Subscribe in a reader
The Daily Incite - March 23, 2006
March 23, 2006
Good Morning:
On the theme of leading a more balanced life, I am taking a few days off to celebrate my wife's birthday in style. So there will be no Daily Incite on Friday. We'll catch everyone up on Monday.
Have a great weekend, since mine is starting now.
Top Security News
Microsoft Vista Delayed Further (http://biz.yahoo.com/prnews/060321/sftu157.html?.v=11)
So what? - I know, it's hard to believe but Microsoft is slipping Vista's full roll-out until early January. Early business adopters can get it in November, but no one is going to do that. This has minimal impact since almost very few organizations start migrating to a new Microsoft anything in the first few months of deployment. This will impact the security ecosystem of folks waiting on Vista (and Longhorn) to access new features. This also provides almost certainty that Firefox 2.0 will be out before Vista (and presumably IE 7), so there is a window for Firefox to increase market share.
Trend to Jump on the Services Bandwagon (http://snipurl.com/o0r1)
So what? - Not to be left off the train when it leaves the station, Trend does a soft release ("we aren't announcing anything formal") that they will also offer a subscription AV and other assorted security goodies. Scarily enough, Microsoft is driving activity in the consumer AV sector and innovating from a packaging standpoint. That just proves how fat, dumb, and lazy the AV incumbents have become.
Check Point Announces Eventia 2.0 (http://www.checkpoint.com/press/2006/eventia20032206.html)
So what? - Was there even an Eventia 1.0? Must have missed that one. Anyhoo, Check Point announces an upgrade to their SEM product. Normally I would yawn through this, but it reinforces my Incite on SIM/SEM. This kind of management functionality is clearly the domain of the security vendors, not stand-alone management vendors. Sure, it will deal best with CHKP equipment, but many folks have Check Point perimeters - so this will be good enough. I'll once again stand with my contention that SIM goes away as a stand-alone market in 2007.
Secure Software Builds into Eclipse (http://www.securesoftware.com/news/releases/20060321.html)
So what? -Secure coding products must be built right into the environments where the software is built. Secure Software shows that they can plug into the Eclipse framework. At some point, this functionality becomes the purview of the application wonks, since it is not really a "security" type of function any more. But this is the shape of things to come because the sooner you can eliminate simple code vulnerabilities, the better it is for everyone.
Security's Next American Idol (http://snipurl.com/nzy5)
So what? - Security is definitely more top of mind in our colleges and universities, which is a good thing. GA Tech in my hometown of Atlanta is running a competition with its students to award $50,000 to the one that comes up with innovations to make security easier. This is great (if not a bit hokey on the Idol link) because most security technologies are definitely too hard to use, so anything that will make it easier is certainly welcome.
Top Blog Postings
Badware's Seven Deadly Sins
On Ellen Messmer's Network World blog, she covers the first report out of the Stopbadware.org folks. I had some opinions early on (here) that this type of organization won't stop much of anything and I haven't changed my mind. So the report is out and they say some folks are bad, like Kazaa. Wow, there is something I didn't know. So what? Sure, I'll be careful on those sites, but will anyone else? I don't think so. End users need a far more automated way to control the bad stuff.
http://www.networkworld.com/weblogs/security/011559.html
Vista Takes a Stab at Malware
George Ou on his ZDNet blog rants a bit about whether Microsoft Vista will eliminate spyware once and for all. Of course it won't. So George and I concur. He brings up a number of good points in that Vista does eliminate a lot of the low hanging fruit that is enabled by run of the mill users running as administrators on their machines. But will it eliminate spyware, not a chance? There is too much money in it, so that means there will continue to be innovation. And the reality is that it will take years to get rid of XP and Win2000, which are the real problematic OS platforms.
http://blogs.zdnet.com/Ou/?p=175
Log Management is a Stand Alone Market
James Governor of RedMonk weighs in on log management and whether it is a stand-alone market. I agree that it is, but these folks (like LogLogic) value is clearly in gathering the data. Other folks will be analyzing it, but the ability to gather large amounts of data, reduce it, and store it securely UNTAMPERED (for forensics purposes) is important. But with logs you are still looking in the rear view mirror, so correlation must happen within the security devices themselves.
http://www.redmonk.com/jgovernor/archives/001421.html
The last thing anyone needs is yet another analysis engine. Customer need help in defining the actions and then remediating what is found. Automation here is critical. It's unlikely that a start-up is going to get the call on that unless they have some BIG partners. That's my opinion anyway.
But there is big value in gathering the data for someone else to analyze. There is no shame in just gathering data, and it keeps companies like LogLogic out of the crosshairs of folks like Cisco, who are doing the analysis, correlation and remediation within the infrastructure.
To use a Canadian hockey analogy, it's not about where the puck is now, but where the puck is going to be. Cisco is not going to be overly focused on gathering data from devices that are non-Cisco, though eventually they'll be well suited to buy something that does that. I don't believe that any reporting to "regulatory controls" is any different than any other report. The difference between a Sox report and HIPAA report from a security standpoint (and that's what we are talking about here) is minimal at best.
But I am a firm believer that the puck is going to end up clearly in the remediation camp. It's not enough just to gather data or even correlate it and generate a fancy colorful report. It's about remediation. I'll be doing a more detailed post on this sometime soon.
Hey Andy. Nice to hear from you. Glad you are weighing in, as opposed to having your pal James do the dirty work. :-)
Given that there are no compelling alternatives, it's not surprising that you are seeing good growth. New innovative companies usually does FOR A SHORT AMOUNT OF TIME (2-3 years). At that point, the market is validated and the big guys get involved (big is the new small) if there is sustainability in the market.
The point here is not question what you've accomplished thus far, it's about where the value is over time. Right now, it's in gathering data and providing some correlation and reporting. There aren't good options for that, certainly not for heterogeneous environments. But over time, I believe it's much more about the ability to remediate. Knowing something is broken is interesting, but being able to fix it in a semi-automated fashion is critical over time.
So, if you guys have something on the roadmap that gets you into the remediation space (likely through partnership) then let's have that discussion. But if the answer is that you see long term value in gathering data, correlating it and generating a report, then I'll have a difference of opinion on that. I got what you were saying the last time we chatted, I just may disagree with the end game.