Cisco Anti-spam breakthrough rumors

I've seen a few news stories claiming that Cisco in on the verge of a breakthrough to block spam at the router level. You know, for the technically unsavvy, it's the place where all the IP packets get routed across the Internet? For those even less technically inclined, it's those magical little boxes that send & deliver data across the Internet. Ok, for the really technically challenged stone-agers who still pay their bills with envelopes and stamps (and not online like any sane person), think of routers as kind of like the postman that routes mail to you.

Imagine if the postman had the ability to automatically throw away junk mail for you before it reached your mailbox. Hey, wait a minute, that's a great idea! Unfortunately, the postal service makes a lot of money on those junk flyers. Maybe my postman can be bought off to screen my junk mail. Is bribing a federal United States Postal carrier a crime? Hmmm... I wonder.

Anyway. If memory serves me correctly, Cisco claims the Internet is 80% Cisco routers, which means in theory Cisco could block a heck of a lot of spam before it even reaches your mail server.

Well, if Cisco has found a way to block spam at the router level, then a Marine "Hoorah" is in order! Or a Homer Woohoo! Take your pick... I'll be screaming both of these if it's true. I am an anti-spam zealot to the extreme!

Or as this article states, "Come on, the Cisco kids! ... Go Cisco go!"

LOL! They're cheering Cisco. That's kinda like cheering for Microsoft, but I'm with them, go Cisco GO!!!

Check it out:
Cisco on verge of anti-spam router breakthrough?

Cisco acquires WebEx

Cisco has acquired WebEx for approximately $3.2 billion, according to the Cisco website. WebEx is one of the most well-known companies in the hosted on-demand collaboration application space. Although WebEx is very well-known (who hasn't used it?), in my opinion Cisco overpaid for WebEx. First, the hosted collaboration space is very crowded. You have Raindance, Placeware (now part of Microsoft), Genesys, and a dozen other smaller players all in the web collaboration space. This acquisition reminds me how eBay bought Skype for around $3 billion and have yet to recoup that investment, though they're still trying with new ventures such as Skype Prime.

Then you have Microsoft Office Live Communications Server 2007 coming out very soon, which features built-in collaboration capabiltiies and is part of Microsoft's "unified communications" strategy. Why pay WebEx or any other hosted service to rent collaboration services when you can buy collaboration capabilities with a one-time license fee? I've never been a fan of hosted software, but maybe that's just me. In fact, Microsoft's unified communications strategy, including VoIP communications, video, and collaboration puts Microsoft in direct competition with Cisco. Perhaps this is why Cisco scooped up WebEx?

In any event, Cisco will commence a cash tender offer to purchase all of the outstanding shares of WebEx for $57 per share and will assume outstanding share-based awards, for an aggregate purchase price of approximately $3.2 billion, or approximately $2.9 billion net of WebEx's existing cash balance.

"As collaboration in the workplace becomes increasingly important, companies are looking for rich communications tools to help them work more effectively and efficiently," said Charles H. Giancarlo, Chief Development Officer at Cisco. "The combination of Cisco and WebEx will deliver compelling solutions accelerating this next wave of business communications.

Cisco believes the network is a platform for all forms of communications and collaboration, and WebEx's technology and services portfolio complement Cisco's leadership in the Unified Communications and collaboration market, while providing Cisco with a new and unique business model to expand its presence in the fast-growing SMB market," Giancarlo continued.

"Cisco and WebEx share a vision of web collaboration as a key to accelerating business processes and critical to durable competitive advantage," said Subrah S. Iyar, CEO of WebEx. "Cisco's global reach and customer focus will help us extend our core web collaboration applications and continue to broaden the services we offer through the WebEx Connect platform."

Verizon Business Trials Cloud-Based Unified Communications and Collaboration as a Service

Verizon Business takes aim at the hosted unified communications space using Cisco's UC and collaboration solutions. Hosted UC is going to be a fast growing market segment, so this is a smart move by Verizon Business. Interesting that they chose Cisco over Microsoft (OCS/MCS) as their first partner. Perhaps Microsoft OCS support is coming, or perhaps Cisco will be their exclusive hosted partner.

Check out the news:

Verizon Business Customers to Trial Cloud-Based Unified Communications and Collaboration as a Service

Company Is First U.S.-Based Global Service Provider to Conduct Field Trials of Cisco Hosted Collaboration Solution

To help organizations accelerate the adoption of unified communications and improve performance, Verizon Business will be the first U.S.-based global service provider to deliver Cisco unified communications and collaboration applications in the cloud "as-a-service."

The company next month will begin field trials of the new Cisco Hosted Collaboration Solution, introduced today at the Cisco Live! networking event in Las Vegas. The two-month trial will enable participants to see how cloud-based UC&C capabilities can be quickly and cost-effectively used by multiple employees across an enterprise. Since the applications reside in the network, or cloud, organizations can activate employee subscriptions to some or all of the available services, as needed, and pay for the services, once commercialized, on a per-user basis. There is also no need to purchase additional computer hardware and software.

Among the participants in the trial are a multinational auto manufacturer, a women's fashion retailer and a state government agency. They will employ Verizon Business solutions based on Cisco UC&C capabilities in the cloud, using the technology foundations of Cisco Unified Service Delivery.

"Our customers are eager to put cloud-based unified communications to the test," said Anthony Recine, vice president of networking and communications solutions for Verizon Business. "Verizon Business' field trial of Cisco's Hosted Collaboration Solution builds on a proven track record the two companies have established in developing and delivering innovative solutions to market. It is the latest initiative of Verizon Business' continuing effort to lead the industry toward delivering 'everything-as-a-service' to our customers worldwide."

Verizon Business is evolving to an everything-as-a-service (EaaS) model in which cloud-based, converged solutions are delivered with built-in security via managed and professional services over the company's global IP network. Verizon is assembling the key components of that unique and powerful approach to serving enterprises, and this field trial of Cisco Hosted Collaboration Solution is another step in that evolution. The EaaS platform - with Verizon's global IP network and data centers as its foundation - will enable enterprises to do business better by getting what they need, when they need it, where they need it. Visit the Verizon IT Solutions & Hosting website for more information.

ITEXPO Lands Some Spectacular Companies

ITEXPO Lands Some Spectacular Companies

I'm pretty excited about TMC's upcoming Internet Telephony Conference & Expo (ITEXPO) happening in Los Angeles, California. Check out some of the participants at ITEXPO, including some big names like Alcatel-Lucent, Cisco, Microsoft, and Symantec. I believe we're around 200 exhibitors, maybe more. I'll be there covering the latest 4G, VoIP, unified communications (UC), CRM, and other telecom & communications news.

Check out some of the participants.

Also, check out the special sub-shows and events going on at ITEXPO. I'm pretty excited to check out the 4G wireless evolution (4GWE) conference:

	ChannelVision Expo	SIP Trunk-UC Workshop
		For the SMB Workshop
		Smart Wireless Workshop

Lastly, here are the platinum sponsors:

Microsoft Security Intelligence Report

Microsoft Security Intelligence Report Shows Rogue Security Software a Top Threat to Internet Users [news release]

Cybercriminals take advantage of increased online savvy and human nature.

Microsoft Corp. today released the sixth volume of its Microsoft Security Intelligence Report, which showed a significant increase in rogue security software and evidence that threats are predominantly targeting common third-party desktop applications. This version of the report also showed that the No. 1 reason for data breaches remains lost and stolen computer equipment.

Released twice a year, the Microsoft Security Intelligence Report uses data gathered from hundreds of millions of computers worldwide to provide an in-depth snapshot of the threat landscape. With this volume, which covers the second half of 2008, Microsoft provides more information and insight about threats than ever before by offering new data on document file format attacks, the differences in malware affecting home and business computers, and phishing.

Rogue security software, also known as "scareware," takes advantage of users' desire to keep their computers protected. The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information. The Microsoft Security Intelligence Report shows that such programs are now among the top threats around the world. For example, two rogue families, Win32/FakeXPA and Win32/FakeSecSen, were detected on more than 1.5 million computers by Microsoft software, catapulting them into the top 10 threats in the second half of the year. In addition, Win32/Renos, a threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 66.6 percent over the first half of 2008.

Rogue security software and other social engineering attacks such as these compromise people's privacy and are costly; some take personal information and drain bank accounts, while others infect computers and rob businesses of productivity.

"We continue to see an increase in the number of threats and complexity of those threats designed to implement crime at a variety of levels online," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. "But as Microsoft and the industry continue to improve the security of our products and people become more concerned about their online safety and privacy, we see cybercriminals increasingly going after vulnerabilities in human nature rather than software. By working with others across the industry, Microsoft is helping combat the next generation of online threats through a community-based defense resulting from broad industry cooperation with law enforcement and the public."

The Security Intelligence Report also showed that as software companies have improved the security of their operating systems, attackers have shifted their focus to the application layer, where the majority of vulnerabilities are now being reported; nearly 90 percent of vulnerabilities disclosed in the second half of 2008 affected applications. The report also showed that Microsoft continues to make significant progress in secure software development and that newer versions of Microsoft software are more secure than previous versions.

Finally, the Security Intelligence Report showed that lost and stolen equipment, not computer hacking, continues to be the most common cause of security breaches resulting in data loss publicly reported in the second half of 2008 -- totaling 50 percent of reported incidents. To mitigate this threat, organizations must implement strong data governance practices to help protect data from criminal access.

Based on the key findings from the report, Microsoft is calling on the technology industry, law enforcement and policy makers to continue to work together to develop new ways to deter online criminals and help protect people online. Microsoft will continue to work with others toward its End to End Trust vision for a safer, more trusted Internet, which will require broad industry collaboration and technology innovations that are aligned with social, economic and political forces. Microsoft also recommends that customers and organizations use the data and prescriptive guidance outlined in the Microsoft Security Intelligence Report to assess and improve their security practices. The proactive steps Microsoft recommends for individuals and businesses include these:

• Configure computers to use Microsoft Update instead of Windows Update; this will ensure the receipt of security updates for Microsoft Office and other Microsoft applications, as well as security updates for Microsoft Windows operating systems. More information on how to do this is available at support.microsoft.com/kb/311047.
• Make sure that updates also are enabled when possible for third-party applications.
• Use an anti-malware product from a known, trusted source, and keep it updated. Be cautious not to follow advertisements for unknown software that appears to provide protection (rogue security software).
• Avoid opening attachments or clicking on links to documents in e-mail or instant messages that are received unexpectedly or from an unknown source.
• Enterprise customers should ensure that policies are in place to help secure all file shares and regulate the use of removable media.
• Enterprise customers should use the Microsoft Security Assessment Tool (MSAT), available at technet.microsoft.com/en-us/security/cc185712.aspx, to help assess weaknesses in their IT security environment and build a plan to address the risks.
• Enterprise customers should help control the use of remote management software.
• Detailed help and guidance on helping secure the home computing environment is available on the Security at Home Web site at www.microsoft.com/protect.

A full list of Microsoft's guidance, a downloadable version of the Security Intelligence Report, volume 6, and other related information is available at www.microsoft.com/sir.

This news release was sourced from:

www.microsoft.com/presspass/press/2009/apr09/04-08RogueSecuritySoftwarePR.mspx

Spam overwhelms e-mail messages: Microsoft Security Intelligence Report

More than 97% of all e-mails sent over the net are unwanted, according to a Microsoft security report.

The e-mails are dominated by spam adverts for drugs, and general product pitches and often have malicious attachments.

The report found that the global ratio of infected machines was 8.6 for every 1,000 uninfected machines.

http://news.bbc.co.uk/2/hi/technology/7988579.stm

Cybercriminals are profiting from spam and 'scareware'

"Scareware" is a fast-growing threat to computer users, with cybercriminals promoting fake security software to exploit users' desire to keep their computers protected, according to Microsoft's sixth Security Intelligence Report.

And although Microsoft co-founder Bill Gates predicted in 2004 that spam would be "a thing of the past" within two years, the company now reports that around 97% of all the emails sent over the net are unwanted.

http://www.guardian.co.uk/technology/2009/apr/08/spam-malware-online-security

Cisco 2010 Midyear Security Report

Rethinking Global Security for Borderless Networks

As more organizations transition to borderless enterprises, criminals are quickly discovering new tactics for breaching network safeguards. Businesses are weighing the benefits of embracing mobility, video, and collaborative applications (such as social networking and peer-to-peer technologies). At the same time, criminals are using the same innovations not only to commit crime, but also to refine their areas of expertise.

The Cisco 2010 Midyear Security Report examines the major forces of change reshaping the global security landscape. These changes demand that organizations rethink their approaches to enterprise security. Current shifts -- from the virtualization of operations to collaboration and social networking -- provide new opportunities for criminals to infiltrate networks and steal high-value business data.

The Cisco 2010 Midyear Security Report includes:

• Results and analysis from two new Cisco studies -- one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
• International trends in cyber-security and their potential impact on business
• Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
• An update on global spam trends since late 2009 and spam volume predictions for 2010
• Guidance from Cisco security experts to help businesses improve their enterprise security by 2011

Cisco covets anti-spam role:

Cisco appears poised to initiate more action in the anti-spam arena, having just jumped into a standards fray where the industry's top hardware vendor normally wouldn't be found.

"Since all this [spam] traffic is running on Cisco networks in large part, many customers often ask, 'Why can't Cisco do something about it?' " says Sanjay Pol, vice president and director of Cisco's Anti-Spam Initiative. "The less trust people have of the Internet, the worse it is for Cisco and our customers."

Last week, Cisco joined Yahoo, Sendmail and PGP Corp. in submitting the DomainKeys Identified Mail (DKIM) specification to the IETF. DKIM results from Cisco and Yahoo merging separate e-mail verification technologies with similar attributes, which both companies had worked on for more than a year.

DKIM is a signature-based e-mail authentication proposal meant to curb unsolicited commercial e-mail, as well as phishing messages. While the Cisco/Yahoo anti-spam move is getting notice, it is still just another in a litany of efforts in the industry to standardize a way to stop unsolicited e-mail.

DKIM, which relies on cryptography to authenticate a sender's identity, will likely follow the same path as the Sender ID proposal that Microsoft and others submitted to the IETF last year, according to Paul Hoffman, director of the VPN Consortium, a vendor-neutral organization that promotes the development of VPN technology. Sender ID was not ratified as a standard by the IETF, as was hoped by its proponents, but given "experimental RFC" status. "That's exactly what's going to happen to DKIM. That's not to say DKIM would be a failure from an IETF perspective, but that it's not at all clear the technology is valuable or worth doing," Hoffman says.

Part of the problem is that there's uncertainty whether any form of e-mail authentication will stem the tide of spam. Supporters say sender authentication will help fight phishing because senders will no longer be able to make their e-mails look like they've been sent by a valid company. However, these proposals won't directly curtail spam because plenty of spammers don't hide their identity.

"No one should think these technologies, even if implemented perfectly by everyone on earth, will solve the spam problem," says Matthew Prince, CEO of anti-spam consulting firm Unspam. "But if the worst spammers on earth are the ones who pretend to be from a legitimate online business and instead are stealing account information . . . then these technologies are good at addressing the first line of the problem."

Because it involves encryption, DKIM is a more robust approach than Sender ID, but also more difficult to implement, Prince adds. Sender ID has suffered from differences in the way the protocols it includes are implemented, causing compatibility problems that led some companies to rip it out and search for new solutions, Prince says. DKIM will likely capitalize on this opportunity.