logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - April 11, 2007

By Mike Rothman
Created 2007-04-11 07:23
Today's Daily Incite

April 11, 2007 - Volume 2, #60

Good Morning:
Thanks to the kind folks in Milwaukee for hearing me rant for a couple of hours about the Pragmatic CSO and other assorted topics. There is nothing like talking to a couple of dozen of Milwaukee's Best and I didn't even have to make a run to the recycling bin. Nor did I have any kind of hangover this morning. Sorry, I couldn't resist. Just being in Milwaukee, seeing the big Miller HQ downtown, the Leinenkugel factory, and my foggy but fond memorys of the Beast - I was getting thirsty.

But the trip was very instructive and not just from the perspective of continuing to refine how I talk about the P-CSO. Clearly one of the things I need to work on is patience. I guess I've known that for a while, but the fine folks from Milwaukee made that abundantly clear. They are nice and mid-Western. No rush to do much of anything. As I'm sitting in the rental car line, the desk agent is chatting it away with all of these folks from around the States. She was very pleasant, but my blood was boiling. I wanted to say, "Quiet down, process the paperwork and let me get out of this damn airport." 10 years ago I probably would have. But yesterday I didn't. I chewed on my tongue and made my bit of pleasant conversation when I got to the front of the line. Lo and behold, I was rewarded with not only some karmic points, but also a car upgrade. To a Grand Marquis! Woo-hoo. That's an upgrade? Give me the friggin' PT Cruiser.

The thing was I wasn't even in a rush. I had a call to do, but I had already notified my client that I was running late and we move the call back a bit. I had plenty of time to find a coffee shop to locate for the day. But I felt rushed. That's where patience comes in and that's why I need to work on it. Everyone has their shtick and I'm just wired to be impatient. But it's kind of a hassle and it increases my stress level for no apparent reason. And there are plenty of reasons for me to be stressed out, I don't need to add to them by worrying about 10 minutes in a rental car line.

But that's just me and if it's not patience, it'll be something else that I have to work on. Have a great day.

Technorati: Information Security [1], CSO [2]

The Pragmatic CSO [3]
 The Pragmatic CSO is Here!


Read the Intro and Get
"5 Tips to be a Better CSO"


www.pragmaticcso.com [4]

Top Security News

here [5]), they are calling for the end of AV. At least that's the headline. Huh? Let's try this again. Signatures are one component of an anti-malware defense. Not the only, not even within a traditional anti-virus program. Do these products work great? Of course not, that's why you need layers. And sophisticated users that tend not to do stupid things online can get away without having an AV engine. But that's probably not even you and it's certainly not your users. I'm not a fan of repeating history, and if anything signatures help me stop the attacks I've seen before. Sure there are variants, but these things get updated every hour or so. I will concur with Andy's point that AV is a hard business, and staying on top of it is very resource intensive for the vendor - but a crappy AV vendor is a $100 million+ business - so I won't cry too hard for them.
Link to this [5]

here [6]) whether network visualization technologies are just fancy pictures or are they useful. My opinion on this is very straightforward. You need it, even modestly sized networks need to be able to visualize what's going on. Why? Because you need to be able to figure out when something is not right. What's that they say about a picture is worth 1000 words? It's true. Security (at least pragmatic security) involves being able to react faster. Since you can't know what's coming at you (with any level of certainty), you need to be able to detect issues faster and network monitoring using a visualization/analysis tool can help with that. Now what I'd really like to see is something lower end to hit the mid-market. The existing solutions tend to be enterprise-class, and there is a big opportunity in the mid-market, but over time it will be subsumed into the network (and network security) management suite, which is probably provided by the network gear provider. But make no mistake, there is nothing wrong with eye candy if it helps you react faster.
Link to this [6]

here [7]). Personally, I think this is a ridiculous concept and bears little resemblance to how computing is done. In this coming age of virtualization, the mainframe is pretty much another server. Sure there are more controls and reliability, etc. and it sure is expensive, but do applications know they are pumping data to a mainframe? Not really. So does a product that routes all access requests to a mainframe (even for Windows resources) make sense? Not really. Not so much on doing single-sign on centrally from the mainframe either. There are cheaper and more focused appliances that do the same damn thing. It's not like scale is an issue anymore, maybe reliability - but that's still a software thing. Crappy software is still crappy, even if it runs on the mainframe. If some folks are figuring out what to do with their big iron, I have to believe there is something more interesting than trying to use it as a high-speed access controller. How about using it as a jungle gym for geeky kids? That's an idea.    
Link to this [7]

The Laundry List

  1. Eric Cole digs into laptop encryption, but from an innards perspective. Interesting reading. - here [8]
  2. Guardium gets into the leak prevention business, as long as all your sensitive data is in a DBMS. To be fair, they are positioning as complimentary to broader leak prevention products. - here [9]
  3. GRISOFT introduces an anti-rootkit tool for the right price. Free. - here [10]
  4. Reconnex goes to Provilla to get endpoint leak prevention. - here [11]

 

Top Blog Postings

http://duckdown.blogspot.com/2007/04/explaining-security-to-business.html [12]
Link to this [12]

http://www.realtime-itcompliance.com/digital_library/2007/04/security_products_must_be_secu.asp [13]
Link to this [13]

http://layer8.itsecuritygeek.com/index/layer8/the-great-balancing-act/ [14]
Link to this [14]

http://blog.securityincite.com/ [15]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [15]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-april-11-2007

Links:
[1] http://technorati.com/tag/information%20security
[2] http://technorati.com/tag/CSO
[3] http://www.pragmaticcso.com
[4] http://www.pragmaticcso.com
[5] http://www.networkworld.com/news/2007/040507-desktop-antivirus-dead.html
[6] http://www.networkcomputing.com/blog/dailyblog/archives/2007/04/eye_candy_or_sm.html
[7] http://www.esj.com/news/article.aspx?EditorialsID=2528
[8] http://www.insideid.com/article.php/3670566
[9] http://biz.yahoo.com/bw/070410/20070410005741.html?.v=1
[10] http://biz.yahoo.com/bw/070410/20070410005637.html?.v=1
[11] http://biz.yahoo.com/bw/070410/20070410005302.html?.v=1
[12] http://duckdown.blogspot.com/2007/04/explaining-security-to-business.html
[13] http://www.realtime-itcompliance.com/digital_library/2007/04/security_products_must_be_secu.asp
[14] http://layer8.itsecuritygeek.com/index/layer8/the-great-balancing-act/
[15] http://blog.securityincite.com/