June 30, 2006

Good Morning:
As expected, the EMC/RSA deal is the talk of the news wires and in the blogosphere. It's always funny to receive pitches from competitors about how they'd like the opportunity to "comment" on the deal and I got a few of those last night. As I mentioned in my post last night, I like this deal a lot for EMC. Some other analysts (notably Richard Stiennon) were a bit more luke-warm, but I think they are missing the boat. In other good news, they found the missing VA laptop, evidently with all the data intact. That really is great news, but I guess we'll never get to test Adam Shostack's contention (link here) that identity thieves could get to all 26 million records. Both Pete Lindstrom and I came out pretty strongly to say there was no way even a band of thieves could legitimately process that many records. But thankfully, we'll never know.

I apologize for anyone trying to access the Security Incite web site today. It went down last night and the service provider had to restore the entire home directory. I know, I get what I pay for and I'm being cheap, but I just don't want to deal with my own server right now.

Monday is an "unofficial" holiday given July 4th is on Tuesday. So I won't be sending out a Daily Incite on Monday, since I expect news to be very light, but will be spending the day catching up after almost 2 weeks on the road and doing a few Drive-bys. So check out the blog on Monday for the latest.

Have a great day, a stupendous weekend and a safe holiday. We'll see you on Wednesday.

Top Security News

EMC/RSA - CRN coverage
So what?- Of course the channel is a bit curious about what the combined EMC/RSA has in store for them. But historically, EMC leaves their big acquisitions alone - integrating technology where it makes sense, but letting them operate in the way they need to for their respective markets. It's not like RSA was the channel's best friend, but they were getting better and EMC is notoriously channel un-friendly. But I don't expect EMC to mess with much, especially since RSA was rejuvenated and why upset the apple cart until you need to?
http://www.informationweek.com/story/showArticle.jhtml?articleID=189700185

They found the VA laptop
So what? - Hallelujah! This is great news for all the veterans out there, in that if the machine wasn't compromised - then we can get back to business as usual, no? Of course not, but we'll see what changes really happen in some agencies harboring private information. The big loser here are all of the vulture lawyers that were moving forward with their $20+ Billion dollar class actions suits. No data compromise, no law suit. I'll shed a few tears for those guys today. NOT!
http://www.informationweek.com/story/showArticle.jhtml?articleID=189700089

MessageLabs punches ScanSafe in the head
So what? - MessageLabs announced a new web filtering service on Monday (link here), clearly showing what was a lovers quarrel with ScanSafe blowing up into outright animosity. MLabs found some grumpy ScanSafe customers to go on record, but the NetworkWorld coverage seemed petty. I sat on the news for a while because I wanted to discuss with some of my contacts in the field. It seems that the ScanSafe/Postini deal ruffled quite a few features in London, so MLabs decided to roll their own. Short term, this is going to hurt MLabs because service-based web filtering is hot and they'll inevitably need to work out some kinks in their new offering. There will also be the complications of having to support both ScanSafe and their own customers for the next couple of years. But longer term, going their own way is smart and will also add some much needed competition for ScanSafe. The interesting thing will be what MLabs does with their equity position in ScanSafe, and whether it's ScanSafe or MLabs that get to the carrier market first.
http://www.networkworld.com/news/2006/062606-messagelabs.html

Top Blog Postings

Stiennon no comprende EMC/RSA
This post from Richard is pretty surprising to me because it shows a distinct infrastructure centricity. There are a number of reasons you do deals, and his contention about big companies with slowing growth rates buying other stuff is certainly one of them. But that's not the case here. First of all, of all the big tech companies, EMC is growing the fastest - so the contention that these guys bought RSA because they needed another growth engine doesn't resonate. RSA's growth doesn't move the needle on a monolith like EMC, so there needs to be some accretive reasons. I'll get back to my focus on information/data/content security and that's why this deal makes sense. And understanding the VMWare deal is easy. THEY MAKE A CRAPLOAD OF MONEY, and are earning a strategic position in the data center. EMC wants to dominate the data center, so they need virtualization (thus VMWare) and they need data security (thus RSA). Look for them to continue buying. As Richard speculates, it could be leak prevention, but that is a very small market now - so there is no rush. I think they are better off looking at database security (AppSec, IPLocks, Protegrity) or content security (Websense, CipherTrust, Proofpoint) as the next thing to buy.
http://blogs.zdnet.com/threatchaos/?p=355

The security impact of outsourcing
Another topic I've dealt with before is outsourcing. Turns out I'm doing a lot of work in that area right now and have some pretty strong perspectives. CJ Kelly points out the downside of outsourcing call centers where unknown offshore staffers get access to private data and screw everything up. Yes, this is bound to happen, but I think these examples will be few and far between. A few more of these and the call center business in India goes away OVERNIGHT. So, for the most part (this example being an outlier) they take security more seriously than we do. Does security need to be a CRITICAL part of the diligence process for any outsourcing deal? Absolutely! But I'll let you in on a little secret, this exact same stuff happens in the US too.
http://www.computerworld.com/blogs/node/2873


Businesses do need WiFi Security
Douglas Schweitzer points out that he found a bunch of open business WiFi networks on a recent walkabout. I've long said that protecting your home WiFi is something that you should do, but just because it's easy - not because it's really needed. A WiFi network for your business is a totally different animal. Given PCI regulations, if you take credit card or have customer data (pretty much every business), then you need to be protected. Again, the security built into the access points is sufficient for what most folks need to do (keep unsophisticated folks out) and it's easy to implement. So whatever excuse is being used, it's lamed. Keep in mind that if you are really going to be targeted, the hacker will find another way in, but why make it easy for him/her?
http://www.computerworld.com/blogs/node/2870

Great bot demo
A while back I saw a lot of folks posting their experiences with malware and tracking the actual tools and techniques used to get unsuspecting consumers to join a botnet. Not so much anymore, so seeing one is a treat. (Yeah, maybe I need another hobby) The folks over at FaceTime find one and pull some screenshots of the techniques, which are pretty simplistic. They seem impressed with 375 new zombies over 2 days, but that's not too many when you are seeing 25,000 or so new zombies PER DAY in aggregate.
http://blog.spywareguide.com/2006/06/building_a_botnet_empire_in_tw_1.html

Recently on the Security Incite Rants Blog

Deal: EMC/RSA - It's Official
No sooner had I hit submit on the EMC/RSA speculation posting, than I saw the official news release. I wasn't able to check out the analyst call, but this deal makes perfect sense to me. $2.1 Billion is a big number for RSA, good for them.
http://securityincite.com/blog/mike-rothman/deal-emc-rsa-its-official

EMC & RSA sitting in a tree...
This was my comment on the speculation of the EMC/RSA deal. So I go through why this makes sense for EMC and how EMC is now poised to take a leading position in the INFORMATION security domain (as opposed to INFRASTRUCTURE security). There were reportedly other bidders in the fray (which likely resulted in a bigger price tag than first speculated), so I also consider why Symantec would want RSA as well.
http://securityincite.com/blog/mike-rothman/emc-rsa-sitting-in-a-tree


Read yesterday's Daily Incite
http://securityincite.com/blog/mike-rothman/the-daily-incite-june-28-2006

Read Incites Redux
Check out my 6 month report card on the Incites I published back in January. What was right, what was wrong, and what was I thinking for some of those statements?
Incites on UTM, Identity Management and NAC
http://securityincite.com/blog/mike-rothman/incites-redux-june-19-2006
Incites on Compliance, Threat Management and Endpoint security

http://securityincite.com/blog/mike-rothman/incites-redux-june-20-2006

Incites on Content Security, Security Management and Security Services

http://securityincite.com/blog/mike-rothman/incites-redux-june-21-2006

Incites on Application Security, Security Education, and Cisco vs. Microsoft

http://securityincite.com/blog/mike-rothman/incites-redux-june-22-2006