The Securosis team is here in San Francisco, meeting with vendors and presenting at the TechTarget Data Protection event. Weather has been reasonable and the food was awesome. But since it’s been going non-stop since something like 3:00am to (What is it now? 11:01pm) – this summary will be a short one.
I got to talk to a lot of people today. The common questions I get when meeting with vendors are, “What are you seeing? What are you hearing? What are the new technologies?”
I had to stop and think about that last one for a minute. I am not really seeing any new technologies or innovation. I am seeing lots of platforms consolidating multiple technologies under a single umbrella. I am seeing configuration and vulnerability assessment vendors redefine their spaces, seeing web application security vendors bundle their products in different ways, hearing more interest in how to develop secure code, witnessing DAM go from misunderstood platform to well regarded feature, hearing lots of interest in taking advantage of fast and cheap cloud resources, and getting even more questions about what cloud security actually means. But new technologies? Not really. Yet this is one of the most interesting times in security that I have seen in the 15 years since I started working in the field. APT, Stuxnet, skimming, money mules, spam kings, and hacktivism all together make for fascinating reading. And there are tons of really good software conferences around the world with lots of great presentations. But not a lot of problems that we don’t have some solutions for. Have we reached a point where the flood of innovation has created enough tools, and now we just need to use them properly?
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s paper on Oracle database security. (PDF; registration required).
- Adrian’s article on Database Password Crackers.
- Rich speaking at the Cloud Security Alliance Congress next week. I’m co-presenting with Hoff again, and premiering my new Quantum Datum pitch on information-centric security for cloud computing. Haven’t been this excited to present new content in a long time.
Favorite Securosis Posts
- David Mortman: Where Are We? Nowhereville..
- Mike Rothman: My 2011 Security Predictions. Rich is so funny. Especially lampooning this ridiculous season of predictions.
- Adrian Lane: What Amazon AWS’s PCI Compliance Means to You.
- Rich Mogull: Edge Tokenization.
Other Securosis Posts
- Adrian Speaking at NRF in January.
- Infrastructure Security Research Agenda 2011 – Part 1: Positivity.
- Incite 12/8/2010: the Nutcracker.
- RIP Marty Martian.
- React Faster and Better: Introduction.
- Incident Response Fundamentals: Index of Posts.
- What Quantum Mechanics Teaches Us about Data Leaks.
Favorite Outside Posts
- Mike Rothman: Shearing Firesheep with the cloud. Great step by step tutorial for building an OpenVPN server in Amazon AWS. Literally anyone can do this. Even me!
- David Mortman: Unpeeling the mystique of tamper-indicating seals. Coincidentally, Defcon now has a tamper-evident seal contest…..
- Adrian Lane: Comment Induced Follow-up post. The comments are the post.
- Rich: One Click Application Security – How did we get here?
Project Quant Posts
- NSO Quant: Index of Posts.
- NSO Quant: Health Metrics–Device Health.
- NSO Quant: Manage Metrics–Monitor Issues/Tune IDS/IPS.
- NSO Quant: Manage Metrics–Deploy and Audit/Validate.
- NSO Quant: Manage Metrics–Process Change Request and Test/Approve.
Research Reports and Presentations
- The Securosis 2010 Data Security Survey.
- Monitoring up the Stack: Adding Value to SIEM.
- Network Security Operations Quant Metrics Model.
- Network Security Operations Quant Report.
- Understanding and Selecting a DLP Solution.
Top News and Posts
- Basics of History Sniffing.
- JavaSnoop Analysis Tool Released.
- Amazon Receipt Generator Scam.
- Cloud Vulnerability Scanner Launched.
- Cloud WAF launched.
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Daniel, in response to My 2011 Security Predictions.
15 The Hoffachino becomes an official Starbucks drink and secures their public wireless by it’s pure awesomeness
Yeah, there are that awesome!
Comments