Home > Storage Magazine > Tools, Trends & Analysis > Security for your security appliances
EMAIL THIS LICENSING & REPRINTS
Storage Magazine

  CURRENT ISSUE  
  FEATURES  
  TOOLS, TRENDS & ANALYSIS  
  COLUMNS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Security for your security appliances
Issue: Nov 2006
printer-friendly
licensing & reprints

Decru, the storage encryption company owned by Network Appliance, is using Mu Security's security analysis product to find vulnerabilities in its own security appliances.

If this sounds paranoid, think again, says Jon Oltsik, senior analyst, information security at Enterprise Strategy Group, Milford, MA. "Extending the vulnerability mindset into storage is an important step toward really safeguarding sensitive data," he says. "Encryption technology has a giant target painted on it."

Decru has deployed the Mu-4000 Security Analyzer to "see where hackers might be able to exploit our product," says Kevin Brown, Decru's VP of marketing. "It generates millions of permutations for how hackers might attack us. For example, is our key management system leaking information?"

By using the tool, Decru hopes to catch vulnerabilities earlier in its development cycle and speed up its time to market, says Brown, adding that none of Decru's customers has reported any weakness in the product yet.

Joel Schwalbe, VP of technical services at CNL Financial Group, has been using Decru's product for approximately a year to encrypt all of his company's data going to tape and says they haven't experienced any security issues so far. "We're a small company, so we're relying on Decru to perform this kind of testing for us," he says.

Decru competitors NeoScale Systems and Vormetric say it's important to conduct this kind of testing. Both firms do, but were surprised Decru would want to advertise which products it uses to perform these tests.

"It's like raising a red flag to a bull," says Tom Grubb, VP of marketing at Vormetric.

Dore Rosenblum, NeoScale's VP of marketing, says NeoScale is working with Entrust to authenticate devices touching its product, and with Optica Technologies to integrate its mainframe tape-encryption keys under the NeoScale CryptoStor KeyVault system.

EMC isn't sitting on the bench in this area. It recently acquired Network Intelligence, which maintains logs on all security-related activity on a network. EMC's motives for acquiring Network Intelligence, however, are a bit more transparent than Decru's partnership with Mu Security.

"Security logs eat tons and tons of storage," says Oltsik. "Increasingly, a security requirement is going to lead to a storage data management requirement."

--Jo Maitland





TechTarget Storage Media
Storage Magazine View this month\\'s issue and subscribe today.
Storage Decisions Apply online for free conference admission.
SearchStorage.com
HomeNewsMagazineTopicsLearningMultimediaWhite PapersBlogsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2000 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts