[SecurityRatty] tag: possibly

Symantec's vision...

Fri, 10 Oct 2008 07:24:00 +0000

And so it begins...

Symantec bought out MessageLabs and is (in their own words) "combining MessageLabs’ deep expertise in the SaaS market with Symantec’s rich portfolio of technologies".

The interesting thing is that Symantec does not really lead in the anti-virus market (in terms of quality, not market share. All antivirus products are about the same) or antispam (MessageLabs is excellent here).

So, what could they possibly bring to the party that MessageLabs doesn't already have?

DLP.

MessageLabs has DLP but it is very simple and not really worth very much. The framework is certainly there though. Add some good DLP and voila - you have a product that is worth something.

More on "Helping With Compliance" vs "Selling Using Compliance"

Wed, 08 Oct 2008 09:37:00 +0000

So, here is a perfect example showing the idea I shared in my post "Just A Thought on Compliance": the exact quote is "it’s a vendor’s responsibility to make bearing the costs of PCI manageable."

Did he say "it is vendor's role to 'sell stuff' using PCI." God no! He said that vendors will make PCI "bearable" for end-users. A big difference ...

Yes, PCI DSS is "a driver" for vendors to sell security tools AND "a sledgehammer" for end-users to "motivate" their bosses into releasing budget, but the reality is that PCI DSS compliance is a non-trivial challenge for many organizations, and that they need HELP more than they need "being sold to."

And help is on its way...

Possibly related posts:

"Just A Thought on Compliance"

Mac security focus: Privacy

Tue, 07 Oct 2008 20:00:00 +0000

At the very least, losing your wallet to a thief is a major pain in the neck: you lose your cash and (possibly) some precious mementos, and you have to cancel your credit cards and replace your driver's license. More seriously, the thief could steal your identity, using your personal information to make purchases, get loans, or cause you all kinds of grief by pretending to be you.

Presentation from SANS 2008 Lunch and Learn in Las Vegas

Sat, 04 Oct 2008 07:11:00 +0000

As promised, here is my infamous presentation on "Log management 'Worst Practices'" that I gave at SANS Network Security 2008 yesterday.

This presentation can also be considered a sequel to my "Choosing a Log Management Approach" presentation, which was my previous SANS Lunch and Learn preso.

If you are involved / about to be involved with logging, read both (first, second)!

It is also embedded below:

Anton's Log Management 'Worst Practices'

View SlideShare presentation or Upload your own. (tags: chuvakin logging)

Possibly related material:

All my presentation on Slideshare.

Ifoothills.org Registrants Personal data and credit card numbers possibly stolen in Foothills Park & Recreation facilities Breach

Thu, 02 Oct 2008 16:51:30 +0000

Foothills Park & Recreation District in South Jefferson County is working with the Jefferson County Sheriff’s Office in the investigation of a theft of personal information from the district’s computer network. The information have been accessed through an illegal hacking and could contain credit card information and other personal information that could be used to [...]

Monthly Blog Round-Up - September 2008

Wed, 01 Oct 2008 12:19:00 +0000

As we all know, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is an attempt to remind people of useful content from the past month!

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

Shockingly, AGAIN this month, the "Top 11 Reasons to Secure and Protect Your Logs" came up as #1 most popular post (maybe driven by my poll). BTW, see my other logging polls.
Security ROI - and its parent topic "security metrics"/"measuring security" - is definitely an ongoing HOT debate. Indeed, the old post "Security ROI Pile-Up!" takes the #2 spot this month, possibly propelled by a more recent post "Second ROI War."
Some say that "short blog posts rule", but, in reality, good, fun content is the best. Here is an example: "Dumb Luck IS a Strategy!" post makes the top list. In it, I try to explore why people still ignore security concerns even if stare people in the face...
Discussion on what you can do to soften the impact of "getting 0wned" ( "What CAN You Do?") made the top list. Good!
As before, my post "11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!"". It is both humorous and sadly true (and backed up by other sources)
Still burning hot is a post with my irreverent comments on a Terry Childs saga. Namely, "On Doomsaying (Terry Childs case)", "So ... Am I? Maybe I Am!" and "Admins , Good Guys or "I am NOT an Idiot!""

See you in October.

Possibly related posts / past monthly popular blog round-ups:

Technorati Tags: blog,security,loggings,monthly

My Lunch Presentation at SANS Network Security 2008

Wed, 01 Oct 2008 07:19:00 +0000

If you are at SANS Network Security 2008 in Vegas, come see me speak about "'Worst Practices' of Log Management." It is a fun presentation - and we (LogLogic) will feed you lunch. For those of you who cannot make it, I will release the slide deck here after I present it this last time...

Here is the announcement:

LogLogic Lunch and Learn Presentation

'Worst Practices' of Log Management
Speaker: Dr. Anton Chuvakin, GCIH, GCFA
Friday, October 3rd, 2008 * 12:30pm - 1:15 pm

BTW, I am arriving Thursday night, so if anybody wants to meet and "talk logs," please drop me an email.

Possibly relates posts:s

My other presentations on Slideshare

Fun Presentation from Recent ISSA e-Conference

Mon, 29 Sep 2008 14:13:00 +0000

Again, while I am not blogging like mad, here is another presentation on logging. This baby is a big philosophical and mildly inspired by Dan Geer and it looks into connections between logging and broader concept of "accountability," as it is defined in IT and even beyond. I also explore the ideas that "controls don't scale, while monitoring/logging does."

The presentation is also embedded below:

Logs = Accountability

View SlideShare presentation or Upload your own. (tags: logs chuvakin)

Enjoy!

Possibly related posts:

Logs = Accountability!

Presentation from GOVCERT.NL 2008: Log Forensics

Fri, 26 Sep 2008 11:24:00 +0000

While I am too busy too blog [I will explain why soon!], I wanted to give my readers some fun logging and security stuff to read.

So, I am releasing one of my favorite presentations, the one on log forensics, in its newest expanded form: "Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008"

Here it is also embedded below:

Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008

View SlideShare presentation or Upload your own. (tags: chuvakin response)

Enjoy!

Possibly related:

$20M Cameras at New York's Freedom Tower are Pretty Sophisticated

Thu, 25 Sep 2008 02:32:08 +0000

They're trying to detect anomalies:

If you have ever wondered how security guards can possibly keep an unfailingly vigilant watch on every single one of dozens of television monitors, each depicting a different scene, the answer seems to be (as you suspected): they can't.
Instead, they can now rely on computers to constantly analyze the patterns, sizes, speeds, angles and motion picked up by the camera and determine -- based on how they have been programmed -- whether this constitutes a possible threat. In which case, the computer alerts the security guard whose own eyes may have been momentarily diverted. Or shut.

An alarm can be raised, for instance, if the computer discerns a vehicle that has been standing still for too long (say, a van in the drop-off lane of an airport terminal) or a person who is loitering while everyone else is in motion. By the same token, it will spot the individual who is moving rapidly while everyone else is shuffling along. It can spot a package that has been left behind and identify which figure in the crowd abandoned it. Or pinpoint the individual who is moving the wrong way down a one-way corridor.

Because one person's "abnormal situation" is another person's "hot dog vendor attracting a small crowd," the computers can be programmed to discern between times of the day and days of the week.

Certainly interesting.