My new blog at sbin.cn

January 30, 2007

Due to the publicly known reasons, this blog at wordpress.com has been not accessible at China for a long time till last Spring festival (Feb.2006). It’s very difficult for me to update and manage this blog, while most of my readers from mainland can not read it since then. So I decide move it to a new site with good performance.

Hope you guys can change your bookmark and RSS feeds. I am sorry for the unconvenience for this move. Thanks for the great pleasure WP community gave me.


The pain of patch management

November 8, 2006

There are always more and more vulnerabilities and patches in our IT life. It has become one part of our job. Isn’t it? What’s the biggest pain in your mind?

If you said “why patch management? just go ‘windows update'”, then you must be a individual computer user, not an administrator. 😉

The hardest is to balance the risk of hacking due to not to patch and system unstability or even crash due to new patch. According to common practice, security manager should have a process in place to test patches, with the help from system and application managers. The balance point is decided together. [My comment in Chinese]. See the below report by Roger… Read the rest of this entry »


Go Security 2.0

May 10, 2006

When I try to dig "Security 2.0" via Google, only one noticeable hit was found from CSOonline by Sarah. Sarah summarized the convergence at security area, and regarded "Security 2.0" as integration, convergence, holistic security and so on. Sarah reported a case study from Constellation Energy Group on convergence of physical security and IT security, where they assigned a new role named Chief Risk Officer, directly under CEO, who is responsible for control of what ever risks which might hurt the enterprise to an acceptable level. That's very interesting and with deep insight. However, my vision of "Security 2.0" is somewhat different.

At least in China, based on the about ten years of security practice, I would like to define the following two stages of security management and technology we are living with so far.

  • Security 0.1: security came from anti-virus capability
  • Security 1.0: security is PDR (Protection -> Detection -> Response), where in most cases at China, PDR was explained as firewall (protection), IDS (detection) and security emergency response services (Response)

But I begin to feel the emerging of a new pulse and inspiration at the industry, which I didn't hasitate to call it "Security 2.0", where I hope to borrow some concepts and feelings from Web2.0. The representative and definitive features of "Security 2.0" include:

  • Security 2.0.1: focus changed to internal control and security protection of applications and data, rather than simple virus/intrusion detection and attacks.
  • Security 2.0.2: "holistic security" synergizing the AAAA(Account, Authentication, Authorization, and Audit), from just stack/heap of firewalls, IDSs and other single point stuff.
  • Security 2.0.3: emphasizing the perception and experience of those security managers and administrators, ie. the real effectiveness and efficiency. along with the implementation of technologies of data mining and correlation.

The key difference between Security 2.0 and previous stages lies at that the later focuses on the security information production and corresponding accuracy from those single point security elements, while the former turns to effective and efficient usage of those information to direct the real operations. Security 2.0 just develops itself on the shoulder of Security 1.0, instead of replacing them.

BTW, I am sorry I don't have time to translate other parts of this post from Chinese to English. If you are interested, please check the full version in Chinese.


Novell Acquires e-Security

April 21, 2006

On April 19, 2006 Novell announced the acquisition of e-Security, Inc. for $72 M USD. e-Security is a small private company focus on security information and event management. As you know from my "SOC in China", it's the first SOC product implemented at China, introduced by iS-One. It becomes the prey of Novell, which was famous for its netware and Unix and now for its directory. Both of them are struggling to make a life under the competition from those big management software vendors. 

It's an important event at SOC/SIM market, after the acquisition of neuSecure by Micromuse and then  by IBM finally.   


SOC and MSS worldwide

March 27, 2006

From its first appearance, SOC (Security Operations Center) was created for MSS (Managed Security Services). At 2002, when I tried to dig information on SOC with Google for the first similar project at China, I found the top matches came from ISS and its subsidiary organizations (ISS had 6 SOCs worldwide then), such as ISSKK, and its Taiwan agent – ISSTW.isstw,but this was not my target.

Another significant description of SOC is from NTT. NTT built up its SOC to provide MSS service to their customers! ie. Security can be sort of value-added service, besides being competitive advantages. See the following diagram on NTT's SOC: Read the rest of this entry »


Identity is the foundation for everything we do

March 24, 2006

Sarbanes Oxley is bring blossoming business opportunities not only to the big 4 accounting firms, but also to a lot of software vendors, Among those technologies and products involved in SOX compliance programs, identity management is the focal point that a lot of giant vendors fight for, Microsoft, IBM, CA, BMC, HP, Oracle, Novell, Sun and …. I am very happy to see the following diagram:

GM Director of software

where John Jackson from GM said "Identity is the foundation for everything we do".

"Ten years ago, the prevailing assumption was that if you were on the GM network, then you were a GM employee," says Jackson, who is on the board of the Liberty Alliance, a consortium developing protocols for sharing identities.

"Today, we have dealers and suppliers [on the network] that are not a part of GM. Add the fact that we are completely outsourced, and it becomes critical to track who you are and what rights you have so we can make sure that people only get to the information they are allowed to get to. Identity is the foundation for everything we do," he adds.

So important is this that GM has a 12-person identity group within the security team. The group continues to consolidate internal directories while expanding its identity federation deployment and building out virtual directories and SSO capabilities.

Users and analysts agree that identity is seeping into corporate infrastructure.

"In five years, what we talk about today as identity and access management will just be another part of the infrastructure, and it won't be sold separately. It will be part of your security foundation," says Sally Hudson, a security research manager at IDC.

Technorati Tags: , , ,


SOC in China

March 17, 2006

SOC (Securit Operations Center) keeps abuzz in China security market after 2003. In fact, I kicked off the first SOC project at Nov. 2002, internally when I worked for iS-One as the Chief Strategy Office. After the project initiation, I digged a lot of web information related to SOC. At that period of time, SOC were mainly operated for MSS (Managed Security Service) providers, e.g ISS had six SOC globally. I tried to transfer the concept of SOC from MSS to enterprise security operations and was lucky to win the customer’s buy-in. Then we don’t have such product or even Proof of Concept (PoC) platform at all. We negotiated with eSecurity and made the final decision to build our first SOC upon it.

The first SOC project was finished at about June 2003 and thereafter SOC became a warming-up security market opportunity.

Today most of the major players at China security market claim to have their own SOC platforms and solutions, while many of enterprises are starting to plan and build their own SOC. To be mentioned, most of these SOC projects don’t reach their initial expectation.

While SOC was becoming popular at enterprise security management area, a few pioneer security companies in China began to make their fortune at MSS market with SOC. 263.com, Unihub, Beijing Capital Information Co. and etc. tasted this market at early to around 2002, but they found it difficult to make profit.

A major security vendor – Topsec rolled out their SOC to provide MSS servcies at 2004, built on SOC product from ArcSight, while MSS is one of meaning that another major security vendor Venustech interprets their M2S vision.

To be optimistic, SOC has been entering a new stage where SOC serves for enterprise internal security operations and MSS providers.

Technorati Tags: , , ,,