UTM in China

June 22, 2006

In China, UTM (Unified Threats Management) has been rocketing in recent months, not only in the media, but also in the real market transactions. International vendors, such as Fortinet, Watchguard, Sonicwall, ZyXel, bomb the newspapers, journals and other soft-ad everyday, while Cisco, Juniper, Symantec, Securecomputing, McAfee and etc. keep talking on their vision of UTM directions. Of course, the prediction of IDC's report on UTM market that UTM will occupy 57.6% of total firewall, vpn, and anti-virus market share is one of the main stir and encouragement to the investment. Then, how is everything going about those local security vendors? Yes, they won't just stand by and watch the growth, instead they are deeply involved in this arena.

During the past 1-2 years, most of those major players in China security market have been brewing and rolling-out their UTM products. Kingsoft is one of the top three local anti-virus vendors in China(the other two is Rising and Jiangmin). Recently, they inked the agreement with xScreen on the UTM product OEM cooperation. In conjunction with their desktop antivirus/firewall/IDS, anti-virus gateway and server protection, no one would like to ignor their competition in the total security solution for SMB.

According to the UTM description by IDC, anti-virus is one basic function of UTM devices, ie. it's easier for those anti-virus vendors to turn to catch up UTM market. So it's an easy job to predict that Rising/Jiangmin/CA-JC won't wait long time to sell their UTM.

As to the UTM market, OEM is doomed to be a good choice for those vendors who want to break into this market. Because a single core technology within a UTM, such as firewall, VPN, IDS engine, and anti-virus engine, is a little bit overwhelming for an average vendor to develop from the much beginning. As a proof of my point, IDC's report list reflect the anti-virus engine OEMed in the major UTM products. So again it's easy to predict there are more and more vendors choose OEM to enhance their features and shorten the rolling-out time. It must leave such technology companies as xScreen a big space to make money and grow.


12345678! Pyramid Framework

June 14, 2006

Yesterday afternoon, WHY and I worked out a holistic enterprise internal control framework. We named it as 12345678! Pyramid Framework. It help integrate the enterprise execution, IT control and security control methodologies and countermeasures.

  1. One Priority: Execution
  2. Two Hands: Technology and Management
  3. Three Layers: Decision Makers, Managers, and Execution
  4. Four Phases: Plan, Do, Check, Act
  5. Five Layer Controls: Control Environment, Risk Assessment, Control Activities, Information and Communications, Monitoring
  6. Six Risk Elements: Assets, Threats, Vulnerabilities, Safeguards, Risks and Opportunities
  7. Seven Information Criteria: Confidentiality, Integrity, Availability, Efficiency, Effectiveness, Compliance, Reliability
  8. Eight IT Processes: Planning and Organization, Acquisition & Implementation, Delivery and Support, Monitoring and Evaluation

Do you like it? We know there has been much space left for it to be perfect. But it help guide your thinking ways when you prepare proposals or do planning. Its original form is in Chinese. Click here for more.

If you think it helpful or have any suggestions, just leave me a comment.

VoIPsa Blog

June 1, 2006

Here is coming an eye-catching blog at VoIP security at VoIPsa Blog.