logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - August 25, 2006

By Mike Rothman
Created 2006-08-25 09:12
Today's Daily Incite

August 25, 2006 - #103

Good Morning:
Hi, I'm Mike. And I'm a blogaholic. That's right, I'm looking for a 12-step program that would allow me to cure my need to share my opinions for free and not complete documents that pay money. I had all good intentions of being pretty quiet on the blog this week and complete some customer deliverables during a restricted work schedule due to some travel and family commitments. But the best laid plans...

So first of all ISS gets bought, which totally screws up my Wednesday. Then on Thursday I decide to pick a fight about UTM because it would give me the opportunity to quote Pink Floyd. I wonder what my therapist will say about that. But the UTM discussion is interesting. To gain the context, read my posts (here [0]) and then you can go see Hoff defend his territory (here [1]) and Alan Shimel throwing his 2 cents in as well (here [2]). And just for the record Alan, though you are a few years older Pink Floyd's Animals is my favorite Floyd album as well. I fancy myself to be a Dog, but I eat like a Pig. Go figure...

Based on my commentary below, today is Cynical Friday. I'm pretty much poking holes in everything, from NAC interoperability (here [2]) to market share numbers (here [2]) to virus response times (here [2]) to SIM event formats (here [2]). And with good reason, I believe. Lots of this stuff seems pretty wacky to me. Let me know what you think.

Have a great weekend.

Top Security News

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1212324,00.html [3]
Link to this [3]

here [4]), relative to who will be the next Big Security vendor to get gobbled up by a huge systems management/systems (HP and Sun have little security presence) or Networking (Nokia, Ericsson, Lucent/Alcatel) vendor. I've been saying for a while that security is ultimately a feature and that's why "Big is the new small." I guess sometime next year, I'll need to change that to "Huge is the new big." But the IBM/ISS deal has Wall Street aflutter, and speculation is running rampant about McAfee and Symantec. I think they are looking in the wrong places. CheckPoint is the biggest of the independents left and McAfee is also a doable deal. Symantec (at what would be more than $18 billion) is not, even for HP. The next layer down is Secure Computing, SafeNet, SonicWall and Websense with around $50 million a quarter, which may not be enough to interest the HUGE. But if anything, the i-bankers will stay busy because the feeding frenzy is underway.
http://www.forbes.com/2006/08/24/hewlett-packard-0824markets07.html [5]
Link to this [5]

here [5]), but I continue to be amazed at how the quant analysts (predominately IDC and Gartner Dataquest) publish market share numbers that are 8-10 months old and vendors flog these reports like they are news. In this clip, Websense feels the need to pat themselves on the back and claim victory for battles they may have won 8 months ago. Whoop-de-do. And that's if you believe the market share numbers, which I know from experience are not totally correlated to reality. Websense has missed two quarters in a row and it seems that their market is saturating TODAY. What do Dataquest's 2005 numbers say about that? So let's congratulate Websense for being the big dog of web filtering and jump into the time machine to go back to 2005 where maybe it mattered.
http://biz.yahoo.com/prnews/060824/lath022.html?.v=67 [6]
Link to this [6]

http://www.informationweek.com/story/showArticle.jhtml?articleID=192205127 [7]
Link to this [7]

http://www.darkreading.com/document.asp?doc_id=102192 [8]
Link to this [8]

Top Blog Postings

here [9]) because we are all in agreement that over time, infrastructure security does happen within the network. Of course, information/data security is a different animal, but I digress. The real question is when, not if.
http://taosecurity.blogspot.com/2006/08/all-network-security-functions-in.html [10]
Link to this [10]

here [10]) is now in the rear view since Microsoft re-issued the patch today. It turns out it was a problem with a piece of SMS that prevented the original patch from working. Check out Ross Brown's post-mortem here [11]. He can't help but get a few more pokes in. But, that being said there is still a huge difference of opinion relative to what responsible disclosure means. Captain Privacy, Martin McKeay, weighs in on the side of more disclosure, and pushes back against the somewhat arbitrary descriptions of "responsible." I'm not sure I buy this. To me, it's all about consistency. Security researchers are within their rights to set reasonable deadlines. If the vendor in question does not have the issue addressed, then disclose. But to not give the heads-up and a reasonable timeframe puts end-users at undue risk, and that's not acceptable.
http://www.computerworld.com/blogs/node/3299 [12]
Link to this [12]

http://ddanchev.blogspot.com/2006/08/virus-outbreak-response-time.html
 [13]Link to this [13]

http://infosecplace.com/blog/2006/08/23/reporting-standard-for-sim-needs-to-be-adopted
 [14]Link to this [14]

http://securityincite.com/blog/mike-rothman/my-plan-is [14]

Security is just another brick in the wall
I saw an interesting post by Seth Godin that I thought was very relevant to the security business. There are only a few ways to increase market share and two ways to innovate to solidify that market share (according to Godin), and we are seeing one of them in action in the security business daily. It's the "another brick in the wall" strategy, where vendors keep adding functionality until it passes the tipping point and customer migrate to the integrated solution. And it gave me an opportunity to quote lyrics from Pink Floyd, so this was a double whammy post.
http://securityincite.com/blog/mike-rothman/security-is-just-another-brick-in-the-wall [14]

RIP Perimeter BOB
Sometimes I forget that I need to be very very careful with words when I mention UTM, lest I raise the ire of the verbose Chris Hoff. Well, I did and he responded and then I had to respond. So this post publishes Chris' comment and then my clarifications and response. Of course, I need to get the last word because this is my blog after all. But as you saw from the intro rant, both Chris and Alan Shimel posted their own ideas where they are the home team.
http://securityincite.com/blog/mike-rothman/security-is-just-another-brick-in-the-wall [14]

Read yesterday's Daily Incite
http://securityincite.com/TDI-2006-08-24 [14]

Technorati: Information Security [15]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-august-25-2006

Links:
[1] http://rationalsecurity.typepad.com/blog/2006/08/best_of_breed_s.html
[2] http://www.stillsecureafteralltheseyears.com/ashimmy/2006/08/pigs_three_diff.html
[3] http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1212324,00.html
[4] http://www.emergentchaos.com/archives/2006/08/whos_next.html
[5] http://www.forbes.com/2006/08/24/hewlett-packard-0824markets07.html
[6] http://biz.yahoo.com/prnews/060824/lath022.html?.v=67
[7] http://www.informationweek.com/story/showArticle.jhtml?articleID=192205127
[8] http://www.darkreading.com/document.asp?doc_id=102192
[9] http://taosecurity.blogspot.com/2006/08/mssps-what-really-matters.html
[10] http://taosecurity.blogspot.com/2006/08/all-network-security-functions-in.html
[11] http://technobabylon.typepad.com/tb/2006/08/a_dizzying_inte.html
[12] http://www.computerworld.com/blogs/node/3299
[13] http://ddanchev.blogspot.com/2006/08/virus-outbreak-response-time.html
[14] http://infosecplace.com/blog/2006/08/23/reporting-standard-for-sim-needs-to-be-adopted/
[15] http://technorati.com/tag/information%20security