There have been some nice movements in the security space over the past couple of weeks that show large security vendors separating from the smaller tactical players. This is a trend I expect to see more of as IT investments become conservative and security solutions become integrated with the global business.
Cisco Ironport has enhanced its reputation-based anti-spam service to also block web exploits. The motivation behind this move is that attacks are infecting endpoints via legitimate web pages so quickly that it neuters signature protection and URL filtering defenses. The pragmatic step is to continuously assess web sites for malware, augment signatures with reputation oriented, and nail exploits before they reach corporate endpoints. I liked Trend Micro's efforts in this space before, I like Ironport's capability now, and I like Symantec's directions. Cloud-oriented services are essential in an enterprise security portfolio - you're in trouble if your IT security strategy is to rely solely on the distribution of timely attack signatures.
Symantec announced it's Information Risk Management strategy with immediate products to protect unstructured data via Brightmail messaging security, Vontu DLP, and Enterprise Vault secure storage. Protecting a corporation's sensitive data requires a fundamentally different approach and mindset than that required for protecting against malware. While malware can be identified and outright blocked, organizations need to safely share information to stay in business. If you are looking to protect data, I'd start with those experienced in management of the full data lifecycle.
IBM announced SecureStore to assist retail organizations in securely managing their business assets. The one thing that IBM does better than anybody is to start with an analysis of the business. IBM SecureStore is a combination of services first to understand the business directions, and then applied technology to secure the business. It is a lesson we all can learn from - organizations always look at the bottom-line first.
Imperva is bringing its end -to-end application security (web servers and databases) down to mid-tier enterprises. This is one case where Gartner got it all wrong - they tried to artificially create a database auditing market category based on dubious requirements. Of course, database auditing belongs to the database vendors which explain why IPlocks is gone, Symantec is out of the business, AppSec and Tizor have new CEOs, and I only see Guardium making money on the golf course. The ability to audit the entire transaction path, from the user to the very back end, is important and is what I recommend IT looks for.