Cisco MARS shuts out new third-party security devices

Cisco has finally publicly acknowledged it won't add support for new third-party devices to its security information and event monitoring appliance, ending months of speculation about the future of its Monitoring, Analysis and Response System. Cisco had been privately briefing at least some of them on its intentions to effectively freeze third-party device support, but until now had refrained from a public statement. Some claim it's the beginning of the end for MARS as a multi-vendor SIEM device. "MARS customers can expect non-Cisco network device data and signature updates to continue for currently supported third-party systems, but no new third-party devices will be added," Cisco declared in a statement, noting that "Cisco MARS continues to focus on supporting Cisco devices for threat identification and mitigation." MARS is used by about 4,000 customers and Cisco is regarded as the largest SIEM vendor.

Quiz: How much do you know about Cisco?   Since SIEM equipment is typically used to consolidate alert and event data from multiple vendor sources, the fact that MARS won't be supporting any new non-Cisco equipment suggests customers must now consider migrating from it if third-party vendor support is their chief concern. In the future, I would hope that Cisco would be more forward and clear on its product plans and address issues like these in a timely manner. Analysts from Gartner and Enterprise Strategy Group are advocating that very thing. "Cisco deserves credit for coming clean on MARS support," said Jon Oltsik, analyst with Enterprise Strategy Group (ESG). "That said, rumors of product, customer support and field sales have been circulating for more than a year. The priority here must be on improved security and not proprietary business agenda." Cisco's SIEM competitors this week have eagerly grabbed at the topic of Cisco MARS freezing third-party support because of a Gartner research memo published Oct. 29 in which analyst Mark Nicolett stated, "Cisco has quietly begun informing its customers of a decision to freeze support for most non-Cisco event sources with its [MARS]." In the research note Nicolett said, "Although Cisco has not formally announced its intention to exit the SIEM market, the Cisco sales force is encouraging its MARS customers to find an alternative for log collection and event analysis of non-Cisco event sources." In Gartner's view, the effect of all this is that MARS can no longer be viewed as a viable SIEM for anyone looking for third-party vendor support in the future. "Organizations that need support of non-Cisco event sources should plan to move to a viable SIEM solution," the Gartner research note states. Since Cisco had been included in Gartner's influential "Magic Quadrant report on SIEM this spring, when Cisco had provided "no hint of change in strategy," Nicolett says he thought it important to immediately inform Gartner clients on what he had found out. Nicolett says he issued the research note because of what he initially picked up from discussions he happened to have with Gartner customers using MARS, not Cisco directly, though Cisco did confirm the change in strategy when asked about it.

MARS has never been particularly wide in its support for third-party security devices, Nicolett says, but now it can no longer be considered in that role for the future. Cisco is considered the largest SIEM vendor in the market, but Gartner "threw a bomb in the market with that note," Caccia says. Gartner isn't going to go back and revise the SIEM Magic Quadrant, but its Oct. 29 research note has to be considered its current findings when it comes to MARS as a SIEM for other than Cisco-related gear. "That note seems to have caused a lot of concern to MARS customers," says Rick Caccia, vice president of product marketing at ArcSight, a SIEM vendor that supports 300 products, including MARS, with a connector toolkit for 1,500 others.

Lufthansa to relaunch intercontinential in-flight Internet

In-flight Internet access is coming back to intercontinental flights next year. Lufthansa was the launch customer for the Connexion by Boeing service that began in 2004 but was closed down in 2006 after failing to gain traction among passengers. German airline Lufthansa said Monday that it plans to begin offering Panasonic's ExConnext broadband service in the middle of next year and will quickly expand access to cover the majority of its aircraft within the first 12 months of service. The terrorist attacks of 2001 also dealt the service a blow when major U.S. airlines reversed earlier plans to enable their fleets with Internet access.

Pricing and route details are yet to be announced, although Lufthansa did say it would offer options from an hourly access plan to one that covers an entire month. Lufthansa will use the same FlyNet branding for the proposed service although that's all it said about the planned service on Monday. The previous service charged between US$10 and $30 for broadband access throughout a flight. That stream can be split between channels for airline use, live television, telephone and cell-phone access and Internet. The ExConnect service from Panasonic Avionics, a major provider of in-flight entertainment systems, is capable of delivering an up-to 50Mbps data stream to an aircraft. In its announcement on Monday Lufthansa said it would offer Internet access to PC users and data access to cell phone and smart phone users.

Several in-flight Internet services already exist although most are based on cellular networks or a single satellite and so cover a limited geographic area, such as the continental U.S. The Lufthansa service will offer connectivity throughout most of an intercontinental flight.

FTC delays identity protection rules till June 2010

Well, maybe the fourth time will be the charm. At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the "Red Flags" Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC. NetworkWorld Extra: 15 genius algorithms that aren't boring The rules have been delayed three times and were originally set to become practice Nov. 1, 2008. Under the Red Flags rules all companies or services that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers must develop a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. This time the Federal Trade Commission said it delayed the enforcement of its Red Flags identity protection rules until June 1, 2010 at the request of Congressional members. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents.

The final rules require financial and credit institutions that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts, the FTC said. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The FTC stated that some industries and entities within the agency's jurisdiction were uncertain about their coverage under the Red Flags Rule. Others have raised a stink about complying with the rules. Many entities also argue that, because they generally are not required to comply with FTC rules in other contexts, they have not had enough time to develop compliance plans. As a result the program hasn't been without its legal challenges.

That bill is now in committee. This month the House unanimously approved a measure to exempt health care, legal and accounting firms employing fewer than 20 people from Red Flags.

FAA streamlines experimental space flight access

The Federal Aviation Administration today said it would streamline the environmental review part of permit applications for the launch and/or reentry of reusable suborbital rockets to help bolster a fledgling commercial space market. The PEIS would eliminate repetitive discussions of recurring issues and focus on issues that are ready for decision…specific to a particular launch. At the heart of the ruling is a document used to outline and determine the potential environmental consequences of issuing experimental permits known as the Processing of Experimental Permit Applications (PEIS). NetworkWorld Extra: Top 10 cool satellite projects The idea as the FAA explains it: Because the PEIS presents information and analysis common to reusable, suborbital rockets, the FAA could choose to tier environmental documents from the PEIS to focus on environmental impacts specific to an applicant's proposed experimental operations.

Individual launch operators would be required to coordinate with site operators to gain access to a site. From the FAA ruling: "The PEIS considers activities associated with the launch and reentry of reusable suborbital rockets, including pre-flight activities, flight profile (takeoff, flight, and landing), and post-flight activities. In addition, the launch operators would be required to apply to the FAA for an experimental permit, which would require an individual safety and environmental review. The general suborbital rocket designs addressed in the PEIS include vehicles resembling conventional aircraft-30 to 140 feet long with unfueled weight of up to 9,921 pounds; vehicles resembling conventional rockets-6 to 33 feet long with unfueled weight of up to 5,500 pounds; and vehicles that hover—up to 20 feet in length or diameter with unfueled weight of up to 4,400 pounds. The PEIS examines the potential environmental impacts of issuing an experimental permit for the operation of reusable suborbital rockets anywhere in the U.S. and abroad, and the potential site-specific impacts of permitted launches from seven FAA-licensed commercial launch sites: California Spaceport, California; Mojave Air and Space Port, California; Kodiak Launch Complex, Alaska; Mid-Atlantic Regional Spaceport, Virginia; and Space Florida." NetworkWorld Extra: 10 NASA space technologies that may never see the cosmos The FAA said it prepared the PEIS with cooperation from the National Aeronautics and Space Administration (NASA) and the US Air Force and said that its ruling does not propose site- specific environmental mitigation measures. "Rather, launch operators would be expected to implement site-specific mitigation measures that are consistent with those currently employed by the eight launch facilities addressed in the PEIS. Additional site-specific mitigation measures could be developed and presented in the site-specific documents that would tier from the PEIS." Reusable launch vehicles or rockets are one of the key technologies for the future of commercial space flight.

The FAA also assumes the total rocket fuel capacity of a reusable suborbital rocket not to exceed 11,00lbs. The Review of United States Human Space Flight Plan Committee report said that commercial services to deliver crew to low-Earth orbit are within reach. "While this presents some risk, it could provide an earlier capability at lower initial and life-cycle costs than government could achieve. The study of reusable launch vehicle or RLVs will focus on identifying technologies and assessing their potential use to accelerate the development of commercial reusable launch vehicles that have improved reliability, availability, launch turn-time, robustness and significantly lower costs than current launch systems, NASA stated. A new competition with adequate incentives to perform this service should be open to all US aerospace companies." NASA recently said it would partner with the US Air Force Research Laboratory to develop a technology roadmap for use of reusable commercial spaceships. The study results will provide roadmaps with recommended government technology tasks and milestones for different vehicle categories.

NASA said its Commercial Crew and Cargo Program looks to develop and demonstrate safe, reliable, and cost-effective capabilities to transport cargo and eventually crew to low-Earth orbit and the International Space Station. NASA also recently said it would offer $50 million in stimulus money to further develop private commercial spacecraft. The aerospace consultancy Futron recently said that as much as $1.5 billion may be up for grabs for commercial space operation in the next ten years.

Microsoft Betrayed i4i, Say Court Documents

Microsoft Corp.marketed i4i Inc.'s XML software to potential customers at the same time it planned to drive the small company out of business by infringing on its patent for the technology, according to court documents filed last week. Federal Judge Leonard Davis issued the injunction in August, barring Microsoft from selling Word 2003 and Word 2007 after Oct. 10. The decision came about three months after a Texas jury found that Microsoft had illegally used patented i4i technology to build XML features into its word processing software. In a brief submitted to the U.S. Court of Appeals for the Federal District in Washington, Toronto-based i4i argued that an injunction blocking Microsoft from selling current versions of Word should stand.

The jury had awarded i4i $200 million, but Davis increased the amount to just under $300 million when he issued the injunction. Earlier this month, the three-judge appeals panel decided to stay the injunction while it weighs Microsoft's appeal . I4i filed the patent infringement lawsuit in 2007. The new i4i brief charges that in 1991, "at the same time Microsoft was praising the improved functionality that i4i's product brought to Word, and touting i4i as a 'Microsoft Partner,' Microsoft was working behind i4i's back to make i4i's product obsolete." According to the brief, just days after a 1991 meeting in which Microsoft had sought to find ways to work with i4i, Microsoft executives discussed XML plans for Word that would eventually "make obsolete any competitive attempts by third parties to conquer that market." Microsoft must file its rebuttal to i4i's brief by Sept. 14; the appeals court is slated to hear oral arguments from the two sides on Sept. 23. Asked to comment on i4i's briefs, a Microsoft spokesman said, "We're looking forward to the hearing on the merits of our appeal." This version of the story originally appeared in Computerworld 's print edition.