This week it’s all about security. Symantec has come back from its Vision annual conference where it announced that it intends to spend US$ 1.25 billion on acquisitions and gives the world a chance to see its O3 cloud security offering. Android gets more security, while MS says zero-day attacks are relatively rare. WebLayers beefs up its governance.

Symantec Reveals US$ 1.25 Billion War Chest

If you weren’t aware of the fact that Symantec is looking to become the top security company following the acquisition of VeriSign and Clearwell, the company has announced that it intends to spend more than US $1.25 billion in the 2011 fiscal year on further acquisitions.

Speaking at its Vision annual conference in Barcelona, Symantec CEO Enrique Salem said that, in particular, it is looking to enhance its reach in the field of mobile, virtual and cloud security. During a press conference, he said:

We'll look at a range of different things. We're interested in extending our portfolio to do more in mobility and cloud computing, and we'll look at what we can do in the virtualization space.”

While the Clearwell acquisition cost Symantec about US $390 million, it seems it won’t be happy until it becomes the top dog in all security-related areas, including e-Discovery.

In the cloud, it is already in the process of teaming up with companies such as Salesforce and Amazon to help them develop secure cloud infrastructures.

And the strategy seems to be paying off. Salem said the VeriSign deal is already bringing dividends to the company, although he didn’t go into any detail about how much and in what way.

Cloud Security From Symantec

The Vision conference also gave Symantec a chance to show off Symantec O3, a cloud security platform designed to protect enterprise cloud applications and cloud infrastructures.

Symantec O3 combines access control, information protection and compliance control in one security solution, allowing enterprise customers to extend their internal security policies to public and private cloud services.

It does that by establishing a new security control point that applies consistent identity and information security across cloud services. Symantec O3 provides three core security layers.

The cloud access control layer leverages an enterprise's existing identity infrastructure for authentication while enabling authorization and federation services.

Given that a recent Symantec survey showed that 44% of CEOs said they were cautious about moving business-critical applications to the cloud, with 76% citing security as a main concern, O3 looks like a smart move for Symantec. More on this as it happens.

Zero-Day Attacks Minimal, Microsoft Says

Microsoft has released its Security Intelligence Report, which found, probably to the relief of a lot of companies, that less than 1% of exploits in the first half of 2011 were against zero-day vulnerabilities.

Zero-day vulnerabilities are software vulnerabilities that are successfully exploited before the vendor has published a security update or “patch.”

The flip side of that is that 99% of all attacks during the same period distributed malware using techniques such as social engineering and unpatched vulnerabilities.

The report also revealed that user interaction, typically employing social-engineering techniques, is attributed to nearly half (45%) of all malware propagation in the first half of 2011.

In addition, more than a third of all malware is spread through cybercriminal abuse of Win32/Autorun, a feature that starts programs when external media, such as a CD or USB flash drive, are inserted into a computer. 90% of infections that were attributed to vulnerability exploitation had a security update available from the software vendor for more than a year.

Microsoft also includes prescriptive guidance to help educate people about commonly known social-engineering techniques, as well as information on reducing Win32/Autorun abuse with updates released earlier this year for Windows XP and Windows Vista (Windows 7 already included these updates) that prevent the Win/32Autorun feature from being enabled for most media.

The Security Intelligence Report comes out twice a year to keep the industry informed on the changing threat landscape, with this one focusing on online threat data between January and June 2011 and analysis of data from more than 100 geographies around the world.

New Android Security Partnership

Security concerns around Android is the focus of 3LM's and enterprise mobility management vendor BoxTone's partnership. 3LM is a subsidiary of Motorola Mobility Holdings and provides enterprise-grade security, management and remote access for Android-based mobile devices across Android handset manufacturers,

The alliance delivers the first lifecycle embedded security and management platform for mobile devices and applications running on the Android operating system (OS).

By aligning 3LM's solution with BoxTone, enterprise IT can now offer support for Android OS-enabled devices as they do with other operating systems, such as BlackBerry and iOS. More on this when we getter a better look at the Gartner Symposium ITxpo 2011 being held October 16-20.

WebLayers Upgrades Governance Functionality

Finally, WebLayers this week announced the introduction of additional governance functionality for its software governance platform. This will include expanded support for critical languages in its automated governance solution.

Expanded language support includes PL/I, C and C++, as well as the ability for plug-in support for a variety of additional languages for specific customer implementations. The expanded support will allow customers to more easily process languages and write policies against them.

New technology has been added that will expand and analyze mainframe applications while mapping policy violations back to the original components.