The Ashimmy Blog

My friend Mike doesn’t get a chance to do his daily incite as much. I know he says that he gets 30% more readers when he just does a rant on a single topic, but everyone I speak to misses his round up of whats news in security with his two cents thrown in.  So here is my daily incite.  We will see how this goes before committing to doing more of it.

Have a good day!

The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com

How can I do a daily incite without pushing the Pragmatic CSO?  There hope everyone feels better!

1. Big Fix offers 50% off – John Dunn at Network World reports that Big Fix is offering up to a 50% discount to customers who switch to the Big Fix patch management system from a competitor when it is time to re up. There is some other fine print with the deal (3yr commitment, only seats being replaced, etc.) but the bottom line is Dave Robbins and Amrit and gang are trying to use the current economy to grab some market share solely on price.  Yeah, it is a bit of a marketing thing and the competition will match it, but then the customer wins.  StillSecure did a similar thing with our 50% off Strata Guard deal.
2. Tim Greene predicts the future looking at the entrails of dead NAC companies. Tim makes a connection that since StillSecure bought ProtectPoint to get into MSSP and Trustwave took out Mirage, there must be money in NAC. While Tim may ultimately be right, I don’t think today there is significant revenue in fully managed NAC. According to the article Mirage derived 30% of their business from managed service. I question how much 30% actually was though.  Doing managed NAC is not as easy as it sounds.  The MSSP will have to access to network infrastructure as well as the NAC solution.  Stay tuned for more details on that one.
3. Say goodbye to FISMA? As I ranted on yesterday FISMA has become the poster child for all that is wrong with compliance for compliance sake alone. Yesterday a group with lots of support from the DoD, Mitre and SANs released the Consensus Audit Guidelines. You can get details on the SANS site here on the 20 critical controls. These look to me like the kind of common sense real security policies that will make a difference in the security of networks and not drown us all in paperwork without making us more secure. I sure would like to see this get adopted more widely.
4. Security company hackers speak up. Softpedia has an interview with the Romanian hacker group that broke into several security company webs sites including Kaspersky, F-Secure, Symantec, etc.  Personally I don’t care what they have to say. I think giving these guys any play is akin to negotiating with terrorists.  What they did was illegal and wrong and they should not benefit from it.

There you have it.  Shimel’s daily incite. Good day Mike Rothman no matter where you are ;-)