Sandboxes and Silver Bullets: Vendors Promote New/Old Detection Techniques to Stop Zero-Day Threats

Paula Musich

Paula Musich

Summary Bullets:

  • Anti-malware vendors are falling over each other to emulate the success FireEye has seen with its particular update to the sandbox technique for detecting zero-day threats that evade existing defenses.
  • Prospective buyers should be thorough in their evaluation not only of effectiveness and false positives, but also costs to deploy and scale the technology for their own environments.

At this year’s RSA conference in San Francisco, a handful of anti-malware vendors resurrected an old malicious code detection technology with a new twist on it.  Sandboxing was promoted as the latest silver bullet to detect more sophisticated attacks that get past traditional defenses.  Vendors including McAfee, Trend Micro, Fortinet and sandbox veteran Norman Security all launched new sandbox initiatives, following the successful lead of niche player FireEye, which has seen significant growth as a result of its success using its Virtual Execution engine and Malware Analysis System to detect and shutdown malware infections that got past traditional defenses.  Other vendors also pursuing this new twist include Palo Alto Networks and Sourcefire.  Read more of this post

Vendors’ Open API Programs Remain a Priority for Developers

Charlotte Dunlap

Charlotte Dunlap

Summary Bullets:

  • Open API projects will continue to evolve and be top-of-mind for developers.
  • Vendors need to lock in strategic partnerships which provide developers with new external API opportunities.

An ongoing topic among developers in mobile and Web environments is how to exploit external APIs in order to build new apps and services around another company’s products, and fortunately, mobile platform vendors continue to announce intriguing new API programs.  Probably the most obvious example of a company launching an API was when mega-retailer Best Buy opened up its API to third-party developers a few years ago, allowing them to access its REST-based programming interface for product information.  Developers gained access to the company’s massive product catalog, including product descriptions, images, pricing and availability, in order to weave that information into their own applications or services.  The result was a rush of new business opportunity for Best Buy and a way for developers to enhance their Web sites or apps with rich, current content.  Another watershed open API moment occurred when the Google Maps API was launched; suddenly everyone had products based upon access to that API.  Read more of this post

Mobile HD Voice Better for Business, but International Mobile HD Voice in Early Stages of Development

Joel Stradling

Joel Stradling

Summary Bullets:

  • Mobile HD voice is likely to benefit your business: both parties can hear each other more clearly and experiments prove call length increases with HD voice
  • HD voice codecs will be the norm in voice-over-LTE deployments
  • Your mobile device must support Wideband Adaptive Multi Rate (W-AMR) technology  to conduct HD voice calls

HD voice is delivered using wide-band audio, which results in far more natural sounding conversation. Consider a multi-lingual global business environment, with wheeling and dealing taking place over traditional crackly narrow-band, and it’s reasonable to assume that your sales force, technical support teams, and customer support would benefit from more articulate conversations with customers that are on their mobile handsets. Enterprise users that have IP telephony solutions in place are familiar with landline HD voice for internal or branch-to-branch calls, with multiple vendors supporting wide-band voice plus better audio components in their handsets, including for example Cisco, Avaya and Polycom; while UC hubs such as MS Lync also support HD voice. However, the reach of HD voice is limited to what’s going on the other end – namely if the call terminates on a traditional PSTN and regular handset, the call is not going to be in full HD! Read more of this post

VMware’s Hybrid Cloud Challenge

Amy Larsen DeCarlo

Amy Larsen DeCarlo

Summary Bullets:

  • VMware revealed what many suspected at a meeting of institutional investors: the company will enter the cloud fray with its own vCloud Hybrid Cloud Service later in 2013.
  • The offer promises what others have not quite been able to deliver yet: a seamless path between private on-premises clouds and hosted public offers.  However, big questions remain about what VMware will deliver – and how.

Depending upon your point of view, VMware’s official announcement of its intent to launch its own hybrid cloud offer could be either a game-changer for the cloud or a muddled effort from VMware to stay relevant in what continues to be a fast-changing segment.  VMware’s decision to introduce its own cloud service represents an unwelcome distraction from the company’s recent focus on a return to the fundamentals.  What is clear from the (limited) details VMware provided in the announcement and the immediate, almost always passionate reaction to the company’s plan to provide a hybrid offer is that no matter how many competing hypervisors and cloud platforms emerge, the vendor remains a significant force in virtualization and the cloud.  Read more of this post

M2M Check-In: Are We There Yet?

Kathryn Weldon

Kathryn Weldon

Summary Bullets:

  • Operators are seeing average annual growth rates in M2M connections of about 20-30%, with new customers evenly distributed among diverse vertical solutions.  UBI and asset tracking solutions are gaining steam, with healthcare and energy management solutions also becoming a source of new ‘wins.’  Although automotive telematics wins are being announced, most of the actual connections associated with them are poised for growth in 2014/2015, when the auto OEMs launch their new ‘next-generation’ models.
  • IT service providers are playing both sides by partnering with and empowering operators to offer end-to-end solutions and going directly to enterprises through their vertical practice groups.  Automotive, utility/smart grid and smart-city deployments, which require multiple network technologies, complex integration and data analytics, are focus areas.

It is difficult to assess traction quantitatively in the M2M market since not all operators are citing numbers of connections these days (let alone revenues or numbers of customers), but Current Analysis estimates that, by the end of 2012, Telefonica had grown its M2M connections to 7.5 million, up from 6.6 million; AT&T had grown to 14.2 million, up from 13.2 million; Vodafone had grown to 9.7 million, up from 7 million; and Orange had grown to 3 million active SIMs, up from 2.5 million active SIMs, plus another 4.8 million SIMs sold by the International M2M Center (IMC) to MNCs, up from the 1.5 million SIMs sold by the IMC in 2011.  Verizon, Sprint and Deutsche Telekom have not reported their numbers for 2012.  In addition, of the 13 publicly announced new M2M ‘wins’ among these operators since January 2012, two were for UBI, two were in healthcare, three were for asset tracking, four were in automotive, one was in energy management and one was in industrial monitoring/control.  This is not a highly scientific ‘study,’ since many wins are not announced at all, but it does show general trends pertaining to growth of connections (which averaged 20-30% in 2012) and to the vertical distribution of current M2M deals.  In general, forecasts of the total number of cellular M2M connections worldwide for 2013 are in the 180-200 million range. Read more of this post

What’s an SDN? Who Cares? The Question is, Does It Help?

Mike Fratto

Mike Fratto

Summary Bullets:

  • There isn’t any consensus on the definition of SDN, but in the many variations are value propositions that may be useful to you.
  • In the drive to define SDN, established and start-up networking vendors are developing products that can improve your network operations, and that is what is important.

Chalk it up to my extensive studies in philosophy, but I like definitions that are clear, concise, and differentiate one thing from another. At times I can be pedantic and get dragged down in details, but I’m also practical and I know that while theory can be fun and games, at some point, stuff has to get done. What was more important to me when I ran a small data center was getting things done. I didn’t really care about what I called whatever technology I was using. What I cared about, and what the IT professionals that I talk to care about, is how will this new technology make my job better, more efficient, less prone to error, or more cost effective. What matters is not the foundational ideas underpinning a new technology, but the practical applications. Read more of this post

What Does Management Mean to You, How Big is It, & Can It Be Done?

 

Mike Spanbauer

Mike Spanbauer

  • The IT management toolkit consists of at least a dozen or more management tools to address element management, event stream correlation and trending, business process automation, virtualization control, to name a few, it’s a complex task to integrate and one that falls to consulting or the DevOps.
  • APIs and pre-tested integrations will become priority feature enterprises will evaluate when making technology decisions.

Gone are the days of being able to choose a point management product for a specific problem or vendor device and installing that parallel to other, dedicated task tools.  Today’s IT management buy centers must also evaluate the integrations with their existing toolsets, many of which were not tested by the vendor.  Network management vendors partner programs assist in integration and testing with other vendors but are limited to a small subset of third parties that joined the program.   These systems include element management, virtualization software, an event framework for operations and security streams, server and storage optimization tools, network tools, business process toolsets all of which should, but may not work together today.  The list of an average enterprise management software is much longer, rarely integrated well, and a hurdle to greater IT efficiency.  Much of this integration falls to a role that has always been a jack-of-all (integration) trades, the DevOps administrator. Read more of this post

New Sandboxing Techniques a Silver Bullet for APTs? Not So Fast

Paula Musich

Paula Musich

Summary Bullets:

  • Sandboxing to discover malware is not new, so what makes these latest techniques more effective?
  • How well do these new sandboxing solutions avoid being detected by the malware sample?

The latest silver bullet aimed at shooting down those stealthy advanced persistent threats (APTs) or targeted attacks that make it past more traditional defenses, on display at the recent RSA conference, may or may not hit the mark.  Several anti-malware vendors announced new sandboxing technologies, despite the fact that sandboxing is not a new malware identification technique.  It is in fact at least 10 years old by Norman Data Defense Systems’ reckoning.  Norman claims it has a patent on the technique that dates back 10 years.  Of course, all the vendors jumping on this bandwagon, including McAfee, Fortinet, Check Point, and Trend Micro, are hoping to replicate some of the success that FireEye is seeing.  FireEye appears to be the latest hot independent security company; it markets an on-premises device that can examine e-mail attachments and content downloaded from a Web site.  Just last month, FireEye received a new $50 million venture funding injection (on top of an existing $55 million round), and former McAfee CEO Dave DeWalt has been hired to run the company, which appears to be angling for an IPO.  These latest sandboxing developments follow Palo Alto Network’s year-old cloud-based sandboxing service. Read more of this post

Software AG Enhances Mobile Build Environment via metaquark Partnership

Charlotte Dunlap

Charlotte Dunlap

Summary Bullets:

  • Software AG signed a partnership with metaquark to strengthen its mobile app/device management and improve its build environment.
  • Software AG webMethods Mobile Suite is taking on SAP Mobile Platform and IBM MobileFirst through a maturing mobile platform solution.

Software AG made a little-known announcement during last week’s large European-based computer show, CeBIT, in Hannover, Germany.  The company announced a partnership with mobile management vendor metaquark to enhance its mobile platform’s build environment and continue its quest to provide customers with an enterprise-grade mobile platform.  The new technology comes in the form of a server, which can be either hosted in the cloud or on-premises, and lets mobile developers build and test binaries of a mobile project for multiple platforms using a centralized build environment.  The technology also allows for the management of mobile users, devices, and security profiles in a single location, simplifying the process of distributing new apps and updates.  Finally, the technology provides monitoring capabilities, offering enterprise developers a better mobile user perspective including stats and usage reports.  Software AG sees the partnership as a way of helping its customers speed cross-platform mobile app development and manage the mobile app lifecycle within a single platform.  The move plays nicely into the company’s go-to-market strategy of building out the platform, recently rebranded webMethods Mobile Suite, into an enterprise-grade solution as it attempts to go head-to-head with SAP and IBM. Read more of this post

Managed Videoconferencing Homes in on Price Point Differentiation

Brian Washburn

Brian Washburn

Summary Bullets

  • Reservationless telepresence – emulating the familiar dial-in audioconferencing experience – has proven popular, to the point that the major competitors either have it, or are launching it.
  • Telepresence providers with a large conventional videoconferencing installed base are now drawing from these benefits, as their clients expand beyond immersive endpoints.

As Current Analysis has begun its latest analysis and update to the world’s major telepresence and videoconferencing providers, some trends are already becoming clear. Below is a list of issues that are currently top-of-mind for service providers: Read more of this post