Image by goddam via Flickr

Ah, its almost August.  Football training camps are open and the Yankees and Red Sox are battling. Does it get any better?  For most of this year I thought the Yankees were going to be out of it this year and content to have a rebuilding year.  We have several veteran players who past their prime and whose contracts are up after this year.  We have a some great young talent that need to grow into their potential.  It looked like the Bosox and Tampa Rays were going to run away with the division and wild card this year.

But like inevitable turning of the seasons, sometime after July 4th and then the All Star break, the Yankees beginninng their drive. Those old bones warm up in the heat of the summer and the bats come alive. This year the pitching is carrying them too.  Old pros Andy Pettite and Mike Mussina are joined by Jobba Chamberlin.  Mariano Rivera is still the best closer in baseball.  Just like old times the Yanks went out and fleeced some 2nd division team for a bunch of minor leaguers and added a quality hitter and pitcher right before the trade deadline.  Look around and we are one game behind the Red Sox for the wild card slot and only three games behind the Rays for first place!

I still think Tampa is going to stumble and it will come down to the Sox and the Yanks. Just the way it is supposed to be. I am heading up to NY next Friday, taking my sons to the shrine that is Yankee Stadium to see it in person in its last year.  The rest of the baseball season is going to be very exciting.  Again, just the way it is supposed to be!

Image by goddam via Flickr

Ah, its almost August.  Football training camps are open and the Yankees and Red Sox are battling. Does it get any better?  For most of this year I thought the Yankees were going to be out of it this year and content to have a rebuilding year.  We have several veteran players who past their prime and whose contracts are up after this year.  We have a some great young talent that need to grow into their potential.  It looked like the Bosox and Tampa Rays were going to run away with the division and wild card this year.

But like inevitable turning of the seasons, sometime after July 4th and then the All Star break, the Yankees beginninng their drive. Those old bones warm up in the heat of the summer and the bats come alive. This year the pitching is carrying them too.  Old pros Andy Pettite and Mike Mussina are joined by Jobba Chamberlin.  Mariano Rivera is still the best closer in baseball.  Just like old times the Yanks went out and fleeced some 2nd division team for a bunch of minor leaguers and added a quality hitter and pitcher right before the trade deadline.  Look around and we are one game behind the Red Sox for the wild card slot and only three games behind the Rays for first place!

I still think Tampa is going to stumble and it will come down to the Sox and the Yanks. Just the way it is supposed to be. I am heading up to NY next Friday, taking my sons to the shrine that is Yankee Stadium to see it in person in its last year.  The rest of the baseball season is going to be very exciting.  Again, just the way it is supposed to be!

The aide, a senior Downing Street adviser who was with the prime minister on a trip to China earlier this year, had his BlackBerry phone stolen after being picked up by a Chinese woman who had approached him in a Shanghai hotel disco. The aide agreed to return to his hotel with the woman. He reported the BlackBerry missing the next morning.

Experts say that even if the aide’s device did not contain anything top secret, it might enable a hostile intelligence service to hack into the Downing Street server, potentially gaining access to No 10’s e-mail traffic and text messages.

A blog with one of the biggest followings on the SBN is the GNUCitizen blog. Today in a post called "Fear" the author states, "The entire information security industry today is based on fear." He then goes on to say, "This is what gives security vendors the power to sell you useless products which you don???t really need."  So of course I don't agree with the later statement, not all of those products are useless, but is it really fear that is motivating buyers?

Fear of what is a good first question. The blog post talks about fear of being hacked, fear of harm to reputation.  To that we can add fear of jail or fines and by doing so cover the compliance issue. So yeah, at first blush it does appear that fear is the prime motivator in security.  But think a bit deeper on this and you come to the conclusion that fear is a primary driver for so much of what we do besides security.  Fear of failure, fear of loss, fear, fear, fear. Is there anything besides fear that motivates people?

For me it comes down to the carrot or the stick.  The carrot being the reward.  So making money or however you measure success is certainly motivating.  The stick is failure.  Their are consequences of failure.  But really isn't success and failure two heads of the same coin.  Aren't the rewards of success and the consequences of failure a Zoroastic type of Yin and Yang? 

So if in the final analysis, success and failure are intrinsically linked. There really is nothing wrong with saying security sales are motivated by fear, because by the same token they are motivated by success.  Now as to useless security products, lets discuss that a bit later. All of this philosophy is hurting my head.

A blog with one of the biggest followings on the SBN is the GNUCitizen blog. Today in a post called "Fear" the author states, "The entire information security industry today is based on fear." He than goes on to say, "This is what gives security vendors the power to sell you useless products which you don’t really need."  So of course I don't agree with the later statement, not all of those products are useless, but is it really fear that is motivating buyers?

Fear of what is a good first question. The blog post talks about fear of being hacked, fear of harm to reputation.  To that we can add fear of jail or fines and by doing so cover the compliance isssue. So yeah, at first blush it does appear that fear is the prime motivator in security.  But think a bit deeper on this and you come to the conclusion that fear is a primary driver for so much of what we do besides security.  Fear of failure, fear of loss, fear, fear, fear. Is there anything besides fear that motivates people?

For me it comes down to the carrot or the stick.  The carrot being the reward.  So making money or however you measure success is certainly motivating.  The stick is failure.  Their are consequences of failure.  But really isn't success and failure two heads of the same coin.  Aren't the rewards of success and the consequences of failure a zoroastic type of Yin and Yang? 

So if in the final analysis, success and failure are intrinsically linked there really is nothing wrong with saying security sales are motivated by fear, because by the same token they are motivated by success.  Now as to useless security products, lets discuss that a bit later.

A few weekes ago I wrote about the current state of vulnerability assessment being like a parody of an Obama/Hillary commerical.  Who answers the phone at 3am?  For vulnerability assessment, the results are only as good as who answers the scan.  This has been a problem for security managers and vulnerability assessors for some time.  Balancing scanning during prime time and impacting network performance versus scanning during down times when the devices you need to scan may not be available.

Today StillSecure announced our reponse to ending this problem. We call it Dynamic Vulnerability Assessment (DVA).  With DVA you will have vulnerability and compliance data as of at least the last time a device logged on the network.  This closes the loophole and gives organizations a much more comprehensive and secure assessment of who is on the network and what they look like.

To accomplish this we are using some of our NAC technology from Safe Access. This allows us to detect devices as they come on the network. We can also use the purpose built Safe Access testing engine to deep compliance checks to supplement the tradtional vulnerability checks.  We think this is a big step up in vulnerability assessment and management.  Am interested in what others think.

A few weekes ago I wrote about the current state of vulnerability assessment being like a parody of an Obama/Hillary commerical.  Who answers the phone at 3am?  For vulnerability assessment, the results are only as good as who answers the scan.  This has been a problem for security managers and vulnerability assessors for some time.  Balancing scanning during prime time and impacting network performance versus scanning during down times when the devices you need to scan may not be available.

Today StillSecure announced our reponse to ending this problem. We call it Dynamic Vulnerability Assessment (DVA).  With DVA you will have vulnerability and compliance data as of at least the last time a device logged on the network.  This closes the loophole and gives organizations a much more comprehensive and secure assessment of who is on the network and what they look like.

To accomplish this we are using some of our NAC technology from Safe Access. This allows us to detect devices as they come on the network. We can also use the purpose built Safe Access testing engine to deep compliance checks to supplement the tradtional vulnerability checks.  We think this is a big step up in vulnerability assessment and management.  Am interested in what others think.