roadmap for the cloud. If Symantec comes up with advancements for some of our other requirements, we will move those to the cloud in phases, since our confidence in them is immense.”  AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

DHFL was looking for a simple and scalable solution. After having evaluated several options, DHFL figured that moving to the cloud was the best way out; it was a solution that could potentially avoid them from incurring any additional costs. DHFL found that Symantec.cloud services were convenient and easy to use and had the added benefit of having a reputed brand. When compared to its in-house solution, DHFL clearly saw the benefits tilt in favor of the cloud as manageability and the cost were important to them in the short and the long term. Also, as the number of users would increase, DHFL saw that there was room for negotiation in the cloud pricing models. Importantly, it would eliminate a huge problem for them. “As of today, it has removed 99 percent of all spam off-site, even before it reaches our network,” says Kotian. “It has also reduced our administrative overheads as the latest anti-spam and anti-virus updates are managed by MessageLabs.” Fashioned on a pay-per-use model, DHFL’s Symantec.cloud solution uses a multi-layered approach to deliver advanced protection combining traffic and connection management with three commercial virus scanning engines, a commercial spam detection engine, and its

proprietary heuristic technology called Skeptic. But what Kotian really loved is how fast it was to implement. “The beauty of the solution is how little time it took to deploy, and how it effectively minimized risk to both external and internal mails,” he says. With the Symantec.cloud Service Level Agreement (SLA) providing 100 percent anti-virus effectiveness against known and unknown e-mail viruses as well as 99 percent antispam effectiveness, the solution has also enabled DHFL to reallocate its limited internal resources to critical IT missions such as risk-management and regulatory compliance. “We also have direct access to the Symantec datacenter for all my SLA requirements, which means I do not have to worry about who will address my issues, if any,” says Kotian. He is also confident that the cloud

model will help DHFL manage its e-mail security at a lower TCO.

CSOs are mixing an assortment of technologies, approaches and policies to shore up defenses on the changing corporate boundary. By Elisabeth Horwitt

ACK IN 2008,

guarding Motorola’s perimeter was a lot simpler than it is today, recalls Paul Carugati, the company’s information security architect. “It was OK to just open up [firewall] port 480 [to network traffic], because we knew that everything that ran over it was HTTP,” he says. But with the rapid growth of Web 2.0 applications, e-commerce environments and cloud services, he adds, “in 2010, that wasn’t so true; in 2011, it wasn’t true at all.” Management was continually questioning Carugati about the risk exposure related to a critical service or a social media environ-

ment, and the possibility of infiltration of the company’s data through social media. Motorola’s then-current firewall technology could trace users’ IP addresses, but it could not track applications and so was unable to monitor which ones were exposed. To address the issue, Motorola’s security department added a next-generation firewall (NGFW) to its perimeter defense mix. In addition to traditional Level 3 and 4 firewall security, the platform can track outgoing and incoming traffic at the application level. This has brought huge gains in visibility, control and enforcement, Carugati reports. Now, it’s clear “which apps

INDIAN CHANNELWORLD AUGUST 2012

are flowing through that egress environment, including apps we thought we weren’t allowing outbound and ones we didn’t know about,” he says. That visibility enables the security team to enforce far more granular security policies at the application level, rather than at the network protocol and port levels. Furthermore, management can now draw a far more accurate picture of the company’s social network presence and interactions, for risk assessment and compliance with regulations such as PCI DSS, Carugati says. NGFWs are just one way in which companies are revamping their defenses in response to new threat

vectors that have grown out of businesses’ growing use of and dependency on Web applications, social media, cloud computing, virtualization, wireless networks and mobile devices. These technologies continue to change the fundamental nature of business computing and communications. As a result, the corporate boundary has become increasingly porous and difficult to define—some would even contend that it’s non-existent—rendering traditional notions of “protecting the perimeter” obsolete. Not that companies like Motorola have jettisoned traditional defenses, such as legacy firewalls, intrusion prevention and detection systems, anti-virus and antispam programs, VPNs, and the like. Rather, they have started looking at perimeter defense in a more multi-leveled, multi-layered way.

A MULTI-LAYERED PERIMETER DEFENSE Industry experts advise CSOs to take a defense-indepth approach that deploys multiple layers of security, so that malware and other threats that slip by the first line of defense get caught by

I L LU S T R AT I O N BY U N N I K R I S H N A N A .V

THE NEW THE NEW

NEW TECHNOLOGIES | FEATURE n spection and identify known hacker signatures and abnormal behavior. NGFWs typically monitor inbound and outbound enterprise traffic, identifying malware that may be riding on top of a trusted link, as well as app-level end-user activities that are inappropriate, risky or prohibited. WAFs specifically monitor traffic between Web clients and servers. Polk, a leading provider of data and marketing services for the auto industry, has supplemented its traditional firewall with F5 Networks’ Big-IP Application Security Manager. The WAF protects Web servers from common app-level attacks such as SQL injection, says Ethan Steiger, the company’s CSO. This has saved the company from the expense of re-developing a number of Web apps with known coderelated vulnerabilities. NGFWs and WAFs can also help with one of the

biggest headaches for CSOs: The threat of hackers using social engineering and other techniques to exploit trusted sources such as employees, partners and customers who have access rights to sensitive portions of the corporate network. The growing use of mobile devices and the social Web for business purposes has greatly exacerbated this problem, industry experts agree. Once a hacker gains access to an employee’s client device, “all of sudden you’ve got malware or a bot trying to communicate via an established connection, back out through your perimeter” to the hacker’s control center, says Andrew McCullough, manager of information security for hotel chain operator Accor North America. Accor’s security team deployed an NGFW five years ago, when application-level attacks first started showing up, McCullough says. While

Rising Security Technologies Security technologies rise and fall in popularity. In its TechRadar report, Forrester Research puts its bets on the five it thinks are in a growth mode. Configuration Auditing Tools According to Forrester, not much to see right now, but in three to five years they’ll be in wider use because of the increasing number of data breaches and current regulatory environment and “have the potential to become ubiquitous in enterprise security organizations.” Malware Analysis Providing analysis used in incident response and vulnerability management, the “adoption of such tools is expected to rise” within the next three to five years in part because of

“state-sponsored or advanced persistent threats” which require “more diligent inspection of network traffic.” Network Encryption Although network encryption exists in infrastructure devices such as routers and switches, demand for stand-alone appliances is just starting, Forrester says, due to many compliance requirements to encrypt and secure data. In one to three years this could reach the next phase, though without compliance pressures, this technology will be adopted by only the most stringent and largest of enterprises, according to Forrester. Predictive Threat Modeling This relatively new concept calls for analyzing how to

properly protect important data by proactively modeling threats, says Forrester. In three to five years it could hit the next phase, although the “costs and complexity of current threat modeling tools work as a barrier to adoption of this new technology.” DDoS Mitigation Controls While there have been antiDDoS (distributed denial of service) products on the market for some time, Forrester points out, the market has until recently been very small. But due to the increase in hactivism, “the market for DDoS protection is poised for growth” within one to three years, Forrester predicts, especially as a service. —By Ellen Messmer

such attacks were infrequent back then, their number “has gone through the roof” in the past year or two, he says. An NGFW’s ability to enforce security policies on a granular level is critical, given business users’ growing dependence on the Web, and social networking in particular, Oltsik says. “A lot of people see [perimeter security] as an ingress problem, malware arriving on incoming traffic,” he says. At least as important, though, is determining which websites users are visiting and whether they are known malware-distribution or command-and-control sites, McCullough says. Rather than deny, say, the marketing group all access to Facebook, companies can use an NGFW to limit access to those apps that business users consider to be critical to their jobs, Oltsik says. “That’s a perfect intersection of supporting and protecting business.” McCullough agrees. “Our marketing, purchasing and HR teams all use Facebook now, often for very valid reasons,” he says. Rather than trying to block employees from using Webbased applications with proven business value, “our job is to wrap controls around those apps, so they can be used with as little risk as possible.”

TOO MANY EGGS IN ONE BASKET? Most leading NGFW vendors, including Check Point Software Technologies, Palo Alto Networks, Juniper Networks, Fortinet, F5 and, Cisco, combine traditional firewall capabilities with a range of other functions, such as application-aware traffic monitoring, intrusion

AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

the second or third. That means going well beyond traditional perimeter defenses—namely, network firewalls—which monitor and control traffic on the basis of source and destination IP addresses, network protocols and port numbers. That leaves them incapable of defending against the 60 to 70 percent of attacks that now occur at the application level, according to Jon Oltsik, senior principal analyst at Enterprise Strategies Group. For example, a network firewall can accept HTTPS traffic and block HTTP traffic from the Internet to a Web server. Without app awareness, however, it cannot distinguish between customer and hacker HTTPS traffic, Oltsik says. Smart CSOs are bolstering this first line of defense with technologies such as NGFWs and Web application firewalls (WAFs), which can perform deep-packet in-

n FEATURE | NEW TECHNOLOGIES prevention and data loss prevention. These multi-functional security gateways are considered either synonymous with or a subset of unified threat mitigation (UTM), depending on whom you ask. The basic concept is the same: Instead of purchasing, deploying and managing various perimeter defense mechanisms on separate appliances, a company can deploy a multi-layered security strategy on a single hardware platform. The main advantage of taking the UTM route is cost savings, sources agree. Products that are designed to handle one security function tend to be quite expensive, says Accor’s McCullough. Intrusion-pro-

report predicts. Holding some CSOs back from taking the plunge is the cost of writing off legacy perimeter security devices. “Our infrastructure is incredibly expensive; it doesn’t make business sense to replace it wholesale,” says McCullough. Rather, his team is taking it slow, testing devices and planning to replace one existing set of firewalls with a more advanced product over the next year. Going with one vendor’s all-in-one solution often means sacrificing functionality for cost savings, McCullough adds. “You don’t get the best in class, in my opinion,” he says. Accor purchases its anti-spam and anti-virus products from

but the company has had to “take some very serious jumps [in capacity] in a very short time, in order to keep up with demand,” says McCullough. The hotel chain uses one type of perimeter device with cut-and-dried access-control rules for the transport VPN, and a second one to enforce granular app-based security rules for traffic going to and from the datacenter, McCullough says. Accor is likely to remain a multi-vendor shop for the foreseeable future, according to McCullough. “We never want to get to the point of using a single perimeter security device; we want a mesh of products.” While this means complexity, and potentially more

Smart CSOs are bolstering this first line of defense with technologies such as next-generation firewalls and Web application firewalls, which can perform deep-packet inspection and identify known hacker signatures and abnormal behavior. tection systems for a small organization can easily cost $10,000 or $20,000 (about Rs 5.5-11 lakh) a year, and for a large enterprise, annual costs can reach a quarter of a million dollars (about Rs 1.3 crore), he says. In contrast, that capability on an NGFW platform would be about $20,000 a year, according to McCullough. Still, many CSOs remain leery of a single-vendor perimeter solution. Gartner’s 2011 “Magic Quadrant for Enterprise Network Firewalls” report found that less than five percent of internet connections were currently secured using NGFWs. That number will rise to five percent of the installed base, and 60 percent of new purchases by 2014, the 40

specialized vendors. Furthermore, once the device starts looking into the actual content of packets, “you need a beefier box,” says Eric Maiwald, a research vice president at Gartner. “Add anti-malware and attack signatures, then DLP, and you need even more power.” That’s why UTM devices work best in locations where throughput requirements are lower, such as small companies and branch offices, he adds. “When you talk about front-ending a bandwidthheavy location like a datacenter, you usually need to have separate devices for different functions,” Maiwald says. Accor’s NGFW runs on a hefty hardware platform,

INDIAN CHANNELWORLD AUGUST 2012

administrative headaches, the benefits include increased assurance and risk reduction. “A hacker that bypasses firewall vendor A gets stopped by vendor B,” he says.

VIRTUAL DATA CENTERS, VIRTUAL FIREWALLS? Virtualization of the datacenter has “thrown an interesting wrench into the perimeter security works,” says Gartner’s Maiwald. Different levels of trust can exist on the same physical server, and conversely, virtualized applications can run on different virtual machines that reside on physical servers in different security zones. Virtual server vendors like VMware, as well as

leading NGFW vendors, now offer “virtual security controls” that create a “virtual perimeter behind the physical perimeter,” says Oltsik of Enterprise Strategy Group. Such products can be configured to control access across security zones in a virtualized environment. However, Oltsik says his company’s research shows that many security and IT staffs are still learning how to use such tools. Among the issues they face is how to segment the two types of networks to make sure physical and virtual security devices are working in sync. Another is how to enforce security policies when applications and virtual machines keep moving from server to server. Still, some enterprise CSOs are starting to make good use of such tools. McCullough’s team recently moved critical applications into Accor’s datacenter, where a virtualized firewall provides “the same protection as the perimeter, including the same level of app awareness and control and threat prevention,” he says. There are two main perimeter defense strategies for virtualized environments, each with trade-offs, according to Gartner’s Maiwald. The first is to compress all zones into a single virtual environment. This provides the most resource allocation flexibility but eliminates cross-zone security, which is not ideal from a risk-management perspective. The alternative is to make each zone its own virtual environment. This allows companies to keep existing firewall mechanisms and is the best choice for risk management, Maiwald says. The downside is that

flexible resource allocation, which provides the bulk of virtualization’s cost savings, is limited to servers within a given zone, he says. At Polk, for example, “We try to treat our virtual hosts with the same level of control as our physical hosts,” says Steiger. “This has meant moving intrusion prevention within the virtual network, so to speak,” and limiting movement between some virtual hosts. The company still gets direct value from its virtualization strategy, just not as much as would be possible without these safeguards.

MAKING AND MANAGING THE RULES Keeping up with the everchanging threat landscape is another major issue for com-

With virtualization, different levels of trust can exist on the same physical server, and conversely, virtualized applications can run on different virtual machines that reside on physical servers in different security zones. panies working to protect the perimeter. While leading NGFW platforms come with tools for auditing and updating security rules and monitoring security events from a central console, most businesses currently have a mix of perimeter security products, not to mention network devices, which can make administering those

policies a major headache. Adding app awareness to the mix makes the task that much more complex and arduous, industry experts agree. “You want the ability to make granular access decisions on an app-by-app basis,” says Oltsik. Furthermore, policies have to be regularly updated in order to keep up with major new

And here are the security technologies Forrester believes may not survive the next few years. Network Access Control Forrester believes the market for stand-alone NAC offerings will likely be phased out over the next five to ten years. (Though Forrester suggests there’s a bit more hope for “packaging NAC” in security software suites or infrastructure security.) Why is it bad news for NAC? Forrester says only 10 percent of technology decision makers will implement it over the next 12 months because “solutions are complex to deploy, scale and manage.” There are several NAC architectures, plus hardware and software approaches, and “all the approaches require integration with network infrastructure components.” “NAC won’t stop a malicious insider who wants to commit a security breach for financial or other reasons,” Forrester says.

Secure File Transfer (as an on-premise appliance) The need to securely transfer and share files between business partners is high but in three to five years it’s going to be done more and more with cloud-based services rather than appliances, according to Forrester. Unified Threat Management Though widely deployed in small and branch offices for DSL wide-area network implementations, UTMs face dislocation from new security gateways with more integrated firewall and intrusion features that make UTM look “antiquated.” Forrester gives UTM one to three years to evolve to meet competitive challenges and be more “enterprise-ready,” though it also acknowledges UTM is likely to be “moderately successful over the long run” in retail stores. Forrester says the two below are “declining.”

Traditional Network Firewall The traditional firewall market “will stall as wide adoption of next-generation firewall (NGFW) technology occurs,” says Forrester. The research firm says the outlook for the next five to ten years is that NGFW will ultimately replace today’s traditional firewalls, though these old-timers will still be the main line of cyberdefense for at least the next five years. Network Intrusion Prevention (stand-alone) Forrester believes the market for stand-alone intrusion-prevention systems (IPS), despite its success being deployed by the world’s largest companies, is in decline and “will likely phase out in the next five to ten years” as multi-function gateways and firewalls, especially NGFW, include IPS and are used instead of stand-alone IPS equipment. — By Ellen Messmer

AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

Waning Security Technologies

social media services and apps, which show up on a daily basis. If your firewall sees these new entries as generic traffic, it cannot control them, Oltsik points out. Companies are increasingly turning to third-party policy administration tools from vendors such as FireMon, RedSeal and Skybox Security. RedSeal’s riskassessment and policyadministration software scans for vulnerabilities and monitors the rules and configurations across Polk’s collection of firewalls, network switches and routers, says Steiger. “It also helps us implement policies consistently across the network perimeter, according to best security and business practices.” “FireMon lets us track changes on various vendors’ devices and monitor compliance from a unified system,” says McCullough. This is especially key given that the security team at Accor’s parent company has occasionally made changes to the division’s perimeter security policies without notifying McCullough’s staff first. On one occasion, this resulted in several hours of network downtime, he reports. “Now when a change happens, FireMon immediately alerts us and allows us to trace it back to the source.” FireMon also helped Accor tackle the huge task of rewriting its entire security rule base. “We found rules that were eight or ten years old, whose owners weren’t around anymore,” McCullough says. Other rules were invoked only once every couple of months, but those times were important, he says. 

n FAST TRACK

TECHNOLOGY SPLIT

N&N Systems and Software

15%

Services

Networking

75%

Security

Storage

SOURCE: N&N SYSTEMS AND SOFTWARE

the company to greater heights,” he says.

GAINING RECOGNITION

Founded: 1995 Headquarters: Mumbai

ICHARD CLARKE, for-

mer special advisor to the President of the United States for Cyber Security, once famously said: “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” Clarke said that in 2002. Earlier in 1995, Mumbai-based N&N Systems and Software had believed it enough to launch in an unwelcome market. Back then, Shahjahan Moosa, director, N&N Systems and Software says, security compliance and awareness was negligible. “Security was not a priority; it was looked at as a forced investment rather than a productive one,” he says. He should know, since, as he claims, they introduced India’s first anti-virus, Red Alert. The perspective on security has changed among his clients.This

Other Key Executives: Vijay Iyer, Technical Director; Hemant Patel, Operations Head; M. P. Venkatesh, Service Delivery Head; Dharmesh Havaldar, GM-Sales Revenue 2009-10: Rs 5.5 crore Revenue 2010-11: Rs 6 crore Revenue 2011-12: about Rs 7.1 crore Employees: 20 Key Principals: Check Point, Cisco, Symantec, IBM, CommVault, Hitachi, McAfee, PC Visor, Kaspersky, SonicWall, Quick Heal Key Business Activities: Security, storage Focus Verticals: BFSI, education, government, hospitality, IT/ITes, logistics, retail, utilities Website: www.nandn.com

change says Moosa, is due to the focus of his team. “My team has maintained the momentum for almost two decades and helped drive

PATH AHEAD Moosa points out that security is an ever-growing market and that the company is looking forward to cloud-based security solutions and service-oriented deals. “We will soon be launching these in the BFSI sector. Banks have compliances to adhere to, which should provide us ample opportunities in the security market,” says Moosa.  — Aritra Sarkhel

It’s important to evolve, says Shahjahan Moosa, director, N&N Systems and Software, which created India’s first anti-virus. 42

INDIAN CHANNELWORLD AUGUST 2012

ECIAL ITY SP SECUR

Snapshot

His team has also helped him keep the company updated on the changing dynamics of the security industry. Over 17 years, they have added end-point security, data leakage prevention, vulnerability assessment, among others, to their portfolio. N&N Systems and Software’s defining moment came with a firewall implementation for TCS, a project in partnership with Check Point. “Check Point had just entered India. We went through rounds of negotiations before we managed to bag the deal. It was the biggest deal for both of us at that point in time,” recollects Moosa. “Deployment of security solutions involve sharing of sensitive information. This continued trust is a testimony to the confidence customers have shown in us as a security partner. This is vital for a growing company like ours.”

Focal Point EVERYTHING ABOUT INSIDER THREAT

How to beat the greatest threat to your company. By Roger A. Grimes

YBER CRIMES committed by trusted insiders are a big problem. How big? The latest Verizon Data Breach Investigations Report, one of the most respected analyses of cyber crime, reported that

17 percent of all data breaches are done by insiders. It observed that the perpetrators run the gamut, from accounting staff to senior executives to IT employees. The biggest unknown, of course, is how much of this

In the IT world, where reasonable, separation of duties should also be employed. Here are some examples: n Account and group creation should require manager approval. n Highly privileged accounts should be separated from the user’s regular account. n IT administrators’ regular accounts should not be able to access the encrypted data of other accounts without an explicit sign-off. n Highly privileged account creation should be approved and performed by people who will not use the accounts. n Some companies go so far as to require two people to enter a compound password for a highly privileged account, with no single employee knowing the whole password. As you can see, the idea is to require two or more employees to collaborate on very sensitive roles and actions to make it less likely that unauthorized activities will occur. Also, IT auditors love to hear that IT departments understand the concept of separation of duties and are more likely to have confidence in whatever they are auditing. — By Roger A. Grimes crime goes unreported. It’s difficult to catch someone who uses legitimate authority to accomplish mischief that might be mistaken for normal activity. The good news is that if you put the appropriate insider threat detection and prevention countermeasures in place, you can reduce the threat dramatically. Most inside jobs happen because employers did not appropriately assess the risks and plan. That assessment process begins with a thorough understanding of how those attacks occur.

EYEING INSIDER MISCHIEF In most cases, when insiders set out to harm an employer, they come armed with the legitimate trust and authority. Some insiders go further and use conventional hacking methods—such as password hacking, exploiting vulnerabilities and misconfigurations, and so on—but usually, normal access credentials prove sufficient. Bad actors also frequently steal log-on credentials from co-workers to cover their tracks.

The most common crime? Copying or uploading data to send to an outside party for financial compensation. Rogue employees can profit and extract revenge in one swoop by selling valuable data and source code to an employer’s competitors. Or in this age of zero-capital startups, use customer lists to go into business for themselves. Ideas, patents, and inventions are routinely stolen. Companies have closed before realizing that the sudden competition that ran them out of business resulted from their own stolen information. Here are ways to beat wolves in sheep’s clothing. Detecting bad Insiders: Preventing all crime is impossible—or at least prohibitively impractical. The amount of security needed to prevent all crime would cripple the legitimate activity it was designed to protect in the first place. Nonetheless, many threats can be stopped, particularly if they are detected early. Too bad that seldom hap-

AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

OUTFOX INSIDERS

SOME BEST PRACTICES

n FOCAL POINT | INSIDER THREAT pens. According to the latest Verizon Data Breach Investigations Report, 86 percent of data breaches were discovered by third-parties instead of the compromised victim. It’s often hard to detect when insiders perform unauthorized activities, simply because they have authorized access to internal systems. The key to detection is to define and measure ahead of time what is acceptable and legitimate activity and to determine what traits indicate maliciousness. In the computer security world, this is known as anomaly detection. Anomaly detection works by defining activity baselines and, when levels go above or below predefined thresholds, sending alerts. When combined with regular monitoring, anomaly detection enables employers to create an effective defense strategy against insider threats. Snooping For the Unusual: All environments have normal levels of network, storage, compute, and other resource usage. These levels may fluctuate and grow over time, but if monitored and measured, continuing and expected trends emerge, both of consumption and destination. An appropriately defined anomaly detection plan measures both network and host patterns. In a complex, multi-site environment, multiple tools are required to obtain a comprehensive picture of all network activity. One tool may simply measures network packet activity from source to destination, another may monitor computer host utilization, another may report on app activity, and so on. Most data breaches involve moving large amounts of data between unauthorized locations. To detect that, you obviously need a tool 44

TIP 1 Consider sprinkling ‘red herring’ data around your environment. Red herring data is fake data that should not appear anywhere else in the environment. Some companies create fake user records with unique names—and then scan for copies of these fake records outside the original systems. that monitors network traffic patterns; many such commercial and Open Source tools are available, and most organizations already have them. But they may not be used on a regular basis. For best results, you’ll need to spend weeks or months determining normal traffic and resource utilization baselines. Which computers normally talk to which computers? What are the normal traffic and resource consumption patterns? How much data is typically transferred and in what amount of time? In any environment, you will find a normal flow of data between various machines and of resources on each individual host. A good detection system alerts you to aberrant patterns and amounts. Establishing good baselines takes practice. Many computers have periods of low and heavy activity depending on the system and its use lifecycle. For example, a patching server will experience its heaviest use when patches are released and pushed, while an accounting server typically reaches

INDIAN CHANNELWORLD AUGUST 2012

peak activity at the end of every month. So as you create meaningful baselines and alerts for the unusual events, always be prepared for the aberrant yet normal incidents that occur on any network. One big company news event can blow your baselines out of the water—but when your alerts go off, you must investigate the cause, even if the reason seems obvious. However, if you’re getting too many false alerts, reset your baselines. Review Event Logs Event logs and the content they collect frequently contain signs of an intruder’s attack—but in many enterprises, logs are neither collected nor analyzed. Setting up a system to collect and analyze log file data is not trivial, but it has become vital to the health of any organization. As with a network monitoring tool, you will need to fine-tune your event log management system to lower false positives. What type of information should trigger alerts? It depends on the environment and system, but certainly unexpected and excessive

log-ons, attempted log-ons to old account names, unusual activity times, and a sudden appearance of previously unrecorded critical errors should raise alarms. Record Data Accesses: Companies that are most successful at beating insider threat use systems that track data access—and record who is responsible for each instance of data access. Ultimately, all computer security defenses are about protecting data—and nothing provides a clearer data trail than a record of who accessed what and when. For example, many hospitals have discovered employees accessing the health records of acquaintances and celebrities; to avoid similar snooping, police departments often track who runs background checks and on whom. Companies with these types of abilities often tell employees about the feature in order to “keep honest people honest.” Use Data Leak Detection/ Prevention Products: Internal attackers often focus on stealing confidential data. Data leak detection/ prevention products are designed to flag potential data leaks. Products can be implemented as software on each managed device or on the network looking for emitting data streams. No DLP product can provide perfect protection, but many are very capable at furnishing very good detection and prevention functionality. Use Intrusion Detection/ Prevention Systems: IDS/IPS products detect insider attacks that use known exploits. The key to detecting and preventing insider attacks is to place IDS/IPS systems on managed hosts and in the middle of internal data

ing servers, anti-virus update servers, and so on. But after all the filtering is complete, no other computer or person should try to access the system. Honeypots are fake systems—no one should try to contact them. You may want to go as far as installing specialized honeypot software to give the honeypot a particular ‘persona’ (a Web server, SQL server, e-mail server) and to gain detection functionality that you might not have with a regular computer. Honeypot systems should be prevented from connecting to the Internet or any other system in your environment to minimize security risk. Although some types of honeypots allow intruders to gain full access to the system, the real point of a honeypot is simply to detect unauthorized logon attempts. Don’t underestimate the value of a few well-placed honeypots. A honeypot is a cheap, low-noise (that is, few false positives) early-warning system. Trusted insiders who explore the network beyond their level of authority often run afoul of honeypots.

Knowledge, use, and installation of a honeypot should be restricted to the smallest group possible. For obvious reasons, you don’t want insiders to be aware of them. You can even withhold knowledge of honeypot systems from the incident response team and other administrators. If someone asks how the unauthorized activity was detected, people in the know can just claim it was found using a normal IDS/IPS system, router log, or system event log. If your enterprise is hesitant to deploy full honeypot systems, consider sprinkling ‘red herring’ data around your environment. Red herring data is fake data. Some companies create fake user records with unique names—and then scan for copies of these fake records outside the original systems. Another good technique is to rename your administrator and root accounts, then immediately track any log-on attempts using the original names that no longer exist. Cloud Considerations: As more companies move

TIP 2 Try to deploy honeypots. Take any computer or two that you’re getting ready to throw away, place them on the network in attractive locations, and configure them to send alerts if anyone tries to connect to them (recording originating IP address information and log-on credentials attempted).

into the cloud, each of the preceding recommendations must be reconsidered in light of how well they may function in cloud environments. For example, what auditing and tracking does your company get when using an external cloud app? Does the cloud provider even track user log-on activity or enable the definition of anomalous thresholds? If it does, will it share that data? If you’re serious about minimizing insider threats, you need to consider your entire detection and prevention plan as your environment extends into the cloud.

PREVENTION Detection is great; prevention is better. The Verizon Data Breach Investigations Report says that 96 percent of data breaches were avoidable through normal controls. That’s a huge lesson. A good detection system provides early warning of unauthorized activities and functions as a prevention tool. Here are some ideas, tools, and techniques that will help you minimize the risk of attacks by malicious insiders. Start With Employee Background Checks: Companies concerned about internal attacks should perform employee background checks. Half of internal attacks involve IT administrators; the other half involves regular employees or execs. When suspicion is high, where possible, employee background checks should include former employers, as well as state and federal criminal checks. Many internal attacks are committed by repeat

AUGUST 2012

INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

streams. IDS/IPS systems can work in conjunction with network traffic baselines to create incident alerts for aberrant events. Unfortunately, many insider attacks do not involve exploits that would trigger these systems (such as regular log-ons using authorized credentials), so that’s a significant limitation. Look for Suspicious Files: Attackers stealing data often create very large compressed files or use archive formats that are not employed by the enterprise in the normal course of business. Look for very large data files or unexpected file extensions appearing in unusual places. Conduct Random Audits: Companies worried about internal attacks should conduct random audits of all employees. Of course, you should also focus on high-risk employees, contractors, and partners (where permissible). Audits should review local event logs for unusual log-on activity and look for hacking tools and unexpected files. If employees are given company laptops or home computers, random checks should be made with the intent to uncover unauthorized company data. If employees use portable storage media, the media should be inspected. Deploy Honeypots or Red Herring Data: Take a computer or two that you’re getting ready to throw away, place them on the network in attractive locations, and configure them to send alerts if anyone tries to connect to them (recording originating IP address data and log-on credentials attempted). Spend a few hours over the course of a couple of days filtering out the false-positive log-on attempts from patch-

n FOCAL POINT | INSIDER THREAT offenders who have signed forms allowing background checks that were delayed or never performed. Educate With Policies: New employees should be made to sign acceptable use policies that outline what is and isn’t allowed on an enterprise’s computer systems. Most acceptable-use policies should clearly state that accessing unauthorized systems, processing data in unauthorized locations, or possessing hacking tools are terminable offenses. Acceptable-use policies should educate the employee about good password practices, locking unattended workstations, and physical security protections—and require data encryption and other procedures intended to safeguard the enterprise’s data and assets. Implement a SeparationOf-Employment Process: Many data breaches are performed by fired employees. Every enterprise should have a very specific and strict set of processes that occur when an employee is no longer with the company. This should include removing the person’s access to physical buildings, collecting all company assets, changing all passwords (including any passwords to other accounts they may have learned), and disabling previously enabled network access. Don’t forget to terminate the former employee’s remote access methods, as well as access to any public cloud services the company may use. Change Controls When Employees Change Positions: All companies should have clear policies that stipulate how access and permissions are handled 46

TIP 3 Use compound passwords for a highly privileged account, so that no single employee knows the whole password. The idea is to require two or more employees to collaborate to make it less likely that unauthorized activities will occur. Here’s a plus: Auditors love this. when employees change jobs. Most companies are great at giving existing employees new permissions and access when they move to a new position, but not so good at removing the old permissions and accesses that are no longer needed. Often, an employee moving to a new role is asked to continue to assist with the old position until a replacement is up to speed, but then admins forget to remove the old access rights. Any passwords previously known to the moved employee but are no longer needed should be changed. Create Third-Party Agreements: Trusted partners are responsible for a significant portion of data breaches. All partners, contractors, and third parties (including clients who have access to your systems) should be required to sign acceptable-use policy describing what is and isn’t allowed. At the very least, all systems used to access your data should follow the typical best practices: Upto-data anti-virus programs, enabled host firewalls, secure configurations, fully

INDIAN CHANNELWORLD AUGUST 2012

patched operating systems and applications, and so on. Third parties should be required to use encryption during remote access sessions and to store all confidential data at rest. Some companies go so far as to require that third parties allow random audits. Thirdparty clients found to be out of compliance should face warnings or disciplinary actions. Repeated incidents should result in a termination of access. Cloud computing environments must be thoroughly evaluated in the same contexts. Isolate Domains and Separate the Data: In the majority of networks, most workstations don’t need to connect to other workstations. Most servers don’t have to connect to most other servers (although they may entail connecting to a few). And if users don’t require access to a particular computer or network, don’t let them. Domain isolation gives users access only to the computers and application necessary to perform their jobs. If users can’t access it, they can’t hack it (as easily). Domain isolation can be set

up using access controls, routers, firewalls, IPSec, network access control, and so on. Domain isolation is just access control taken to the network level. For example, a company has company has tens of thousands of servers. When someone connects, they are plugged into exactly 15 of those servers. They don’t know what else exists. They can’t ping the other computers, and certainly can’t easily hack them. Enforce Separation of Duties: Separation of duty is a long-held accounting control. Policy controls are put in place and enforced to prevent a single employee from conducting an action that could prove significantly harmful to the company. For example, an employee that approves payroll amounts should not also sign or print the checks. Use Least-Privilege Access Control: Implementing leastprivilege access control is one of the best ways to prevent insider attacks. If attackers can’t access data, they can’t steal it. Access control means configuring file and folder permissions, as well as separating users from unneeded networks and computers. Access control should be granted by the application or data owner, with each required user and his or her least privilege access determined by the most knowledgeable person involved (optimally not the application or data owner). All access control should be audited periodically, with the owner asked to reaffirm the list of members and their access. This process should be automated where possible. If you fail to manage access control

reverts to read-only. And when the data entry clerk is not logged onto the system, he or she has zero access to the databases behind the system (not true in nonRBAC systems). Automate Workflows: Data isolation can also be performed by automating workflows that require interaction with data. For example, hiring a new employee could cause a halfdozen workers to interact with a dozen databases. In a case like this, it’s best to isolate all the users in a tightly controlled interface that never allows the involved employees to access the actual databases. Instead, each involved employee is sent simple questions to answer—in the form of an e-mail or word process-

lifecycle, from initial creation (provisioning) to deletion (de-provisioning) and everything in between. Identity management systems automate workflows and isolate administrators from the databases behind the scenes. Along with reducing data entry errors and assisting with identity synchronization across multiple systems, identity management systems can minimize the security risk of excessive permissions and leftbehind, stale accounts. Use Data Leak Prevention: DLP systems are uniquely qualified to prevent employees from accessing or transferring unauthorized, monitored data. Host- and network-

Most companies are great at giving existing employees new permissions and access when they move to a new position, but not so good at removing the old permissions and accesses that are no longer needed. perform his or her job. Advanced RBAC systems go even further and allow employees access only while specific tasks are performed. For example, in a legacy HR system, all HR employees might be given full control to the HR system and database. In an advanced RBAC HR system, there are many roles/ groups, each with only the permissions needed to do a specific job or task: HR administrator, benefits administrator, payroll supervisor, data entry clerk, and so on. Thus, when a data entry clerk enters payroll records, the clerk gets write access to the payroll database. When the clerk runs a report, the permission

ing document, for example. The responses end up manipulating the involved databases and automating other workflows to other associated employees. To extend the HR example, once HR enters in the new employee’s information, a confirmation e-mail is sent to the new employee’s boss to confirm the hiring details and, after that confirmation, automate the process of putting the employee in the necessary security groups. A good automated workflow minimizes mistakes and employee access to the database behind the scenes. Use Identity Management Systems: Identity management systems help handle the user account

based DLP systems have proven their value to many companies and stopped many security incidents. The key is to configure the DLP system to recognize unauthorized data and to minimize the number of false positives. Encrypt Sensitive Data: Lost storage media is involved in a large number of reported data loss claims. Internal attackers often copy company data to portable storage media and take them off premises. Require and implement encryption to protect sensitive data, both in transit and at rest. Require encryption on storage media, such as tape, portable hard drives, and USB keys. Many systems

today can require that all portable media be encrypted in order to store data on them—and to prevent the accessing of that data on non-system computers. Harden Workstations and Servers: Many compromises result from poor default security or misconfigurations. Ensure that all computers have been configured and secured using industry-accepted best practices. Most OS vendors configure their products to be reasonably secure by default, and several trusted entities offer security configuration baselines (such as www.nist.org or www. cisecurity.org), which can be used as starting points for security evaluation. Implement Configuration and Change Management: Once least-privilege access controls and secure default configurations are in place, you need to make sure computers don’t get modified or “drift” to less secure states. All computers should be periodically audited to ensure they remain in the necessary secure state and require a change control process (plus monitoring) to prevent unauthorized modifications. Companies that follow the detection and prevention recommendations discussed here can vastly decrease the risk of internal attacks. You may not be in a position to implement all of the systems and processes we’ve covered. But if you take at least some of these countermeasures, you’ll significantly reduce the likelihood that employees who would betray your trust have the opportunity to do so. 

AUGUST JANUARY 2012 1, 2009 INDIAN CHANNELWORLD

ECIAL ITY SP SECUR

over the lifecycle of applications and data, you will surely suffer unneeded access in the future, without knowing one way or the other who really requires the access they enjoy. Use Role-Based Access Control: Role-based access control (RBAC) provides least-privilege access control determined by the authorized actions and role of the user. In RBAC systems, least-privilege permissions are granted to role-based groups instead of user accounts or departmental groups. At the very least, RBAC systems help administrators implement least-privilege access control by forcing IT employees to think about the minimum permissions needed for the employee to

n FACE OFF

Blue Coat Vs. Websense

SPENCER PARKER,

AMBARISH DESHPANDE,

Group Product Manager, Websense

MD, India Sales, Blue Coat Systems

Secure Perimeters

Who excels at securing Web gateways as a service: Blue Coat or Websense?

SE C U R I TY SP ECIAL

bring-your-own-device (BYOD) initiatives, cloud-based applications, and the increasing use of social media platforms within Indian enterprises are blurring traditional security boundaries and fundamentally changing how businesses need to secure their networks. The Blue Coat Unified Security solution is the only one in the market which enables enterprises to expand their perimeters securely to all users across their networks. It does so by delivering global threat defense, universal policy and unified reporting across Blue Coat ProxySG appliances and the Internet-based Blue Coat Cloud Service. The Unified Security solution is the only solution that leverages the same protection and control infrastructures across appliances, software, and the cloud, allowing enterprises to seamlessly extend policies to all users, regardless of their location. The Blue Coat Unified Security solution is powered by the Blue Coat WebPulse collaborative defense. Utilizing real-time requests and advanced analysis, WebPulse has comprehensive visibility into Web and malnet (malware network) ecosystems. The Blue Coat Secure Web Gateway solution is a scalable, hybrid architecture that combines ProxySG and ProxyAV appliances with ProxyClient software and the cloud-based WebPulse service to provide Web awareness and on-demand intelligence about the latest Web threats across the extended enterprise—at a lower TCO. Recently the company was positioned in the leaders quadrant of the magic quadrant for secure web gateways by Gartner. 48

HE ADOPTION of

INDIAN CHANNELWORLD AUGUST 2012

ECURE WEB gateway as a service (SWGaaS) has gained momentum among customers, especially those who are concerned about today’s fast-moving malware threats that require stronger protection than simple URL filtering. Websense’s SWGaaS is backed by ISO 27001-certified datacenters in tier-IV facilities, backed by multiple tier-I Internet connections, and unparalleled peering with large Internet players. It provides multiple connectivity and authentication options for remote users, small offices, and large headquarters. Websense Cloud Web Security Gateway has a track-record of providing customers with all the benefits of a Web gateway proxy and Websense Advanced Classification Engine (ACE) real-time defenses. ACE is one of Websense’s biggest differentiators: It’s a real-time, in-line engine, integrating intelligence on the Web, e-mail, and data threats to deliver the most complete security analysis available. Compared to a field of alternative technologies, the Websense TRITON blocked 94.5 percent of threats, while other URL filtering technologies combined with anti-virus only detected 52.7 percent. Websense Cloud Email Security is designed to work together with SWGaaS to provide protection that only a vendor who specializes in both Web and e-mail can provide. Websense recently unveiled one of its most comprehensive product overhauls to date. Within TRITON v7.7, detection of advanced malware payloads and commandand-control behavior is integrated with advanced e-mail gateway detection to look for sophisticated e-mail lures that may delay insertion of malicious code in order to avoid detection by less sophisticated web gateways.

— As told to Radhika Nallayam

RNI NO.KARENG/2007/20996

Registered No. KA/SK/UDP/1287/2010-2012 Posted at Manipal HO on 13/14th. Licensed to Post without prepayment – License No. WPP -103

Printed And Published By Louis D’Mello On Behalf Of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, India.