NetworkWorld Column: We need more security intelligence

Submitted by Mike Rothman on Mon, 2006-08-28 08:19.
::

As I was flying last week and the general inconvenience of having to check my bag set in, I came to realize it was good, old-fashioned intelligence that got ahead of that terrorist threat. Intelligence gathering exercises are something we don't do enough of as a security community. That is the topic of this week's NetworkWorld column, and I think it's important.

Check it out and let me know what you think:
http://www.networkworld.com/columnists/2006/082806rothman.html

 

Mike, I absolutely agree
Submitted by wpn (not verified) on Mon, 2006-08-28 08:49.

Mike, I absolutely agree with you, but I wish the "intelligence" we're getting today were less tightly bound to vendors of security products.  If you're selling hammers, you're going to go on and on about nail threats.  (Well, okay, maybe I stretched that analogy completely out of proportion.)  It's getting so that I can't go to any briefings that aren't sponsored by at least one vendor.  We need more vendor-neutral intelligence.

 

 

ISAC?
Submitted by Mike Rothman on Mon, 2006-08-28 09:02.
Great point, which is what more objective groups like FS-ISAC (and another of like consortium in other industries) are supposed to be doing. Clearly they are not getting it done. So, that leaves the job to the private sector and thus the reliance on vendor-sponsored intelligence efforts. Unfortunately, I'm not sure there is an answer because ultimately intelligence costs money and that money needs to come from somewhere.
More security intelligence?
Submitted by Rob (not verified) on Wed, 2006-08-30 23:32.

Give me a break Mike. There are some pretty smart security folks out there, but say "covert channel" and most of them will reach for the TV Guide.

Your definition of better security intellegence seems to be automating/improving the "reactive" model, while ours is to create systems that are are tough to attack. But I am glad that you are challenging vendors to do better.

I am confused by your theme here though. Here you are calling for greater security intelligence and yet you have told me that multilevel/trusted computing, which is form of counter-espionage technology, is only a niche product. That would possibly apply to previous forms of trusted technologies. Another analyst (from one of the major firms) saw a demo of our product recently and commented that we appear to have removed most of the "pain" that was common to trusted computing. If that is so, then this would certainly set the stage for this level of security to become more mainstream and not reserved for highest echelon secure installations. Would it not be a benefit to cage all running applications, and run all of ones' servers and appliances as trusted to reduce the attack vector for the bad guys, at every major enterprise, since a trusted box would remain safe until a patch was obtained?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.