TechWeb:The worldwide market for security server appliances grew by 22 percent in the third quarter, and is expected to continue increasing next year, a market research firm said Thursday.
Revenue from high-tech systems used to protect corporate networks reached $379.1 million, compared to $311.02 million during the same period last year, International Data Corp. said.
Within the overall market, the intrusion detection appliance segment posted an 89 percent growth rate, but the firewall and virtual private network market remained the largest segment, with $317.7 million in factory revenues in the quarter.
"IDC expects the security appliance market -- particularly the intrusion detection appliance market -- to continue its strong growth in 2004," IDC analyst Charles Kolodgy said in a statement. "A number of new security appliance options have been introduced to the market and this appears to be fueling some of the growth."
The increasing threat of virus attacks on the Internet can't hurt either. Security experts predict spam, for example, will climb next year as a percentage of total e-mail from its current average rate of 50 percent to as much as 75 percent. Many spammers are adopting virus techniques to distribute messages more effectively, increasing their threat to consumers and businesses.
The U.S. in the third quarter accounted for 45.3 percent of the worldwide security-appliance market, despite a slight decline in sales. All other regions, with the exception of Asia/Pacific, posted double-digit, year-over-year growth rates. IDC does not include Japan in the Asia/Pacific region.
Among the top five vendors, there was little change. Cisco Systems held on to the No. 1 spot with a 12 percent revenue increase to $133 million. No. 2 Netscreen reported the largest year-over-year growth rate at 91 percent to $57 million.
The remaining top vendors posted slight declines in revenues and market share. Nokia's revenues dipped to $42.5 million from $45.81 million; SonicWALL, $19.9 million from $21.7 million; and WatchGuard, $12.6 million from $14.4 million.
The declines, however, did not necessarily point to trouble for the vendors. "All of the vendors have just introduced new models which, in a time of growing demand, should result in some strong growth over the next few quarters," Kolodgy said.
The three most expensive price bands for appliances had growth rates of more than 100 percent, with the largest price band, $100,000 to $249,900, experiencing a 348 percent increase in the quarter.
共计收集了68款产品,真不少。其中取证产品共有4款,两个网络监控产品,两个主机监控产品,太少啦。严格来说都不能说是取证产品,只能说是审计和监控产品。
OSSIM 号称可以将网络监控、安全、相关分析等集成在一起,它组合了Snort, Acid, MRTG, NTOP, OpenNMS, nmap, nessus, 和 rrdtool 等多种工具,为用户提供一个全面控制的网络安全环境。WOW,俺要试一下!
The European Network and Information Security Agency (ENISA) is being set up to fight cybercrime in Europe.One of the new agencys roles will be to educate the public about security problems including viruses and hacker attacks.
Another of its roles will be to act as co-ordinator for investigations throughout Europe into viruses and cyber attacks.
ENISA will be based in Brussels and will start next year with an initial budget of 24.3m euros (£17m).
"Trust and security are crucial components in the information society and by establishing ENISA we continue the work to create the culture of security," said Erkki Liikanen, European Information Society commissioner.As well as co-ordinating investigations by hi-tech crime units in member nations, the agency will gather and disseminate information to businesses on how best they can protect against computer security threats. Invdividuals will be given education on how to avoid having their identity stolen and other useful information about how to avoid becoming a victim of hi-tech criminals.
ENISA will act as a single point of contact to help Europe tackle the problems of cybercrime for the next four years. After that time, the agencys role will be assessed.
NW3C是美国国家资助的非盈利组织,主要职责在于支持、调查和起诉经济和高科技犯罪,和国土安全部有良好的互动。一个值得关注的站点,首先可以看看以往的研究报告。
FBI: In an effort to more accurately reflect the wide-ranging nature of on-line complaints being reported, the FBI and the National White Collar Crime Center (NW3C) today announced that the Internet Fraud Complaint Center will now be called the Internet Crime Complaint Center, or “IC3.”
The IC3, which began in May, 2000, is a partnership between the FBI and the NW3C to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding areas of cyber crimes. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism for alerting authorities of suspected criminal or civil violations. Within the FBI, the IC3 is a component of the Cyber Division. The name change will not alter the course of business in that the IC3 will continue to emphasize serving the broader law enforcement community and all the key components of the 50 FBI-led Cyber Crime Task Forces throughout the country.
Jana Monroe, FBI Assistant Director, Cyber Division, said, “Among the top priorities at the IC3 is to establish effective alliances with private industry which will enable us to leverage both intelligence and subject matter expertise. This approach is pivotal in identifying and crafting a proactive response to cyber crime.”
AD Monroe added, “Through already strong but growing partnerships with NW3C, private sector and foreign and domestic law enforcement, we have built a solid foundation to address today’s cyber criminals no matter where they are or how complex their schemes may be.”
“State and local law enforcement participation is a cornerstone to the success of IC3,” said Glen B. Gainer III, NW3C’s Chairman of the Board. “IC3 will continue to receive, database, and refer complaints to law enforcement agencies having jurisdiction.”
Since its inception, the IC3 has received complaints across a wide array of cyber crime matters including on-line frauds in its many forms. Examples of complaints received involve identity theft, international money laundering, computer intrusions, on-line extortion, credit and debit card scams, intellectual property theft and a growing number of on-line schemes.
Last year, the IC3 received and processed more than 120,000 complaints, many of which pass through multiple jurisdictions and overlap with other crimes, making cooperation on all fronts a necessity. Once a complaint is filed with IC3, further analysis is conducted to identify and quantify crime patterns and provide statistics on current trends. The complaint is then expeditiously packaged and sent to appropriate law enforcement agencies for further investigative action.
“Operation E-Con” and more recently “Operation Cyber Sweep” represent successful investigative initiatives supported by IC3. In those initiatives, more than 200 such investigations were productively packaged, resulting in arrests and/or charges of more than 250 individuals for engaging in a variety of cyber crimes.
The IC3, located in Fairmont, West Virginia, is comprised of agents, analysts, and IT specialists from the FBI as well as supervisors, analysts and IT specialists from the NW3C. Currently, there are 62 total staff members at IC3.
In conjunction with the new name, a new web address has also been established at http://www.ic3.gov. Users can file a complaint via this new site, as well as by utilizing the previous site (http://www.ifccfbi.gov) over the next several months, which will aid in accomplishing a relatively seamless transition to this new name/site.
A time/space trade-off method to crack Unix crypt() based passwd, paper.
微软从本月起推出安全通讯,每月一期,可以订阅。本期一篇有意思的文章是 Security At Microsoft。
Cansecwest/core Archives,不过好像少了这一篇:Gary Golomb - Defeating Forensic Analysis。
ThePacketMaster, 又一个基于CD的安全审计工具,加上PHLAK, Knoppix STD, Local Area Security Knoppix, Trinux, Penguin Sleuth Bootable CD, 还有很多吧。
ftrace - 快速 Win32 Traceroute 工具。
NetworkActiv PIAFCTM 1.5.2, 可以工作在两种模式:Packet模式,显示数据包和其中的数据,对数据包进行字符串搜索;File模式,将HTTP传输的内容用文件保存下来,可以根据IP、端口和文件大小保存在不同的目录。
ntsecurity.nu,包括很多Windows下的免费安全工具。
CIS,包括一些列的安全基准测试工具。
Splint,轻量级的代码安全检测工具。
From The Worm Information Center —— Networm.org。
LinuxWorld Conference & Expo 将在一月 20-23, 2004纽约召开,所有的议题可以从这里搜索到,关于取证的议题有两个:Building a Linux-based Computer Forensics Lab 和 Proactive and Reactive Incident Response & Data Forensics Using Linux,有关安全的议题参见这里。讲座内容下载信息可以参见这里,目前已经有很多内容可以下载。
SecurityFocus 文章,第一部分(系统工具),第二部分(文件系统工具)。第三部分尚未发表,将介绍网络和其它工具。
geek.com: 在伊拉克,英美军方目前进行的一项工作就是收集证据用来起诉战争罪犯。英国 LIAG (Land Information Assurance Group) 为军方提供了一项专门的设备,称为“移动取证实验室”,用来修复和分析萨达姆政府遗弃和留下的存储设备中的数据。
LIAG提供的这个数据恢复设备由 Ibas UK 公司开发,该设备是个装在箱子中的计算机,可以连接到已知的电子存储介质。该设备使用了一些列的共享软件、免费软件、商业软件和特种软件,通过国际标准来保证恢复数据的完整性,可以用做起诉的证据。
PHLAK(Professional Hacker's Linux Assault Kit)一个新的Linux安全发布包,包括了一些列的安全测试和取证工具。
itsecurity.com,又一个信息安全门户站点,号称是计算机安全百科全书,相当于一个网上展览。主要栏目有展示(厂商)、新闻、论文、诊所、评论、字典、产品。商业化气氛很浓,主要是产品和厂商的介绍,还没有细看,不过好像没有看到中国的公司。已经很好了,同类的站点目前是第一个。
CTOSE (Cyber Tools On-Line Search for Evidence) is a research project funded by the European Commission. The purpose of the project is to gather available knowledge from different expert groups on all processes involved in dealing with electronic evidence and to create a methodolgy on how to deal with electronic evidence that might occur as a result of disputed electronic transactions or other computer related and high-tech crime. This also includes all questions on how to put yourself or your company in a position to be able to deal with computer related incidents. To learn more klick on the looking glass in the logo above or follow the link.
消息来自:Silicon.com
InfoWorld:Checkpoint 准备花费$205M收购ZoneLabs,EMC收购VMWare的报价是$635M。两个都是极好的产品,相比之下前一个收购更自然一些。
Security Focus 介绍 Nessus 的文章,Part1 - Part2。在Fyodor TOP75的安全工具评选中,名列第一。NeWT(Nessus Windows Technology)是Nessus在Windows下的商用版本。
SCMagazine 10月号有一篇关于数据取证的文章,主要是产品测试,可惜涉及得产品太少,有点象广告性质。