September 28, 2006 - #126
Good Morning:
The best laid plans... How does that story go? I had every intention of doing all sorts of blogging and catching up yesterday, but alas the main water line into my house had a different plan. A good portion of the day with the plumber, dusting off the shop-vac and a trip to get a dehumidifier was my exciting activity yesterday. Ah the wonders of home ownership, but as with everything else - it could have been much worse.
Today is officially "Thomas Thursday," since Thomas Ptacek of Matasano was busy yesterday poking and prodding inline patching (here [0]) and listing what products he thinks are hot (here [0]). Most of what I think is hot is NOT related to security. But that's me. We are also seeing the leak prevention space evolve in front of our eyes. The velocity at which new markets move these days is astounding. We are seeing the bus dev phase now (here [0]) and that will eventually lead to the integration/consolidation into other categories (according to Stiennon - here [0] - and I concur).
And speaking of consolidation, Sophos has sent notice to the rest of the AV crowd about application control (here [0]). It'll be a feature of a desktop/endpoint security product in the near term. So if you are working fervently on cool, new application control technology and want to tell me all about it. Don't waste your breath. I'm interested in who you know at Symantec, McAfee, and Microsoft and why they are going to buy you and not one of the other 5-6 that do the same thing.
And to be clear, I don't hate any specific vendors. I can tell you there are individuals within some companies that I'm not a huge fan of. And I know there are many folks that just wish I would go away. But I'm not going to. I'm having too much fun. Let's keep in mind what my job is, to provide focus and perspective about all the news and activity in the information security space. Sometimes I'm a bit colorful and controversial in how I call things out (especially stupid things), and if you are still reading, then you appreciate it. Those on the receiving end of a tirade... not so much. But always remember that I'm an equal opportunity offender. I don't play favorites and I call it like I see it. If you can't deal with that, then change the channel.
Have a great day.
Technorati: Information Security [1]
Top Security News
http://www.sophos.com/pressoffice/news/articles/2006/09/application-control.html [2]
Link to this [2]
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1218406,00.html [3]
Link to this [3]
http://www.darkreading.com/document.asp?doc_id=104437
[4]Link to this [4]
http://biz.yahoo.com/ap/060927/eu_symantec_microsoft.html?.v=7 [5]
Link to this [5]
http://biz.yahoo.com/prnews/060927/law028.html?.v=74 [6]
Link to this [6]
Top Blog Postings
http://www.matasano.com/log/521/network-patching-is-not-an-alternative-to-third-party-patching-chris/
[7]Link to this [7]
here [7]) who posted their list of 6 hot security products. So he had to weigh in with his own top 6 cool stuff. 3 of the 6 are consistent with Dark Reading (Voltage, secure coding tools - Coverity, and next gen attack tools - CORE IMPACT). The rest are a mix of open source things (like PaiMei), non-intrusive vulnerability monitoring (Tenable), and network segmentation (not really a product, but a religion). Not being a developer, I was unfamiliar with PaiMei - which sounds cool. I guess the point is that there is no lack of cool things that we can (and should) be doing. But it gets back to prioritizing and figuring out what will have the most value to the business.
http://www.matasano.com/log/522/the-matasano-h0t-s1x-4-0h-s1x-security-technologies-to-pay-attention-to/
[8]Link to this [8]
here [8]) and Extreme/Reconnex are shepherding in a new phase for this category. But we will see consolidation and I agree with Richard's assessment that this will cease to be a stand-alone market. I'm figuring by the end of 2007. He's also right on the money that other categories (email security, perimeter defense, content filtering) will be adding leak prevention to their stuff as well, it's happening already.
http://blogs.zdnet.com/threatchaos/?p=411
[9]Link to this [9]
http://www.stillsecureafteralltheseyears.com/ashimmy/2006/09/is_price_ever_e.html
[10]Link to this [10]