logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - September 12, 2007

By Mike Rothman
Created 2007-09-12 08:32
Today's Daily Incite

September 12, 2007 - Volume 2, #131

Good Morning:
Happy Birthday to Lindsay and Sam. That's right, my twins turn 4 today. It's kind of anti-climatic a bit because we had the big birthday blow-out last Saturday, but we'll still have a fun day. I'll make an appearance at the twins' school and we'll do a cake and the like. That's one of the best things about working for myself - I can blow out for an hour or two during the day and hang with the family.

The Boss and I actually picked September 12 as the twins' birthday. Since there were two of them and it was a high risk endeavor, the Boss had a scheduled C-section. We were pretty set against having them born on September 11. It didn't make sense to be trying to celebrate birth and mourn death on the same day - not if we didn't have to anyway. Even six years later, Sept 11, 2001 is still firmly etched in my mind.

I remember flying into Boston (I was working at SHYM at the time) that morning. I remember heading into the office and hearing some buzzing about planes and the World Trade Center. I remember watching the towers fall on my CEO's handheld TV that he takes to Pats games. I remember trying to get in touch with my folks to let them know I was OK. I remember being stuck in Boston for 4 days and having to take the train back to DC. I remember everything and odds are I won't forget. I hope I don't forget.

My condolences to anyone that lost a love one 6 years ago. That pain never goes away.

Little did I know that 2 years and 1 day later we'd welcome the twins into the family. Twins don't run on either side, so that was truly one of the big surprises I expect to have in this lifetime. But it's all good - it's just hard to believe it's been 4 years. They are little people now. Most interesting to me is the dynamics between all the siblings. To see how they interact and are actually becoming friends is cool to see.

Tonight also starts the Rosh Hashanah [1] holiday. So we close the book on Year 5767 and look to open the book on 5768. I usually take some time over the next 10 days or so to reflect on the last 12 months, and get my arms around what may happen in the next 12. I used to be much more of a planner, but now I kind of let things flow. I still set goals, but I'm not as focused on them. They are more like mile markers to me. Things I want to do, as opposed to things that I have to do. I guess that's good, in that I don't need to continue achieving things on a list in order to feel fulfilled.

So L'Shana Tova to any of your celebrating tonight. I wish you happiness, good health, prosperity, and fulfillment in this New Year. Follow your dreams, listen to your gut, and try to laugh a bit every day. That's about the best we can do.

Have a great day. I'll be back on Monday with a big announcement that I expect will keep me pretty busy over the next year.

Technorati: Information Security [2], CSO [3]

The Pragmatic CSO [4]

 The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"
www.pragmaticcso.com [5]

Top Security News

ArcSight has filed their S-1 with the SEC [6] to do an IPO. I love S-1's because there is nothing to hide. No more hiding behind "we are a private company and don't divulge X, Y or Z." So what do we find in ArcSight's S-1? They did about $70 million on the top line. Almost 40% of it was services, which indicates the category is still very integration centric. Product license growth was significant between 2006 and 2007. ArcSight's 10 top customers were about 31% of revenues. That's an average of $2.3 MILLION for the top 10 customers! Those are big deals. Deals that size are hard to sustain over time. It's also good to be ArcSight CEO Robert Shaw, who owns 10% of the company. But to his credit - he's making concessions now that the company is going to public. Now he has to pay his own yacht and country club fees. My heart goes out to you man.
Link to this [6]

CRN has an interesting bake-off between 3 security suites [7]. So how did McAfee do against Symantec and Trend? Well, they actually compared Kaspersky, Grisoft, and Panda. 3 of the AV dwarfs. Of course, these dwarfs are bigger than 95% of the vendors in other security categories, but I digress. The one thing I come away with is that all the products are decent, thus I'm going to state the obvious. AV (and other malware defense) suites are true commodities. All stop viruses and other malware attacks. The vendors will try to differentiate based on this widget or that, but in reality these suites are pretty much the same. So it gets down to price. Shop hard and buy based on price. Yes, you want to use a different engine on the desktop than on the perimeter gateway. But there isn't a lot of value add and in a lot of cases, there is value-subtract. If the desktop suite breaks stuff (like the firewall just turning off applications and the like), then it is subtracting value. By the way, CRN likes Panda the best - but all of the solutions from the Snow White triad and the dwarfs are good enough. And yes, good enough is good enough.
Link to this [7]

5th CIO "Global State of Information Security" [8] confirms what most of us already know. Here is a list of the "conventional wisdom." [9] We don't get enough money, our trading partners suck, we know we are exposed, and that banks tend to be out ahead of the adoption curve. Yep, pretty predictable. The thing that surprised me was that there is no difference in security spending between small and large companies. They spend the same percentage. Hmmm. That's counter intuitive, but shows why mid-sized companies continue to be behind the 8-ball. A big company spends more money, that's obvious. But given the attack surface does not scale up linearly with the size of company (a large company with 100,000 employees probably doesn't have 100 times the number of web sites with sensitive information as a company with 1000 employees), you'd think mid-sized companies would need to spend more on a relative basis to be secure. Maybe that's why those folks are the path of least resistance.
Link to this [9]

The Laundry List

  1. Someone needs to make this into an mass email joke. Farnum should have put more spaces in to get the answer below the fold, but this is great. - Farnum's ComputerWorld blog [10]
  2. RSA will build security stuff for VMWare? Really? Them and everyone else. - Reuters coverage [11]
  3. Add McAfee to the list of those jumping on the virtualized bandwagon. This is great - their AV stuff actually works on a virtualized OS. Talk about a Barney release.  - McAfee release [12]
  4. 10 seconds. Someone else in the UK is a cybercrime victim every 10 seconds. The problem will get worse before it gets better. - AFP article [13]
  5. This month's column on SearchSecurityChannel is about incident response and how VARs can and should make this a key part of their offering - Rothman SearchSC column [14]
  6. SearchSMB piece on encryption. I rant a bit about where encryption can and should be used by mid-sized businesses - Rothman SearchSMB column [15]
  7. Should PCI be overhauled? That's the topic of my tip on SearchSecurity this month. Check it out. - Rothman SearchSecurity tip [16]

Top Blog Postings

http://fraudwar.blogspot.com/2007/09/siras-pi-tracking-theft-to-source.html [17]
Link to this [17]

http://www.tssci-security.com/archives/2007/09/10/buying-best-of-breed-versus-bundled-services/ [18]
Link to this [18]

http://rationalsecurity.typepad.com/blog/2007/09/security-haikuo.html [19]
Link to this [19]

http://blog.securityincite.com/ [20]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [20]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-september-12-2007

Links:
[1] http://en.wikipedia.org/wiki/Rosh_Hashanah
[2] http://technorati.com/tag/information%20security
[3] http://technorati.com/tag/CSO
[4] http://www.pragmaticcso.com
[5] http://www.pragmaticcso.com/
[6] http://www.sec.gov/Archives/edgar/data/1368582/000095013407019818/f28075orsv1.htm
[7] http://www.crn.com/nl/security/201804980
[8] http://www.cio.com/article/133600
[9] http://www.cio.com/article/135552/Conventional_Wisdom_Of_Information_Security_
[10] http://www.computerworld.com/blogs/node/6163
[11] http://news.yahoo.com/s/nm/20070906/tc_nm/emc_vmware_dc_1
[12] http://biz.yahoo.com/prnews/070911/aqtu113.html?.v=13
[13] http://news.yahoo.com/s/afp/20070906/tc_afp/britaininternetfraudcrime
[14] http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1270804,00.html
[15] http://searchsmb.techtarget.com/columnItem/0,294698,sid44_gci1266453,00.html
[16] http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1269092,00.html
[17] http://fraudwar.blogspot.com/2007/09/siras-pi-tracking-theft-to-source.html
[18] http://www.tssci-security.com/archives/2007/09/10/buying-best-of-breed-versus-bundled-services/
[19] http://rationalsecurity.typepad.com/blog/2007/09/security-haikuo.html
[20] http://blog.securityincite.com/