October 3, 2006 - #128

Good Morning:
I'm back. I'd say rested and repentant - but not so much on either count. I am glad to be getting back to the daily routine. Unlike Shimel (here [1]), repenting to me doesn't mean apologizing for being me. It means looking backwards and seeing what I did wrong and resolving to be better in the coming year. I've got a lot to work on. But I'm not going to apologize for calling folks out (sharp tongue or not) because I actually think my style is unique and appreciated. But maybe I'm just drinking my own bath water.

In security-land, the build-up to Vista's release is gaining speed. McAfee jumps on the anti-MSFT bandwagon (here [1]) and it's clear that end users think security is THE main advantage of Vista (here [1]), which doesn't surprise me. But it means the migration to Vista will be longer. In blog-land, similar momentum is building behind leak prevention (here [1]), but it's about more than just email. I also feel like a deal is going to happen soon in the space. There have been lots of rumors about Vontu getting taken out, which may or may not happen. But someone will be taken out and it will happen soon. I guess I'll take my Stiennon suit off now and point to the gutsy call by the Mogull to dare folks to invade his privacy (here [1]). Good luck with that.

And thanks to Christian Koch, who pointed out Cisco's new logo (here [2]). Looks like an EKG drawn by my 6 year old in crayon. They redesigned it to be more "mobile device friendly." Huh? Aren't we getting more bandwidth on our mobile devices? It's definitely less filling for me - and does not taste great. But logos are very subjective, so just because I hate it doesn't mean it sucks.

Have a great day.

Technorati: Information Security [3]

Top Security News

here [4]), which I find a bit light.
http://www.networkcomputing.com/showArticle.jhtml?articleID=193100579 [5]
Link to this [5]

here [6]). Let's just say I've seen this movie before and building a service requires a different architecture - not just stacking a number of boxes on each other.
http://www.networkworld.com/news/2006/100206-blue-coat-ssl-vpn.html [7]
Link to this [7]

here [8] about how Vista "increases" security risk. This is a bandwagon folks, and for 100% of end users this is just ridiculous vendor sniping. So let's play this out. The EU gets involved and slaps MSFT's wrists (again). Maybe they even make them write a big check. Big deal. And this is maybe in 2008. Maybe. So when it's time to renew your desktop AV suite, stay focused on what is important to you. It's probably price and maybe manageability. Maybe inertia is high in your shop, so you just renew whatever you are using (like a majority of the folks already out there). But don't let any of this stuff weigh on your product decision. It's a non-factor. Let these vendors spend time in Brussels getting their ya-ya's.
http://news.yahoo.com/s/zd/20061002/tc_zd/190131
[9]Link to this [9]

http://www.informationweek.com/blog/main/archives/2006/09/security_to_dri.html [10]
Link to this [10]

http://money.cnn.com/2006/09/26/technology/pluggedin_boyle.fortune/index.htm [11]
Link to this [11]

Top Blog Postings

http://securityblog.itproportal.com/?p=500
[12]Link to this [12]

http://securosis.com/2006/09/28/the-official-securosis-invade-my-privacy-challenge/ [13]
[14]Link to this [14]

http://blogs.ittoolbox.com/security/investigator/archives/guides-securing-hosts-11976
[15]Link to this [15]

here [15]). Now CA is at the same game relative to their desktop AV suite. Clearly this is marketing and clearly it's going be very hard to collect for users, but I actually think this is a decent move for CA. Why? Because of shelf space and consumer distribution. If you put a big gold sticker on your box saying it's GUARANTEED up to $1,500, it will stand out on the shelf. If your catalog vendors highlight this prominently, it increases your visibility. They'll likely never have to pay out on the guarantee and it will make their bland packaging stand out next to the Big Yellow on the CompUSA shelf. That is until the rest of the lemmings follow suit. Will it increase market share for CA? Of course not. But it may keep them level as Microsoft takes their piece of the market. And I think this will be more effective than crying to the EU about Microsoft.
http://www.stillsecureafteralltheseyears.com/ashimmy/2006/09/ca_warranty_on_.html
[16]Link to this [16]

http://securityincite.com/blog/mike-rothman/who-cares-about-nac-standards [16]

Access is Access is Access
During one of my public speaking engagements on NAC, one of the attendees asked me a very interesting question about how NAC and SSL VPN's come together over time. The answer I think is pretty important because over time, there is no reason why a security administrator should draw a distinction between access on the internal network and access to get onto the internal network. A consistent set of policies should be in place and enforced. Easy, no? Well, not if you are a SSL VPN gateway that wasn't designed to handle multi-gigabit speeds. Those boxes need a brain transplant to get there, but we'll continue to see a lot of overlap between these two markets.
http://securityincite.com/blog/mike-rothman/access-is-access-is-access [16]

Read Friday's Daily Incite
http://securityincite.com/TDI-2006-09-29 [16]