line
transparentspacer transparentspacer

In the News ::

The FutureNow List logoApril 2008| Permalink

When The FutureNow List debuted a year ago IT security emerged as a spending priority, with the lion’s share of investment made in secure authentication. But as the first signs of the subprime crunch gave way to a crisis and yet another rogue trader got his 15 minutes of fame—this time it was Societe Generale’s Jerome Kerviel—information technology leaders were already turning their attention to risk management and compliance. Timing is everything: Prompted by recent events, politicians and regulators edge toward a sea-change in regulatory oversight.

For many players, the hard work completed in the areas of risk management and compliance will position them well for what new rules and regulation come their clients’ way. Take No. 2-ranked Archer Technologies, whose customers, including American Express and JPMorgan Chase, now make their customized risk management and compliance applications available to each other through Archer’s central repository. Or consider No. 7-ranked Fortent’s foray into creating a centralized database of rules and updates from 154 sources, which also helps banks prove they notified everyone necessary about changes to regulations. And innovations by TriGeo, ranked No. 1, give small and mid-sized banks a fighting chance to catch insiders who might be stealing customer data or intellectual property, while Perimeter eSecurity earns recognition for advancing its managed security services into the compliance realm.

No doubt, risk management and compliance have grabbed many headlines of late. But The FutureNow List casts a far broader net, recognizing 10 companies that set themselves apart for the security innovations they brought to market in the past year in a number of important categories, and the contribution these products will make to improving security within financial services organizations. These companies and categories are TriGeo (network), Archer Technologies (IT risk management), WhiteHat Security (Web application security), Application Security Inc. (database), Citi Global Transaction Services (authentication), FireEye (enterprise), Fortent (compliance), Perimeter eSecurity (MSSP), MXI Security (endpoint), and TriCipher (authentication).

No security review is complete without touching on consolidation. There were a few big ones in the past 12 months, especially in the burgeoning area of data leak prevention and application security. Noteworthy among them are IBM’s deal to acquire Watchfire, and HP’s purchase of SpiDynamics. On the data loss prevention front, Symantec grabbed Vontu, RSA bought Tablus, and TrendMicro captured Provilla. Google got Postini, while Patchlink and SecureWave merged. In other deals, Verizon knocked out CyberTrust and WebSense bought SurfControl.

Expect consolidation to continue, and The FutureNow List players to gain more attention and drive adoption in the market.

...

WHITEHAT SECURITY

CEO: Stephanie Fohn

Category: Web Application Security

Status: Private

Why They Matter: Integration of Web-application firewall with industry-leading vulnerability scanner

Claim to Fame: Web site vulnerability testing integrated with Web-application firewall from F5 Networks

Rivals: Cenzic, Watchfire (IBM), SPI Dynamics (HP)

Last August, a large segment of customers from the Bank of India became the victims of a massive phishing expedition. They had inadvertently downloaded more than 20 pieces of malware, Trojans and keystroke loggers that relayed sensitive information back to Russian gangs.

How could they have been so careless? By visiting the Bank of India Web site, where hacker-planted malware was automatically downloaded to users’ PCs. “They didn’t even have to log in,” says WhiteHat Security CEO Stephanie Fohn.

The customers and the bank had fallen victim to one of the most dangerous and common exploits on the Internet: cross-site scripting (XSS). The pernicious vulnerability renders firewalls and authentication schemes powerless, and has been discovered on the home pages of Google, PayPal and Microsoft’s Hotmail service. Once discovered, the bank’s IT staff likely went through a process that nearly all their U.S. counterparts have experienced: a scramble to correct that vulnerability, along with other ones detected when they brought the pros in to check the code.

WhiteHat’s Sentinel Web-application vulnerability testing tool delivers analysis as a software-as-a-service subscription, and now explores more than 600 public-facing Websites for vulnerabilities related to XSS, SQL injections or improper escalation of privileges. Sentinel auto-scans for vulnerabilities and scrubs the results through a human analyst to shave down false positives.

Read article online at BTN ›››

 

No doubt, risk management and compliance have grabbed many headlines of late. But The FutureNow List casts a far broader net, recognizing 10 companies that set themselves apart for the security innovations they brought to market in the past year in a number of important categories, and the contribution these products will make to improving security within financial services organizations. These companies and categories are TriGeo (network), Archer Technologies (IT risk management), WhiteHat Security (Web application security), Application Security Inc. (database), Citi Global Transaction Services (authentication), FireEye (enterprise), Fortent (compliance), Perimeter eSecurity (MSSP), MXI Security (endpoint), and TriCipher (authentication).
line
line
line