June 28, 2006

Good Morning:
Hola. Como esta? Muy bien. OK, enough of my junior high Spanish skills. Quick intro today because I've got nothing to say, as evidenced by my use of Spanish. I've also got to run off for a full day of meetings. Basically, not much is happening in security-land. Sure some vendor announcements and some marginally interesting blog postings, but nothing that really got me excited today - which is fine. Every so often, it's nice to have a relatively quiet day on the news front. It's all good. But if it's quiet tomorrow, I'll need to pick a fight with someone.

Have a great day.

Top Security News

IdM is still a customer priority
So what?- Everyone knows I hate vendor-sponsored survey, since the information is always spun to their advantage. It is their job after all. But surveys done by reputable media can provide some great insights into what the end user base is thinking. On this link, TechTarget's SearchSecurity shows a bunch of graphs regarding identity management and the results validate what we know. Customers remain interested in identity management. There's a lot of stuff here, but some of the most interesting tidbits are authentication being the top priority, and "access control" which I read as NAC is up there, but much lower. Also the business drivers are predictable in that it's compliance and enhancing security. Which you'd expect if you ask a bunch of security folk, no? From a disclosure standpoint, a number of TechTarget properties are clients of Security Incite.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1195747,00.html

Virtualization hits the consumer market
So what? - Greenborder announced a consumer version of their anti-malware offering yesterday to great fanfare. Giving away 10,000 licenses doesn't hurt either, but it was a masterful marketing move to get some notoriety of their interesting approach to cordon off IE sessions in a virtual machine to protect the main operating system from malware nastiness. It doesn't stop phishing or other social engineering attacks, but could prove effective for particularly virulent malware. After looking at the demo, the product is visually compelling in putting a "green border" around every window running in the protected virtual session, so consumers (and enterprises too) can associate the border with security. Folks like David Berlind and others have been espousing the use of virtual machines for browsing for a while and now this technology makes it achievable for even the unsophisticated. I'd try it, but they only support IE now and a majority of the time I use a Mac, so it's not a fit for me right now, but I'll see if I can get some friends to check it out.
http://www.informationweek.com/story/showArticle.jhtml?articleID=189602014

Commodity USB Security
So what? - Everyone talks about the potential data risks of USB thumb drives and iPods to "leak" private information from the enterprise. Those fears are justified, but all of the endpoint security players have announced (or are working on) adding to their technology to control the use of USB ports on the devices, so there really isn't a stand-alone market for USB port control anymore (hear that SecureWave?). The news peg here is Senforce's latest version that integrates these capabilities. Breaking out the crystal ball, the next frontier for the endpoint security folks is two-fold, first is application control - impinging on SecureWave and Bit9 in defining lists of allowed applications and blocking everything else. Second is a small form factor download and pre-admission NAC integration, so for those wanting to truly control the devices that connect to the network - there is a clean ability to do that. A lot of the standalone endpoint folks are well on their way in this integration. In fact, stand-alone endpoint security ceases to be a market in 12-18 months and will be offered by Big Security as part of a NAC solution. That's right, big is the new small.
http://www.senforce.com/pressrelease/pr-senforce-releases-ess-3-2.html


Sana takes a ride on Big Yellow
So what? - In the "if you can't beat them, join them" camp, Sana Security announced a bundle of their behavioral based anti-malware offering specifically for Norton AV. Of course Symantec and all of the other AV players use some level of heuristics, none have really embraced a full behavioral based option. Most likely because it doesn't move the needle in terms of truly protecting the desktop, but hats off to Sana for trying to piggy-back on the millions of Symantec customers that are probably wondering why they keep renewing, given the clear lack of innovation. Fact that they are trying to get another $25/desktop is pretty much a joke and it's not clear if there is any actual integration to speak of, but at least Sana is trying to stand out from the crowd.
http://www.sanasecurity.com/press/pressreleases/062706.php

Wireless IDS/IPS "ultratight"
So what? - Network Computing has a good and very comprehensive review of the wireless IDS/IPS offerings. Network Chemistry won the review by a hair over AirDefense and AirMagnet, who were a close second. So basically you have no differentiation in the market at this point, which is fine because stand-alone wireless security is a niche at best. None of the big wireless folks (like Cisco or Aruba) showed up because they don't have to. If you need "ultratight" security on your wireless networks, then fine - these specialists can do the job. But you'd be in the great minority. Most folks get stuff that is "good enough" through their enterprise wireless infrastructure and that's just fine for them.
http://www.networkcomputing.com/channels/wireless/showArticle.jhtml?articleID=189500017

Top Blog Postings

All AV sucks, just ask Seltzer
In today's funniest column, check out Larry Seltzer rant about AV. Clearly he thinks they are all the same and that they all suck. I, personally, have not had any problem with any of the AV I run on my one remaining PC, but I can't say that I push its capabilities or are testing malware. Larry's point is well taken, AV is a commodity and for the most part, it does a mediocre job. Given the number of companies doing it, you scratch your head and wonder why it's so hard.
http://www.eweek.com/article2/0,1895,1982068,00.asp

Is UTM dead?
If you read this post from Richard Steinnon, you wonder if he's trying to get lightning to strike twice by pronouncing another thriving market as DOA. I'm not sure I could disagree with Richard more on this, but maybe I'm reading into his statements too much. Mid-market customers are less concerned with best of breed, but need integration. Just because Symantec's offering wasn't competitive, that doesn't mean there is no market. And since when does Barracuda sell a UTM box? I guess if you consider three pieces of cheap, unintegrated hardware to be UTM, then they'd qualify. But I digress. I think Symantec's choice to not package technology in the way customers want to buy it is a huge strategic blunder. Instead of retreating, they should make their products more competitive. Sure you can sell stuff that goes on a server as just software, but you need a box in the perimeter. Period. End of story. And his last comment about MSS taking off is a non-sequitur. Because customers want it to be easier doesn't mean they want to outsource it. Those willing to outsource are still in the minority.
http://blogs.zdnet.com/threatchaos/?p=351

Privacy legislation is coming
If you read Patricia Keefe's post on the sad state of privacy breaches, the only conclusion you can possibly draw is that regulation will be coming and it will be coming soon. Maybe that's a good thing, since SOX does seem to have had a positive effect on financial controls (at great cost nonetheless). And if anything, any new regulation will create yet another feeding frenzy for security vendors and consultants.
http://www.informationweek.com/blog/main/archives/2006/06/upping_the_ante.html

Hoff on privacy
Following up on the last post, Chris Hoff rants a bit about the futility of trying to defend against many of these privacy breaches. Yes, he thinks they are serious, but let's tip our hat to Chris for at least acknowledging the current state of affairs and calling it for what it is. He's exactly right in that short of the mainframe computing model (and that even is vulnerable to social engineering), there will always be exposures. So we need to prepare for the worst.
http://rationalsecurity.typepad.com/blog/2006/06/why_are_people_.html

Recently on the Security Incite Rants Blog

Read yesterday's Daily Incite
http://securityincite.com/blog/mike-rothman/the-daily-incite-june-27-2006

Read Incites Redux
Check out my 6 month report card on the Incites I published back in January. What was right, what was wrong, and what was I thinking for some of those statements?
Incites on UTM, Identity Management and NAC
http://securityincite.com/blog/mike-rothman/incites-redux-june-19-2006
Incites on Compliance, Threat Management and Endpoint security

http://securityincite.com/blog/mike-rothman/incites-redux-june-20-2006

Incites on Content Security, Security Management and Security Services

http://securityincite.com/blog/mike-rothman/incites-redux-june-21-2006

Incites on Application Security, Security Education, and Cisco vs. Microsoft

http://securityincite.com/blog/mike-rothman/incites-redux-june-22-2006