The Daily Incite - March 30, 2006

Submitted by Mike Rothman on Thu, 2006-03-30 08:42.
::
Today's Daily Incite

March 30, 2006

Good Morning:
I published my second drive-by yesterday on Skybox Security. I'm looking for feedback on whether the concept adds any value. Drop me a note when you get a chance and let me know. Other than that a pretty slow day, the xenophobia drumbeat is expecting an issue with Lucent/Alcatel. I don't specifically point to anything in today's Incite, but get ready - it's going to be an issue.

Have a great day.

Top Security News

Is Your Tax Data Safe? (http://www.securitypipeline.com/184400794?CID=rssfeed_pl_scp)
So what? - Talk about airing dirty laundry in public. The IRS got thumped again for not adequately protecting private financial data. I guess I'm not surprised, but still... And it's not like we have a lot of choices about who processes our tax returns. So I guess it's 10 Hail Marys and hope if there is a problem, it's not your information.
 
Security Breach Notification Will Help MSP? (http://www.thechannelinsider.com/article2/0,1895,1943487,00.asp)
So what? - This story actually has a pretty interesting concept, that the security breach laws (like CA SB 1386) would be good for MSP business. I guess I don't see the connection. Smaller companies may favor MSS offerings because they don't have the horsepower to do it internally, but how is that driven by 1386? If anything, MSPs should be wary of these kinds of catalysts, since if something happens on the MSPs watch - who is the first group you sue? That is right after you pull all of your customer's arrows from your back.

Anti-Malware Vendors Smoking Some Good Stuff Ahead of Microsoft's Entry (http://www.thechannelinsider.com/article2/0,1895,1943949,00.asp
So what? - The delusion on the part of the fat, dumb and lazy AV business is amazing. Microsoft may not get all of the business in the first year, but they are going to have an impact. And it has nothing to do with Vista being late. OneCare will be available this year and it will gain market share. Keep in mind that this is a mature market, so that market share will be at the expense of someone else. End users (especially at the low end) should absolutely consider Microsoft because AV is a commodity.

Web Application Firewall Space Maturing Quickly  (http://biz.yahoo.com/bw/060330/20060330005091.html?.v=1)
So what?- It's funny how quickly we see mature market tactics happen nowadays. In this release, Imperva is offering a trade-in promotion on competing web application firewalls. Usually this is just a technique to annoy the competition, but it's not usually deployed until you are trying to make a leadership statement. That happens closer to the end of a markets evolution, as opposed to the beginning. Given the consolidation already happening in this space, this is more about that fact that they are still out there and independent, rather than anything else.

McAfee's Got a Checkbook and They Aren't Afraid to Use It (http://snipurl.com/od3v)
So what? - Consolidation is a fact of life in the security business, and that's not going to change. McAfee is the latest to say they've got the checkbook, which is one of the worst kept secrets around. Interesting that they're interested in deals up to $500 million. I just don't think we'll see them do anything that big. From an end user perspective, don't expect that a start-up is going to provide an architecture - they solve specific problems. Big is the new small - evidence is everywhere.

Top Blog Postings

SANS role in 3rd party patches
George Ou tells SANS to either get off the pot or you know, relative to their role in validating third party patches. SANS did a good job with the first one, but seemingly put their head in the sand for the latest one.
http://blogs.zdnet.com/Ou/?p=181

Where Do Security Companies Go to Die?
Steinnon asks the question, which is actually pretty interesting. I think we all acknowledge that a bunch of companies don't make it. If they have any kind of customer base, then their assets will be bought on the cheap. If not, then it doesn't really matter if they die, now does it? I guess Stiennon wants to start a list, maybe like F*****dSecurityCompanies. That would be funny for about a minute.
http://blogs.zdnet.com/threatchaos/?p=301

Recently on the Security Incite Rants Blog

Drive-by: Skybox Security - Nice to have or Must have?
In my second drive-by, I take a look at Skybox Security with a fresh set of eyes.  They have some interesting technology, though some issues in how they describe it. But overall, it's not clear that this is a must-have technology. 
http://securityincite.com/blog/mike-rothman/drive-by-skybox-security-nice-to-have-or-must-have

Inciting: Podcast on Check Point/Sourcefire Merger
I was invited to participate in Martin McKeay's weekly podcast on network security. Check it out for a wide ranging conversation on all of the potential impacts of the demise of the Check Point/Sourcefire merger.
http://securityincite.com/blog/mike-rothman/inciting-podcast-on-check-point-sourcefire-merger

Read Wednesday's Daily Incite
 http://securityincite.com/blog/mike-rothman/the-daily-incite-march-29-2006