- Email: [email protected]
IBM brings ISS into the family
NEWS
IBM brings ISS into the family
I
nternet Security Systems, a security products and services provider that pre-emptively protects enterprise organizations against Internet threats, has been purchased by IBM in a cash deal valued at $1.3bn.
The deal is expected to be finalised by the end of 2006, subject to approval by regulators. The purchase considerably increases the IT services aspect of IBM’s portfolio, and especially in the area of managed security services, one of ISS’s strengths, and where it regularly competed against the likes of Symantec. The businesses have been working closely together since 1999 and ISS will retain some autonomy while under the IBM umbrella: • ISS operations will be established as a business unit within IBM’s Infrastructure Management Services unit, part of IBM Global Technology Services; • ISS software technology will be integrated with Tivoli’s IT service management portfolio, which includes software for Identity Management,
Access Management, Service Oriented Architecture (SOA) security and Security Information Management; • ISS managed security services portfolio will be marketed and sold through IBM’s and ISS worldwide sales channels and business partners. “Companies recognize that rapidly evolving security threats and complex regulatory requirements have turned security into a mission-critical priority,” said Val Rahmani, General Manager, Infrastructure Management Services, IBM Global Services. “ISS is a strategic and valuable addition to IBM’s portfolio of technology and services. This acquisition will help IBM to provide companies with access to trained experts and leading-edge processes and technology to evaluate and protect against threats and enforce security policies.” IBM currently has over 3,500 professionals delivering consulting, implementation and out-tasking security services to thousands of organizations all over the world. ISS security products are currently used by 11,000 customers worldwide including 17 of the world’s largest banks and 15 of the largest governments
EVENTS CALENDAR 18-20 September 2006 ISACA Network Security Conference USA Location: Las Vegas, USA Website: www.isaca.org
19-21 September 2006 Infosecurity Scandinavia Location: Stockholm, Sweden Website: www.infosecworld.com
11-13 September 2006 International Conference for Internet Technology and Secured Transactions (ICITST2006) Location: London, UK Website: www.icitst.org
2-4 October 2006 IFIP International Conference on Network and Parallel Computing Location: Tokyo, Japan Website: www.npcconf.org
5-6 October 2006 Black Hat Japan 2006 CROSS-SITE SCRIPTING
Location: Tokyo, Japan Website: www.blackhat.com
...continued from page 19
perpetrator. Take remedial action on all websites you have control of • Accidental administrator access – genuinely tried to access the live website from an administrator’s PC.
Security by layers – Summary Do not rely on sanitising user input and output. Instead add further layers of security by ensuring website users and administrators use different ‘views’ or websites. You will decrease the chance of the website being vulnerable to XSS. Future advances in XSS are likely to have less effect on your website and its users. Of course user peer attacks are still possible – rules 1 to 3 are the defences here.
20
Network Security
Rules 4 to 7 are there to further decrease the chances of successful XSS attacks from attackers trying to escalate privilege.
11-13 October 2006
References
International Conference on Mobile Computing and Ubiquitous Networking (ICMU 2006)
A. Klein, “Cross Site Scripting Explained.” Sanctum White Paper, May 2002. http://crypto.stanford.edu/cs155/CSS.pdf
Location: London, UK Website: www.icmu.org/icmu2006/index. html
About the author Richard Braganza is a consultant with Siemens Insight Consulting in the Technical Assurance Application Test Team. He has spent more than 20 years in software development and security, covering several areas ranging from miniature realtime systems to large enterprise fault tolerant high-availability systems.
23-25 October 2006 RSA Conference Europe 2006 Location: Nice, France Website: www.rsaconference.com
24-25 October 2006 Infosecurity USA Location: New York, USA Website: www.infosecworld.com
September 2006
IBM brings ISS into the family
I
nternet Security Systems, a security products and services provider that pre-emptively protects enterprise organizations against Internet threats, has been purchased by IBM in a cash deal valued at $1.3bn.
The deal is expected to be finalised by the end of 2006, subject to approval by regulators. The purchase considerably increases the IT services aspect of IBM’s portfolio, and especially in the area of managed security services, one of ISS’s strengths, and where it regularly competed against the likes of Symantec. The businesses have been working closely together since 1999 and ISS will retain some autonomy while under the IBM umbrella: • ISS operations will be established as a business unit within IBM’s Infrastructure Management Services unit, part of IBM Global Technology Services; • ISS software technology will be integrated with Tivoli’s IT service management portfolio, which includes software for Identity Management,
Access Management, Service Oriented Architecture (SOA) security and Security Information Management; • ISS managed security services portfolio will be marketed and sold through IBM’s and ISS worldwide sales channels and business partners. “Companies recognize that rapidly evolving security threats and complex regulatory requirements have turned security into a mission-critical priority,” said Val Rahmani, General Manager, Infrastructure Management Services, IBM Global Services. “ISS is a strategic and valuable addition to IBM’s portfolio of technology and services. This acquisition will help IBM to provide companies with access to trained experts and leading-edge processes and technology to evaluate and protect against threats and enforce security policies.” IBM currently has over 3,500 professionals delivering consulting, implementation and out-tasking security services to thousands of organizations all over the world. ISS security products are currently used by 11,000 customers worldwide including 17 of the world’s largest banks and 15 of the largest governments
EVENTS CALENDAR 18-20 September 2006 ISACA Network Security Conference USA Location: Las Vegas, USA Website: www.isaca.org
19-21 September 2006 Infosecurity Scandinavia Location: Stockholm, Sweden Website: www.infosecworld.com
11-13 September 2006 International Conference for Internet Technology and Secured Transactions (ICITST2006) Location: London, UK Website: www.icitst.org
2-4 October 2006 IFIP International Conference on Network and Parallel Computing Location: Tokyo, Japan Website: www.npcconf.org
5-6 October 2006 Black Hat Japan 2006 CROSS-SITE SCRIPTING
Location: Tokyo, Japan Website: www.blackhat.com
...continued from page 19
perpetrator. Take remedial action on all websites you have control of • Accidental administrator access – genuinely tried to access the live website from an administrator’s PC.
Security by layers – Summary Do not rely on sanitising user input and output. Instead add further layers of security by ensuring website users and administrators use different ‘views’ or websites. You will decrease the chance of the website being vulnerable to XSS. Future advances in XSS are likely to have less effect on your website and its users. Of course user peer attacks are still possible – rules 1 to 3 are the defences here.
20
Network Security
Rules 4 to 7 are there to further decrease the chances of successful XSS attacks from attackers trying to escalate privilege.
11-13 October 2006
References
International Conference on Mobile Computing and Ubiquitous Networking (ICMU 2006)
A. Klein, “Cross Site Scripting Explained.” Sanctum White Paper, May 2002. http://crypto.stanford.edu/cs155/CSS.pdf
Location: London, UK Website: www.icmu.org/icmu2006/index. html
About the author Richard Braganza is a consultant with Siemens Insight Consulting in the Technical Assurance Application Test Team. He has spent more than 20 years in software development and security, covering several areas ranging from miniature realtime systems to large enterprise fault tolerant high-availability systems.
23-25 October 2006 RSA Conference Europe 2006 Location: Nice, France Website: www.rsaconference.com
24-25 October 2006 Infosecurity USA Location: New York, USA Website: www.infosecworld.com
September 2006