June 26, 2006 - I'm Baaaack!

Good Morning:
Welcome back, after a great week of vacation. I can only hope that absence has made your heart grow fonder of The Daily Incite. I also hope that some of you enjoyed the Incites Redux series I did last week to keep myself honest and highlight some of the work I've done over the past 6 months that some of my new readers may have missed. For me, as much as I like vacation - I'm glad to be back to the normalcy of my daily publishing regimen and looking for new opportunities to poke folks in the eye when they do stupid things. As much as lounging on the beach is interesting, this is what I really like to do.

In terms of security-land, not a lot interesting happened last week - so there was less raw material in the news front to work with then I expected - but it is the summer after all and the end of quarter. Most interesting stuff is held until September at this point because you don't want to interfere with end of quarter deals and most of the world is on vacation in July and August. There were quite a few blog posts that I wanted to highlight, so I'll do a Supplemental Incite either this afternoon or tomorrow to catch up on that.

Have a great day and those of you in the vendor-land, close strong. It's the last week of Q2 and many will be burning the midnight oil to bring in those last minute deals.

Top Security News

Deal: Blue Coat to acquire NetCache business
So what?- On Friday, Blue Coat announced both a private equity infusion and that they are using some of the proceeds to acquire the NetCache business from Network Appliance. I don't see these moves as positive for Blue Coat's main business, since they are now moving back to the network caching business, though now it's called a fancy term "application acceleration." Private equity money is also more expensive in the long term, so this is a pricey acquisition - regardless of what they paid to Network Appliance. Just 6 months ago, Blue Coat was a very hot company, playing into the hot anti-spyware gateway space. Now they've missed two quarters in a row, did a controversial acquisition (Permeo) and now are in need of a capital infusion to consolidate the network caching business. But I do applaud Blue Coat for recognizing the wall and moving to Plan B. I suspect folks like Websense and SurfControl will continue to have problems as well, as web filtering increasingly happens either in the network (ScanSafe) or on UTM platforms for the low end businesses.
http://www.bluecoat.com/news/releases/2006/062306_netcache.html

SocketShield ships
So what? - Rootkits are still a huge issue and big AV still hasn't done a damn thing about it. Webroot has added a rootkit detection capability to their latest enterprise offering - which gives them a bit more rope, but all you hear from the big guys is how much of a problem it is. Exploit Prevention Labs gets their poorly named SocketShield product over the finish line and now they can start collecting money, which is good for them. Of course, it will be the folks in the know that buy first - but every AV company needs to have this kind of capability built in. So XPL is my top acquisition target for 2006. I'd be very surprised if they didn't get a deal done this year for significant economics.
http://biz.yahoo.com/prnews/060619/sfm025.html?.v=55

Further evidence of email security commoditization
So what? - This AM Proofpoint announced a reseller agreement with FishNet Security, which by itself is not that interesting. BUT, this does give me another data point to highlight the commodity nature of email security in the enterprise space. Not commodity from a pricing perspective (though deals are brutally competitive - the boxes still ain't cheap), but from a lack of differentiation. Why would FishNet now be partnering with Proofpoint, in addition to CipherTrust and SurfControl? That's easy, they think they can sell some boxes - or more likely they have some Q2 deals in the pipeline that are going to go to Proofpoint and customers are demanding to buy the product form FishNet. But as a business matures and technical differentiation fades, the big resellers have all of the products on their line cards, so they can fulfill the business regardless of what the customer ultimately chooses.
http://www.proofpoint.com/news/pressdetail.php?PressReleaseID=140

Digital signatures are still dead
So what? - Every so often I see something that brings me back to the future. This announcement from Arcot about their building "universal digital signature interface" into EMC Documentum hearkens back to the days of SHYM for me, when that's exactly what we were trying to do. Candidly, I don't think there is much more of a market today then there was back in the late 90's for this. Sure, some states are now accepting digital signatures in lieu of real ones, and data integrity remains an issue - but this has never been important enough, and I don't think that's changed. Now encryption of the back end data stores is getting more interesting, but ensuring a transaction has been tampered with...not so much.
http://www.arcot.com/releases/Arcot_EMC%20_Partner_062006_FINAL.pdf

Deal: Entrust buy Orion Security Solutions
So what? - This is a very small deal, but I want to highlight what seems to be entrepreneurial genius. Dr. Santosh Chokhani (if memory serves) also sold another company to Entrust back in 2000 that did PKI integration as well. So this guy sold two companies to Entrust that do exactly the same thing for roughly a combined $25 million. Now that's moxie and why I love America. I guess the snake oil was so good the first time, they needed some more. They'll probably lock up the good doctor for a year or so and then he'll probably do it again. Way to go Entrust, good job retaining that intellectual leadership.
http://www.entrust.com/news/2006/6363_6451.htm

Top Blog Postings

It's about data security
CJ Kelly has an interesting (though brief) thought here about need to think about data security and more importantly, where your data resides. Many of these recent privacy breaches are a direct result of stupidly allowing private data to reside on desktops and laptops without protection. That brings up a pretty significant application architecture discussion and the need to start thinking about where data resides and how to protect the data in a persistent way. Centralizing data in a more protected place (like a data center) is a good concept, but not sufficient because mobility is a fact of life, so at times the data will need to be local. But it needs to be protected as well. Good thought CJ, but it needs to be fleshed out more.
http://www.computerworld.com/blogs/node/2814

Token turmoil
This post from Ellen Messmer really highlights one of the significant obstacles to token-based authentication in a consumer or small business context. How many tokens can you carry around? One is inconvenient, two is a problem, and three is a non-starter. So if you access a number of different banks and other corporate resources, tokens are not the answer. That's why technology like BioPassword and other software-based options are interesting, in that you don't really need to carry your 2nd (or 3rd) factor with you and removes a big obstacle to adoption.
http://www.networkworld.com/weblogs/security/012829.html

Wireless security wisdom
George Ou corrects some misconceptions about the relative security of SSL for web applications and also how that relates to wireless network security as well. He also links to some his classics like "6 dumbest ways to secure a wireless LAN," which puts the entire discussion into context. Sure some of those things are dumb and easily compromised, but in combination many of those "dumb" techniques provide enough resistance to entice a hacker to go to your neighbor, who does not of the above. And if a sophisticated hacker is trying to compromise your network, he/she most likely will - so it's about creating a number of barriers and having a strong containment strategy if something does happen. But George does provide some good fodder for those of you wondering "how much security is enough," especially in a wireless context.
http://blogs.zdnet.com/Ou/?p=252

What does Common Criteria really mean? - Not a damn thing!
This post marks the return of Matasano's Thomas Ptacek to blog-land and it's a good one. I talk to a number of vendors that try to convince me that Common Criteria certification means anything and I laugh because I've personally been through the process. Here's what you need: a word processor, a checkbook, and some patience - and you too can get Common Criteria certification. As Thomas points out (though not a succinctly), these folks are paper pushers and if you want to sell to the US Government, then it's a necessary evil - BUT do not mistake certification with security. The two are not even closely related.
http://www.matasano.com/log/331/what-common-criteria-certification-means/

Recently on the Security Incite Rants Blog

Predatory Pricing Paranoia
Even though I was on vacation last week, I saw a posting on the SunBelt blog that I just couldn't let go by without comment. So I ranted a bit about Microsoft's entry into the desktop security space and why you shouldn't feel bad for the AV incumbents like Symantec and McAfee, who have been living off the fat of the land for years by actually being in the only technology space I know of where pricing is INCREASING, with little in the way of value add.
http://securityincite.com/blog/mike-rothman/predatory-pricing-paranoia

Read Incites Redux
Check out my 6 month report card on the Incites I published back in January. What was right, what was wrong, and what was I thinking for some of those statements?
Incites on UTM, Identity Management and NAC
http://securityincite.com/blog/mike-rothman/incites-redux-june-19-2006
Incites on Compliance, Threat Management and Endpoint security
http://securityincite.com/blog/mike-rothman/incites-redux-june-20-2006
Incites on Content Security, Security Management and Security Services
http://securityincite.com/blog/mike-rothman/incites-redux-june-21-2006
Incites on Application Security, Security Education, and Cisco vs. Microsoft
http://securityincite.com/blog/mike-rothman/incites-redux-june-22-2006