September 11, 2008 - Volume 3, #76

Good Morning:
Today is a solemn day in the US. It's the day we remember the senseless attack. The fallen innocents. The serious chaos that resulted. We also need to celebrate the resilience of a democratic and free way of life. The terrorists wanted to cower us, and not so much. Our financial markets recovered in days, not weeks. Our country rallied to fight against the common enemies. There is no purpose in winging about still being in the Middle East or any of the other debates smart passionate people argue about today. That is not respectful of the memory of those lost.  

I was actually in Boston on Sept 11, 2001. I flew into Logan that morning. By the time I got to the office, the first plane hit and they were trying to find the second. CNN.com had crashed, so one knew what was going on. Then my CEO brought out his little TV and we watched until the towers came down on a 4" screen. I finally had to take the train home to DC 2 days later because all the flights were still grounded.

I don't think I was ever so happy to get home and hug my wife and baby (Leah wasn't yet a year old).

As serious as 9/11 is, September 12 is truly a celebration in my house. Tomorrow we'll wish the twins a Happy 5th Birthday. I remember both 9/11 and 9/12 of 2003 like it was yesterday. I was wrapping up a sales rally at TruSecure and hoping to not get the "call" that the Boss was going into labor before I finished up my last presentation for the field. She was 37 weeks pregnant and carrying almost 14 pounds of baby. She could have popped at any time.

But she held on until the scheduled birth on 9/12. The funny thing is that we know another 3 or 4 kids that have 9/12 birthdays as well. We picked that day and evidently we weren't the only one's with this idea. We didn't want the twins to have any kind of stigma to the day they entered the world.

My folks kept telling me that time just flies, and it really does. I look at Lindsay and Sam and I'm just amazed. They were born one minute apart, but they are so very different. They've got different temperaments, personalities, opinions, and likes/dislikes. Yet, they are best friends. We went to our niece's birthday party last weekend (Happy Birthday Rachel!) and saw the two playing together, they were inseperable. And it was really cute.

Happy Birthday Lindsay and Sam. 

Have a great weekend. 

Photo: "9/11 Reflections" originally uploaded by Sister72 [1]

Technorati: Information Security [2], CSO [3], Security Mike [4], Internet Security [5]

[6] The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [7]

Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [8] [9]

Top Security News

Dark Reading article on SIEM [10] reminds me of those decisions. But I think many security managers are missing the point of what a security management platform is supposed to do. It's about control and automation. The reality is no human can wade through the morass of data that comes out of our security devices. Add in a bunch of other devices (like the network) and any shred of monitoring (like NetFlow, for example) and there is just no way a human scales. So you need tools. Saying you're too busy to do your job is a cop-out, pure and simple. Now if it was just about time, then I can accept that. But this is about not being able to do your job, so the too busy excuse just doesn't hunt. But it's not just the customers that are at fault, it's a continued indictment of the security management market that the solutions still don't go in cleanly and with little integration. When a customer doesn't have the time to implement a solution that will change the way they do things (for the better), then lots of things are screwed up.
Link to this [11]

Jimmy Ray in the NetworkWorld Community about the importance of running your own honeypot [12]. Is this to "trap" the bad guys? Nah, it's to learn. By checking out attack traffic and spending some time analyzing how the honeypot was attacked (and presumably compromised), you can learn what's happening out there. You can see potential new attack vectors that will allow you to tune your defenses. But ultimately you keep your knowledge fresh, and in a business as dynamic as security, that's where the real honey is.
Link to this [13]

this release from Secure Computing guaranteeing 99% effectiveness [14], I though it's a pretty bold move. Though it would have been a lot more relevant 3 years ago. I can't recall the last time I saw catch rate being used as a differentiator. Doesn't everyone know that all the devices are equally mediocre? Today one is at 98%, tomorrow 93% and the next day 100%. That's the way spam works. It's still a serious arms race. So let's say a customer is swayed by the thought of a 99% guarantee. How do they know? Oh, Secure's appliance tells them what the catch rate is. I wonder if they've hard coded an automatic 99.1% catch rate in the reporting engine. Yes, I'm joking. It's kind of like the fox reporting that they haven't eaten any of the chickens, even though the hen house is empty. So let's say the box does say you only get a 97% catch rate, what then? You get a 3 month extension on your maintenance. Right, it's not like they are going to give you the money back on the box. Or let you pull it out and buy something else. So, don't look behind the curtain and appreciate this for the sound bite that it is.
Link to this [15]


The Laundry List

Top Blog Postings

http://layer8.itsecuritygeek.com/layer8/wonky-thought-for-the-day [20]
Link to this [21]

http://www.emergentchaos.com/archives/2008/09/risk_managers_are_just_li.html [22]
Link to this [23]

http://andyitguy.blogspot.com/2008/09/security-roi-debate-continues.html [24]
Link to this [25]