The Daily Incite - December 6, 2007

Submitted by Mike Rothman on Thu, 2007-12-06 10:29.
::
Today's Daily Incite

December 6, 2007 - Volume 2, #161

Good Morning:
Yesterday I screwed up. I hate when that happens, but it's my responsibility and duty to make it right. Given the amount of stuff that I write, I'm actually kind of surprised I don't screw up more often. But when I do, I need to set the record straight and amend my thinking.

Dunce-capOne of my top news items in yesterday's Incite was the Reconnex OEM deal with IronPort. Sometimes in my haste to get things over the finish line, I don't pay as much attention as I need to. In this case I was guilty of reading the release and seeing what I thought should happen, not what was written. I wonder what my shrink will have to say about that.

So I write up about how Cisco has given those folks the "kiss of death," when in reality it was nothing of the sort. Basically, Reconnex is OEMing the PostX encryption engine, so they can remediate (encrypt) data based on detection within their own DLP engine. I don't think I could have gotten this more wrong if I tried. Maybe it's time to get back to the optometrist. Of course, there was the customary Barney stuff about going to market together and doing joint programs, but in reality this is about Reconnex understanding they need to remediate some of the content problems they detect.

There was no validation of Reconnex's technology, though this is an indication that PostX isn't dead yet. It just went into Cisco-induced hibernation for a while. If there is a nugget of good news here, my observation about the best way to make sure you AREN'T acquired by Cisco is to do a technology OEM with them still stands. But not in this case. D'OH!

Now I will proceed to spend some time in the corner with my dunce cap on. Once again I'm sorry for the mistake and thanks to the alert reader who set me straight. 

Have a great weekend.

Dunce image originally uploaded by Quiet Nights of Gotham

Technorati: , , ,

The Pragmatic CSO
The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com
 Get Your Special Report:
6 Easy Steps to Protect Your Identity
and
get access to Security Mike's Portal today

www.securitymike.com

Security Mike's Guide to Internet Security

Top Security News

Deal: AVG + XPL sitting in a tree
So what? - It seems that Grisoft is getting more serious about actually becoming a player in the anti-malware space. Of course, their well-known (and mostly free) AVG anti-virus and anti-spyware are very popular with the cheap crowd, and yes that includes me. I've also been a fan of Exploit Prevention Labs for a while because drive-by downloads are a different animal and do require some specialized defenses. So the combination of these two is a good thing. Roger Thompson, XPL's lead research guy will head up research for the larger company and I think that's a good thing too. It was always clear that XPL was not stand-alone, but it's interesting to me that Symantec, Trend or even Webroot wouldn't have seen compelling functions to add to their endpoint suites. I think the bigger AV players missed one here. But it does make a cat with 18 lives like Finjan a bit more attractive now, since they are finally figuring out that their malware detection technology can and should be spun into a search engine plug-in
Link to this

Embracing roles is easier said than done
So what? - In last week's column, Roger Grimes gets on his soapbox and talk about why RBAC (roles-based access control) is a good thing. Theoretically he's right. If we could reduce all functions into a set of roles that could then be enforced on all of the networks, servers, applications and the like running within our environment, then life would be good and certainly more secure. But it's that little niggling issue of broad platform support and interoperability that make RBAC a lot easier in theory than in practice. There's another little issue, which is that most security folks are so busy doing things, they don't have the time to take a step back and actually figure out what those roles are supposed to be. I remember back to the mid-90's when I was working with clients on the networking and security aspects of big ERP implementations. These folks would all nod their heads about the logic of really implementing SAP's RBAC capabilities, which were robust. Then they'd get into the mess of actually making sure the right widgets got manufactured, shipped and invoiced, and good old RBAC sunk to the bottom of the list faster than Vonage's market cap. RBAC is good, and if the roles definition process doesn't kill you, it will leave you more secure.
Link to this

SSL = panacea? Not so much...
So what? - Kevin Beaver makes a great point in his most recent SearchWindowsSecurity column about SSL. Those three letters are pretty much what most of the great unwashed think security means. They see the lock in their browser and figure everything will be OK. Of course, SSL is necessary but nowhere near sufficient to actually secure much of anything. It hits on one requirement of the 12 that PCI demands (the one where you need to protect data in motion), but there are so many other ways to break a web app and snooping the traffic is perhaps the least attractive of them all. So the lock is a good start, but if your developers think that's what Internet Security means - then you've got a lot of work to do in educating them.
Link to this

The Laundry List

  1. Speaking of RBAC, it seems that Cisco has gotten roles-based religion by introducing their TrustSec architecture. Intel and Ixia jump on board. 2 down, 10,000 other partners to go before this can get broad enough support to matter. More specifically, this is an indication that security is making its way into the Cisco switches. In-line NAC vendors, the clock is now ticking... - Cisco release
  2. Websense weighs in with their 2008 predictions. More attacks, more vectors, more sophistication from the bad guys. Really?  - Websense release
  3. The Ukraine votes for Ron Paul, or at least their botnet does. Interesting analysis of the botnet-driven spam campaign. At least we know that Ron Paul isn't the botmaster.  - InfoWorld coverage
  4. WhiteHat goes down market, now will cover a web application for a measly $10K per year. That's it? I'll take 10. - WhiteHat release

Top Blog Postings

It's blogger prediction time
I'm going to do a little different treatment of the top blog postings today and point to a number of high profile loudmouths, including Stiennon, Hoff and Schneier/Ranum (how those two became separated at birth is a bit perplexing), that recently published their ideas for 2008. At some point, probably right before Xmas, I'll jot down some predictions as well, and hopefully they won't require a sedative.

  • Schneier/Ranum - They look 10 years into the future and cause us to reach for the hemlock. The nature of attacks will be different, especially given the ever increasing power of chips and networks, but the goal remains the same for the bad guys  - fraud, theft, impersonation and counterfeiting. Endpoints aren't getting any better, critical infrastructure is brittle, and terrorists still want to destroy our way of life. It definitely makes me want to keep getting up in the morning and fighting the good fight.
    http://www.schneier.com/blog/archives/2007/12/security_in_ten.html

  • Stiennon - Richard focuses on a lot of malware types of stuff, like how these social networks will hurt us. He also figures much of the issue will continue to originate in China and former Soviet-states. It remains all about the money as attacks are more targeted and increasingly disruptive to the financial institutions. Again, nothing even somewhat optimistic. No wonder most security professionals are grumpy, we can't find a shred of hope out of all this chaos.
    http://blogs.zdnet.com/threatchaos/?p=496
  • Hoff - Captain Innovation is pretty focused (as the others) on specific attack vectors, and none of the news is good. Basically, Chris' predictions are focused around every piece of new technology will be broken. Statistically he's right. Sometime in 2008, it's fairly likely that either hypervisors, social networking sites, SaaS vendors, eBanks, cyberbattacks, SCADA and/or mobile networks will be compromised. All of them, no way. Some of them, absolutely. But that's not a lot different than the list we'd make in 2007. Some of it happened, most of it didn't. But at least now we know all the places where we can be killed.
    http://rationalsecurity.typepad.com/blog/2007/12/2008-security-p.html
  • Kevin Tolly - After 12 years as a NWW columnist, Tolly is hanging it up. I guess taking vendor money to show that a product can blast packets .0001% faster takes up a lot of time. In his last piece, he talks mostly about how general computing platforms will impact how SMB's and the like do security. He doesn't predict the demise of ASICs, since large enterprises and service providers will need focus and horsepower. But everyone else, open source and general computing platforms. Hmmm. I don't much care what the computing platform or pricing model is, it better be easy. Unless it's easy (like Staples button easy) it won't work for the SMB.
    http://www.networkworld.com/columnists/2007/120307tolly.html

Link to this


Recently on the Security Incite's Blogs

Find out what Security Mike is talking about
http://sm-blog.securitymike.com

Check out the latest on the Security Incite blog
http://blog.securityincite.com/

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite

Predictions
Submitted by Adrian (not verified) on Thu, 2007-12-06 22:25.
Just say 'No'. What is the perverse need for top five/top ten prediction lists for the coming year? Recaps, OK, fine. Predictions, fine Scotch and New Years resolutions, year end traditions all, are best enjoyed amongst a small gathering of friends.
Makes us feel important
Submitted by Mike Rothman on Fri, 2007-12-07 08:30.
The predictions are usually an ego thing. Fact is, not many people go back to their old predictions and see if they were close to the mark. I'm one that does. Don't worry, my predictions won't be the run of the mill type of gloom and doom.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.