May 9, 2006

Good Morning:
I'll admit it. I was pretty grumpy yesterday. For those of you who know me personally, that's probably not surprising. But I can say I've been much happier since I've launched Security Incite and the grumpy days are far outnumbered by days that I'm just happy to be doing what I enjoy, which is to be a professional loudmouth.

In terms of the security business, there was lots of activity - but little of note. A bit of business development and Symantec is presenting their new "vision" to customers at their annual conference. I probably should have gone to check it out, but I find most of those vendor shindigs a waste of time. Nothing they tell me there really changes my opinion and to see many of other analysts overtly kissing ass just makes me sick.

I did revisit the analyst business a bit and rant about the Magic Quadrant and it's impact on the user and vendor community. It was the perfect end to a grumpy day. Just to unleash some venom is a bit cathartic sometimes.

Have a great day and I hope it's a happy one.

Top Security News

Symantec's vision is blurred
So what? - It's always entertaining when the business media covers security companies. Symantec is having their annual customer conference this week, and I decided to pass on attending. I figured I'd be able to get a blow by blow from lots of different folks because Symantec is a heavily covered company. Evidently John Thompson's keynote was set to allay customer fears about competition on all fronts. This quote kind of sums it up: "Thompson said Symantec can help businesses build a trusted and secure environment so they can grow their businesses instead of worrying about security problems." If you believe that, I have some Las Vegas real estate I'd like to show you. No one, not even the Big Yellow, can provide a silver bullet to build a "trusted and secure environment." Customers are still the main integration point.
http://www.thestreet.com/_yahoo/tech/software/10284322.html

More on Symantec: Bundling is in
So what? - Symantec also introduced one of their key areas of focus at the customer conference: IT Compliance. Not that I'm a fan of trying to chase compliance dollars that won't be there in a year, but I think when you are big like Symantec - you need some type of rallying cry and IT Compliance is as good as any. They've got a lot of technologies that can be wedged in some way, shape or form to address the compliance issue. Would I buy everything from the Big Yellow right now. Hell no! In order to make this kind of positioning stick they'll need to do a better job of integrating because ultimately "compliance" is really a reporting initiative and all of the components need to be integrated - at least from an information standpoint.
http://www.symantec.com/about/news/release/article.jsp?prid=20060508_03

Check Point chasing UTM
So what? - It seems that what's next for Check Point, after Sourcefire went kaput - is UTM. Normally I'd thump them on the head for being so late to market, but with Check Point's existing customer base and global channels they could be a player in UTM. This CRN article talks about how they are adding functionality to the VPN-1 platform to make it UTM-like. We've seen folks like ISS rejuvenate their business by upgrading the software customers to an integrated platform. Citrix has become a player in security by leveraging their channels. If you combine the two (huge software installed base and channels) you get Check Point. I'm of the opinion that CHKP could pull an ISS and move folks to their own hardware platform (no SPLAT is not sufficient). Yes that would piss off the existing hardware partners, but that's life in the big city. The status quo for these guys is a road to nowhere.
http://www.darkreading.com/document.asp?doc_id=94320&f_src=darkreading_section_318

RSA business development in high gear
So what? - RSA always had a driving business development culture, but that was mostly based on having to secure design wins for the RSA crypto engines. Of late, they have been very active in getting other folks to embed their Cyota/Passmark "contextual authentication" technology built in. S1 had already been integrating PassMark into their suite of offerings and Financial Fusion (a Sybase company) has also agreed to bundle in the RSA technology. This is mostly to address the FFIEC requirements, and as I mentioned yesterday, I think we are going to see a lot of activity in this consumer authentication space over the next 6 months - as the reality of a new regulation sets in.
http://investor.s1.com/phoenix.zhtml?c=77921&p=irol-newsArticle&ID=853396&highlight=
http://www.financialfusion.com/newsroom/release_display.fusion?id=1-311-81Q&year=2002

The role of SSL VPNs in NAC
So what? - I usually don't refer to the work of other analysts - candidly because most of it just sucks. Actually I will if it sucks so bad that I just have to point it out. This situation is neither, but it continues to amaze me how companies try to wedge their technology into the "hot category of the day" bucket to ensure they don't miss anything. Aventail is now positioning their SSL VPN technology as a key part of network access control (NAC). Of course, Jeff Wilson of Infonetics says it's so, therefore it must be true. I need to delve into this more specifically in the NAC series, but suffice it to say that Jeff is talking at a pretty nebulous level about what NAC is and that leaves plenty of room for vendors to try to wedge into the space. And I'm sure they'll buy plenty of his reports (this is the guy that says NAC is going to be a $4B market).
http://www.aventail.com/news/press/2006/03_30_06.asp

Top Blog Postings

Identity Theft is not a priority
I guess we shouldn't be surprised because the FBI has a lot of stuff on their plate. So the CNET blog reports that although cybercrime is an important priority - identity theft within cybercrime is not. Computer intrusion, child pornography and intellectual rights violations hold higher weight in the bureau. Hmm. I guess if they got out ahead of the computer intrusion issue, that would do a lot to keep ID theft in control. Ultimately, I'm not sure it matters. The FBI is not staffed to do any real level of investigation and/or prosecution of all of these crimes. It's basically statistical. The FBI will get a few and hopefully make examples out of them. The bad guys will continue to hope that it's not them. And we as consumers and security professionals will need to take matters into our own hands and provide the best protection we can.
http://reviews.cnet.com/4531-10921_7-6518629.html

Bot masters hitting the big house
Two separate convictions and sentencings for hackers hit the news today. One guy is going away for almost 6 years for running a bot network and compromising some military networks. The damage he caused seemed pretty minimal and his activities netted him about $60k and a BMW. You'd think it would be more lucrative, no? The second guy hasn't been sentenced yet, but he took down a hospital network and also broke into some military networks. I think these are good datapoints and more of these harsh sentences will deter amateurs from doing this stuff, especially in the US. But this will have no impact on the professionals, since many operate outside the US and will be much harder to catch.
http://blog.washingtonpost.com/securityfix/2006/05/botmaster_sentenced_to.html
http://www.securityfocus.com/brief/204?ref=rss

Are anti-fraud measures effective?
Martin McKeay asks this question, referring to a report by the Merchant Risk Council. It seems that the risk of fraud in the online world is lower than in the offline world. That makes sense because it's much easier to poach credit cards from real merchants, though far more labor intensive. Even the Sopranos know that. The more interesting observation is that fraudsters are innovating and the standard methods used by most online merchants will not remain effective over time. This is spot on, we security professionals cannot stop evolving our defenses because the bad guys are certainly innovating on the offensive side of the ball.
http://www.mckeay.net/secure/2006/05/are_antifraud_measures_losing.html

The Phishing supply chain - Part 2
Uri Rivner of RSA finishes up his work on the phishing supply chain in this post. It's not as comprehensive (or good) as the first, but it does go a bit into how these folks communicate and exchange information. Ultimately every security professional needs to understand the enemy and their tactics, so these kinds of documents are good background reading.
http://www.rsasecurity.com/blog/entry.asp?id=1090

To hell with spammers
In today's most humorous post, Geoff Bennett on the Dark Reading site speculates about which circle of hell spammers will be destined for. It's a good read, but only for entertainment value. He comes to the conclusion that spammers are traitors, in that they compromise the trust of unsuspecting consumers. Duh! But at least I got a chuckle towards the end of the day.
http://www.darkreading.com/blog.asp?blog_sectionid=328&f_src=darkreading_section_328

Recently on the Security Incite Rants Blog

MQ does matter - even if G doesn't think so
I had to wait until I was good and grumpy to vent a bit about how little Gartner seems to understand regarding how the Magic Quadrant is used in practice. A post by Andy Bitterer set me off a bit, so I rant on how the MQ is used by lazy users and competitive vendors and why it matters, regardless of what Gartner thinks from their ivory tower.
http://securityincite.com/blog/mike-rothman/mq-does-matter-even-if-g-doesnt-think-so

Vista's impact on security markets - you don't care
Since I need to remind myself to stay focused on what matters on a daily basis, I figure my readers may need some help too. We are seeing increasing noise about the impact of Vista and I wanted to remind everyone that it's doesn't matter. I pick apart some of Yankee Group's projections in this post, but only to prove the point that there is a lot of work to do between now and the time that Vista ships. So keep your head down.
http://securityincite.com/blog/mike-rothman/vistas-impact-on-security-markets-you-dont-care

NetworkWorld Column: Blow up your campus (network)
Despite the powers that be reworking the title, this week's missive talks about the coming campus LAN (r)evolution as end users look to integrate more security (notable network access control) into their networking fabric.
http://securityincite.com/blog/mike-rothman/networkworld-column-blow-up-your-campus-network

Read Monday's Daily Incite
http://securityincite.com/blog/mike-rothman/the-daily-incite-may-8-2006