The Daily Incite- September 17, 2007

Submitted by Mike Rothman on Mon, 2007-09-17 11:22.
Today's Daily Incite

September 17, 2007 - Volume 2, #132

Good Morning:
All work and no play makes Mike... Well you know how that one turns out. I definitely have a love/hate relationship with product launches. I love the creation process. Taking an idea and making it into something. It provides a real sense of accomplishment. You focus all your efforts for weeks and months to get ready for THE DAY. Then as the day rapidly approaches, there are the million (it definitely seems like a million) little details that have to get worked out. The clock is ticking, the wheels are in motion, and there is always something that doesn't get done. Usually quite a few somethings don't get done.

I guess it's just the nature of the beast. Thankfully the Boss is pretty understanding when I go into crunch time. It only happens a couple of times a year, but I do tend to get pretty focused. Thankfully we had plans on Saturday night to go see see Matt Kirschen, one of the finalists from this season's Last Comic Standing, to provide a little bit of R&R. Kirshen's the little British guy. Having met him and chatted a bit after the show, I can tell you he is very little and pretty British. He uses words like cupboard and trench foot. Not your usual Americana dialog. He put on a great show - very funny with a dry wit. So if you have a chance to see him live (or any live comedy for that matter) - go do that.

I mean how many times can you see Bruce Willis or Russell Crowe shoot the bad guys and blow up things? I guess a lot, but in my humble opinion, there is nothing like live comedy. Live music comes in a close second.

But back to product launches. I've been mentioning this elusive "summer project" for a while, and within the next 24 hours I'll be taking the wraps off and providing a sneak peak to what I believe is the most important thing I've ever done. Career-wise anyway. The product will officially ship (so to speak) on October 15, but I'm doing a pre-launch and providing some good discounts to folks that jump on board early. The first couple of modules are hot off the presses, the shopping cart and web pages are fired up and ready to go, all I need to do is polish up the announcements.

Much more on that later. But now it's back to the remaining 500,000 details, so I can get this thing over the finish line.

Have a great day.

Technorati: ,

The Pragmatic CSO

The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"
www.pragmaticcso.com

Top Security News

They forgot the MOST dangerous consumer technology
So what? - NetworkWorld spent some time putting together their list of the "8 most dangerous consumer technologies" and it's pretty predictable. Instant messaging is #1 and stalwarts web mail (#2) and USB drives (#3) follow close behind. Of course, we can't forget camera phones (#5) and Skype (#6). It's interesting they mention virtual worlds to bring up the rear at #8. I figure the biggest threat there is that folks that get immersed in that technology will lose their minds - Matrix-style. But they really missed the single biggest issue with consumer technology and that's the CONSUMER themselves. A jackass with a keyboard can do a hell of a lot more damage than instant messaging. I know a lot of folks believe that security awareness training is a waste for businesses, and my position on that is pretty clear. But it's all the MORE important to get education/training right for consumer markets and no one is really addressing that. Hmmm, that's an interesting idea.
Link to this

Crazy Americans still love their firewalls
So what? - I've been pretty vocal in saying the Jericho Forum has been pissing up a rope. It turns out they suffered from a bit of marketing aggressiveness in coming out with the ill-advised (in my opinion anyway) position that folks should be shutting down their perimeter defenses. Of course, the truth is somewhere in the middle and I do believe that we need to start thinking in terms of multiple perimeters and digging moats closer to the data. Hoff likes that. This NetworkWorld coverage of Jericho's latest conference highlights some of the issues. It's not that Americans aren't getting the message, it's that it's not resonating. Probably for lots of reasons. Most of all is saving face. We've spent a ton of money and time building out our perimeter, so admitting that it wasn't the best use of money makes the guy who pushed for it look like an ass. Thus, you have an immune system reaction to Jericho because it's easier to keep the status quo than to admit you were wrong. To be clear, those still advocating a strong perimeter security posture are RIGHT, but even if they weren't - they wouldn't admit it readily. If you need some more perimeter ammo, Mike Chapple provides some other points in favor of the perimeter in his SearchSecurity tip this month.
Link to this

It's OK - we're the good guys
So what? - This one is a hoot. Late last week, an idea started making the rounds about using keyloggers in Internet Cafe (predominately in India) to cut down on terrorist communications. Yeah, not so much. I'll leave the purple suit to Captain Privacy, but I believe this is a slippery slope. Sure the bad guys do things in public Internet locales, but they are also (if they are smart anyway) using anonymizing technology (like Tor) to stay further cloaked. But those details aside, the biggest issue is just the shear amount of data. It's kind of like the big dust up last year with AT&T allowing the NSA access to store huge amounts of phone calls. Has that worked? Who has the time or even the algorithms to wade through tons and tons of keystroke data and draw any kind of actionable conclusions. Maybe I'm just not privy to these kinds of analysis engines, but I suspect that's a pretty hard problem to solve. Make that a very hard problem to solve. FYI, I'm sure within 15 minutes of publishing this TDI, I'll have 10 vendors tell me they can do this. Ah, the wonders of 800 vendors in a space that can hardly support 100.
Link to this

The Laundry List

  1. Verizon has a new CSO. Former FBI guy, good luck with that. Still not sure what that has to do with CyberTrust, since they are in the VZ Business group. I guess it's org chart be damned. - SearchSecurity blog
  2. Desktop real estate prices doing up. Symantec is (finally) integrating some of their disparate technologies that run on the endpoint. including Altiris. Duh. - Symantec release
  3. VoIP Hopper appears, a new open source tool from Vigilar to see if networks are vulnerable to this hopping attack. The more testing the better, though a strong monitoring capability should be able to tell if a PC is "acting" like a VoIP phone. - Vigilar release

Top Blog Postings

Amrit pats himself on the back
As much as I like to give Amrit a hard time (who doesn't), he is absolutely right about the advent of "endpoint security" subsuming traditional AV and a host of other functions that run on the devices. I've been beating this drum for a while too, but I'll give Amrit his day in the sun. Have you seen him? He doesn't get into the sun too much or he uses SPF 10000. Of course, he never misses the opportunity to talk about why you need the stuff he sells, but he does make few good points - like "spend less, demand more" and "rip out your incumbent if they aren't providing value." I'm not sure those little tips only apply to the endpoint, especially since the perimeter is actually a bit ahead of the integration on the desktop. Anyhow, good job Amrit. But you don't get to keep score on a piece of paper anymore. It's all about the money and liquidity.
http://techbuddha.wordpress.com/2007/09/13/the-birth-of-the-endpoint-protection-platform/
Link to this

Hate is such a strong word (unless you are talking about THAT competitor)
Of all the things I don't miss about being in vendor-land, it's the bare knuckles competition between a couple of companies trying to establish market leadership. Anton has a great post here about some of the hijinx you'll see by some of the folks with less than reliable ethical compasses. The lying thing resonates, as well as "stealing" a demo box and other ways to get at the competition's intellectual property. This is just the way the game is played nowadays. You need to assume that your competitors have your equipment and if you don't have theirs, then you are at a disadvantage. Obviously you need to stay on the right side of the law (even if it seems the other guys don't), but besides that you better have an answer when the competitor starts slamming you in sales meetings. But that's another topic altogether.
http://chuvakin.blogspot.com/2007/09/guide-to-hating-competitors.html
Link to this

No mas on virtualization security
All I have to say is thankfully VMWorld is over and maybe now we can get back to discussing issues that are really issues. This hype around virtualization security is a bit wacky and the reality is we are still largely dealing with the specter of the attack. Kudos to Hoff for this "epiphany" regarding the fact that the big difference between the virtualized world and the traditional world is really about the network. I've been using the term "data center in a box" to try to put a metaphor in place to describe the fact that the network is actually in the physical enclosure. Hoff does a much better job of discussing all sides of the issue, especially the typical "I don't understand it, so there it is bad" reaction you'll get from networking and security folks. Kind of reminds me of dealing with the old networking guys when we told them to connect this LAN thing into the Front End Processor. So read this, maybe understand it, and let it go. I'll start worrying about this when there is a real attack that is compromising real virtualized servers.
http://rationalsecurity.typepad.com/blog/2007/09/epiphany-the-vi.html
Link to this

Recently on the Security Incite Rants Blog

Check out the latest on the Security Incite blog
http://blog.securityincite.com/

Read the most recent Daily Incite

http://securityincite.com/security-incite-rants/daily-incite