March 14, 2007 - Volume 2, #44
Good Morning:
I write one thing about SIM and every friggin' vendor that I've never heard of has to reach out to me and tell me how great they are. Confused? OK, let me reset a bit. Yesterday, a new column hit in SearchSecurity called "Reviving SIM," which you can check out here [1]. Basically, I reiterated what I've been saying all year. 1st generation SIM is pretty much dead, and those that want to survive need to either focus on log management or more real-time network detection (which means they need to bring in NBA data).
But of course, lots of folks were lining up to get briefing slots to tell me how great they are. Without even hearing their pitch, it's a load of crap. Maybe I'm being unfair, but I've seen this movie before - too many times to recollect. Some I'll even give some time to, and then I'll slice them into little pieces. Because what they are doing is the same old, same old. Take some log files, correlate it a bit, put it in a crappy looking "dashboard" and say they are next generation.
Gosh, I love this business.
On a happier note, a piece I did in SearchSecurityChannel is also out there (read it here [2]). It's about getting and maintaining customer loyalty. It's targeted towards VARs, but the lessons are universal. Take care of your customers, do the right thing, sell them what they need. Really simple stuff, so why don't more folks do it? Guess that is one of the mysteries of life.
Have a great day.
Technorati: Information Security [3], CSO [4]
 [5] | The Pragmatic CSO is Here! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6] |
Top Security News
here [7]) is pretty distressing, but it's also true. Basically, if SMB folks think they've got security under control, they are wrong. I'm not just saying that because I try to help out security folks and target my offerings at mid-sized businesses. It's because there is too much to cover. So where is the confusion? It's largely around what security is. Most folks think they have AV at the desktop and a firewall and life is good. Until it's not. They don't get application security, they probably don't get endpoint security, and they most assuredly don't get data security. But they think they do, so hackers can rejoice - there remains a lot of low hanging SMB fruit to chase.
Link to this [7]
here [8]), but it makes a couple of key points. First, network security monitoring (to use Bejtlich's term) is perhaps the only chance we have to figure out what is happening on the network and pinpoint whether it's good or bad. And the current generation of tools isn't getting it done. Of course the author, Bob Pratt (who I've known since his VeriSign days) makes the play for what his product does (or will do, when it ships...) and we'll see. Folks like the late Intrusic and GraniteEdge made similar claims, but ran aground. So we'll see if this next batch (who will use the Identity-aware term) fare any better.
Link to this [8]
here [9]). Basically they spoke to a few Big Yellow resellers who are pissed. The latest version of Symantec AV is a dog (which we already knew) and these folks are looking at alternatives. Big whoop. 99% of them will do nothing, so the Big Yellow machine will keep on chugging along. Inertia is a tremendously powerful force. Until it isn't. Symantec's partners will give them one bungled upgrade, but not two. So if they don't clean up their act for the next rev - they will suffer because there are about 900 alternatives that the partners can sell at any given time.
Link to this [9]
The Laundry List
Juniper exodus continues, CFO and head of enterprise gone. Is there anyone left that can spell E-N-T-E-R-P-R-I-S-E. - here [10]
Top Blog Postings
http://blogs.techrepublic.com.com/security/?p=177 [11]
Link to this [11]
http://securityviews.com/blog/2007/03/13/its-not-that-you-cant-trust-them-but/ [12]
Link to this [12]
http://www.realtime-itcompliance.com/information_security/2007/03/protecting_personal_informatio.htm
[13]Link to this [13]