WhatsUp Gold buys Windows security management vendor

WhatsUp Gold, the network management division of Ipswitch, Tuesday announced it had acquired for an undisclosed sum Dorian Software, a maker of security event and log management products for Windows environments. By adding Dorian technologies to its portfolio, WhatsUp Gold will be able to offer customers additional capabilities at an affordable price, company executives said. "We believe our mutual customers will greatly benefit from a single vendor supporting the gamut of network management tasks from device utilization and bandwidth monitoring, systems and application management, traffic analysis, VoIP and now security and compliance solutions via in-depth log management,"  said Ennio Carboni, president of WhatsUp Gold, in a statement. Hottest tech M&A deals of 2009 The WhatsUp Gold division of Ipswitch delivers network management software of the same name, which is targeted at small to midsize companies, though the vendor had added enterprise-level capabilities in more recent releases. The Dorian Software acquisition would equip the network management software maker with additional capabilities on the security information and event management (SIEM) and log management front.

Dorian specializes in Windows Security Event Management and log management for small businesses and enterprise-level organizations. These two feature sets have been coming together from security management vendors such as Q1 Labs, NitroSecurity and Tripwire. Company founder, president and CEO Andy Milford used WhatsUp Gold in the past and said coupling Dorian technology with that of Ipswitch would benefit customers. "This feels like a coming home for me personally, given my long-standing familiarity with and appreciation of WhatsUp Gold products," Milford said in a statement. "I couldn't be happier that Ipswitch is going to be the company to take our software to the next level in terms of sales and market penetration." Do you Tweet? Follow Denise Dubie on Twitter here.

Companies patch OS holes, but biggest priority should be apps

Corporations appear to be much slower in patching their applications than their operating systems - even though attackers are mainly targeting vulnerabilities in applications, according to a new report. "Now we know which vulnerabilities are being patched and which are not," says Alan Paller, director of research at the SANS Institute.   The report, "The Top Cyber Security Risks," is based on data collected between March and August and was a collaborative effort by SANS, TippingPoint and Qualys. The report shows that 80% of Microsoft operating system vulnerabilities are being patched within 60 days, but only 40% of applications, including Office and Adobe. The group analyzed six months of data related to online attacks, collected from 6,000 organizations using the TippingPoint intrusion-prevention system, along with data related to more than 100 million vulnerability scans performed on behalf of 9,000 customers of the Qualys vulnerability assessment service. Meanwhile, the majority of online attacks are aimed at applications, particularly client-side applications, making this the No. 1 priority named in the report.

The main attack methods used against Web sites were SQL injection and cross-site scripting. During the six-month timeframe, more than 60% of all attack attempts monitored by TippingPoint were against Web applications in order to convert trusted Web sites into malicious sites serving up malware and attack code to vulnerable client-side applications. In terms of vulnerability and exploitation trends, popular methods include attempting to brute-force passwords by guessing, with Microsoft SQL, FTP and SSH Servers among the most popular targets. Zero-day vulnerabilities - which occur when a flaw in software code is discovered and exploit code appears before a fix or patch for the flaw is available - were popular in targeted attacks, according to the report. Some of the main vulnerabilities being exploited include the malicious Apple QuickTime Image File download (CVE-20009-0007); Microsoft's WordPad and Office Text Converter Remote Code Execution Vulnerability (MS09-010); and multiple Sun Java vulnerabilities. Six notable zero-day flaws in the past six months include: * The Adobe Acrobat & Flash Player Remote Code Execution Vulnerability (CVE-2009-1862)  * Microsoft Office Web Components, Active X Control Code Execution Vulnerability (CVE-2009-1136)  * Microsoft Active Template Library Header data Remote Code Execution Vulnerability (CVE-2008-0015)  * Microsoft Direct X DirectShow QuickTime Video Remote Code Execution Vulnerability (CVE-2008-0015)  * Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493)  * Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2009-0556) The report concludes by pointing out that finding zero-day vulnerabilities seems to be getting easier as "a direct result of an overall increase in the number of people having skills to discover vulnerabilities worldwide."

SAP: Outreach to Oracle about Java, not help with Sun deal

SAP said Wednesday it contacted Oracle and its CEO, Larry Ellison, in recent months over concerns about the future of the Java programming language and competition in the database market, not to offer help facilitating Oracle's purchase of Sun Microsystems, which is being held up by a European antitrust review. The editorial was based on a letter sent to Ellison on Sept. 15 by SAP CEO Léo Apotheker, which consisted of the following statement, according to the Journal: "As you know, we have significant concerns about Oracle's proposed takeover of Sun. The statement follows a recent Wall Street Journal editorial that speculated about the latter possibility. We renew our invitation to meet to attempt to resolve our concerns and other open issues between our companies.

SAP "strongly rejects" the editorial's "misleading speculation," Wednesday's statement said, reiterating remarks by an SAP spokesman earlier this week. Please let us know if and when you would like to meet." The Journal noted that "other issues" between the two companies include an ongoing intellectual property lawsuit Oracle filed against SAP in connection with TomorrowNow, a now-shuttered subsidiary of SAP that provided third-party support for Oracle applications. Instead, SAP has "concerns about customer choice in the database market and the future open licensing of Java," and first contacted Oracle and Sun about the matter "as far back as the end of July 2009." "Since there was no response, our CEO Léo Apotheker took the initiative and wrote to both Oracle and Sun CEOs in the middle of September to voice our concerns again, offer a dialogue, and attempt to clarify the issues. Meanwhile, this week the European Commission issued a formal statement of objections to Oracle and Sun regarding the merger. We have not heard back from Oracle, but instead found Léo Apotheker's letter leaked to the press last week," the statement adds. "This is both telling and disappointing as it demonstrates that there is no real interest by Oracle to listen and explain how it wants to ensure the required level of customer choice in the database market as well as open access to Java." In a blog post on Monday, SAP CTO Vishal Sikka also called for more openness in Java. The body is particularly concerned over the fate of Sun's open-source MySQL database if it comes under Oracle's ownership.

An Oracle spokeswoman declined comment.

H1N1 drives demand for secure remote access

The H1N1 pandemic is pushing companies to upgrade their secure remote access capabilities in order to enable more employees to work out of their homes and other remote locations in an emergency. What they are doing is planning for scale," he said. Vendors of remote access technologies are reporting an unexpected increase in demand for their products over the past several months as a result of H1N1-related concerns. "What companies are really looking for is the ability to provide secure, remote access to more of their employees," said Michael Oldham, CEO of Portcullis Systems, a Marlborough, Mass.-based vendor of secure access appliances. "Most companies already have mobile workforces.

Much of the increased interest has come from government agencies and larger enterprises, Oldham said. "They are the ones that seem to be more aware of the need for planning. Secure access technologies such as those offered by Portcullis and other vendors provide teleworkers with secure access to enterprise applications from any location, using a broad range of devices. We have seen a number of these organizations purchasing lately with H1N1 in mind," Oldham said. They enable IT administrators to enforce security and information usage policies. Such tools can be vital to enabling business continuity during a pandemic, said Sam Curry, vice president of product management and strategy at RSA, the security division of EMC Corp.

These security enhancements are used to make sure that any devices connected to a corporate network from a remote location meets internal security requirements. Last spring, when H1N1 pandemic fears were at their peak in Mexico, RSA saw a massive spike in demand for its SecurID authentication tokens from companies with operations in that country, Curry said. The RSA tokens enable a company to implement two-factor authentication for accessing enterprise networks and applications. One company, which is among the largest producers in the food and beverage industry, placed an order for nearly 50,000 tokens to be delivered in a single day, he said. "They were fork-lifting thousands of these things directly to their operations in Mexico," to ensure they kept running through the worst of the crisis, Curry said. Many companies provide these tokens to workers who log in to company networks from remote locations.

But most other companies would need to do some advance planning to quickly expand their remote workforce, Curry said. The Mexican company, which he would not name, already had a well-established infrastructure in place and easily implemented the additional tokens, he said. As part of an effort to help companies support more teleworkers in a hurry, RSA recently introduced an on-demand authentication system that companies can use to enable workers to securely log in from remote locations. A worker logging in from home would go to a self-service Web site and request a one-time password to be sent to his mobile phone. Instead of hardware-based tokens, workers get one-time passwords sent via SMS (short message service) to their mobile phones. That password can then be used to securely log-in to the company's network.

SonicWall, a vendor of secure SSL (secure sockets layer) VPN appliances has recently added a 10-day "spike license" option for large customers that need to temporarily support more employees working out of their homes and other remote locations. Though the SMS-based approach is less secure than RSA's hardware tokens, they are ideal for when companies need to quickly support an expanded remote workforce, Curry said. The license allows companies that are running SonicalWall VPN appliances to temporarily increase the number of users that are licensed to log in remotely via VPN. For example, a company that might have purchased a 500-user license would temporarily get the ability to support 2,000 users, by using the spike license option. We have seen them alter their (business continuity and DR) plans in preparing for H1N1," he said. SonicWall has been offering a 30-day and a 90-day spike license option for some time, but decided to add a 10-day option to address requests from customers planning for the H1N1 outbreak,said Chris Witeck, director of product management at SonicWall. "We have definitely seen larger organizations expressing much more interest in incorporating pandemic planning into their disaster recovery plans.

SonicWall has seen greater interest in its spike licenses after the company introduced the 10-day option, Witeck said, and the interest is not limited to the U.S. market. H1N1-related planning exercises have resulted in increased demand for SonicWall's products especially in Japan where concern over the pandemic seems to be especially high, he said.

Microsoft confirms free security software ships Tuesday

Microsoft today confirmed that it will launch its free security software suite, which has been in development for almost a year, Tuesday morning. "Microsoft Security Essentials, their highly anticipated no-cost consumer security offering, will be released to the public tomorrow, September 29," a company spokeswoman said in an e-mail reply to questions. Earlier in the day, Network World 's John Fontana had been told by Bob Muglia, the president of Microsoft's sever and tools division, that the company would ship the free software Tuesday. The spokeswoman added that the program will be made available Tuesday morning, Pacific time, although she did not have a specific hour for the launch.

Security Essentials, which Microsoft offered to a limited number of beta testers last June, is the company's replacement for Windows Live OneCare, a for-a-fee security suite that was retired at the end of June 2009. Microsoft has pitched the software as a basic anti-virus, anti-spyware program that consumes less memory and disk space than commercial security suites, like those from vendors such as McAfee, Symantec and Trend Micro. According to one researcher today, those security vendors have little to fear from Microsoft's giveaway. "It won't be the application that puts Symantec or McAfee out of business," said Andrew Storms, the director of security operations at nCircle Network Security. "...Microsoft still has to prove itself in this arena. Those companies, however, unanimously dismissed Security Essentials - once codenamed "Morro" - as proof that Microsoft couldn't compete in the paying market. Take, for example, Windows Defender, which has been free. If Microsoft starts dipping into the market share of these partners, will it affect that intelligence sharing? It's not necessarily the best anti-spyware product available." Storms also wondered how Microsoft's re-entry into the consumer security space would affect the relationships it's built with antivirus vendors, including those that involve the sharing of threat intelligence. "We've come to learn that Symantec and others have shared their threats and risk information with Microsoft in an effort to better protect all consumers.

The free Security Essentials will be available for Windows XP, Vista and Windows 7 as a 4.7MB download from the Microsoft Web site.