Cisco MARS shuts out new third-party security devices

Cisco has finally publicly acknowledged it won't add support for new third-party devices to its security information and event monitoring appliance, ending months of speculation about the future of its Monitoring, Analysis and Response System. Cisco had been privately briefing at least some of them on its intentions to effectively freeze third-party device support, but until now had refrained from a public statement. Some claim it's the beginning of the end for MARS as a multi-vendor SIEM device. "MARS customers can expect non-Cisco network device data and signature updates to continue for currently supported third-party systems, but no new third-party devices will be added," Cisco declared in a statement, noting that "Cisco MARS continues to focus on supporting Cisco devices for threat identification and mitigation." MARS is used by about 4,000 customers and Cisco is regarded as the largest SIEM vendor.

Quiz: How much do you know about Cisco?   Since SIEM equipment is typically used to consolidate alert and event data from multiple vendor sources, the fact that MARS won't be supporting any new non-Cisco equipment suggests customers must now consider migrating from it if third-party vendor support is their chief concern. In the future, I would hope that Cisco would be more forward and clear on its product plans and address issues like these in a timely manner. Analysts from Gartner and Enterprise Strategy Group are advocating that very thing. "Cisco deserves credit for coming clean on MARS support," said Jon Oltsik, analyst with Enterprise Strategy Group (ESG). "That said, rumors of product, customer support and field sales have been circulating for more than a year. The priority here must be on improved security and not proprietary business agenda." Cisco's SIEM competitors this week have eagerly grabbed at the topic of Cisco MARS freezing third-party support because of a Gartner research memo published Oct. 29 in which analyst Mark Nicolett stated, "Cisco has quietly begun informing its customers of a decision to freeze support for most non-Cisco event sources with its [MARS]." In the research note Nicolett said, "Although Cisco has not formally announced its intention to exit the SIEM market, the Cisco sales force is encouraging its MARS customers to find an alternative for log collection and event analysis of non-Cisco event sources." In Gartner's view, the effect of all this is that MARS can no longer be viewed as a viable SIEM for anyone looking for third-party vendor support in the future. "Organizations that need support of non-Cisco event sources should plan to move to a viable SIEM solution," the Gartner research note states. Since Cisco had been included in Gartner's influential "Magic Quadrant report on SIEM this spring, when Cisco had provided "no hint of change in strategy," Nicolett says he thought it important to immediately inform Gartner clients on what he had found out. Nicolett says he issued the research note because of what he initially picked up from discussions he happened to have with Gartner customers using MARS, not Cisco directly, though Cisco did confirm the change in strategy when asked about it.

MARS has never been particularly wide in its support for third-party security devices, Nicolett says, but now it can no longer be considered in that role for the future. Cisco is considered the largest SIEM vendor in the market, but Gartner "threw a bomb in the market with that note," Caccia says. Gartner isn't going to go back and revise the SIEM Magic Quadrant, but its Oct. 29 research note has to be considered its current findings when it comes to MARS as a SIEM for other than Cisco-related gear. "That note seems to have caused a lot of concern to MARS customers," says Rick Caccia, vice president of product marketing at ArcSight, a SIEM vendor that supports 300 products, including MARS, with a connector toolkit for 1,500 others.

Lufthansa to relaunch intercontinential in-flight Internet

In-flight Internet access is coming back to intercontinental flights next year. Lufthansa was the launch customer for the Connexion by Boeing service that began in 2004 but was closed down in 2006 after failing to gain traction among passengers. German airline Lufthansa said Monday that it plans to begin offering Panasonic's ExConnext broadband service in the middle of next year and will quickly expand access to cover the majority of its aircraft within the first 12 months of service. The terrorist attacks of 2001 also dealt the service a blow when major U.S. airlines reversed earlier plans to enable their fleets with Internet access.

Pricing and route details are yet to be announced, although Lufthansa did say it would offer options from an hourly access plan to one that covers an entire month. Lufthansa will use the same FlyNet branding for the proposed service although that's all it said about the planned service on Monday. The previous service charged between US$10 and $30 for broadband access throughout a flight. That stream can be split between channels for airline use, live television, telephone and cell-phone access and Internet. The ExConnect service from Panasonic Avionics, a major provider of in-flight entertainment systems, is capable of delivering an up-to 50Mbps data stream to an aircraft. In its announcement on Monday Lufthansa said it would offer Internet access to PC users and data access to cell phone and smart phone users.

Several in-flight Internet services already exist although most are based on cellular networks or a single satellite and so cover a limited geographic area, such as the continental U.S. The Lufthansa service will offer connectivity throughout most of an intercontinental flight.

FTC delays identity protection rules till June 2010

Well, maybe the fourth time will be the charm. At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the "Red Flags" Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC. NetworkWorld Extra: 15 genius algorithms that aren't boring The rules have been delayed three times and were originally set to become practice Nov. 1, 2008. Under the Red Flags rules all companies or services that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers must develop a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. This time the Federal Trade Commission said it delayed the enforcement of its Red Flags identity protection rules until June 1, 2010 at the request of Congressional members. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents.

The final rules require financial and credit institutions that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts, the FTC said. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The FTC stated that some industries and entities within the agency's jurisdiction were uncertain about their coverage under the Red Flags Rule. Others have raised a stink about complying with the rules. Many entities also argue that, because they generally are not required to comply with FTC rules in other contexts, they have not had enough time to develop compliance plans. As a result the program hasn't been without its legal challenges.

That bill is now in committee. This month the House unanimously approved a measure to exempt health care, legal and accounting firms employing fewer than 20 people from Red Flags.

FAA streamlines experimental space flight access

The Federal Aviation Administration today said it would streamline the environmental review part of permit applications for the launch and/or reentry of reusable suborbital rockets to help bolster a fledgling commercial space market. The PEIS would eliminate repetitive discussions of recurring issues and focus on issues that are ready for decision…specific to a particular launch. At the heart of the ruling is a document used to outline and determine the potential environmental consequences of issuing experimental permits known as the Processing of Experimental Permit Applications (PEIS). NetworkWorld Extra: Top 10 cool satellite projects The idea as the FAA explains it: Because the PEIS presents information and analysis common to reusable, suborbital rockets, the FAA could choose to tier environmental documents from the PEIS to focus on environmental impacts specific to an applicant's proposed experimental operations.

Individual launch operators would be required to coordinate with site operators to gain access to a site. From the FAA ruling: "The PEIS considers activities associated with the launch and reentry of reusable suborbital rockets, including pre-flight activities, flight profile (takeoff, flight, and landing), and post-flight activities. In addition, the launch operators would be required to apply to the FAA for an experimental permit, which would require an individual safety and environmental review. The general suborbital rocket designs addressed in the PEIS include vehicles resembling conventional aircraft-30 to 140 feet long with unfueled weight of up to 9,921 pounds; vehicles resembling conventional rockets-6 to 33 feet long with unfueled weight of up to 5,500 pounds; and vehicles that hover—up to 20 feet in length or diameter with unfueled weight of up to 4,400 pounds. The PEIS examines the potential environmental impacts of issuing an experimental permit for the operation of reusable suborbital rockets anywhere in the U.S. and abroad, and the potential site-specific impacts of permitted launches from seven FAA-licensed commercial launch sites: California Spaceport, California; Mojave Air and Space Port, California; Kodiak Launch Complex, Alaska; Mid-Atlantic Regional Spaceport, Virginia; and Space Florida." NetworkWorld Extra: 10 NASA space technologies that may never see the cosmos The FAA said it prepared the PEIS with cooperation from the National Aeronautics and Space Administration (NASA) and the US Air Force and said that its ruling does not propose site- specific environmental mitigation measures. "Rather, launch operators would be expected to implement site-specific mitigation measures that are consistent with those currently employed by the eight launch facilities addressed in the PEIS. Additional site-specific mitigation measures could be developed and presented in the site-specific documents that would tier from the PEIS." Reusable launch vehicles or rockets are one of the key technologies for the future of commercial space flight.

The FAA also assumes the total rocket fuel capacity of a reusable suborbital rocket not to exceed 11,00lbs. The Review of United States Human Space Flight Plan Committee report said that commercial services to deliver crew to low-Earth orbit are within reach. "While this presents some risk, it could provide an earlier capability at lower initial and life-cycle costs than government could achieve. The study of reusable launch vehicle or RLVs will focus on identifying technologies and assessing their potential use to accelerate the development of commercial reusable launch vehicles that have improved reliability, availability, launch turn-time, robustness and significantly lower costs than current launch systems, NASA stated. A new competition with adequate incentives to perform this service should be open to all US aerospace companies." NASA recently said it would partner with the US Air Force Research Laboratory to develop a technology roadmap for use of reusable commercial spaceships. The study results will provide roadmaps with recommended government technology tasks and milestones for different vehicle categories.

NASA said its Commercial Crew and Cargo Program looks to develop and demonstrate safe, reliable, and cost-effective capabilities to transport cargo and eventually crew to low-Earth orbit and the International Space Station. NASA also recently said it would offer $50 million in stimulus money to further develop private commercial spacecraft. The aerospace consultancy Futron recently said that as much as $1.5 billion may be up for grabs for commercial space operation in the next ten years.

Microsoft Betrayed i4i, Say Court Documents

Microsoft Corp.marketed i4i Inc.'s XML software to potential customers at the same time it planned to drive the small company out of business by infringing on its patent for the technology, according to court documents filed last week. Federal Judge Leonard Davis issued the injunction in August, barring Microsoft from selling Word 2003 and Word 2007 after Oct. 10. The decision came about three months after a Texas jury found that Microsoft had illegally used patented i4i technology to build XML features into its word processing software. In a brief submitted to the U.S. Court of Appeals for the Federal District in Washington, Toronto-based i4i argued that an injunction blocking Microsoft from selling current versions of Word should stand.

The jury had awarded i4i $200 million, but Davis increased the amount to just under $300 million when he issued the injunction. Earlier this month, the three-judge appeals panel decided to stay the injunction while it weighs Microsoft's appeal . I4i filed the patent infringement lawsuit in 2007. The new i4i brief charges that in 1991, "at the same time Microsoft was praising the improved functionality that i4i's product brought to Word, and touting i4i as a 'Microsoft Partner,' Microsoft was working behind i4i's back to make i4i's product obsolete." According to the brief, just days after a 1991 meeting in which Microsoft had sought to find ways to work with i4i, Microsoft executives discussed XML plans for Word that would eventually "make obsolete any competitive attempts by third parties to conquer that market." Microsoft must file its rebuttal to i4i's brief by Sept. 14; the appeals court is slated to hear oral arguments from the two sides on Sept. 23. Asked to comment on i4i's briefs, a Microsoft spokesman said, "We're looking forward to the hearing on the merits of our appeal." This version of the story originally appeared in Computerworld 's print edition.

Boise State ditches Cisco DNS

Boise State University, the largest university in Idaho, has replaced its aging Cisco Network Registrar software with appliances from BlueCat Networks that it says are easier to manage and less expensive to operate for Domain Name System  and Dynamic Host Configuration Protocol services. The fiber-optic backbone network is being upgraded to 10G Ethernet in December, with 100Mbps bandwidth to the desktop. Boise State's network links more than 170 buildings spread across its 175-acre campus in downtown Boise.

The network carries data and voice traffic, and it supports 2,300 IP-based phones. But when it comes to core network infrastructure services such as DNS and DHCP, the university decided Cisco's Network Registrar was too expensive to operate. Boise State is a Cisco shop; the university uses all Cisco switches, routers, IP phones, wireless access points and wireless controllers on its network, which supports 21,000 students, faculty and staff. Case study: The Google-ization of Bechtel   Boise State isn't the only organization to discover that it could save money by switching from DNS software to DNS appliances. Boise State had the same problem. The Nevada Department of Corrections recently bought DNS appliances from BlueCat rival Infoblox to replace DNS software from Novell that was requiring too much time from network administrators.

Until this summer, the university was running an old edition of Cisco Network Registrar - Version 5.5, which was at the end of its life - on a Windows server for its DNS and DHCP services. "It was very limited as far as what was actually in the database for DNS and DHCP, and what you could see through the [graphical user interface]," says Diane Dragone, network engineer at Boise State. "There was no easy way to see what was really in the database except through command line tools." In addition, Boise State had to do custom coding in order to make this older version of Cisco Network Registrar work with all the vendor tags needed for DHCP. Boise State needed to upgrade the Cisco Network Registrar software, but that option was too expensive, Dragone says. Dragone explored several alternatives, including DNS software from Novell, Microsoft and Men & Mice. Cisco ended support for Cisco Network Registrar Version 5.5 in May 2006, and it is now selling Version 7.0 of the software. "We didn't want to pay the price for upgrading the software; it became extremely expensive," Dragone says. But eventually she zeroed in on appliances, and ended up testing devices from BlueCat and Infoblox. The retail cost of the two appliances was $26,000. "It came down to cost," Dragone says. "Plus, there were a couple things in the [interface] of the management system that I liked better, but they were very small." Dragone said installation of the Adonis 1000s was easy. "I spent a few weeks on my own learning the interfaces on the Adonis system, the GUI interface and the command-line interface, until I had a good comfort level. Boise State bought two BlueCat Adonis 1000 appliances, which are set up to be redundant to each other.

Then I did a testbed of two small buildings…to roll them onto the system for DNS and DHCP so we could test our Active Directory integration and our VoIP to make sure we had no issues," she explains. She says she can patch the appliances in the middle of the work day, rather than scheduling off-hours maintenance. Dragone said it took three weeks to migrate the entire campus network to the DNS and DHCP services from the BlueCat appliances. "We had no helpdesk calls as a result of the conversion," she says. "People didn't really know it happened." Dragone's favorite features of the Adonis system are the search capabilities and the instantaneous replication between the master and slave systems. Boise State hasn't experienced any outages or other significant problems with the BlueCat appliances. "I have no complaints whatsoever," Dragone says. "I like all the reports that you can look at. That has really come in handy." Operating modern appliances is a lot easier than keeping aging software running, Dragone says. "There are savings headache wise," Dragone says. "I spent an entire week in December trying to figure something out that never got resolved. The other thing I really like is the tool for checking your DNS database before you deploy your configuration.

There were a lot of band-aid fixes on the old system to the point where we were shuffling around where the DHCP was coming from." Cisco declined to comment for this article. Among BlueCat's higher ed customers are UC Berkeley, UCLA, the University of Michigan and the University of Calgary. Branko Miskov, director of product management at BlueCat Networks, says more universities like Boise State are migrating to appliances for DNS and DHCP services. This segment now represents more than 10% of BlueCat's sales. "We've actually had some pretty significant traction in the higher ed market…in the last 18 months," Miskov says. "They're a little more diverse in terms of the feature sets they use, whereas a lot of enterprises are pretty much uniform. The dorms have different requirements than the university buildings, so they really use the full extent of our gear." Miskov says universities are upgrading their core network services in response to the explosion of IP devices in dorm rooms, such as computers, PDAs and gaming consoles. "Each dorm room might require three or four IP addresses, and that's not even thinking about the faculty requirements," Miskov says. "For those that are rolling out VoIP, that introduces a whole slew of new IP addresses into the mix and makes it harder to manage."

Acresso who? Macrovision spinoff changes name, again

Under a legal threat from another software firm with a similar name, Acresso Software Inc. is changing its name to Flexera Software after just 19 months. Acresso sells software such as software its installation utility, InstallShield, and software license manager, FLEXnet, to software vendors and enterprises. The company will officially announce the change next Tuesday, but had already notified partners and customers on Thursday. It was spun out of Macrovision Corp. after the unit was acquired by venture capital firm Thoma Brava Cressley in April 2008. Macrovision retained the digital rights management (DRM) apps for which it is best-known.

Acresso, which the company said was derived from the Latin word "Cresco" for "to grow, increase" faced a "challenge" on its name from ERP software maker Agresso Software , said Randy Littleson, senior vice-president of marketing for Acresso. "Our executive team decided that there were better ways to invest our time and money, and that we didn't need this distraction," Littleson said. "The action we're taking will let us avoid a potential lawsuit." Acresso did not immediately return an e-mailed request for comment. It changed its company name in July to Rovi Corporation. Acresso was founded in 1980 and has annual revenue of about $475 million. That dwarfs Acresso, which has 375 employees and annual revenues of $115 million. It also has 3,500 employees at 16 offices globally.

Flexera will be the fourth name in five years facing long-time users of InstallShield, which was bought by Macrovision in 2004. Perhaps predictably, early public reaction to the new name tended towards the sarcastic. "As if the makers of InstallShield hadn't already done enough damage to their brand, let's just go change names yet again!" wrote Christopher Painter, an InstallShield consultant, on his blog yesterday. "Acresso Software is becoming Flexera Software for no apparent reason. Littleson said the company considered changing its name to Installshield, being that it is its best-known product, but ultimately came to the conclusion that it didn't represent the breadth of its application stable. Go ahead. #ScrambleMyBrands," another tweet said. He dismissed the notion, brought up by some bloggers , that the new name will cause legal trouble or just confusion with a solar and wind power company Flexera. "We're quite aware of it. We think this is very different, compared to when it was two software companies." That's one of the reasons why it's Flexera Software," he said. "How similar are we to an energy company?