Establishing Digital Trust: Don't Sacrifice Security for Convenience
When Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), kicked off the 20th annual RSA Conference in San Francisco, Calif., this week, he set the stage for a slew of announcements related to cloud security.
He said, We now recognize the limitations of perimeter defenses and the need for information‐centric security has become conventional wisdom last year, the rallying cry from my keynote was safety in the cloud and the chance for a Security Do‐Over. So this year my theme is Trust in the Cloud? Last year my keynote was about the promise. This year its about the proof.
To that end, RSA announced the RSA Cloud Trust Authority, which has been described as a set of cloud-based services designed to facilitate secure and compliant relationships among organizations and cloud service providers.
The aim of the Cloud Trust Authority is to enable visibility and control over identities, information and infrastructure and foster the trust necessary for organizations to adopt cloud computing for mission-critical applications and sensitive information.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
To support these goals, EMC announced a new Cloud Advisory Service with Cloud Optimizer from EMC Consulting, which will offer customers assistance as they build a strategy for moving from legacy architectures through cloud service providers.
The Cloud Trust Authority initial offerings include an Identity Service (powered by VMwares forthcoming Project Horizon, a cloud-based management service) and a Compliance Profiling Service that uses RSAs Archer GRC platform to view the trust profiles of various cloud providers against a set of common benchmarks.
A beta of the RSA Cloud Trust Authority will be available in the second half of 2011, and will include both Identity and Compliance offerings.
RSA is in the process of establishing a partner program for cloud service providers who wish to participate in the Cloud Trust Authority.
RSA also unveiled its Solution for Security Incident Management, an automated system designed to allow CISOs to visualize and prioritize security threats while minimizing the manual investigation processes.
Available this quarter, the RSA Solution for Security Incident Management streams incidents in real-time from RSA enVision platform to the RSA Archer eGRC platform. Identified incidents are then prioritized against data loss, identity, vulnerability, configuration and forensics feeds from RSA and other vendor platforms, providing complete context of events and their impact to the organization, according to RSA.
In partnership news, RSA has joined forces with McAfee (NYSE: MFE) to integrate their respective security products. By formally joining each others interoperability partner programs, the two companies have begun a technology partnership that includes the integration of McAfees Vulnerability Manager with the RSA Archer eGRC platform.
The companies also plan to deepen the integration between the RSA Archer eGRC platform and the McAfee ePolicy Orchestrator platform and integrate the ePolicy Orchestrator software and the RSA enVision platform to enhance both the real-time detection and automated response to attacks.
McAfee and RSA also recently completed updated interoperability certification of McAfee Endpoint Encryption and RSA SecurID 800 hybrid authenticators.
In other RSA Conference news, Symantec Corp. (NASDAQ: SYMC) has released new versions of Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition (currently in beta) .
Fidelis Security Systems and CloudShield Technologies, Inc., a wholly-owned subsidiary of Science Applications International Corporation (SAIC), announced that they have signed a marketing agreement to offer customers Fidelis data breach prevention applications running today on CloudShields high performance BladeCenter solution.
The companies claim the combination of CloudShields Deep Packet Inspection platform and Fidelis Deep Session Inspection technology provides real-time network analysis, visibility, and control at network speeds up to tens of Gigabits per second.
The combined solution is currently available for demonstration and evaluation and will be generally available for production deployment in Q2 2011.
SonicWALL announced its line of SuperMassive E10000 Series of Next-Generation Firewalls (NGFW) consisting of the E10100, the E10200, the E10400 and the flagship E10800. The SuperMassive Series features a scalable multi-core architecture that utilizes up to 96 cores of processing power and boasts more than 40Gbps of firewall throughput and more than 30Gbps of application control and Intrusion Prevention Service (IPS) .
The SuperMassive E10000 Series uses SonicWALL's Reassembly-Free Deep Packet Inspection (RFDPI) engine to scan every byte of every packet with full content inspection of the entire stream while providing high performance and low latency. The RFDPI engine also ensures full inspection of SSL-encrypted traffic as well as non-proxyable applications.
Product orders can be placed immediately. SonicWALL SuperMassive E10100 will be delivered in Q2 of this year. SuperMassive E10200, E10400 and E10800 will be delivered in Q3.
In addition, Perimeter E-Security, a provider of information security services, announced that it has entered into a partnership with Secunia to offer a Threat Intelligence Service that delivers vulnerability information to customers.
Through the partnership with Secunia, Perimeter E-Security will receive real-time vulnerability information directly from Secunias Vulnerability Intelligence service. Threat Intelligence Service subscribing customers will receive daily updates for the vulnerabilities most relevant to their IT environments.
The service will be available to both Perimeters Vulnerability Management and MSSP customers beginning in Q1 2011.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.