April 7, 2006

Good Morning:
Today's highlights include a number of earnings misses from the likes of Websense, SafeNet and Entrust. End users need to follow the public markets for the companies that are strategic vendors, so my blog postings yesterday were focused on explaining why and also tearing into some of the announcements.

I also include a few clips on instant messaging and the security risks. I got into it a bit with one of my clients during a strategy day this week about whether IM Security is really that "sexy" for the market. I agreed that the vendors are trying to push IM security as something that's important, but I don't believe that users are interested. Regardless of what threat statistics are concocted for Symantec's quarterly threat report. But that's just one man's opinion.

Have a great weekend.

Top Security News

The Spinning on LuLA starts now
So what? - This isn't really security related YET, but in this story it looks like Pat Russo of Lucent went to kiss the ring of Sen. Charles Schumer - who was one of the loudest calling for the Dubai ports deal to be scuttled. Evidently the good senator has been pacified and won't voice his opposition of this deal. Though Alcatel may need to stop selling stuff to folks like Iran. Of course, we'll see what the CFIUS (Committee on Foreign Investments in the US) has to say about this. These are folks that killed Check Point and Sourcefire.
http://snipurl.com/otyl

Business and Financial Continuity - UK Style
So what? -  This interesting case from CSO Magazine, describes an annual ritual coordinated by the UK Government and financial institutions that practice business continuity on an annual basis. Unfortunately we are all at risk to some type of terrorist attack and it may be physical or virtual - but most likely it will be coordinated. We can all take a lesson from this in stressing that it's not enough to have a theoretical plan for business continuity. You must practice.
http://www.csoonline.com/read/030106/disaster_practice.html?source=csoupdate

Verizon jumps into IM game
So what?-  Verizon, or one of the two carriers left, has rolled out an IM offering for enterprises. That's not novel, but it does give me an opportunity to discuss the security of IM systems, which is a part of the offering. I think IM Security is much ado about nothing. There have been like one or two attacks that I can remember - and they caused minimal damage. It sounds to me like Chicken Little is back in town and he's selling some IM Security snake oil. OK, you need to protect IM systems like anything else, but do you need a separate box? Not for long. Integrated is the way to go on this one.
http://newscenter.verizon.com/proactive/newsroom/release.vtml?id=93369

More IM FUD - Loaded Symantec Threat Report
So what? - While I'm ranting about IM, I found this article - which is basically a bit of coverage about Symantec's most recent Internet Security Threat Report. I know it's hard to believe, but Symantec found that IM is a security risk because lots of folks use it. How does that make it a risk? They also mention that worms were 90% of the threats against IM. Out of how many? The article doesn't say. I'm not sure if the report does. I just think the timing is a little suspect in that Symantec bought an IM security company (IMLogic) in January and in the first quarter after the deal - IM Security is a HUGE issue. Got to love those marketing folks.
http://www.securitypipeline.com/184429107

Review of new Credant version
So what? - People losing laptops with private information has become a pretty regular occurrence. Of course, it becomes a front page story (right Fidelity), so we'll see a lot more folks deploying full disk encryption to make the pain go away. This Network Computing review highlights an upcoming version of Credant's Mobile Guardian product, which has a little different take on full disk protection at rest - but solves roughly the same problem. Nothing is a panacea, but at least doing something will keep the auditors at bay.
http://www.networkcomputing.com/showitem.jhtml?articleID=183702335

Top Blog Postings

Arbor's New Blog is Outed!
This post is really funny. Since a clear trend is corporate blogging, one of the consultants at Matasano points out (since he used to work at Arbor) that there is no way an Arbor technical person would have written the initial set of posts. They had marketing speak all over them. So, a word to the wise to corporate PR teams. If you are going to blog, do it right - because you will be nailed if you ghost write marketing stuff masquerading as technical insight.
http://www.matasano.com/log/2006/04/blog-posts-do-not-include-words.html

Steinnon weighs in on Desktop re-imaging
The comment by the Microsoft guy stating it's easier to rebuild a malware-infested PC than trying to clean it (covered in yesterday's TDI) got a lot of action in blog-land. Here Richard Steinnon's take is that Microsoft is giving up too easily and accepting defeat. Through "good research," like the kind he did at Webroot I'm sure, you can effectively clean up most of the desktops. My take is that he's right, but it doesn't matter. Large enterprises don't have time to worry about being right. Just blow the machine away - rebuild it and let the user get back to work. It's not a big deal. Now Microsoft would be well suited to push out a best practice on where data should be stored to make this type of transition clean. Maybe even build it into OneCare. Hmmm. That's novel, eh?
http://blogs.zdnet.com/threatchaos/?p=307

Dave Piscitello Revisits Firewall History
One of the things I pointed out in March 28th's Daily Incite when I looked at NetworkWorld's 20th anniversary spread, was that they named Shlomo Kramer the "inventor of the firewall," which probably isn't true. I, of course, did not mention chapter and verse proving it - but Dave does. It's interesting to revisit the history of the firewall anyway.
http://hhi.corecom.com/arc20060401.htm#BlogID516

Mu Security launches this week
Ellen Messmer covers Mu Security's launch in this blog post. Mu has a new box that simulates protocol-type of attacks and allegedly can discover "unknown" vulnerabilities. Hmmm. How do they do that? Since they are unknown and they must use some type of known protocol attacks for testing. I'm talking to them next week, so I'll keep you posted on that.
http://www.networkworld.com/weblogs/security/011707.html

Recently on the Security Incite Rants Blog

Earnings Miss: SafeNet misses; CFO gone; nCipher deal dead
In the afternoon wave of earnings miss announcements, this time it's SafeNet. So they missed, which I think is the first time since they've starting acquiring all sorts of stuff - so it was a pretty good run. But they also took out the CFO in a rather unceremonious way, which I didn't take too kindly too. Read the post and see what I think about it.
http://securityincite.com/blog/mike-rothman/earnings-miss-safenet-misses-cfo-gone

Earnings Miss: Websense and Entrust a bit light
Both Websense and Entrust pre-announced light quarters. Here is my take on both announcements, including some speculation about new Websense CEO Gene Hodges clearing the decks a bit before everything that happens becomes his problem.
http://securityincite.com/blog/mike-rothman/earnings-miss-websense-and-entrust-a-bit-light

Why Company Results are Important
As we enter earnings season, I'll be publishing snippets of public security companies quarterly announcements. In this post, I describe why I think it's important to follow your key vendors from a company performance standpoint - not just the latest product announcements.
http://securityincite.com/blog/mike-rothman/why-company-results-are-important

Read Thursday's Daily Incite
http://securityincite.com/blog/mike-rothman/the-daily-incite-april-6-2006