Full RSS Feed
Receive
the Free CMSWire NewsletterOver the past few months there has been a flurry of activity in the security space. Since the summer many of the major players in the enterprise content management arena appear to be buying all around them.
Risk and Monitoring
And companies are at risk. Earlier this month a report by HP TippingPoint's Digital Vaccine Labs (DVLabs) indicated that more than 80% of network attacks targeted web-based systems.
Two risk elements were identified: websites and web clients. The report shows websites are constantly at risk of being taken offline or defaced from SQL injections, PHP File Include or other attacks, and that these types of attacks have doubled in the last six months.
According to different research carried out by security and compliance auditing vendor nCircle, the vast majority of organizations have the ability to deploy continuous monitoring, but just don’t.
In fact, 60% are not scanning for configuration compliance, says nCercle, and continuous monitoring is a key component of upcoming changes to Federal Information Security Management Act (FISMA) regulations.
FISMA and Security
But if enterprises themselves are not carrying out security checks, then upcoming changes in regulations might force them to.
There are plans at the moment to change the Federal Information Security Management Act of 2002 (FISMA). The act provides a framework for ensuring the security of federal data stored in networks.
The proposed changes will implement more stringent measures that will require not just compliance with federal security protocols, but also evidence that systems are being consistently monitored — from vendors wishing to do business with public bodies.
In order to keep security compliant, checklists of IT requirements for vendors have been developed. While they differ in some respects, many of the requirements are common across all regulatory standards. With FISMA changes on the way, the list of security requirements includes:
- An information systems inventory
- Categorization of information and information systems according to risk level
- Definition of minimum security controls
- Risk assessment which identifies potential threats
- System security plan as the major input to the security certification and accreditation process for the system
- Certification and accreditation
- Continuous monitoring rather than just compliance
- Security and convergence
To protect themselves, but also to cut themselves a piece of a rapidly growing market, the major players have been either buying or developing the security items they don’t have. It is impossible to list and categorize all the deals that have played out even since the beginning of this summer, but here are some of the major ones.
IBM, Security and Compliance
Open Pages
Big Blue (news, site) in mid-September announced that it is to buy Open Pages, a MA-based company that develops risk and compliance software for businesses
Added to IBM’s business analytics division, the software highlights any inconsistencies in risk and performance goals, giving enterprises a comprehensive view of the business opportunities and risks associated with new business interests.
Big Fix
IBM reportedly paid US$ 400 million for security firm BigFix and closed the deal on July 20. Already they have announced the general availability of the new BigFix Unified Management Software (UMS), which identifies all enterprises PCs, laptops, servers and virtualized devices as well as everything contained on those devices.
Continue reading this article:
Email It
