February 25, 2009 - Volume 4, #19

Good Morning:
It's tough to find the balance. Like most of you, I struggle daily with how to spend my time. Of course, there are day job responsibilities that have to get done, but also lots of things to do around the house and I also continue to indulge my habit of writing these missives a couple of times a week.

I need to send my buddy Shimmy a big shout out today. For the last two days (yesterday [1], today [2]), he's done his own version of the "Incite" and truth be told, he's doing a great job. That just goes back to the reality that what I do certainly isn't unique, nor is the way I do it. [3]And by the way, Alan was kind enough to send me a nice email yesterday morning to make sure I wasn't steamed that he's co-opted the format.

Personally I couldn't be happier. I'm also very flattered. I read all the trade press and it's pretty dry and mostly crap. So the idea of summarizing the things that are important makes a lot of sense and then having an audience to wax poetic and spout whatever crap comes into my brain that day is fantastic. I would be very selfish, but also delusional and arrogant if I tried to "own" the format.

In today's world, content wants to be free and it's very easy to "borrow" business models. So I default back to the idea that I don't need to own everything anymore. I don't need to win if it means everyone else has to lose. This isn't a zero sum game, so there should be plenty of room for other loudmouths to share their opinions in short snippets every day.

Which brings my back to the concept of balance. Every day we all have to make choices about what we will do and what we won't do. How we'll spend the 24 hours ahead of us and what compromises that will require. The way things are going now, I'll likely only be able to do a Daily Incite type of piece once or twice a week. I find the format is somewhat restrictive to going into more detail on a topic, which is the other one or two pieces a week.

I couldn't be happier that guys like Shimmy are willing to join the conversation and adopt the format. Anything that adds value to the community at large is OK by me. It's taken me a long time, but I finally figured out that if it's good for all of you, then in the long run it'll be good for me. Now back to the tight rope.  

Have a great day.

Photo: "this guy is walking on a flaming rope" originally uploaded by noopzilla [4]
Technorati: Information Security [5], CSO [6], Security Mike [7], Internet Security [8]

[9]	The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [10]

Incite 4 U

Unfortunately I wasn't able to trek up to DC to attend Black Hat DC this year. The reason I like going to these kinds of shows is really to remind me about what is there and how although the tactics have changed, the general philosophy of what we need to do really doesn't. Richard Bejtlich really sums that up nicely in his Black Hat wrap-up [11]. His words are much better than mine.

Man, that is well said and really sums up the REACT FASTER doctrine. And it still works, though with the ability of the bad guys to cover their tracks and hide their malicious code, it's getting harder. What fun would it be if it was easy, right?

1. The only guarantee is that you'll fail - Hoff (who is looking for a new gig [12]) gets it exactly right on this one. I knew there was a significant brain drain out of IBM/ISS, but it seems there is no one left over there with any sense of security history. That's obviously not true, but to put out a statement that they "guarantee" cloud security is just asinine [13]. Unless they've figured out how to get rid of all the people that have access to the data in the cloud, they can't make statements like that. But the good news is that the Internet never forgets, and as soon as there is an issue, there will be tons of folks digging up this quote and shoving IBM's face in the hot pile of steaming you know what. I can't wait... 
   
2. Kicking the competition in the nuts - Alan hit on BigFix's 50% sale [14] in one of his "Incites" and was generally positive on the concept. I've got mixed feelings. First of all, companies compete on price when they can't compete on capabilities or value. That's usually true, but in this kind of environment, inertia is very very strong. So customers aren't going to do much of anything besides write their maintenance checks. But if you reduce their maintenance pricing by 50% that could play very well with folks trying to figure out how to do more with less. It's very aggressive, and I like aggressive. It also allows BigFix to tell the story about how patch management is only like 10% of what they claim to do. All in all, this is good marketing. Now we'll see how the competitors respond.
   
3. You probably can't do this at home - Great story on Dark Reading about how HD Moore dealt with a DDoS attack on his Metasploit sites [15]. The good news is that you probably aren't HD, so the odds you'll be specifically targets as often as he is are small. But in the event you are (hey HD!) or are a similarly high profile target, keep in mind that you can't solve these problems on your own. You need the help of fellow researchers to quickly pinpoint the origin of the attacks and likely the authorities to try to shut down the botnet command and control apparatus. Also keep in mind that you don't really "win" a DDoS fight, you try to get to a point where you can limp away. 
   
4. Time for more marshmallows, the fire sales continue - Two more deals over the past week that I'd term as "fire sales." The first is Mirage being acquired by TrustWave [16]. Lots of folks continue to wonder if NAC will ever become a real business and my stand has been pretty consistent on that. It's a feature and the question is not if, it's when the independent NAC folks are taken out of the mix. Next it's Nortel starting to divest assets as part of their bankruptcy activities and it seems RadWare is taking on the Alteon web balancing product line [17]. After a couple of years at Nortel, you wonder if there is anything but a customer list and some hardware inventory left within the Alteon group.
   
5. Virtualization security moving to the fore? Uh huh... - Sometimes you read something that just makes you laugh. I need to thank Neil Roiter for my comic relief a few days ago when I found his recent piece, "Virtualization security moves to the fore in 2009. [18]" HA! I guess there wasn't a lot to write about last week. Yes, virtualization will remain hot this year due to it's ability to make data centers more efficient. And lots of researchers will continue to try to break the virtualization layer to figure out where the issues are. I also expect the vendors to continue flapping their lips about how they are making virtualization more secure. What I don't expect to happen is for customers to give a crap in 2009. Unless one of the researchers is very successful that is.