June 24, 2008 - Volume 3, #59
Good Morning:
As I've mentioned, this is the summer of concerts for me. Though it
should be really called the "Champions Tour," because it seems every
act I'm going to see is over 50. Right, just like the golf tour - but
it seems the purses keep going up in the music business. No wonder I
heard on the radio yesterday that the Stones are thinking about another
world tour. And if the rumors of a Zeppelin world tour come to fruition
- I'll be there.
Welcome to the new music business, which is fine. Even if the record
labels aren't adapting fast enough, it's good to see the artists
evolving and making sure they can still live the life depicted in
Nickelback's "Rock Star" song. It must be nice.
I mean even the New Kids on the Block are back together and touring.
Sorry, but I'll be passing on that show, but they are able to fill
10,000 seats. Which is horrifying, but whatever? The NKOTB fans
probably think I'm crazy for going to see bands like Steely Dan and
Boston.
Or R.E.M. The Boss and I went to see Atlanta's own hometown rock band
on Saturday night. And that's what I want to rant about today. I'm sure
out of the 12,000 or so folks at the show, the 10 most rude happened to
be seated right next to us. Arghhh.
First up is the talking. I just love those people that go to a show and
proceed to talk about their nails or their goiters or whatever. But
since they are at a ROCK CONCERT, they have to scream at the top of
their lungs to be heard. Well guess what? That means everyone around
them also gets to hear about their goiters. Thankfully the Boss is a
tough broad, and she just gets right up into the grills of these folks
and tells them to talk after the show.
Then there is the smoking. Evidently empirical evidence that smoking
KILLS you means nothing to these folks. Maybe it's the rebellious
stage, but when you see a 50-something smoking away, you hope they
carry decent life insurance. Actually, I don't hope because I don't
care what they do. But they are kind enough to share their second hand
smoke with me for the entire show. Arghhh.
Of course, we can't forget about the drunk ass that leaves his seat
every 15 minutes to get another big draft beer. Listen, I'm the last
guy to come down on someone for being a drunk ass, but I try my best
not to spill 75% of my draft before I get back to my seat. Yes,
watching a show isn't as comfortable when you are drenched with someone
else's nasty beer.
I'm sure I could go on all day, but what's the point of that? I guess
my only choice is to laugh. It's not like I'm going to stop going to
shows. So that means I'll need to deal with the talkers and smokers and
drunk asses. And I'll like it.
Have a great day.
Photo: "Shut
Up!"
originally uploaded
by Camps [1]
Technorati: Information
Security [2], CSO [3],Security
Mike [4], Internet
Security [5]
 [6]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [7] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [8]  [9] |
Top Security News
a survey (commissioned by CDW) that shows IT
has an inflated view of their security posture [10] - I wonder who
they are talking to. I really hope they are not confusing ignorance for
arrogance. I do know a lot of IT folks (who tend to wear security as
one
of their many hats) who don't know any better, so they say they are
pretty secure. They haven't had a system cratering event lately, so
they
must be doing OK. Well we know the truth and it's probably not OK.
Though there were a couple of other interesting tidbits in here. The
first is 77% of IT people figure their users think security systems are
"easy to use." I guarantee you they've never asked that specific
question. Doing a security perception audit one of the things I
recommend in the P-CSO [11], and a great majority of the
folks working
through the program hadn't ever done that. Second was that the
incessant security marketing mantra of the insider threat is working.
Most IT people are most concerned about insider risks. But overall, I
suspect this survey is worth little more than the paper it's written
on. If you ask dummies about how dumb they are, they very rarely admit
they don't know much of anything.
Link to this [12]
NAC startups have two years before they are
"flattened" by Cisco and Microsoft [13]. Hmmm. Basically, their
thinking is that a large portion of their client base (large
enterprises) are predominately Cisco and Microsoft, so if you wait long
enough the big vendors will stop screwing it up and close off the
market
for everyone else. I'm not one to look for shades of gray, but in this
case the world really isn't so black and white. First of all, we need
to separate out the NAC client vs. the NAC infrastructure, which is
really the network infrastructure. Microsoft will dominate the NAC
client. In fact, I don't know of anyone that is actually still trying
to win that battle. Maybe the start-ups still have their own agents,
but that's a matter of history and convenience. No one is blowing smoke
in my rear about having huge client market share. Now as I've said a
LOT, NAC functionality becomes weaved into the fabric of the network.
Thus internal network security (note, Mr. Hoff, that I said NETWORK
security) will largely be a feature of the switches you have running
your campus. In two years? Unlikely. I'm talking about a generational
shift, and those take 5-7 years - best case. Now I will concede that
NAC start-ups that want to sell for a premium have a fixed window, and
candidly I think 2 years is too long. The bigger players that have
crappy NAC and no strategy or ability to build it will figure that out
over the next year. Then they'll start buying stuff. So the risk for
the NAC start-ups isn't being flattened, it's being the irrelevance of
being the last one standing.
Link to this [14]
new set of integrations between SIEM and
Identity Management [15]. Normally I don't like to cover product
announcements and certainly not Barney partnerships, but this one is
interesting. Why? Remember that the REACT FASTER doctrine (and Mogull's
React BETTER corollary) are all based upon the data that you collect
and your ability to mine it for gold. Being able to correlate actions
within the IT infrastructure and trace those back to a specific user is
cool. These IP to ID bridges have been in place for about 18 months. It
seems this pushes things a bit further in actually working with the
policy engines in the IdM platforms to figure out whether an action is
actually acceptable. Personally, that seems a bit like a holy grail and
I'm not sold on it actually working (Barney releases are easy, true
technical integration at enterprise scale is hard), but the concept is
pretty interesting. In order to contain damage, you need to know where
to look and being able to leverage policies out of the IdM environment
can provide some really cool information to help a skilled analyst
narrow down the issues a lot faster, and that is what reacting faster
is all about. On another note, ArcSight announced their earnings [16]
last week (conference call transcript) and they should be applauded for
their second quarter of anti-FIRE behavior (right, they actually made
their numbers).
Link to this [17]
The Laundry
List
- NAC market up 16% year over year? According to Infonetics anyway. Fratto has it right, why would be get excited about a net $10 million increase in a market that's supposed to be "exploding." - InformationWeek's Analytics Blog [18]
- Both of Big Research release their DLP market reports (MQ and Wave) within a week and the results are largely consistent. Seems like collusion to me (either that or they just believe what the vendors tell them). - Symantec in DLP MQ [19] SearchSecurity on Forrester [20]
- Drinks are on Jeremiah! White Hat raises another $7 big ones. - White Hat release [21]
- Is there a Trend in IBE encryption? Maybe, since Trend rebrands the Identum technology and stays true to IBE. - Trend release [22]
Top Blog Postings
http://andyitguy.blogspot.com/2008/06/hello-my-name-is-andy-and-i-attend.html [23]
Link
to this [24]
http://www.bloginfosec.com/2008/06/18/being-a-government-security-ciso-life-in-the-fishbowl/ [25]
Link
to this [26]
Special Incite [27], I inadvertently
painted Hoff into a
virtualization security technical box. That was not my intention and
Chris has been doing a lot of work to talk about many of the issues [28] I
described yesterday. To follow up on those thoughts, let's bring Amrito
into the discussion and his post on security as an "operational"
problem. This really gets to the heart of what I'm talking about when I
say security is a feature and that it must be built into the
infrastructure. Yes, we need our CSO to do the high level persuasion
and to figure out what is most important to protect. Then our security
architects figure out how that stuff needs to be protected.
But then who actually protects it? Right, it should be the ops groups -
but as Amrit points out this is a slow evolution. Both because
many organizations are holding onto their security empires, but also
because the vendors haven't necessarily integrated the tools that are
required to make this kind of model work. I'm not in the excuses
business, but the laggards aren't going to be creative to find a way to
make it work. They'll wait until they have no other choice. So, as with
everything else - it always takes longer than you expect and a lot
longer than it should.
http://techbuddha.wordpress.com/2008/06/19/security-as-an-operational-problem/ [29]
Link
to this [30]