The Daily Incite - August 10, 2006

Submitted by Mike Rothman on Thu, 2006-08-10 08:38.
::
Today's Daily Incite

August 10, 2006

Good Morning:
Slow day today in security-land. Everyone is in a flutter about the AOL "research" project, especially since they found a Georgia woman through the supposed "anonymous" search data. Michael over at MCW Research also highlights some of the stuff people are looking for and it's pretty scary (http://mcwresearch.com/archives/270). I've also ranted quite a bit about analyst independence and how the research model is changing. Today I take an analyst to task (here) for joining a vendor advisory board, and also highlight a vendor perspective (here) on how the evolving research model has impacted his ability to get a hearing with analysts.

And if you've been paying attention to the news this morning, the real bad guys (terrorists) are at it again (here). Given the attack surface needing to be protected, I am always amazed that law enforcement finds these issues in the nick of time. Hats off to law enforcement everywhere. But this just goes to show that we need to always keep our guard up. That applies both to the physical and technological worlds.

Have a great day.

Top Security News

Look out below! AOL fallout has lawyers licking their chops
So what?- What at first was a bad judgment call (a "screw-up") has become a full blown fiasco. The AOL situation is pretty much out of hand. Some enterprising reporter (from the NY Times, I think) tracked back some of the search data to a Georgia woman. I refuse to jump on the bandwagon and mention this woman's name, who is kind of infamous at this point. This article deals mostly with the angles that the class action lawsuits will take. I expect all of the search companies to more proactively discuss what they do with the data. Even Google. It's also interesting to see the blame game within AOL start, given the researchers violated "internal policy" in publishing the data. That means someone will be executed in the public square, but it won't make any of the AOL users feel better. If anything, this does makes you think about your own personal search practices, doesn't it? To check out a humorous look at personal searching preferences, read Pamela Dingle's post (here).
http://www.informationweek.com/story/showArticle.jhtml?articleID=191900935
Technorati tags: ,
Link to this

How close can an analyst get?
So what? - Is it just me or is there something wrong about folks portraying themselves as independent analysts joining the advisory boards of vendors? Yesterday Judith Hurwitz was announced as a member of Safeguard's IT Advisory Board, and in my opinion - this is not kosher. I can't say I understand the business model behind Judith's new firm, but if she is in any way, shape, or form claiming objectivity and independence, then this is the wrong thing to do. Safeguard is not exactly a vendor, but they hold economic stakes in vendors and now Judith has a financial interest (she can't be doing the advisory board gratis) in the success of those companies. Let me make my position clear, an INDEPENDENT ANALYST can not have any kind of perceived or real economic interest in vendors that they cover. And in that unfortunate situation, all sorts of disclosures need to accompany anything he/she writes. Here is my disclosure page. My shorts are clean. Folks that are glorified vendor mouthpieces tend not to adhere to any of these sorts of ethical guidelines. I just hope the readers out there can tell the difference between independent and not so much.
http://biz.yahoo.com/bw/060809/20060809005159.html?.v=1
Technorati tags:
Link to this

Sell those futures McAfee
So what? - I did a piece two days ago about why vendors sell futures (here) and there was one thing I left out. Vendors will also sell futures to freeze a market from competitors with more functional offerings. Case in point is McAfee's announcement of Foundstone 5.0, their vulnerability scanning product. This article spends a lot of time talking about how it will EVENTUALLY be integrated with McAfee's ePO endpoint management offering. Why do they do that? Foundstone stacks up pretty well from a functionality standpoint and it's not like Symantec has a very competitive offering. So why highlight the fact that it's been over 2 years since the acquisition of Foundstone and the products still don't integrate? That makes no sense to me.
http://www.channelweb.com/sections/allnews/article.jhtml?articleId=191801367
Technorati tags: ,
Link to this

7 months is a long time in the Hall of the Walking Dead
So what? - It seems the new CEO at 3Com has opted out of continuing to bang his head against the wall. I've certainly not been a fan of 3Com's strategy (here and here), and I can't say I blame the guy. Traveling to China is brutal - but if you are winning in the marketplace, it makes all of those hours in the air more palatable. If you come to work and get your teeth kicked in pretty much every day, then not so much. It'll be interesting what Edgar Masri, the new CEO will do with the company. They do have a pretty substantial customer base and they want to increase their presence in China, but it seems to me that spinning out TippingPoint and selling the other piece parts may not be a bad option at this point.
http://phx.corporate-ir.net/phoenix.zhtml?c=61382&p=irol-newsArticle&ID=893767&highlight
Technorati tags:
Link to this

Top Blog Postings

Malware as a service?
Nick Carr says the advent of increasingly bad stuff happening through Web 2.0 applications (social networking, blogs, etc.) is going to impede the adoption of these technologies in the corporate mainstream. He may be right, but I don't think it matters. Consumers are driving the adoption of technology nowadays, which is a 180 degree shift from less than a decade ago. Consumers will continue to use social networking environment because it is fun. Corporates may lag, but just as we saw with blogging (which was led by consumers) they'll have no choice but to jump aboard. Sure they'll need to take greater security precautions, but we're already doing that. I agree that we'll have more pretty high profile issues, but we can't stop the train at this point. So we better get ahead of it and make sure we are protected.
http://www.roughtype.com/archives/2006/08/malware_as_a_se.php
Technorati tags: , ,
Link to this

What is an expert after all?
Dave Piscatello muses a bit on titles and seems uncomfortable with someone refers to him as an expert. Hmmm. I've got a different take on this. Basically, the expert is the guy/gal with the most experience in the room. So, if the shoe fits - then you need to wear it. I'm the WiFi expert when my posse gets together for a family dinner. Because most of my friends aren't techno-folks, I usually end up troubleshooting all sorts of home technology maladies. Now, there is a distinction between being the "expert" and having a "brand." The folks that Dave mentions (Schneier, Zimmerman, Ranum, et al) clearly have great security "brands" and therefore are pretty much the experts in any room the enter. But ultimately if you know more than the other folks at the table, you are the expert.
http://hhi.corecom.com/arc20060801.htm#BlogID543
Technorati tags: ,
Link to this

Where are those asset tags again?
These data breaches keep coming at a fast and furious pace and continue to highlight the need to both track and secure your laptops. I've been at two separate companies that at first didn't have asset tags and then rolled them out as we grew. I don't think any company has the option to not aggressively track their technology assets anymore, so I see a definite market for SMB-oriented asset management stuff. I don't really follow that market, so a lot of products may already be meeting that need. We'll also see desktop encryption being bundled into laptops before too long. I suspect folks like PGP and SafeBoot would only be too happy to put a "personal" edition on laptops, knowing that quite a few enterprises would be interested in getting the management console to track all of those devices. Of course, over time - this will be a function of the OS (a limited capability is already in Mac OS X).
http://www.informationweek.com/blog/main/archives/2006/08/do_you_know_whe.html
Technorati tags: , ,
Link to this

Vendors like the new research model too
Alan Shimel follows up on my research evolution post (here) to provide his perspective on how the Internet and blogging has changed his industry interactions. It's good to see that folks on all sides of the fence (yes, end users like to get information from folks like Alan and I) like this new model. I'm sure the old methods still work on some folks, and that won't change for a while. But as I mentioned previously, Big Research is losing their cache and it'll be interesting to see if end users continue to pay the freight for stuff they can get elsewhere for much less.
http://www.stillsecureafteralltheseyears.com/ashimmy/2006/08/the_great_equal.html
Technorati tags:
Link to this

Recently on the Security Incite Rants Blog

How research is different today
It's always interesting to take a step back and think about how things have changed. Not on a yearly basis, but longer. This post started as a way to analyze how and why I read so much stuff and pretty much morphed into an analysis of how the research business has changed over the past 8-10 years. The way you get information is radically different and the role of the analyst is very different as well.
http://securityincite.com/blog/mike-rothman/how-research-is-different-today

Another perspective on vendor rankings
A post from Chris Harrington at InfoSecPodcast got me thinking about how the relevance of analyst rankings to a buying process is heavily dependent on whether you look like the analyst firm's typical customer. I delve into a few of those topics here and also address a comments from Thomas at Matasano relative to the statistical reliability of these vendor ranking charts.
http://securityincite.com/blog/mike-rothman/another-perspective-on-vendor-rankings

Read yesterday's Daily Incite
http://securityincite.com/TDI-2006-08-09

Technorati: