Microsoft and Cisco are Platinum sponsers of Blackhat.
That is pretty big corporate sponsership, part of MS' and Cisco's plans to take over the security markets I guess, by going to the heart of those creating the new trends in security software. Too bad for Blackhat, it sounds like its becoming just another watered down corporate event, which is fine but there are plenty of those already. (RSA, CSI, SANS and other security events).
I took a quick trip out to Boston for the Microsoft Tech-Ed show, which was at least my 10th time to this show.
Boston is a great town and the weather was nice which made the trip even better.
I always like going to Tech-Ed because you can spend time with the Microsoft product leadership in very direct and open ways. They tend to be direct and give straight answers which is very useful because its real data we can use to drive our business both as an ISV or and end-user.
This year the show did not have too much in the way of 3rd party security only vendors. (Our good partners ScriptLogic and Numara had nice, and busy, booths but they sell more than security solutions.) Tech-Ed is more focused on tools and OS extensions than just security I suppose, but given all the work done for security in the world I would have expected to see more security product dedication. We did not have a booth there this year for a number of reasons but upon reflection we should have and we will return next year if nothing else to represent the security ISVs.
It was nice to see MBSA still so widely used by Microsoft, with using continuing in MOM, SMS and of course MBSA by itself. We worked hard with Microsoft to create that product and I wish it a long life.
Microsoft did announce its Forefront product but its not shipping for at least one year so there was not too much to really see. It did not seem like a disruptive technology by any means and it was not the hot event of the show, in fact I did not see much interest in it for attendees and there was no buzz around it.
The new MOM seems like a good management infrastructure product and it continues to get better and grow. Vista is Vista, nothing super new there to report on, less users running as admin and I expect many more help desk calls and somewhat better security as a result. SMS will get a new name in its next release I learned. Microsoft also has a bunch of other security products now, but nothing new for the show other than Forefront.
Upon reflection it was good to learn the details of the latest Microsoft workings but I did not see any great new technology areas being introduced at the show, which was a similar response I had to the Feb RSA show in SFO.
I remember seeing the first Blackberrys at Tech-Ed a few shows ago and it was easy to see the changes they brought, or the intro of Microsoft into the Firewall world with Proxy 2.0 a while back - showing Microsoft was going to do something in the security markets. Or seeing the wide-spread availability of wire-less networks (all completely wide open of course). I have not seen any buzz like that yet this year.
News.com reported on an interesting ruling recently for a banking security breach in which consumer data was not misused when it was stolen (only the hardware holding the data was wanted during the crime the article says). This seems like a pretty interesting decision since it could be hard to prove misuse, and it greatly lowers the bank's risk to exposed consumer data it would seem. It will be interesting if this ruling changes things in the industry.
"In other words, the plaintiffs' injuries are solely the result of a perceived risk of future harm. Plaintiffs have shown no present injury or reasonably certain future injury to support damages for any alleged increased risk of harm. For these reasons, plaintiffs have failed to establish the essential element of damages. Therefore, summary judgment in favor of defendant on plaintiffs' negligence claim is warranted.
"Plaintiffs also bring a claim for breach of contract against Wells Fargo. To establish their claim, plaintiffs must show that they were damaged by the alleged breach. For all of the reasons discussed above, plaintiffs have failed to establish damages. Therefore, summary judgment in favor of defendant on plaintiffs' breach of contract claim is warranted."
Josie from our marketing team let me know that Money Mag rates s/w engineering as best job in America which is good news for the post 2001 crash tech industry.
Being from Minnesota I cannot help but be a Kirby Puckett fan and it is sad to see that he has died at 45 Reggie White died at the age of 43 about one year ago (I am from Green Bay originally) which is also sad. Kirby gave us two World Series titles and Reggie a Super Bowl.
Both had great Hall of Fame careers and made small market teams great, while they were always thinking of the fans of the sports there played.
Nothing to do with security...
Computer world has an article out about a major security breach they believed is caused by untrained admins. ComputerWorld Article
The problem may have been caused by a combination of not enough training and not using the right security products and measures. Such a problem is not unique to universities.
"According to a university source close to the incident who requested anonymity, the server in question was under the control of an individual who was not technically qualified to be a systems administrator. "
“Because we’re a university and fairly open, there are many computing fiefdoms all over the place,” often run by individuals with grant money, the source said in an e-mail. Because the university information system office has not figured out a way to manage these independently run computing environments, there can be gaps in security, he said"
Businessweek reviews the security markets going forward. One key in this article is their review of Microsoft in the security markets "we do not see Microsoft as a large threat to the rest of the security industry" The rest of the article does not have much new in it, keys are growth in mid-market companies and the business being driven by business focused attacks and compliance needs.
In our markets us and our main patching automation competitors (Patchlink, BigFix) all saw very strong growth after Microsoft shipped is versions of patching software (the free WSUS and the for pay SMS), showing the markets are strong enough to welcome Microsoft and continue on with Microsoft in them.
Blackberry Article in Informationweek - Great news, the Blackberry will not get shutdown! The mobile computing markets are still open, no one vendor including Microsoft has gotten control of the platform which should lead to some great innovations in the coming years. I have been told that in Japan no one wants PCs anymore, they all want the latest phones. If you have every been to Japan you will have seen how important the latest phone is to everyone, but it would seem to be the start of a global trend in which we replace our windows PCs with a variety of mobile phones. A brave new world for security as my posts below note.
We are working hard to get ready for the RSA security show next week, be sure to stop by, booth booth #423. I will be there along with much of the Shavlik crew and I planning on keeping this log up dated in real time via my blackberry, something I look forward to every year.
The RSA show has become what I call the Comdex, for those who remember that show, of the security industry. There are other great security shows but this one is in the heart of the valley and for what ever reason all the security vendors are using this show as a launch point this year. The key notes are strong including the head of Microsoft, Cisco and others. The big guys are here to stay. The battle between software and hardware, between The Valley and Seattle (yes, you got robbed in the Superbowl but its time to move on, Pittsburgh gets some credit too!)
This is my favorite show and it has been for years, great networking, lots of energy and I have watched the industry grow using RSA as my industry measuring stick. Big names have come and gone and many of my friends from start ups have gone into large companies, while I expect they will return to the action some day. Microsoft is now a marque vs. being the seen as an outsider, that alone is a big change. I expect more will be coming and I hope to see some great start ups at the show, its where the new ideas come from and where the risks can still be taken.
Part of the prep work is to get ready for my speaking slot a which I present:
| Session Code: | BIZ-302 | |
| Session Title: | Optimizing Security Investments Through Information Security Management |
I am looking forard to this talk, its always fun to get out and this topic will be interesting because it starts to show ways to save a bit of money on all the security investments everyone seems to be making. The savings come from focused, thought out and old fashioned risk management.
