The Daily Incite - December 6, 2007
December 6, 2007 - Volume 2, #161
Yesterday I screwed up. I hate when that happens, but it's my responsibility and duty to make it right. Given the amount of stuff that I write, I'm actually kind of surprised I don't screw up more often. But when I do, I need to set the record straight and amend my thinking.
One of my top news items in yesterday's Incite was the Reconnex OEM deal with IronPort. Sometimes in my haste to get things over the finish line, I don't pay as much attention as I need to. In this case I was guilty of reading the release and seeing what I thought should happen, not what was written. I wonder what my shrink will have to say about that.
So I write up about how Cisco has given those folks the "kiss of death," when in reality it was nothing of the sort. Basically, Reconnex is OEMing the PostX encryption engine, so they can remediate (encrypt) data based on detection within their own DLP engine. I don't think I could have gotten this more wrong if I tried. Maybe it's time to get back to the optometrist. Of course, there was the customary Barney stuff about going to market together and doing joint programs, but in reality this is about Reconnex understanding they need to remediate some of the content problems they detect.
There was no validation of Reconnex's technology, though this is an indication that PostX isn't dead yet. It just went into Cisco-induced hibernation for a while. If there is a nugget of good news here, my observation about the best way to make sure you AREN'T acquired by Cisco is to do a technology OEM with them still stands. But not in this case. D'OH!
Now I will proceed to spend some time in the corner with my dunce cap on. Once again I'm sorry for the mistake and thanks to the alert reader who set me straight.
Have a great weekend.
Dunce image originally uploaded by Quiet Nights of Gotham
Technorati: Information Security, CSO, Security Mike, Internet Security
The Pragmatic CSO:
Read the Intro and Get
"5 Tips to be a Better CSO"
|Get Your Special Report:
6 Easy Steps to Protect Your Identity
get access to Security Mike's Portal today
Top Security News
AVG + XPL sitting in a tree
So what? - It seems that Grisoft is getting more serious about actually becoming a player in the anti-malware space. Of course, their well-known (and mostly free) AVG anti-virus and anti-spyware are very popular with the cheap crowd, and yes that includes me. I've also been a fan of Exploit Prevention Labs for a while because drive-by downloads are a different animal and do require some specialized defenses. So the combination of these two is a good thing. Roger Thompson, XPL's lead research guy will head up research for the larger company and I think that's a good thing too. It was always clear that XPL was not stand-alone, but it's interesting to me that Symantec, Trend or even Webroot wouldn't have seen compelling functions to add to their endpoint suites. I think the bigger AV players missed one here. But it does make a cat with 18 lives like Finjan a bit more attractive now, since they are finally figuring out that their malware detection technology can and should be spun into a search engine plug-in.
Link to this
Embracing roles is easier said than done
So what? - In last week's column, Roger Grimes gets on his soapbox and talk about why RBAC (roles-based access control) is a good thing. Theoretically he's right. If we could reduce all functions into a set of roles that could then be enforced on all of the networks, servers, applications and the like running within our environment, then life would be good and certainly more secure. But it's that little niggling issue of broad platform support and interoperability that make RBAC a lot easier in theory than in practice. There's another little issue, which is that most security folks are so busy doing things, they don't have the time to take a step back and actually figure out what those roles are supposed to be. I remember back to the mid-90's when I was working with clients on the networking and security aspects of big ERP implementations. These folks would all nod their heads about the logic of really implementing SAP's RBAC capabilities, which were robust. Then they'd get into the mess of actually making sure the right widgets got manufactured, shipped and invoiced, and good old RBAC sunk to the bottom of the list faster than Vonage's market cap. RBAC is good, and if the roles definition process doesn't kill you, it will leave you more secure.
Link to this
SSL = panacea? Not so much...
So what? - Kevin Beaver makes a great point in his most recent SearchWindowsSecurity column about SSL. Those three letters are pretty much what most of the great unwashed think security means. They see the lock in their browser and figure everything will be OK. Of course, SSL is necessary but nowhere near sufficient to actually secure much of anything. It hits on one requirement of the 12 that PCI demands (the one where you need to protect data in motion), but there are so many other ways to break a web app and snooping the traffic is perhaps the least attractive of them all. So the lock is a good start, but if your developers think that's what Internet Security means - then you've got a lot of work to do in educating them.
Link to this
The Laundry List
- Speaking of RBAC, it seems that Cisco has gotten roles-based religion by introducing their TrustSec architecture. Intel and Ixia jump on board. 2 down, 10,000 other partners to go before this can get broad enough support to matter. More specifically, this is an indication that security is making its way into the Cisco switches. In-line NAC vendors, the clock is now ticking... - Cisco release
- Websense weighs in with their 2008 predictions. More attacks, more vectors, more sophistication from the bad guys. Really? - Websense release
- The Ukraine votes for Ron Paul, or at least their botnet does. Interesting analysis of the botnet-driven spam campaign. At least we know that Ron Paul isn't the botmaster. - InfoWorld coverage
- WhiteHat goes down market, now will cover a web application for a measly $10K per year. That's it? I'll take 10. - WhiteHat release
Top Blog Postings
blogger prediction time
I'm going to do a little different treatment of the top blog postings today and point to a number of high profile loudmouths, including Stiennon, Hoff and Schneier/Ranum (how those two became separated at birth is a bit perplexing), that recently published their ideas for 2008. At some point, probably right before Xmas, I'll jot down some predictions as well, and hopefully they won't require a sedative.
- They look 10 years into the future and cause us to reach for the
hemlock. The nature of attacks will be different, especially given the
ever increasing power of chips and networks, but the goal remains the
same for the bad guys - fraud, theft, impersonation and
counterfeiting. Endpoints aren't getting any better, critical
infrastructure is brittle, and terrorists still want to destroy our way
of life. It definitely makes me want to keep getting up in the morning
and fighting the good fight.
- Stiennon - Richard
focuses on a lot of malware types of stuff, like how these social
networks will hurt us. He also figures much of the issue will continue
to originate in China and former Soviet-states. It remains all about
the money as attacks are more targeted and increasingly disruptive to
the financial institutions. Again, nothing even somewhat optimistic. No
wonder most security professionals are grumpy, we can't find a shred of
hope out of all this chaos.
- Captain Innovation is pretty focused (as the others) on specific
attack vectors, and none of the news is good. Basically, Chris'
predictions are focused around every piece of new technology will be
broken. Statistically he's right. Sometime in 2008, it's fairly likely
that either hypervisors, social networking sites, SaaS vendors, eBanks,
cyberbattacks, SCADA and/or mobile networks will be compromised. All of
them, no way. Some of them, absolutely. But that's not a lot different
than the list we'd make in 2007. Some of it happened, most of it
didn't. But at least now we know all the places where we can be killed.
- Kevin Tolly
- After 12 years as a NWW columnist, Tolly is hanging it up. I guess
taking vendor money to show that a product can blast packets .0001%
faster takes up a lot of time. In his last piece, he talks mostly about
how general computing platforms will impact how SMB's and the like do
security. He doesn't predict the demise of ASICs, since large
enterprises and service providers will need focus and horsepower. But
everyone else, open source and general computing platforms. Hmmm. I
don't much care what the computing platform or pricing model is, it
better be easy. Unless it's easy (like Staples button easy) it won't
work for the SMB.
Find out what Security
Mike is talking about
Check out the
the Security Incite blog
Read the most recent Daily Incite