2015全球网络安全市场报告(上)
作者 陈怀临 | 2015-05-05 16:49 | 类型 网络安全 | Comments Off
微信号:freebuf 《全球网络安全市场报告》是美国网络安全公司Cybersecurity Ventures发布的季度报告。报告内容包括来自IT分析公司关于市场规模及行业预测等综合研究、发展潮流、就业、联邦政府部门、全球网络安全企业500强热门公司、著名的并购案例、投资及IPO活动等。 由于原文篇幅相当长,FreeBuf将此报告分为多部与各位分享。 一、市场规模及预测 全球网络安全市场由市场规模预测确定,据预测2014年的市场规模为710亿美元,到2019年将超过1550亿美元。
● 高德纳公司(Garner)曾预测全球信息安全支出将于2014年达到711亿美元,而数据丢失预防领域的增长速度创新高,达18.9%。预测显示,全球信息安全支出将在2015年增长8.2%,达到769亿美元。
● 2015-2025网络安全市场预测:Visiongain发布了关于网络、数据、终端、应用及云安全、身份管理及安全运营领先企业的预测报告。报告指出,网络安全市场将在2015年达到754亿美元(与高德纳的预测相差不大),而市场对信息安全解决方案的需求持续高增长。
● Markets and Markets报告指出,到2019年,网络安全市场预计增长至1557.4亿美元,复合年增长率(CAGR)从2014年至2019年将增长10.3%。航空、国防及情报垂直行业将成为网络安全解决方案的最热门提供商。北美洲将成为最大市场,亚太地区及欧洲、中东和非洲地区在市场新引力方面有望增长。
未来三年内,“下一代”网络安全支出将从150亿美元增长至200亿美元。
● 最近一期的CIO杂志(《华尔街日报》出版)文章指出,随着企业从传统防火墙及终端供应商转向云及大数据解决方案,预计FBR资本市场将在今年(2015年)“下一代网络安全支出”中增长20%。
● FBR资本市场常务董事及高级研究分析员Daniel Ives表示,约10%的企业及政府机构已经升级到下一代安全软件,如检测并拦截应用层威胁的防火墙、转向安全的大数据分析服务,“这些软件工具的市场在未来三年将达到150亿至200亿的规模”。
● Frost & Sullivan网络安全高级行业分析员Chris Rodriguez(2015年4月)表示,“越来越多的黑客及民族国家针对网站发动攻击,试图获取非法访问企业网络及高价值数字资产的权限。因为网络应用带来了许多独特的安全挑战需要基于目的的解决方案,此类高级别数据安全事件刺激了市场对WAF(网络应用防火墙)系统的需求。全球市场规模将在2018年有望达到7.773亿美元。”
● 位于美国加州洛斯盖多斯的Spikes Security是众多下一代供应商中来势凶猛的一家公司,它在全球最热门最具创新力网络安全企业500强(Cybersecurity 500)中位列第116位。公司首席执行官Branden Spikes曾在全球最成功的企业家、工程师、创新者及投资者之一的Elon Musk手下担任首席技术官,并在Zip2、PayPal、Tesla以及SpaceX公司任职超过15年。Spikes Security为隔离并删除浏览器恶意软件提供了唯一的平台。
全球每年在移动及网络安全方面的支出预测为110亿美元,且不断增长。 | |
 Defending Against Advanced Persistent Threats: Strategies for a New Era of Attacks
作者 陈怀临 | 2015-05-03 12:33 | 类型 网络安全 | Comments Off
Cyber Kill Chain的原始文章: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
作者 陈怀临 | 2015-04-29 14:55 | 类型 网络安全 | Comments Off
A “Kill Chain” Analysis of the 2013 Target Data Breach
作者 陈怀临 | 2015-04-29 14:10 | 类型 网络安全 | Comments Off
RSA2015–弯曲评论的观察
作者 陈怀临 | 2015-04-28 16:42 | 类型 网络安全 | 2条用户评论 »
据悉, 中国国家信网办的相关领导人也亲临会议现场,
FireEye as a Service
FireEye是美国领导APT防护的公司。
内网防护
许多迹象表明,数据安全的防护目前态势从之前的边界防护(
类似家庭和公司的防盗系统。盗贼突破了大门(
网络安全的内网防护就是基于这个简单的道理–
许多公司目前都在基于行为分析的模型上做文章。
在初创公司中,Vectra Networks的APT防范产品非常值得关注。Vectra Netorks的管理团队是Juniper Networks网络安全产品线的一些负责人。 其公司的产品定位是通过机器学习的方式,成为“the leader of real-time detection of cyberattacks”。
End to End的安全策略
网络安全的最终目的是把安全策略规划在一个企业网络上,
Illumino最近获得了超过1亿多美金的投资,
中国公司
中国公司方面,山石网科(Hillstone Networks),绿盟,安天,WebRay, 绿网, 360和一些相关企业都有参展。相对而言,山石网科的展位,
老朋友
RSA大会其实也是网络安全圈的朋友聚会。
NetScreen曾经在2000年左右在美国网络和安全界创造
| |
Why a deep-learning genius left Google & joined Chinese tech shop Baidu (interview)
作者 AbelJiang | 2015-04-26 21:45 | 类型 机器学习 | Comments Off
SUNNYVALE, California — Chinese tech company Baidu has yet to make its popular search engine and other web services available in English. But consider yourself warned: Baidu could someday wind up becoming a favorite among consumers. The strength of Baidu lies not in youth-friendly marketing or an enterprise-focused sales team. It lives instead in Baidu’s data centers, where servers run complex algorithms on huge volumes of data and gradually make its applications smarter, including not just Web search but also Baidu’s tools for music, news, pictures, video, and speech recognition. Despite lacking the visibility (in the U.S., at least) of Google and Microsoft, in recent years Baidu has done a lot of work on deep learning, one of the most promising areas of artificial intelligence (AI) research in recent years. This work involves training systems called artificial neural networks on lots of information derived from audio, images, and other inputs, and then presenting the systems with new information and receiving inferences about it in response. Two months ago, Baidu hired Andrew Ng away from Google, where he started and led the so-called Google Brain project. Ng, whose move to Baidu follows Hugo Barra’s jump from Google to Chinese company Xiaomi last year, is one of the world’s handful of deep-learning rock stars. Ng has taught classes on machine learning, robotics, and other topics at Stanford University. He also co-founded massively open online course startup Coursera. He makes a strong argument for why a person like him would leave Google and join a company with a lower public profile. His argument can leave you feeling like you really ought to keep an eye on Baidu in the next few years. “I thought the best place to advance the AI mission is at Baidu,” Ng said in an interview with VentureBeat. Baidu’s search engine only runs in a few countries, including China, Brazil, Egypt, and Thailand. The Brazil service was announced just last week. Google’s search engine is far more popular than Baidu’s around the globe, although Baidu has already beaten out Yahoo and Microsoft’s Bing in global popularity, according to comScore figures. And Baidu co-founder and chief executive Robin Li, a frequent speaker on Stanford’s campus, has said he wants Baidu to become a brand name in more than half of all the world’s countries. Presumably, then, Baidu will one day become something Americans can use. Now that Ng leads Baidu’s research arm as the company’s chief scientist out of the company’s U.S. R&D Center here, it’s not hard to imagine that Baidu’s tools in English, if and when they become available, will be quite brainy — perhaps even eclipsing similar services from Apple and other tech giants. (Just think of how many people are less than happy with Siri.) A stable full of AI talent But this isn’t a story about the difference a single person will make. Baidu has a history in deep learning. A couple years ago, Baidu hired Kai Yu, a engineer skilled in artificial intelligence. Based in Beijing, he has kept busy. “I think Kai ships deep learning to an incredible number of products across Baidu,” Ng said. Yu also developed a system for providing infrastructure that enables deep learning for different kinds of applications. “That way, Kai personally didn’t have to work on every single application,” Ng said. In a sense, then, Ng joined a company that had already built momentum in deep learning. He wasn’t starting from scratch. Only a few companies could have appealed to Ng, given his desire to push artificial intelligence forward. It’s capital-intensive, as it requires lots of data and computation. Baidu, he said, can provide those things. Baidu is nimble, too. Unlike Silicon Valley’s tech giants, which measure activity in terms of monthly active users, Chinese Internet companies prefer to track usage by the day, Ng said. “It’s a symptom of cadence,” he said. “What are you doing today?” And product cycles in China are short; iteration happens very fast, Ng said. Plus, Baidu is willing to get infrastructure ready to use on the spot. “Frankly, Kai just made decisions, and it just happened without a lot of committee meetings,” Ng said. “The ability of individuals in the company to make decisions like that and move infrastructure quickly is something I really appreciate about this company.” That might sound like a kind deference to Ng’s new employer, but he was alluding to a clear advantage Baidu has over Google. “He ordered 1,000 GPUs [graphics processing units] and got them within 24 hours,” Adam Gibson, co-founder of deep-learning startup Skymind, told VentureBeat. “At Google, it would have taken him weeks or months to get that.” Not that Baidu is buying this type of hardware for the first time. Baidu was the first company to build a GPU cluster for deep learning, Ng said — a few other companies, like Netflix, have found GPUs useful for deep learning — and Baidu also maintains a fleet of servers packing ARM-based chips. Now the Silicon Valley researchers are using the GPU cluster and also looking to add to it and thereby create still bigger artificial neural networks. But the efforts have long since begun to weigh on Baidu’s books and impact products. “We deepened our investment in advanced technologies like deep learning, which is already yielding near term enhancements in user experience and customer ROI and is expected to drive transformational change over the longer term,” Li said in a statement on the company’s earnings the second quarter of 2014. What will Ng do at Baidu? The answer will not be limited to any one of the company’s services. Baidu’s neural networks can work behind the scenes for a wide variety of applications, including those that handle text, spoken words, images, and videos. Surely core functions of Baidu like Web search and advertising will benefit, too. “All of these are domains Baidu is looking at using deep learning, actually,” Ng said. Ng’s focus now might best be summed up by one word: accuracy. That makes sense from a corporate perspective. Google has the brain trust on image analysis, and Microsoft has the brain trust on speech, said Naveen Rao, co-founder and chief executive of deep-learning startup Nervana. Accuracy could potentially be the area where Ng and his colleagues will make the most substantive progress at Baidu, Rao said. Matthew Zeiler, founder and chief executive of another deep learning startup, Clarifai, was more certain. “I think you’re going to see a huge boost in accuracy,” said Zeiler, who has worked with Hinton and LeCun and spent two summers on the Google Brain project. One thing is for sure: Accuracy is on Ng’s mind. “Here’s the thing. Sometimes changes in accuracy of a system will cause changes in the way you interact with the device,” Ng said. For instance, more accurate speech recognition could translate into people relying on it much more frequently. Think “Her”-level reliance, where you just talk to your computer as a matter of course rather than using speech recognition in special cases. “Speech recognition today doesn’t really work in noisy environments,” Ng said. But that could change if Baidu’s neural networks become more accurate under Ng. Ng picked up his smartphone, opened the Baidu Translate app, and told it that he needed a taxi. A female voice said that in Mandarin and displayed Chinese characters on screen. But it wasn’t a difficult test, in some ways: This was no crowded street in Beijing. This was a quiet conference room in a quiet office. “There’s still work to do,” Ng said. Meanwhile, researchers at companies and universities have been hard at work on deep learning for decades. Google has built up a hefty reputation for applying deep learning to images from YouTube videos, data center energy use, and other areas, partly thanks to Ng’s contributions. And recently Microsoft made headlines for deep-learning advancements with its Project Adam work, although Li Deng of Microsoft Research has been working with neural networks for more than 20 years. In academia, deep learning research groups all over North America and Europe. Key figures in the past few years include Yoshua Bengio at the University of Montreal, Geoff Hinton of the University of Toronto (Google grabbed him last year through its DNNresearch acquisition), Yann LeCun from New York University (Facebook pulled him aboard late last year), and Ng. But Ng’s strong points differ from those of his contemporaries. Whereas Bengio made strides in training neural networks, LeCun developed convolutional neural networks, and Hinton popularized restricted Boltzmann machines, Ng takes the best, implements it, and makes improvements. “Andrew is neutral in that he’s just going to use what works,” Gibson said. “He’s very practical, and he’s neutral about the stamp on it.” Not that Ng intends to go it alone. To create larger and more accurate neural networks, Ng needs to look around and find like-minded engineers. “He’s going to be able to bring a lot of talent over,” Dave Sullivan, co-founder and chief executive of deep-learning startup Ersatz Labs, told VentureBeat. “This guy is not sitting down and writing mountains of code every day.” And truth be told, Ng has had no trouble building his team. “Hiring for Baidu has been easier than I’d expected,” he said. “A lot of engineers have always wanted to work on AI. … My job is providing the team with the best possible environment for them to do AI, for them to be the future heroes of deep learning.” | |
山石网科 。《RSA2015随手记——关于“主题”》
作者 陈怀临 | 2015-04-24 11:08 | 类型 网络安全 | Comments Off
今天展位任务繁重,见缝插针的时间,走马观花,不能深究,只看“主题 (messaging)”。“主题”是产品技术营销的灵魂,通常是市场部花力气最多的地方,每年都发现同业人士抑或是“不约而同”或是”英雄所见略同“,表达出的”主题思想“总是共同指向某一个方向。所以看主题,虽然貌似表面但很多时候可以对行业准确把脉。
“内部威胁“是真正的忧虑
传统的安全总是假设”内部网络“是干净的,所以以往的网络安全通常是实施在边界上的。而现在由于企业网络”Any Time, Any Where”的灵活接入,以及大量“聪明”的“钓鱼”对员工轻而易举的“诱惑”,大量的恶意软件早已在不知不觉中渗透进内部,这才是让企业安全管理人员睡不好觉的真正问题。RSA and Imerva和的主题都分别把他们的聚焦点表达得很清楚:”Securethe 80% the Premieter Missed”; “You’ve doneall you can to keep attackers out. What if they’re ALREADY IN?”
“Continuous”(持续) 和”Real Time”成为关键词
对比一下Cisco,Juniper和Hillstone的
有异曲同工之处吗?虽然我们的管理团队多数来自这两个公司,但是我们”发誓“已经很少做直接交流了,只能说所见略同吧。
FireEye朝服务转型的决心
看他们已经把自己叫成”FireEye As A Service” 了。由于被索尼雇用调查被北韩的攻击事件,FireEye Mandiant的安全服务在前不久CBS 60分钟节目中有了充足的曝光,相信他们会在服务的道路上渐行渐远。
有趣的广告词
做为市场人员,我喜欢搜寻好的广告词,分享几个展会上看到的。
再看看安全公司的宏伟愿望
Checkpoint要Secure “thefuture”, Fortinet要 Secure “the World”,HP 要Secure “Business” , Tripware 则认为用了他们的产品你的自信心(confidence)是被”secured”的。 | |
O2O,你真的知道怎么玩吗?
作者 水煮鱼 | 2015-04-24 11:04 | 类型 互联网, 移动互联网 | Comments Off
自从2011年8月份,O2O的概念被Alex Rampell提出,并且在当年的11月份被引入中国以来,O2O这一概念就好像给久无新意的中国互联网行业,打了一针兴奋剂。O2O这个词也如麦当劳,星巴克这些舶来品一样,“吹”遍了大江南北,成为了中国互联网行业的时髦词。
说到 O2O,我觉得不能脱离了商业的本质,以及在过去的十年里,商业世界的变化。 什么是商业的本质? 如果总结所有的商业形态,不论是新的旧的,实体的还是虚拟的,你就会发现这些各种各样商业形态,其实都脱离不了商业非常关键的4个环节:引流,转化,支付,客情管理。 举一个现实例子: 你准备开一个饭店,首先需要选择一个好的口岸。好的口岸的标准是人流量大,不是阴铺,位置突出,周边配套要好等等,这些标准的目的其实都是你为了在饭馆开张后,能够提高引流的效率而制定的一个选择标准。后续不论是饭店的起名,刚开饭店时的开业庆典,开店初期的优惠,以及雇佣人手发放的DM单,线上优惠券,写的一些软文,电视采访广告等等,都是你引流的一些手段。 如果这些你都做的不错,成功的将人群都吸引到了你的饭店里,那恭喜你。你的下一个目标是让进入到店的人群,更多的人转化为你的客户,在你的店里消费。可能我们的饭店这个例子有点特别,因为作为吃饭的地方,从人们进入你的店的选择开始,就存在了很大的几率会成为你的客户,但是也不排除,进来的人群由于店面装修较差,展示图片不够吸引人,菜品菜名不够吸引人,甚至你的店小二的一个表情都成为了影响到这些人群变成你的客户的影响因素。 客户在店里点了菜后,享受完一顿美味佳肴后,就会结账买单。这是一个典型的支付环节。不过目前线下以现金结算为主,当然有一些也会采用信用卡或者储蓄卡刷卡支付的方式,当然也不能排除以后客户会通过支付宝,微信支付等各种支付方式来完成。 目前其实很多线下店的后期的客勤管理手段缺乏。目前基本的方式都是通过办理会员卡,或者留下手机号,后续通过短信推广,电话回访等方式。这些方式要么是一种单向的方式,要么是一种非用户友好的方式,其实后期的客情管理并不是很理想。在某些行业,其实只是对客户信息记录的方式做出了一些改变,但是对客户互动的方式并没有根本性的变化,直到微信的出现,才让这种方式出现了一些改观。 上面讲的例子就基本描述了一个商业涉及到的具体的4个环节。你可以拿这样4个环节和目前很多创业项目或者公司的业务进行对比,你会发现基本所有的创业项目或者公司业务都能被放到这4个环节中的某一个或者二个环节,或者只是通过资源整合,完成4个环节在某些细分领域的应用而已。而目前为止在这样4个环节上都有所布局的也就只有阿里和腾讯了。但具体到每个环节上也是各有长短。 想当年,初入互联网的小编曾今豪情万丈的试图打造从引流,支付到客情管理的所有O2O环节的移动商业平台,现在想明白后,顿觉“不明觉厉”。 那这十几年中,我们的商业世界究竟发生了哪些变化?
一方面,线上的虚拟商业世界经过了十年的发展,通过技术的手段,已经完全颠覆了商业中的四个关键的环节的传统方式。在引流上,全新的互联网营销方式,可以不论时间和地点,直达全世界的每一个人。在转化上,通过各种各样的手段,正常的,合法的,暴力的,灰色的,深刻挖掘人的本性并加以利用,从而最大限度的将流量变成收入。在支付方面,线上的银联卡转账,支付宝,电子钱包等多种方式相继涌现。在客情管理方面,多种的im工具,线上评论,星级评价方式等等,实现了以前线下很难实现的客商互动。最为重要的是,整个商业的所有的环节都是可追溯,可量化的,因而其产生的庞大消费数据具有非常高的价值,从而又可以辅助整个商业流程的改进和优化,进而降低商业的全流程成本,提升整个线上虚拟世界的商业效率。也许大家选择线上购物的原因很大的因素是由于价格的原因,但是可能你却不清楚正是由于整个线上虚拟的商业世界从一出生就具备了自我进化和更新的本领,因此才能够让消费者能享受到如此低廉的商本价格的根本原因。 另外一方面,线下的商业世界仍然保持了原来的速度和方式,慢慢悠悠的按照自己的商业运作规律缓慢前行,虽然标品从线上商业世界脱离到虚拟的商业世界,但是这并没有对线下的商业世界造成致命的打击。 在经过了接近十几年的发展,我认为虚拟的商业世界对标准商品的挖掘基本已经快到了终点。如果你去逛淘宝或者京东,你会发现现实生活中你能买到的几乎所有的品类的标准商品。而现实生后中的另外一种商品:服务(在我们国家中将之定义为第三产业)却无法购买。根据经验,服务业的总体规模随着整个社会财富的增多,其比重将变得越来越大,其整体规模也将会超过十万亿的规模。 然而服务作为体验式商品,其本质是线下的,因此它天生就抗拒虚拟的线上商业世界。同时,服务需求的发生,随时随地(就是我们现在说的基于场景),原来的从桌面互联网发端的虚拟的线上商业世界也并不能很好的满足服务这个商品的发起要求。但是移动互联网的出现却完全改变这一态势。服务+移动互联网促使了一种全新的电子商务模式的出现,这就是O2O。在O2O的商业模式中,商品完全保留在了线下,而商业的四个关键环节适度在线上完成。
转化环节的完成,其实一直都是难点。以前一直都是通过从整个产品的设计开始,基于场景的产品思考,优化的产品UI,重视UE,再加上一些促销优惠完成的。但是今年的红包大战,以及后续微信推出的卡券功能,转化的互联网化才刚刚开始,我想在转化环节的完全互联网化还有一些路要走。 支付环节的互联网化并没有脱离场景,这场争斗显得更加热闹。从滴滴和快的之战,饿了么和美团的外卖之争,再到双12的支付宝的线下突袭,甚至春节期间的红包大战,这些互联网巨头们开始在多维度,多战线上开始了用户的线下移动支付的习惯培养和圈地运动。据说再过一段时间,苹果的ApplePay也即将开始在国内支持,这场战争越来越有意思了。究竟现金结算什么时候会被取代呢?我相信会有那么一天,我们只有拭目以待了(根据最小成本原则,其实这是完全符合整个人类历史的发展规律的,甚至是纸币的消失,我也认为是一种趋势,这我想也是为什么比特币会有如此影响的原因)。
线下商业世界的商业关键四环节的互联网化,将使得原来单纯线下商业世界的服务具备了自我进化的基因,因此随着O2O的进化,整个线下的商业模式将会变得更加有效率,而传统的哪些产品会收到这种模式的颠覆呢?答案明确的是,所有的消费者无疑都会从中获益。 上面提到的其实都是O2O整个生态的基础设施。而随着移动互联网的深入,以及服务这种商品的特点,估计很难出现类似于以前京东,或者天猫这样的商品大卖场的模式,取而代之的则是类似于微信或者支付宝这样的基础平台,以及在此平台上出现的各种基于场景的应用。所有在移动互联网时代,对领域的细分,即基于场景将变得非常重要。也许在一个场景,就会诞生一个巨头,因为这个市场确实太过庞大,而在任何一个领域的精耕细做都有无限的想象空间(由于APP的孤岛效应,终究会被HTML5等线上的方式取代,这个值得期待)。 WIFI作为目前公认的移动互联网的关键入口,在目前整个O2O生态中,更多只是充当的高速公路的角色;如何让wifi参与到O2O的整个生态中呢?目前大家都还在摸索和尝试。 | |
关于高端网络安全系统的一些系统问题
作者 陈怀临 | 2015-04-20 10:05 | 类型 专题分析, 网络安全 | 3条用户评论 »
包云岗 。《科研指挥棒怎么挥舞》
作者 陈怀临 | 2015-04-07 10:45 | 类型 中国系统软件, 科学与中国 | 1条用户评论 »