March 31, 2006

Good Morning:
Today is the end of the first quarter. Hard to believe. I've been back in the game for almost 3 months and it has been a blast. First I want to thank everyone for reading. Sometimes it's hard to know if anyone is listening out there, but based on the amount of traffic I'm seeing on the web site and the increase in blog and newsletter subscriptions, it seems that my work is starting to resonate. Please keep the comments coming, my research is meant to be interactive - so if something doesn't make sense or you need clarification let me know.

Of course, a guy like me is never satisfied, so look for a bunch of new stuff in Q2. My end user subscription offering will hit in the next two weeks and some new interesting services for vendors are also on tap. And there will be no lack of research, given that I have a lot to say on a lot of topics.

Have a great day and close strong (whatever business you are in).

Top Security News

Xenophobia is in full effect
So what? - The vultures are circling. If this Lucent/Alcatel merger happens, the politicos will be all over it instantly. The fact that it's the natural order of things, and no US company would buy Lucent notwithstanding. This is a higher profile deal, so if the Alcatel board doesn't blink and actually moves forward - let the battles begin. This quote from the Reuters article says it all: "U.S. defense officials "aren't eager" to see a foreign takeover of Lucent's Bell Labs unit -- a star U.S. innovator."
http://www.channelweb.com/sections/allnews/article.jhtml?articleId=184416981&cid=ChannelWebNews
 
Interview with Verizon Data Center Security Guy - Protect the data first.
So what? - This is an interesting interview with the guy responsible for protecting Verizon's data centers. It focuses primarily on the physical side of security (like protecting against a truck bomb, etc.), but the issues are real - especially if you happen to work in a larger environment (and thus have a bigger target on your head).
http://snipurl.com/ofr1

FrontBridge is Now Exchange Hosting Services
So what? - FrontBridge lives! Microsoft made the first announcement as to what they are doing with their acquired email hosting company. They've been awfully quiet since the deal closed last fall. Predictably the offering picked up the Exchange branding. They are offering not only hygiene services, but also archiving, continuity, and encryption. They do need to have some story about IM (the other guys do). If you don't think this business is important to Microsoft, just check out the video of Steve Ballmer introducing the offering (here). The CEO of a $40 billion company does not record a video unless they are going to be pushing.
http://www.microsoft.com/presspass/press/2006/mar06/03-29EHSPR.mspx

Phishing without the email
So what?- This is actually an interesting new attack. Kind of like pharming, but not. The hackers figured out a way to redirect the web traffic in the network and funnel visitors to a phishing-like site to gather the personal information. Thankfully, the hosting provider caught the scheme quickly and shut it down. But this underscores the need to externally test your web site pretty much every day to make sure the links are right and nothing has been tampered with. This is especially true if you handle private data on your site.
http://www.securitypipeline.com/184416975

Yet another security benchmark - but it's not a bad thing
So what? - SITA (the airline network infrastructure provider) and INS (the networking pro serv shop) announced a new benchmark to compare information security capabilities across the air transport industry. By itself, this announcement is not that interesting, but it's always good to have a comparable point of reference for what you are doing. Knowing how you stack up relative to folks that look a lot like you (industry, geography, etc.) can be very instructive. I'm not advocating reverting to the mean if you are on the cutting edge of your industry, but if you are way behind, it's good to know that.
http://biz.yahoo.com/bw/060330/20060330005475.html?.v=1

Top Blog Postings

David Cowan on whether the security arms race will continue
The security front man for Bessemer Venture Partners provides an interesting perspective on the "cat and mouse" game that we play with the hackers every day. He's right in that there is no forseeable catalyst to change the balance of power. Now that hacking is an acknowledged business, we are going to continue to see new and innovative ways to separate private, monetizable information from customers and employees. Our job is to make sure that doesn't happen.
http://whohastimeforthis.blogspot.com/2006/03/cat-and-mouse.html

Shimel on dedicated appliances
Alan Shimel announces the availability of his company's free IDS on a virtual machine in this post. This whole virtual machine topic is heating up big time. I've seen some pundits advocate running all applications in virtual machines to basically firewall one application from another, but that is overkill for all but the most technical of us. But as customers look to simplify their DMZ, the idea of integration and virtualization is going to be critical. Whether it happens in hardware (like Crossbeam) or software (like VMware) this is a trend we all need to pay attention to.
http://ashimmy.typepad.com/ashimmy/2006/03/does_the_market.html

InformationWeek is making me numb on this data privacy issue
It must be some kind of record in that the revolving band of bloggers at InformationWeek has written about data privacy every day. And it's all sounding the same. We need to do more. These companies are idiots. I'm appalled. OK. No mas. We get the message. Unfortunately continuing to preach the same gospel is not going to convert any more believers. Yes, it's an important issue, but it's not the only issue that end users are dealing with right now. Tony Kontzer's post is more of the same, but now there is the threat of legislation if we don't fix it. Here's a news flash, the US Congress is going to do something and it's going to be a pain in the ass. That's what happens when consumers are pissed off (ask Sarbanes or Oxley about that).
http://www.informationweek.com/blog/main/archives/2006/03/when_it_comes_t.html

77 Gateway firewalls is just too many
Richard Stiennon is gathering data. For what it's not clear, but data always generates some interesting tidbits. In this blog post he mentions there are still 77 security gateway vendors, and obviously that is just too many. Of course, there are quite a few categories, but the reality is that there is the day of reckoning is coming in that space and then Richard will have a better answer on where security companies go when they die.
http://blogs.zdnet.com/threatchaos/?p=303

No Talent in the US says McAfee?
CJ Kelly on ComputerWorld doesn't believe it when McAfee says they are investing in India because they can't find qualified folks to build security software here in the US. I wrote about the same story in yesterday's Incite and drew a totally different conclusion. Why would McAfee (or anyone for that matter) be exempt from hiring folks in India? It's cheaper and the workers are plentiful. If I need to train folks anyway, what is the difference whether they are in India or in the US? That's not really outsourcing, it's offshoring. And capitalists must accept the fact that it's reality. If you don't like it, move to China. Even they cannot control market forces entirely. I also disagree with the fear of "outsourcing" security somewhere else. Sounds like more xenophobia to me.
http://www.computerworld.com/blogs/node/2137

Recently on the Security Incite Rants Blog

Third Party Patching - It's PR, not a market
I got a little annoyed by a post I saw from InformationWeek speculating on the longevity of the 3rd party patching opportunity. Suffice it to say, I'd take even money that the lifespan of your average fruit-fly is going to be longer. 
http://securityincite.com/3PP-PR

Drive-by: Spam Cube or Should I Say Scam Cube?
I  did an impromptu drive-by on a new consumer targeted spam device called the Spam Cube. Let's just say I was underwhelmed.
http://securityincite.com/drive-by-spam-cube

Read Thursday's Daily Incite
http://securityincite.com/blog/mike-rothman/the-daily-incite-march-30-2006