Quick Incites

Good morning,  ARGHHHHH!
I'm sorry, if you receive TDI via email, yesterday was a kind of a cluster-F. My email service was down pretty much all day, and when they finally come back up - I get the exclamation point wrong and address you all as the very personal {first_name!}. Is it a big deal? Of course not, but it's annoying. So I'll once again apologize for amateur night here at Security Incite.

When you are dealing with a short week, Thursday really does sneak up on you. And this week has been short, but it's all good. Kicking back a bit and slowing the heart rate are pretty important to do from time to time. My normal level of frenetic activity will resume next week, with the P-CSO bootcamp and all and then a few launches (yes, the long awaited P-CSO community will finally launch in June) coming soon after. Then I jump headlong into a new project that I am very amped about. No I'm not giving details, but I plan to deliver some of my unique "incite" to a much wider audience.

Big spammer taken down, 50 others waiting in the wings - So it seems that Microsoft funded legal hit men have finally taken down one of the many spam kings. Here is AP's coverage. But as Mike Masnick mentions in TechDirt, does it even matter? The sad truth is nope. It's like taking out the heads of the terrorist organizations. There is chaos for about a day and then a new head grows back and business as usual continues. And since Soloway was a big zombie master, those owned computers get maybe a short respite.

Competitive intel is not dead - I know from my days on the vendor side that if you don't know EVERYTHING about your competitors box, then you will lose a LOT of deals. Finding and pulling apart the products of the competition may be a dark art, but if you want to win - you better get good at it. Chris Harrington shows some angst here about a vendor that doesn't do it right, and they look like schmucks. This is all the more important when you are going through the channel. It's hard enough to keep your own folks abreast of what the appropriate kill points are, but add in the channel and it better be right because the channel can just go to that competition if you aren't helping them win. Competitive intel helps them win.

Web 2.0 security, bah humbug! - I know it's a bit early to be breaking out my Scrooge costume, but you see this survey from Clearswift (oh how I love those surveys), covered in Dr. Dobbs (actually via Dark Reading, have you noticed that CMP republishes a crap load of their content between sites?) and you just think most IT folks walk around with their heads up their asses. I guess I've known for a long time that they do, but it's hard to see it in print. 34% don't monitor web usage, 45% have no policy on blogging, etc. etc. etc. All that adds up to me that most folks don't know the risks of inter-enterprise collaboration and they'll get burned. Just as they've been burned before.

The unbearable lightness of securing - Before I get too down in the dumps and start wallowing in my own malaise, let me mention the single best post I've read in a long time. Amrit shows his Zen colors and brings everything back into perspective in his unbearable lightness of securing post. I guess now I know why he calls himself the Tech Buddha. I thought that was just about his waist line, but evidently not. The point is that there is lots of stuff that is out of our control, and we can choose to worry about it. We can look at our job as one of futility or we can focus on the short term victories, on the daily evidence that what we do does help, on the fact that if we stopped one person from doing something stupid that our efforts mattered. There is no question that it's tough out there to be a CISO nowadays. But that doesn't mean it's not worthwhile. Anything worth doing is worth fighting for and that requires perseverance.

Now stop wallowing and get out there and do something. That's my plan. Go. See you on Monday, returning to the regular TDI format.

Maybe I should do the "All Things Incite" conference and have big wigs like Microsoft come and announce groundbreaking innovations at the conference. Yes, I'm referring to the hype around Microsoft's new Surface computer. Just what I need, Windows in my coffee table. But it's a slow news week, so this will give the windbags something to flap their lips about, at a minimum.

It was also hard for me to fathom how much news the Google-GreenBorder deal got. I was getting press calls throughout the AM and my Blogbridge was a fluttering all day with folks philosophizing about how Google is now coming after the security market. My thoughts on the topic were summed up pretty nicely by Dan Kaplan of SC Mag in his coverage of the deal.

And for those of you still on the fence about the Pragmatic CSO bootcamp, one week from today in Atlanta, time is running out. Only ONE spot left. Find out more on the Security Incite site.

80% of people believe this crap: Did you see the Gartner quote via Mark Shavlik's blog? "By the end of 2007, 75 percent of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses." Credit Gartner's Ken McGee with that one. These kinds of prognostications are great. You can never prove it and it makes good sound bite. I guess the G has dropped their probability assessments as well, which is too bad. I would have liked to see ("we have no idea what probability this jackass prediction has") right next to it. That would have been funny.

Blue Coat blows it out: Looks like WAN optimization is hot and the folks at Blue Coat are benefiting. The fact that Websense is a little distracted probably didn't hurt either, but BCSI announced a good quarter and a rosy prediction for the next quarter. You can check out Blue Coat's official earnings release. FYI, Brian NeSmith has been in place at Blue Coat almost as long as Stratton was at VeriSign. Guess NeSmith has more lives that Felix the Cat in an era when CEOs get swapped out like the cat litter.

CSOs and CIOs have no knowledge? Say it ain't so!! - Joanna Rutkowska is getting a real education by having to deal with customers, as opposed to computers or hackers. Based on this SearchSecurity post, she is appalled that most CIOs and CSOs don't understand basic security practice and then they have the gall to talk at security conferences. That's because they are increasingly BUSINESS PEOPLE and they shouldn't have to know firewall configs and how the Blue Pill interacts below the hypervisor layer. But the CIO better know who in his shop knows that stuff.

Now that's what I call incident response - Rebecca Herold has it right in this post on the leak in Hillary Clinton's Iowa strategy, we can learn a lot about crisis communications and incident response by paying attention to the politicians. Just imagine what they have to deal with, every day there is a "leak" or a defection or something else to spin. But points I gathered from the original article (follow Rebecca's link) are to stay on message and be truthful. Actions also speak a lot louder than words. It's all in a day of a political campaign, and that sounds like no fun to me.

More tomorrow. Enjoy your day.

i hope everyone had a wonderful long weekend (if you are in the US, anyway). It was great to spend the weekend with family and friends and pretty much unplug. Since it is a short week, and I don't expect a lot of new news - I'm going to take it easy and spend a bulk of the week wrapping things up for the upcoming P-CSO bootcamp (next Wednesday, June 6 in Atlanta - only two seats remain).

So I'll just be jotting down some quick Incites this week. The full Daily Incite will resume next Monday, June 4.

Sclavos Out - VeriSign's Stratton Sclavos stepped down today, for undisclosed reasons. Check out VeriSign's press release.

Deal: Google buys GreenBorder - As Google dips their toes into security, it'll be interesting to see what their big plan is. As reported on the Googling Google blog, Google has acquired browser virtualization vendor GreenBorder. Hmmmm. Could this be the "overlay" that will securely house Google's Web-based suite of office automation applications?

Sorry Hoff, It's all about the data - Instead of kicking back over the holiday weekend, my favorite Knight Rider (MCW - it's Chris, not David (Hassle)Hoff) was thinking big thoughts on the future of security and declaring that Network Security is Dead. Per usual, Chris is on the right path. But I don't think he pushes it far enough. I agree that we need to bolster the host defenses, though I don't think that means we go all Jericho and forget about the network. Though most of all, I think we need to do a much better job of securing DATA. Devices come and go, and the first 15 years of security were all about the DEVICES (and now with virtualization, they don't even really exist). I believe the next 15 will be all about the DATA. I don't quite know what that means, but i have 15 years to figure it out, no?

Where is that mail order PhD? - What fun would today be if I didn't poke someone in the eye. This time, it's the fine folks at Symantec, who published a pretty incomprehendible blog post called "Because that's where the money is." I get that social engineering is the best way to compromise folks information, and has been for decades. But what is the answer? Oh, it's making sure your own machine isn't compromised, which means an endpoint security suite, which is Symantec's cash cow. Huh? And most normal people will have no idea what a "compromise" even means. Weak analogy, weak thinking, weak post.

And on that fine note, enjoy your day. I'll have a few more Quick Incites tomorrow.

 

My Firefox scrapbook is kind of overflowing, so I thought I'd clear it out a bit before the weekend, and also give you all some food for thought. Thankfully exploit code is not circulating (yet) on the Quicktime attack, so that's good news. Yes, Thomas, I turned off Java in my browser (Matasano post). Better safe than pwned. Here's what I see this AM:

• Websense/SurfControl - The $400 million deal is a decisive move for Websense, and make sense on a lot of levels. But it's all about execution. More details are in this Security Incite post.
  
  
• More earnings - Secure Computing (SCUR press release) and McAfee (MFE press release). Overall pretty good quarter for both companies. I read the McAfee call transcript (SeekingAlpha post) and I was very impressed with Dave DeWalt. In control, excited and he understands go2market strategies. All were sorely needed by MFE. It's all about execution, but this could be a real turning point for the "Avis" of the security world (they try harder).
  
  
• RSA gets out of the SSO business - In an announcement that got very little media attention, RSA has basically moved their single sign-on product to Passlogix (Passlogix press release). It was based on Passlogix technology, so it's not surprising they'd be the partner - but RSA's decision to focus on the authentication and data protection sides of the business show a maturity and focus that hasn't really been there before.
  
  
• SIMs not dead, eh? - Then why is almost every SIM vendor announcing a dedicated log management appliance? NetForensics is the latest (NetForensics press release) and they also extended their monitoring capability to databases (another NetForensics release). How many more data points do we need about the evolving SIM space before we can finally start shoveling dirt on it?

That's all for today's quickies, more on Monday. Have a great (and safe) weekend.

 

I couldn't let a Friday the 13th go by without at least a little tribute to Freddy Kruger and the rest of the bad guys out there. Here's a quick summary of stuff I found in my news scan this morning:

1. Microsoft DNS 0day - I first saw this from Dave Maynor (here), but there are lots of other folks covering it now. Here is Microsoft's official entry on it (here), I'm sure there will be lots of other news as more details come to light.
   
   
2. E-filing ruses - Being the last weekend before Tax Day here in the US, you know what I'll be doing this weekend. Since this is probably the 4th or 5th year in a row I've done my taxes on the last weekend, I've just come to grips with that fact. I use TurboTax, but the desktop version. I like my data on my computer, behind my protections. The idea of using a service is pretty uninteresting to me. Given the recent issues of TurboTax online, it seems my concerns are justified.
   
   But given the sensitivity of tax filings, this is easy pickings for the bad guys. Check Point published a list of 10 tips to protect your tax data (here). It's common sense, but it's a good reminder to not do anything stupid. And as a last resort maybe, just maybe print out your return and actually mail it. Oh, the horror!!!!
   
   
3. Are you ready for the new Storm? - It's going to storm here in ATL tomorrow. That will be fun. I guess we'll need to take the kids to the pool or something to get them out of the house. But the Storm WORM is also back, generating lots of spam and portraying to know all about World War III. Here is the InformationWeek coverage (here) and also some more details from the fine folks at Arbor (here).
   
   The net-net? The payload tends to be an encrypted zip file (though sometimes an .exe or a .gif). The answer? Block those attachments at the gateway. Duh! You should not accepted encrypted zip files via email anyway. If you do, you may as well just accept .vbs and .exe as well. And yes, that would be stupid.

And I had a proud Daddy moment last night when Leah did her dance routine at the talent show. She was just so happy up there performing in front of all those people. She executed her routine well (the boss was right in front coaching her through the moves) and she got the biggest ovation of any of the performers. Clearly she loves to perform. Wonder where she got that?

Enjoy the weekend, be safe and we'll see you on Monday.

 

No Incite today, but just a quick note of a couple of items of interest. Stuff that can't really wait until Monday.

1. DST - Remember that DST kicks in early Sunday morning. At this point, hopefully all the applicable patches have been applied. Though I wouldn't expect much to go haywire - you may want to check on Sunday morning - just to make sure.
   
   
2. SourceFire IPO - Congrats to Marty, Wayne and the rest of the SourceFire IPO. They priced the deal at $15 last night (here) and they should hit the public markets sometime this morning, trading with the symbol FIRE. In this kind of market environment, that is quite an accomplishment. I figure they'll take a quarter or two to get comfortable as a public company and then start buying some stuff.
   
   As META Group CEO, Dale Kutnick told us when we went public in 1996, "The IPO is just another step in the journey, now the real work begins." But it's a great milestone, and although it is only the beginning, it's a great accomplishment.
   

Big weekend for the Rothman's as well. My brother and his wife are at the hospital now awaiting the arrival of their second daughter. The boss and I are lending a hand by watching my niece Rachel until things get sorted out with the newest Rothman. I'm really excited to meet my new niece.

Have a great weekend.