VoIP fears

I'm preparing for my Wednesday talk about the security market, and just found this BBC report, with some analysis of the recent biannual Symantec Threat Report which identified Voice over IP (Voip) systems as a technology starting to interest hi-tech criminals.

The report predicted that within 18 months, Voip will start to be used as a "significant" attack vector.  As well as prompting new attacks, Voip could also resurrect some old hacking techniques, warned the report.

Several interesting companies like Borderware, Securelogix or CheckPhone are currently offering new solution to address exactly those issues.

The growing use of Voip could encourage the emergence of:

• audio spam that clogs voicemail boxes with spoken adverts

• voice phishing that tries to con people into handing over confidential details

• caller-ID spoofing which allows conmen to make it look like they are calling from a legitimate number such as a victim's bank

• call hi-jacking that re-directs calls to conmen and criminals

Conference Watch: investing in the security market

I’ll be speaking next Wednesday at the Leonard Finance forum on investing (and creating returns from) the security market. Let me know if you plan to be there so we can meet before/after.

8h00 à 8h15 : « Quelles opportunités dans la Sécurité des Systèmes d’Information, exemples de réussites et d’échecs » par Hervé SCHAUER, Fondateur et Dirigeant du Cabinet Hervé Schauer

8h15 à 8h30 « Sécurité: Perspectives de marché/Les startup à surveiller» par Eric OCHS, Directeur Général, IDG Communications France/IT Media Partners

8H30 – 10H00 : TABLE RONDE sur le thème « Investir dans les marchés de la sécurité» animée par Jean Rognetta, Journaliste, Les Échos / Capital Finance

10H00 - 10H30 : Pause / Networking Break

10H30 – 11H00 « Security and Other Hot Investment Sectors in the European M&A and Investment Market », un point sur le marché des fusions et acquisitions dans les secteurs technologiques en Europe, par Peter Rowell, CEO & Chairman, REGENT ASSOCIATES

VoIP driving security appliance market

More than 75 percent of companies that have implemented VoIP plan to replace their security appliances within the next year, reports In-Stat.

The technology market research firm forecasts the security appliance market, therefore, is poised for strong growth over the next few years and will reach $7 billion by 2009. In-Stat finds that budgets allocated for new security appliances are significantly higher in companies that have already implemented VoIP. Additionally, larger, mid-sized companies show a higher percentage of concerns about VoIP security than companies of other sizes. According to In-Stat, reliability is, by far, the most important criteria for the purchase of new security appliance products by businesses.

source : In-Stat

Interesting informations on VoIP security can also be found here (open source project) or in this white paper for the University of Colorado.

Liberty Alliance 7 :: Passport 0

While MS Passport usage and actual traction seems to be fading away, Liberty Alliance just announced 7 new members

The Liberty Alliance, a group of tech firms working to create universal ID standards on the Internet, has signed up seven new members: Adobe Systems, DAI-Labor, Deny All, M-Tech Information Technology, OpenNetwork Technologies, Senforce Technologies, and Telewest Broadband all joined the alliance. The Liberty Alliance is best known for creating a single sign-on system that competes with Microsoft's Passport authentication...

As the usage of on-demand services increases, the single sign-on capabilities will become crutial form enterprise wanted to leverage web services. I will be interesting to watch how this space will unfold, and how innovators like PingID deliver on they promises (a good paper on PinID views on the various topologies of identity federation can be found here)

Innovation in the security industry

Despite been the focus on significant corporate investments and VC dreams, Enterprise security getting worse.

Despite the huge number of IT security products, many large enterprises are even less secure than they were a year ago, says Eli Barkat, managing director of BRM Capital. Barkat blames a lack of innovation in the security industry. Mike Dalton, EMEA president of McAfee, believes the problem is a lack of integration in security products. Although many experts predict consolidation among security vendors, this will not necessarily lead to more integrated products. Industry analysts could offer no clear path to success, but they do agree that enterprises should invest in integrated security products and avoid appliances based on technology that changes every few years....

We are having the same experience on the ground here, and are finding difficult to find interesting security projects that we can invest in, that are building a real product (and not a set of interesting features), and that be sold to a real customer (and not living in a overly complex and un-manageable eco-system)...

=> If you know of any good one, we are open for discussion...