The Daily Incite - 11/06/08 - No sharing (and it's a problem)

Submitted by Mike Rothman on Thu, 2008-11-06 14:54.
::
Today's Daily Incite

November 6, 2008 - Volume 3, #87

Good Morning:
One of the things I've always enjoyed most is getting to work with customers that are trying to solve some pretty tough problems. It was less fun when I need to solve those problems myself, but being able to offer some advice, and try to position any number of different alternatives remains a fun challenge for me. And this is pretty consistent whether I've worn a research hat or am representing a vendor.  Only one fried chicken leg per customer....

Being at the Information Security Decisions show has given me the ability to have a number of great conversations with folks and figure out what's on their mind. I got into a pretty detailed conversation last night with someone who was asking why security folks don't talk about breaches and other issues more openly.

That's actually a great question and is (I think) the underlying concept for "The New School of Information Security." The book is still on my nightstand, and I guess it's probably time I crack it open and see what those guys have to say about the topic.

I explained to the person about the general paranoia of a security person, which is a cultural impediment to sharing a lot of information. But if that was the only reason, it could be overcome by a grass roots effort. The real problem is liability. If companies talk about their data breaches, then the tort lawyers have a ton of ammo to sue the pants off these companies.

At the show Mandiant's Kevin Mandia did the keynote on the state of incident response. One of the points he made was that in a breach scenario, it's critical to restrict information as closely as possible. Leaks happen and the information is usually neither complete nor accurate (remember the telephone game?). If you can restrict info as long as practical, it's best for most.

But that is obviously counter to using the massive number of industry breaches as instructive for all. So each company only gets to learn from their own mistakes, and that obviously makes it a much longer road to get better at protecting data. Yet, as long as there are significant financial penalties for sharing information, it won't happen. And that's a shame, but it is what it is.

Have a great weekend.


Photo: "Image_901" originally uploaded by sittered
Technorati: , , ,

The Pragmatic CSO

 The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com

Incite 4U

I'm continuing to adjust to the new demands of having a job and all that entails, while keeping up with my industry reading and the Incite. I'm still way behind in my reading, so many of these news items are still a week or so old. I plan to catch up over the weekend, and then get back into a better rhythm. That's the plan anyway.

  1. PwC does their annual information security survey and finds security is still driven by compliance, as well as mergers and Web 2.0. Hmmm. First of all, I wonder if/how that has changed over the last 6 weeks. Back over the summer, I still saw compliance as the primary driver, though Web 2.0 was driving a lot of hype and getting folks to kick tires a bit. Virtualization security fit into that latter bucket as well. I do expect security spending to hold up better than other software markets, but that doesn't mean it's going to hold up well.
  2. Cisco announces a good quarter, but a crappy outlook moving forward. Their security business grew 19% year over year, which is again further evidence that 1) it doesn't matter if your product is best of breed, and 2) big is still the new small. But check out their earnings call transcript because there is some great stuff there about how to deal with a downturn. Great stuff.
  3. An agile Big Yellow? Hold the presses. Symantec has started their own internal incubator to give folks the ability to develop ideas outside of the "machine" or the big process the drives product development in a multi-billion dollar company. Actually this is a great idea, since the risk profile of leaving the mother ship and starting a new company is pretty ugly right now. I suspect a lot of engineers would jump at the chance to start new things, but within the warm embrace of a reasonably safe paycheck. And who knows, maybe some of them will actually come up with something.
  4. Understanding the "brave new world." Chris Wysopal of Veracode eloquently discusses something that we probably already knew, but didn't want to say. Everything is a target, which means everyone has to worry about little things like application security. Of course, this is great news for Chris at his day job, though because everything is at risk doesn't mean everyone will decide they want to address that risk. Yet, I don't want to minimize the point, which is that you can't assume they don't want to target you anymore.
  5. Little companies need IPS too. SourceFire goes down market with a few appliances targeting smaller organizations. I know, I know - it's not an IPS. It's their 3D system, which does more than just IPS things. Blah blah blah. The important part of this is that at some point every company needs to figure out how to get smaller companies to pay them money. And they also have to figure out the channel, since that is how you get to smaller companies. This is actually pretty predictable given the background of Burris (the new CEO), and is the right direction to go in.
  6. 20% of 0 is still 0. Speaking of budgeting and security spending drivers, SearchSecurity highlights a recent survey saying community banks are going to increase security spending. I wonder if they took the results of the banks that aren't going to survive out of the analysis. OK, that was probably a low blow, and I suspect the survivors will have to spend more on security, but it's not clear how many survivors there will be.
  7. OMG Gartner is blogging. Not Gideon Gartner, but some Gartner analysts. And it doesn't seem to be overly filtered. That's kind of cool. Pescatore is one of the security bloggers and makes the point that the Morris worm is no longer a teenager. Funny thing is that I was actually at Cornell when the worm hit. I vaguely remember some discussion about it, but it didn't seem like such a big deal. But then again, if it wasn't made with hops or agave, it wasn't much of a big deal to me back then. He shows all the major outbreaks since then, which is always good to see graphically.
  8. While FIRE is going down market, Code Green is going up market with a new enterprise-focused DLP platform. I'll make the same point I made before, but in a converse way. It's very hard to build a self-sustaining business only on the back of SMB as well. There are very few examples of that. So you do need to play in both. Now the real question is whether DLP is enough of a stand-alone market to support either the SMB or enterprise segment. 

Risk profile of Leaving the Mother Ship
Submitted by Anonymous (not verified) on Fri, 2008-11-07 13:39.

Came across your blog, and was enjoying your perspective - well done.  Imagine my surprise when you spoke about the "Risk Profile of Leaving The Mother Ship" at Symantec. 

Leaving the Mother Ship is also the name of a book that I wrote, that speaks to how to actually lower your risk when leaving, particularly if you are looking to do something entrepreneurial.  The book is available at amazon.com, as well as at www.LeavingTheMotherShip.com.  (Also a whole bunch of free career tips at that site.)

Keep up the good work,

Randall Craig
www.LeavingTheMotherShip.com

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.