The Daily Incite - March 27, 2006

Submitted by Mike Rothman on Mon, 2006-03-27 10:40.
::
Today's Daily Incite

March 23, 2006

Good Morning:
Check Point and Sourcefire was all the rage on Friday. What I wrote (link below) must have hit a nerve, since my web site had the most hits in its (short) history by a factor of two. I haven't had a chance to troll the blogosphere this AM, but will have lots more stuff in tomorrow's Incite.

I did enjoy my vacation, thanks for asking. I took the boss (that's my wife Jodi for those not familiar with my lingo) to Las Vegas for the weekend with another couple. We made a minimal amount on the tables, saw some great shows and ate in decadent fashion. I tend to get quite wrapped up in my daily work and family activities, so getting away with no distractions is important.

Have a great day.

Top Security News

10 Tips in 10 Minutes: Phishing Exposed (http://snipurl.com/o8yo)
So what? - This is a great set of tips that everyone should send around to their staff. End user training is something that we definitely don't spend enough time on, and these kinds of tips can be very helpful to stop the typical users from hurting themselves.

Information Security a Concern for Outsourcing Executives (http://biz.yahoo.com/bw/060323/20060323005167.html?.v=1)
So what? - As I've ranted fairly frequently, most surveys are crap. I'm not sure this one is an exception, but at least it gives me another opportunity to discuss the security ramifications of outsourcing, which is happening on a global basis. Providing access to external parties to your key intellectual property (be it software, customer information, HR data, etc.) REQUIRES more stringent security. This single issue will drive a lot of network access control in 2007.

Microsoft Shakes Up Security SBU (http://snipurl.com/o8zi
So what? - Nash is out, Ben Fathi is in. Will this make a difference? Probably not, but Mike Nash was pretty high profile and he probably tired of getting kicked in the teeth every "Patch Tuesday." It would be easy to interpret the lack of progress and the alleged security-oriented delays in Vista as straws that broke Nash's back, but I dont think that's the case. Microsoft changes horses fairly frequently for a big company, and that's a good thing. It will be interested to see what immediate visible changes Fathi brings to the table because Microsoft still has a lot of work to do.

Deal: Protegrity Buys OmniSecure  (http://www.protegrity.com/pressreleases/32106release.html)
So what? - Normally this deal wouldn't hit the radar. Candidly, it's not too exciting to see two small vendors that no one has heard of getting together. Protegrity has been rolling-up some companies and are focusing on "application" security, but their message is remarkably undifferentiated. What is interesting about this deal is that it will receive no scrutiny (as opposed to CheckPoint/Sourcefire) even though OmniSecure had DEVELOPERS in China. Maybe because Protegriity is not high profile or the US Feds don't use their stuff extensively this isn't a problem. I really can't stand inconsistent behavior.

Case Study: Engineering Firm White Lists Apps (http://www.securitypipeline.com/181503931)
So what? - This case study in Network Computing is pretty good. I am a fan of the application control method of endpoint security, but there are always issues. This article delves pretty deeply into how an engineering firm deployed SecureWave's Sanctuary system, including the hard work for set up. The power of application control is that a user cannot run an application unless it is explictly allowed. But, getting that list right for any larger organization is hard work.

Top Blog Postings

Check Point and Sourcefire Call Off Merger
Lots of opinions on this issue in Friday's Blog Posting. I'll just list a few here. Martin McKeay is a disappointed as I am about this. The Feds have little place in this kind of interference. Richard Steinnon seems happy, which is beyond me. But his thinking is that Check Point should keep their focus on the network security markets. First of all, Sourcefire is network security. Secondly, Check Point does not have enough stuff to be a long term player. If they are not going to get bigger (by buying stuff), then they are going to be marginalized. Steinnon is way off on this one. Dan Farber questions whether the Feds would have been able to get involved if Sourcefire was totally open source. Fact is, if Sourcefire only had Snort, it wouldn't be worth much - so that argument is irrelevant.

Martin McKeay: http://www.computerworld.com/blogs/node/2086
Richard Steinnon: http://blogs.zdnet.com/threatchaos/?p=299
Dan Farber: http://blogs.zdnet.com/BTL/?p=2767

LoJack for you Laptop?
Douglas Schweitzer on his ComputerWorld blog uses the Fidelity laptop theft news item to make the point (again, how many times do we have to make it) that full disk encryption is critical if those personnel have access to private information. Again, this is not for everyone, but if someone has access to personal information and there is any chance that that information will end up on a laptop, then you need to encrypt it. It will be fraction of the cost of actually fixing the situation. Ask Fidelity about that.
http://www.computerworld.com/blogs/node/2085

Should Vendors Institue a Pay-for-Brief Policy?
The analyst relations folks over at ARmadgeddon bring up an interesting thought. It seems that the G-men don't plan on providing any kind of value during a briefing unless the vendor is a paying subscriber. Should vendors do the same? Though an interesting concept, one of the values of a strong analyst relations effort is to push the vendor's "agenda" and try to establish thought leadership. Obviously that would go away if a vendor tried to charge an analyst for that time. But the point that vendors do spend a lot of time responding to ridiculous analyst queries is a good one.
http://armadgeddon.blogspot.com/2006/03/should-vendors-institute-pay-to-brief.html

Recently on the Security Incite Rants Blog

No Deal: Check Point and Sourcefire is Kaput!
In this pretty short rant, I examine the impact of Check Point and SourceFire walking away from the alter. In brief, America gets a black eye (for it's ridiculously xenophobic stance on this), Check Point is a huge loser, and Sourcefire comes out smelling like a rose.
http://securityincite.com/blog/mike-rothman/no-deal-check-point-and-sourcefire-is-kaput

Read Thursday's Daily Incite
 http://securityincite.com/blog/mike-rothman/the-daily-incite-march-23-2006

The "10 tips in 10 minutes",
Submitted by Security Dogsbody (not verified) on Mon, 2006-03-27 13:17.
The "10 tips in 10 minutes", while not too technical for many of us, is way over the head of the ordinary user; ours would not get past the first paragraph of the first tip for the most part. The end-user education problem is, first, getting their attention, and second, keeping it long enough to impart some basic rules: Don't click on links in emails. Period. Don't open attachments in emails unless it's something you expect. That's just about it. Trying to get them not to surf to goofy sites has proved futile, and in spite of this, there will always be some users who will always open attachments, and follow links.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.