Top Ten Security Stories of 2004

It's been a busy year in security, including everything from missing disks at a top secret research site, to the growing menace of spyware and "zero-day" attacks.

As 2004 progressed, security became an arms race among the major vendors, with firms such as Cisco Systems Inc. (Nasdaq: CSCO) looking to beef up their wares -- sometimes by snapping up smaller, specialist vendors. Indeed, in a year of M&A mayhem, 2004 ended with the biggest security deal of the last 12 months -- further confirmation that security really is big business.

NDCF has been there for it all, reporting the key security news for enterprise ITers. Following are our picks for 2004's Top Ten Security Stories on this site, in order from last to first:

10. The Curious Case of the Missing Disks Los Alamos Lessons Loom Large

Oh, to have been a fly on the wall of the Los Alamos National Laboratory this year. When two disks were reported missing from the top secret research site back in July, shockwaves rippled throughout the U.S. government (see Los Alamos Searches for Lost Media and Abraham Orders CREM Stand Down).The situation descended into farce in August, when it was reported that the disks may not be missing after all (see Los Alamos Disks May Not Be Lost).

Even this week, when NDCF contacted the Lab for an update, we were still unable to find out what had actually happened. A spokesman would only tell us that the investigation into the missing disks is "ongoing."

Well, it’s not as if Los Alamos is at the forefront of America’s nuclear weapons research or anything important like that -- d'oh! Hopefully, 2005 will give us some answers.

9. Clouds Gather Over CoSine – Will CoSine Get Carved Up?

The future is still uncertain for troubled equipment company CoSine Communications Inc. (Nasdaq: COSN). The first signs of trouble emerged back in July, when the security vendor announced it was examining "strategic alternatives" after a poor second quarter (see CoSine: The Big Sell-Off?).Since then, Ernst & Young stepped down as CoSine’s auditor and the company laid off most of its employees (see CoSine: E&Y Says Bye-Bye and CoSine Cuts to the Bone). That done, CoSine announced that it that it had signed an agreement for the early termination of the lease on its Redwood City, Calif., headquarters.

But it is not all doom and gloom. CoSine ended its third quarter with $33.6 million in cash, and some industry observers feel that the company is still a viable acquisition target.

However, it’s still not clear whether CoSine is going to end up in the hands of asset strippers or whether another vendor will jump in to pick up their customer contacts and intellectual property. Rival Quarry Technologies Inc., for example, has already checked them out.

CoSine did not return NDCF’s calls this week, so it looks as if we will have to wait until next year to find out what is really going on.

8. Hey Big Spender – Cisco's Security Spree ContinuesIs Cisco Systems Inc. (Nasdaq: CSCO) on a mission to buy up every security startup in the U.S.? The networking giant made its intentions clear back in March, snapping up Riverhead Networks Inc. for $39 million, just over a week after nabbing Twingo Systems Inc. (see Cisco: It Takes Two to Twingo).

Since then, the networking vendor has been throwing its cash around like a mafia boss at his daughter’s wedding. Other startups that have joined the family include NetSolve Inc., Jahi Networks, and, most recently, Perfigo Inc.

So what's next? Industry observers say we are likely to see more of the same, as Cisco continues to plug its technology gaps and bolsters its Self-Defending Network initiative (see When Will Cisco Go Soft? and M&A Mojo).

7. Love Don’t Live Here Anymore – SCUR Spurns CyberGuard Suitor

Not all of this year’s M&A activity has seen vendors wander off hand-in-hand into the sunset. During the summer, security specialist CyberGuard Corp. (Nasdaq: CGFW) made an unsuccessful attempt to woo Secure Computing Corp. (Nasdaq: SCUR).The San Jose, Calif.-based firm was unmoved, despite a sizeable $300 million offer. Rubbing salt in the wound, Secure Computing then snuggled up with CyberGuard’s archrival Blue Coat Systems Inc. (Nasdaq: BCSI) -- ouch! (See Blue Coat, Secure Computing Partner.)

If CyberGuard is nursing a broken heart then it isn’t letting it show. The company recently told NDCF that it is still on the lookout for hot (technology that is) firms, particularly in the identity management arena. Watch this space.

6. Beware Spyware – Spyware Spending Spree

Spyware, a.k.a. scumware -- don’t you just love it? At the very least, this pain-in-the-ass cyber menace could slow down your computer and your network. In the worst-case scenario, it could also lead to online fraud.

But don’t worry: Some of the IT industry’s big hitters are on hand to save the day (and no doubt lighten your wallet). Microsoft Corp. (Nasdaq: MSFT) is the latest vendor to enter the fray.There is big money at stake here. Analyst firm IDC predicts that revenues from anti-spyware software will rise from $12 million in 2003 to $305 million in 2008 (see IDC: Spyware Opens Market Opps).

However, there is a feeling among industry observers that it will be years, rather than months, before we eradicate the spyware menace. We could be as much as three years away from tackling the problem, so this is definitely not the time to lower your guard.

5. The Fear Factor – Harum Scarum!

What a sorry state of affairs -- do data center managers still have to resort to scare tactics in an effort to get their bosses to take security seriously? (See Security Survey Underlines Fear Factor.)

Sadly, it appears that this is still the case. Even after MyDoom, Sasser, and the Love-Bug, IT managers need a baseball bat to make the board pay attention to security. More than one data center manager told NDCF that the their superiors only see security as a necessity when something bad happens.But this is changing, albeit slowly. As younger, more technology-savvy execs make their way into the boardroom, data center managers will need to rely less on scare tactics. Regulatory pressures, such as the Sarbanes-Oxley and Health Insurance Portability and Accountability Act (HIPAA), are also helping drive awareness.

With top-level necks now on the line, don’t be surprised if security suddenly becomes a much higher priority over the coming months (see Gartner: Sarbanes Struggle Continues).

4. The VOIP Virgins – VOIP Security Poses a Problem

Voice over IP: the greatest thing since sliced bread, or yet another technology for telecom firms and service providers to worry about? Security has always been a major headache for telecom data centers, but the emergence of VOIP has many reaching for the Advil (see Vendor Points to VOIP Vulnerabilities).

Unlike traditional telecom networks, which use circuit switches to transfer calls, IP-based VOIP networks rely heavily on enterprise data gear. Running VOIP across routing and switching equipment means that ports are often left open to allow the passage of VOIP traffic, which could expose backend data center servers to security threats such as viruses and denial-of-service attacks.The problem is that many firms have yet to develop the skills required to tackle this problem. At the same time, vendors are rushing to develop products that help plug the VOIP security gap.

Such is the importance of VOIP that TippingPoint Technologies Inc., which was regarded as a VOIP trailblazer among security vendors, was recently snapped up by 3Com Corp. (Nasdaq: COMS)for $340 million (see 3Com Takes TippingPoint).

Clearly, we haven’t heard the last of all this.

3. Expect the Unexpected – Security Approaches Day Zero

How do you protect against unknown cyber-attacks? Increasingly, vendors are launching technologies that offer "zero-day" protection -- essentially, guarding against unforeseen attacks.Rather than relying of virus signatures to identify online threats as many products on the market do, zero-day offerings such as Cisco's Security Agent (CSA) analyze the behavior of servers and desktops. This means that if a PC suddenly starts sending out thousands of emails after being attacked by a virus, the application can then be closed.

Other vendors playing in this space include Platform Logic, Computer Associates International Inc. (CA) (NYSE: CA), and Sana Security, although more and more startups are getting involved (see Is Zero Day a Cash Cow?).

The market for these products is turning into an arms race, with vendors increasingly looking to add new capabilities.

2. Who Are You? – Identity Management Heats Up

As enterprise IT systems become increasingly complex, handling who gets access to what is becoming a major headache. But it is also big business. Computer Associates International Inc. (CA)'s (NYSE: CA) decision to shell out $430 million on security specialist Netegrity prompted a flurry of activity from rival vendors keen to get a share of the action (see CA Nets Netegrity for $430M).This spells good news for users, who stand to gain massive discounts on identity management software.

In short, identity management is a big deal. With companies increasingly relying on their partners to help run their day-to-day business, more and more people need secure access to corporate IT systems. Using an interface such as a Web portal, identity management software gives users a single password to connect to a variety of backend IT systems.

But the big question is who will be snapped up next. There has already been speculation that Oblix would be a good fit with a vendor such as Oracle Corp. (Nasdaq: ORCL) or SAP AG (NYSE/Frankfurt: SAP).

1. It Takes Two – Symantec & Veritas: It's a Deal

By merging in an all-stock deal valued at about $13.5 billion, Veritas Software Corp. (Nasdaq: VRTS) and Symantec Corp. (Nasdaq: SYMC) have created the fourth largest software company in the world.Could this be the shape of things to come? Many industry observers were puzzled by Symantec’s decision to branch out beyond the security market, but the deal makes sense.

One of the biggest day-to-day hassles cited by IT managers is having to deal with an army of different vendors. Increasingly, users are looking to deal with fewer firms -- hence the vast array of products offered by the likes of IBM Corp. (NYSE: IBM) and Microsoft Corp. (Nasdaq: MSFT).

And who says that security and storage don’t mix? In many businesses the same person will be responsible for security, data protection, and disaster recovery.

But bringing two massive and different organizations together will be easier said than done. The combined Symantec/Veritas sales force alone is said to number around 3,500 employees.

If the two firms successfully manage to pull this merger off, it could serve as a model for future technology deals (see Managing M&A Mayhem.— James Rogers, Site Editor, Next-Gen Data Center Forum