January 26, 2007
New Boundary Technologies, a provider of automated configuration and security management solutions, announced a partnership with Lockdown Networks, a complementary provider of Network Access Control (NAC) solutions. New Boundary Technologies will enable its Policy Commander security policy management solution for Lockdown Networks’ open intelligent network access control (iNAC) architecture. Within the iNAC architecture, Policy Commander serves as a quarantine and remediation server that performs immediate, automated remediation of devices deemed non-compliant by Lockdown Enforcer. Designed to serve the needs of security officers and IT professionals, Policy Commander automatically controls computer configuration settings for maximum security by continuously monitoring and enforcing computer security policies. Leveraging automated Smart Update technology and a dynamic policy format, Policy Commander fully automates targeting policies to computers based on role, desired security level, and other selectable parameters. It then strictly enforces assigned security policies, automatically reverting non-compliant systems to their desired compliance state.
Organizations large and small have found that NAC is a vexing problem. On the one hand they want to be as open as they can be to optimize their revenues, maximize customer satisfaction, and reduce costs through self-service via the web. On the other, the organization must also ensure that granting access does not put the organization’s information and IT infrastructure at risk. These business needs, complemented by privacy laws and other regulations, are driving organizations to employ technology to control network access. But, while denial of access is the proper action, it doesn’t foster the business objectives.
NAC and remediation are not the only areas where the market is demanding synergy. Vulnerability Assessment begs interaction with Patch Management and Intrusion Prevention is far more helpful than Intrusion Detection. Sageza believes that market forces will push complementary vendors to be more cooperative with one another, especially when one technology alerts and the other repairs. That said, we also understand that there have to be underlying policies and procedures to determine the critical path for those seeking to access the network. These professional services could be provided by either vendor if they have sufficient resources or expertise; perhaps, however, the client would be better served by a VAR. In this way they could also assist in the integration and implementation of the two products.
This week Isilon Systems announced the release of the Isilon IQ200, a new entry point into the company's lineup of Clustered Storage platforms. The new offering is a slim, 1U device that delivers clustered storage capacities scaling from 6TB to 48TB and provides a much lower entry point to Isilon's solutions than previously available. Current high-end platforms in the range supply storage capacities that can reach 1PB in a single file system with 10GB/sec performance. In common with other platforms in the range the IQ200 utilizes Isilon's OneFS software making the platform straightforward to use, while the clustered nature of the solution provides excellent performance. In addition Isilon offers customers the option to employ a “pay as you grow” approach to scalability, a financial capability made simple by the clustered nature of the platform. In line with its smaller capacity, the IQ200 will be offered at an attractive, although currently unspecified, price point. Isilon expects the IQ200 to prove to be an attractive offering for its OEM and channel partners with more than thirty, including Harris Corporation, already committing to sell the system.
Clustered storage is a concept that is maturing nicely but of which many organizations are, as yet, unaware. This architecture, when well engineered, has the potential to offer many advantages. Isilon's offerings exploit the clustered storage architecture using the OneFS operating system software and its TrueScale capability to deliver modular scalability allowing storage capacity to grow in line with need. Isilon has designed all of its offerings, including the IQ200, to offer very good performance again as a result of the cluster architecture. Further, the OneFS software makes the resources of the Isilon platforms available via a single file system and single volume. This approach, coupled with other management tools in the software, make system configuration and ongoing administration relatively straightforward. Software functionality supplied as part of the solutions includes data protection and management capabilities utilizing the Snapshot IQ, SyncIQ, and SmartConnect tools.
Isilon has had some success in the market for large, scaleable, and high-performance solutions. However, selling into the markets for which the IQ200 is designed will pose a different set of challenges. Customers with a requirement for the scaleable and performance-level storage capabilities delivered by the IQ200 will, by and large, be smaller organizations than those that have heretofore purchased Isilon's solutions. It is true that large enterprises will be able to make use of the IQ200, but the platform has the characteristics to appeal to a much broader audience. However, this community will often not employ IT professionals highly skilled in storage matters. For the IQ200 to reach the market it deserves it is imperative that Isilon and its channel partners promote the IQ200 as aggressively as possible. There will also be a need to educate potential customers on the business and IT benefits achievable with clustered storage. The potential exists for Isilon to make waves; we shall have to see how high the waves can reach and how quickly Isilon can attract new partners, channels, and customers.
Guardium, a database security company, has announced a database monitoring and security solution that provides granular visibility into all changes to database objects—including database structures, permissions, data, and configuration files—without relying on database-resident functions such as trace and transaction logs or native auditing. The product, Change Control Solution for Databases, is described as an effective and tamper-proof solution for detecting when critical changes were made outside of these policies and processes. The new Guardium offering enhances the security, integrity, and availability of critical data and systems by alerting security and IT managers on all unauthorized changes by trusted insiders and external hackers. The vendor claims that the technology also dramatically reduces staff time required to address auditors’ requirements by automatically creating reports that compare all detected changes with approved change requests. This process, known as “change control reconciliation,” is increasingly required by auditors to tighten internal controls for critical systems such as Oracle E-Business Suite, PeopleSoft, Siebel, SAP, and in-house SOA applications.
Many analysts would approach this announcement only from the security perspective, and would applaud the ability to flag unauthorized changes such as those made without change control IDs, during production periods, or with unauthorized user IDs generate realtime alerts and the ability to compare detected changes with authorized change requests from deployed change management systems such as BMC Remedy, HP-Peregrine, and custom applications. While this track of analysis is certainly appropriate, top management would likely be very interested in what may be an unintended use of the product’s logs and reports.
Changes in the U.S. Federal Government’s Rules of Civil Procedure have elevated the discovery of electronic records and data (E-Discovery) to the forefront of litigation between business organizations. The new rules mandate, among other things, that the parties have an early meeting to outline and agree on E-Discovery production requirements. Sageza believes that records off systems like Guardium will be good targets early in the process because they are pointers; pointers to other parties that ought to be deposed and pointers to the applications where other incriminating evidence might be located and ought to be produced for discovery. The key for end-user organizations is to ensure that the policies and procedures surrounding the implementation and use of database security systems are reviewed by counsel and are covered by very strict records and file retention schemes.
Sony Computer Entertainment Europe has confirmed that the Playstation 3 will be launched in PAL territories Europe, Asia, the Middle East and Australasia on March 23, 2007. Sony has confirmed that only the 60GB model will be available at launch, with a 20GB model to follow later in the year depending on demand. Sony expects one million PS3 units will be available during the initial launch period. The company has also announced the availability of over thirty game titles at launch, as well as downloadable games from the Playstation Network. Sony expects a new System Update concurrent with the launch which it believes will enhance the entertainment potential of the PS3. The system will retail for €599 or£425.
Based on the launches in the U.S. and Japan, we worry that a million systems distributed over the entire region may not be enough, especially when one considers that some websites and stores have been taking advance orders. On the other hand, there are multiple factors affecting the demand for these systems that needs to be taken into account. Statistics show that the number of games sold per system is fairly low, which would indicate that most people have purchased the PS3 as an inexpensive BlueRay device. Gamers have in fact complained of the high price relative to the Nintendo Wii or the Microsoft Xbox 360, but the fact is that much of the price is due to the BlueRay player included with the system. Of course games from the PS2 will work on the PS3, but to really get the full benefit of new capabilities, one needs to have PS3 games and other high-definition capabilities to go with it.
Sony is the latest of the game launches for next generation boxes. It has good and bad associated with it, but a thumbnail SWOT analysis of the market is probably in order. In general, if one doesn’t have an HDTV and other HD-capable equipment, and one has no game system, then the Nintendo Wii is probably your best bet. Both Sony and Microsoft rely on HD to get the most out of their graphics. The systems will work without HD, but it won’t be the same experience. If you are an online player, then the Xbox has the best online experience going. And if you grew up on the PS and PS2, then clearly, purchasing the Sony is the best way to make sure the games are still playable. It should be pointed out too that real gaming enthusiasts will have all three. Why? Because there are fabulous games designed for each of the consoles that hard-core gamers cannot live without. For them it’s not a question of if but of when. For them, we can only point out that on the enterprise side the mantra is never purchase version 1.0 of anything ever. In fact, a close corollary is: never purchase version x.0 of anything. Wait for the bugs to get ironed out and then purchase.
Of course the hard-core gaming set is a relatively small segment of the consumer entertainment population. Sony and Microsoft both would like to position their consoles to be more than gaming; the companies would like to turn them into multimedia hubs that play music and video as well as games. For Microsoft, the same account with which you purchase credit for Xbox games is used for purchasing for the new Zune as well. Sony has ambitious plans for content delivery on PS3 as well. However, at this point many households have separate DVD players, DVRs, and set-top boxes and many people have connected their home PC to the stereo and television without another box. We believe that initial sales will be to game enthusiasts who want the latest technology. We believe that only after the price has dropped and the technology has matured will people contemplate using these boxes as mainstream home entertainment hubs. The vendors need to line up distribution mechanisms, pricing, and solve the irritating DRM questions before mainstream consumers wholeheartedly embrace their plans.