CRISIS ? What Crisis ?

This could have been the alternative title to the 2008 Salary & Certification Survey released by SANS today.

There are plenty of reasons not to be afraid of security job cuts or market slowdown in the year ahead according to SANS respondents. Information security will continue to be a critical business concern, if just for compliance reasons alone.

The SANS  report is structured in 5 sections : Demographics, Salary, Certifications, Continuing Education and a Twelve-month Outlook .

The 12 months planned technology deployments I found very useful as it confirms me that 2009 a year of consolidation more than expansion, not to mention that more than 25% of the respondents intend to implement SIEM (Security Information and Event Management) and of course I’m happy for ArcSight
 

Here are a few highlights of the report :

• Salaries for information security professionals are high. Over 38% of respondents earn US $100,000 or more per year.

• 41% of the respondents said their organizations use certifications as a factor when determining salary increases.

• The overall mean funding for training was US $2,854 per year with a median of US $2,000 per year.

• Digital forensics, intrusion detection, and penetration testing are the technical topics respondents are most interested in learning in 2009.

• As of late November 2008, just over 79% of respondents forecast no information security personnel reductions in the next 12 months.

• Over 25% of respondents plan to deploy the following technologies in 2009:

  • Configuration Management
  • SIEM (Security Information and Event Management)
  • Storage Security
  • Wireless Security Solutions

• The best places to find an information security position are in the metro areas of Las Vegas, Nevada; Dallas, Texas; and Washington, DC.

What more can I say : Viva las Vegas! and let’s all hope that things will get better soon!

Download the report here (PDF)
 

More than a month I drove 400 miles to Iasi to deliver a presentation on McAfee Vulnerability Management within a security roadshow which was put together in a terrible hurry by my employer.

I got lost in some strange woods in a nearby village after driving 4 hours trough one of the thickest fog I’ve ever seen. .. what more can I say .. long drive, beautiful city, crappy weather, dazzled crowd, cheap conference lunch. Anyway, here is the presentation I delivered :

It might not be the most "corporate" slideshow about McAfee , but it served it’s purpose: draw attention of a bored crowd

In the new threatening landscape of information security, Gemalto succeeds to deliver end-to-end security by developing technology around real life processes. In this article I will be briefly looking at a few representative products and services of this post’ sponsor.

Gemalto added value to the security industry consists in a new an innovative technology portfolio which includes: developing complete strong authentication systems using a PKI infrastructure, smart cards, SIMs, e-passports and tokens.

Gemplus SIM cards have been developed to be compliant with any mobile phone and network so that both the customer and the network operator can benefit of new features such as :

• Broad management of a fleet of SIM cards from one single SIM card
• Call completion and automatic handset configuration

E-passport and digital ID security has become a must in many countries through the world due to higher illegal immigration and terrorism attacks. Gemalto epassport solutions have been implemented successfully in over 16 countries and there are plans to extend the public-private partnerships.

One more link of the end-to-end security is represented by the two-factor authentication systems. Usernames and passwords are not enough anymore and the answer resides in combining the knowledge ("something you know") with possession of a smart card ("something you have"). Gemalto delivers complete solutions to address the need for increased authentication and authorization including:

• Authentication and PKI Tokens
• OTP devices (e.g. EZIO Pocket Reader)
• PC Link readers
• Contactless / Embedded contact solutions
• Stand-alone terminals

These were just a few of the security products and services offered by Gemalto and I’m sure we will hear more of this company as their goal is to become the World Leader in Digital Security. For more details, please visit Gemalto’s website.

Vs. By pure accident I discovered today a free security product which addresses one of the fastest growing IT Security Management problem: security logs, events and incidents.  The name of the product is QRadar Simple Log and Information Management Free Edition (SLIM FE) and it’s been released by Q1 Labs.

Browsing the product documentation, I discovered that SLIM FE is a:

Free, Downloadable, Enterprise-Class Log Management Solution

which is able to:

collect, analyze, report, and store network, host, server, application, and event logs, via syslog, from a wide variety of network systems (e.g., routers, switches, security devices, etc.)

Sounds nice, right?  Especially the 100% discounted price but you should read between the lines. The free version has several limitations and restrictions and one of them I find it to be excessively restrictive: The software is limited to collecting syslog-generated events only.

This means that you won’t be able to collect events form many of today’s log generating devices such as:

• Enterprise firewalls (like Check Point)
• Various central management consoles for endpoint security which log into an SQL database
• Windows Servers and workstations (yes I know about the incomplete workaround to convert Win. Event logs into syslog)
• Application Servers which log into local files instead of syslog
• Devices / Applications which trigger SNMP Traps.

For a moment I thought that ArcSight ESM has a real competitor in the open source / free software market but I was wrong.

Besides the syslog-only collection mechanism, there are many other reasons for which I would never substitute ArcSight with  Q1 Labs SLIM FE but I won’t go into details because the two products address two different markets and needs .

Vendor diversity is good for the industry and I wish Q1 Labs would keep up the good work and invest in their product so that one day SLIM FE can step up and challenge the industry’s big names.

Here you can download and test the free edition of Q1 Labs SLIM FE .