With the Sana acquisition by AVG, the HIPS era ended today

Today, AVG announced the acquisition of Sana Security, a longtime host-intrusion prevention software vendor. I have particular affection for Sana because they were a former client of mine at a previous job. Back in the summer of 2007, when security startup venture money was still flowing freely, like a rose-scented fountain at a Vegas casino, I remember giving a speech for Sana at their San Jose Grand Prix event. Don Listwin, their then-CEO, was a serious car racing enthusiast. He had conspired with the city of San Jose to shut down the city center so they could run race cars down the middle of it. It was pretty wild stuff -- speaking as someone who comes from Boston, where all of the roads seem to be derived from old horse-trails or giant spiderweb patterns.

Host intrusion prevention software has always been a fascinating subsegment of client security, not least because of the fact that what HIPS vendors try to do is actually pretty hard stuff. In concept, the idea sounds simple: monitor processes in memory for suspicious activity, and block them when they try to do something naughty. For example, an ActiveX control executing in the context of a website should not be allowed to open a command shell and then initiate an outbound connection to somewhere else. Simple, right?

Read more

Analysts Evolve, Data-Centric Security Devolves

I am pleased to announce that this is my inaugural post on the Forrester SRM blog. Not only that, it's the day that my first research report went live on the Forrester site.

About me: I am a long-time Forrester fan. My first exposure to Forrester came back in 1994, when I was a lowly systems analyst figuring out how to build IT systems to manage trucks and warehouses. I always loved the Forrester writing style: interesting data, strong prose and solid recommendations -- written by people utterly unafraid to take tough positions. And now 15 years later, here I am trying to do the same. I'm pleased to be here, working with such a talented team of professionals!

My first report, called Data-Centric Security Requires Devolution, Not a Revolution, begins by talking about how securing enterprise data has become a top priority for enterprise CISOs. By "data" we mean structured and unstructured bits of information sprinkled all over the landscape: in databases, documents and e-mails, residing on servers, laptops, desktops and mobile devices.

Read more