The Daily Incite - August 27, 2007

Submitted by Mike Rothman on Mon, 2007-08-27 08:59.
::
Today's Daily Incite

August 27, 2007 - Volume 2, #125

Good Morning:
Hear ye! Hear ye! I ask that we take a moment to rejoice at the Return of the Mogull. After many years on the Crusades, Sir Rich of the Land Mogullus has decided to put away his sword, return home and lead a more quiet life tending to his flock of sheep and goats. Or something like that. Rich leaves the warm, comfy confines of the G with nary a plan or a parachute. I believe the medieval term for that is "cajones."

But enough about Rich, remember this is about my favorite topic. On Saturday night at dinner with friends, we started talking about business and my inability to work for other folks came up. Did I like working for myself? Wasn't it scary? How did I build up enough courage to actually step out into the chasm?

Yes it was scary, as I suspect Rich will certainly go through his share of second-guessing angst about whether he made the right choice. Working for Big Research is about as cushy a job as there is - if you've got the skills to be an analyst. But my situation was different, although I am young and quite foolish. The truth is I didn't feel I had any other choice. After my last marketing gig ended, the idea of getting another marketing job was distinctly uninteresting. I also spent a lot of time really figuring out what I like to do and where I thought I could add value. Right, marketing (as a full-time job) wasn't high on the list.

I also come from a long line of Rothmans that have pretty much always worked for themselves. We don't really play too well in the sandbox. So when I told the family I was starting my own business, the general feedback was "what took you so long."

Though there are still times when I worry about the pipeline and keeping up with my production schedule. I'm very focused on productizing my research right now and ultimately I need to make sure I can keep the Boss in the lifestyle she's become accustomed to. But I'm worrying less and less nowadays. I'm pretty lucky. Actually - very lucky. I get to do what I love every day. I don't have to answer to anyone, except the Boss.

Rich isn't sure what the future holds for him. Maybe he'll get a gig, maybe he'll stay independent. Join the club, bro. But I'm pretty sure Rich will get into all sorts of trouble and he'll have some fun. That's all we can ask for, no?

Have a great day.

Technorati: ,

The Pragmatic CSO

 The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"
www.pragmaticcso.com

Top Security News

Perfect (fill in the blank) security - HA!
So what? - I figured it out. I have been wondering lately why there are times when the headline of an article has very little to do with the content. Then it hit me. Drum roll please........ SEO! That's right, the Gods of Google are responsible for titles like "Perfect HIPAA security impossible, experts say." You need to be able to get a good search engine placement should some poor sap actually believe that he/she could achieve perfect security and do a search on it. Of course, the word "perfect" isn't mentioned at all throughout the rest of the article. It's actually a pretty decent analysis of new fangled ideas like defense in depth and identity management as ways to achieve HIPAA compliance. The most valuable point made in the article is that you don't have to be perfect and the examiners don't expect you to be perfect. But you need to be able to document and prove what you've done. 
Link to this

Bzzz Bzzzz - where's that honeypot again?
So what? - I know I mention the concept of "reacting faster" a lot. At least a few times a week. Since I'm pretty dense and need things to be repeated a number of times before they get through, I figure you probably are similar. I know that's a bad assumption and forgive me if I annoy you with repetition. But it's important. I'm all about technologies and techniques that can help you to react faster. Roger Grimes makes a great point about using your own honeypots internally to get early warning that something is amiss in your environment. He links to a book and some tools that you can use to get your Honeypots working and quickly. This isn't a replacement for a good security monitoring strategy, but deploying your own honeypots can (and should) be an effective compliment.
Link to this

It gets back to education
So what? - The youths of today are a pretty scary bunch. Scary smart that is. Between the NJ teen, who spent the summer breaking the iPhone and this Australian lad - who broke the Ozzie Government's $84 million Web filter in less than an hour. How do you spend $84 million on a web filter, by the way? That rivals the $2000 toilet seat. But that's not the point. Today's kids seem to just get it. The quote from the Australian (Tom Wood) really says it all: "Cyber bullying, educating children on how to protect themselves and their privacy are the first problems I'd fix." Sure, we could blame the ISPs, and they should shoulder some blame. But the reality is that we need to be responsible for what our kids (and employees are kind of like kids too) do on the Internet. We need to teach them what is right, wrong and what will not be tolerated. And we need to ground them if they violate the rules. Though if a certain Government down under wants to chat about how they could solve the problem for $83.75 million (and save a cool $250K), I'd be happy to chat.  
Link to this

The Laundry List

  1. Do displacement programs work? Fortinet is going after CHKP, but it's not only about actually converting customers. It's also about sending a message to the incumbent that they are making a move. - CMP channel coverage
  2. No, this isn't Saw 4. The outage in the Northeast last week was due to a saw being used to cut a fiber and the backup pair being shot up. Haven't these guys ever heard of conduit? - NetworkWorld coverage
  3. Interesting password tips, but they forget to mention where to hide the yellow sticky note. - InformationWeek blog

Top Blog Postings

What is IDS anyway?
Poor Stiennon. He rode his "IDS is dead." horse to fortune and fame. Not so much on the fortune part. How about infamy? Now it's in vogue to push that IDS is alive and well as evidenced by this SearchSecurity article. Per usual, the truth is somewhere in the middle and it will force us to reconsider what we call an IDS. The historical definition of a box sitting in the network that compares traffic to a base of signature is only one part of actually DETECTING AN INTRUSION. Nowadays, you can and should be using things like honeypots, network behavior analysis, and passive vulnerability scanners, in addition to traditional signature-based IDS to monitor your network and detect issues earlier which means you can (another drum roll please)  - REACT FASTER. It's all about monitoring. I feel zen-like already. Farnum went a bit nutty with Photoshop to put together this long and excellent post about why the world is far from perfect and why monitoring (and even IDS) is an important part of your defenses.
http://infosecplace.com/blog/2007/08/24/why-ids-will-be-around/
Link to this

DLP and CMF: How about an FU?
Hoff when nuts last week in venting a bit about why data leak prevention wasn't a market, but rather a feature in this post. The reality is that EVERYTHING is a feature. Even security. Yes, the broad idea of security should really be a feature of the technology infrastructure. It will take time to get there, and hopefully I'll be sitting on a beach somewhere when it finally arrives. Contrary to some other analysts out there, a set of cheap acquisitions (like Port Authority and Tablus) does not spell the end of the market. There isn't really a reason why DLP (or CMF) algorithms won't be on the content filtering box and running as part of an endpoint security suite. But most big companies need stand-alone offerings because they have stand-alone groups and people that do things. You couldn't possible expect the content guy to actually talk to the networking guy to make sure the right policies are in place to prevent data leakage over Skype. So DLP will continue through the hype cycle for a while, then it won't. That's the way things work in these parts. But it is good to spur discussion and Hoff poked enough to get His Mogullness to actually spend some time and define CMF and DLP for us.
http://rationalsecurity.typepad.com/blog/2007/08/i-know-its-been.html
Link to this

Compliance and NAC - Not!
Bravo to Fratto, who calls bunk on all of the folks out there portraying NAC as a salve for compliance issues. Echoing many of my published thoughts, the Big F reminds us that compliance is a process, not a product. All he needs is a gruff voice, but old Fratto is becoming more Pragmatic by the day. The real point is that compliance is a funding source. I'm cool with CSO-types that decide they need NAC for any number of reasons and then use "compliance" as a way to get it paid for. It's not like the CFO likes to write a big check for security stuff. There will be a time when the golden goose is cooked, but that seems to be a ways out. So until then, go forth and get some compliance money.
http://www.networkcomputing.com/blog/dailyblog/archives/2007/08/compliance_shou.html
Link to this

Recently on the Security Incite Rants Blog

Check out the latest on the Security Incite blog
http://blog.securityincite.com/

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite

It was Visio, not Photoshop!
Submitted by Michael R. Farnum (not verified) on Mon, 2007-08-27 21:00.

Come on man!  Look at those pictures!  Definitely Visio!  :)

And thanks for the kudos.

Michael

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.