Friday Summary: February 3, 2012By Adrian Lane
Since Rich is
vacationing working hard at a security conference in Mexico, I figure I would write this week’s Friday Summary. I am pretty jazzed about some upcoming white papers I’ll be writing on securing data and applications at scale, understanding and selecting masking technologies, and why log management is not dead! And I am having a good time researching and writing the DAM 2.0 DSP series as well. I originally intended to write about our research agenda but changed my mind. Frankly, I have spring fever. Spring fever, you ask, in the first week of February? Yep. It’s 74 degrees here and sunny. WTF? Punxsutawney Phil weighed in with his opinion, and after burning his retinas, it looks like we are going to have another six weeks of winter. I sure hope so! Another six weeks of this type of weather would be awesome. I have been on the phone with dozens of people around the country, from Boston to San Diego, and they are all experiencing fantastic weather. Even Gunnar reports highs of 48 degrees in Minnesota. I guess the cold air jet stream has been staying north of the border. For me this means my peach trees are blooming. Blooming! On freakin’ January 30th! See for yourself:
And I know some of you may not care, but the warm weather means my backyard garden is almost complete. Following up on my post last October, in just a couple short months the Vegetable Fortress is built!
Overbuilt? Beauty is in the eye of the beholder. I may put some solar powered laser turrets on it. You never know when Al-Qaeda might train gophers with tig welders to attack my squash. And if the DHS threat level spikes I will have a detachment of Araucana commando chickens to beat back the attack. The price of vegetables is eternal vigilance – and $3.95 for GMO free seeds.
Now call in sick and go outside to enjoy the nice weather! You’ll be glad you did.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Our Research Page with every freakin’ white paper we’ve done in the last three years.
- Rich, Adrian, and Shimmy discuss NoSQL Security with Couchbase and Mongo founders.
Other Securosis Posts
- Bridging the Mobile Security Gap: Operational Consistency.
- Malware Analysis Quant: Take the Survey (and win fancy prizes!)
- Incite 2/1/2012: Bored to Tears.
- Implementing DLP: Integration, Part 1.
- Understanding and Selecting Database Security Platforms.
- Bridging the Mobile Security Gap: The Need for Context.
- Implementing and Managing a Data Loss Prevention (DLP) Solution: Index of Posts.
- Implementing DLP: Final Deployment Preparations.
- Malware Analysis Quant: Phase 1 – The Process [Check out the paper!]
Favorite Outside Posts
- Mike Rothman: Mr. Waledac: The Peter North of Spamming. Krebs could have written this post in Swahili and it would still be my favorite outside link. Anyone that can pull off a Peter North mention in the title of a post gets my weekly vote. And it’s even a good post! Krebs digs into the intrigue of the Russian Spam Mafia.
- David Mortman: BSides/RSA Conference Dust Up. And the resolution. Beneficial discussion.
- Rich: Firewalls and SSL: More Profitable than Facebook. Gunnar’s got a great point: Firewalls, AV, and SSL sell – and very little money gets spent on innovative products.
- Adrian Lane: Fascinating look at Netflix’s Ephemeral Volatile Caching in the cloud. Not security related, but a good presentation of what’s possible with cloud content distribution.
Project Quant Posts
- Malware Analysis Quant: Monitoring for Reinfection.
- Malware Analysis Quant: Remediate.
- Malware Analysis Quant: Find Infected Devices.
- Malware Analysis Quant: Defining Rules.
- Malware Analysis Quant: The Malware Profile.
- Malware Analysis Quant: Dynamic Analysis.
- Malware Analysis Quant: Static Analysis.
- Malware Analysis Quant: Build Testbed.
Research Reports and Presentations
- Tokenization Guidance Analysis: Jan 2012.
- Applied Network Security Analysis: Moving from Data to Information.
- Tokenization Guidance.
- Security Management 2.0: Time to Replace Your SIEM?
- Fact-Based Network Security: Metrics and the Pursuit of Prioritization.
- Tokenization vs. Encryption: Options for Compliance.
- Security Benchmarking: Going Beyond Metrics.
Top News and Posts
- Paget Demonstrates Wireless Credit Card Theft.
- Carrier IQ Concerns.
- WPA2 Vulnerability Analysis.
- Symantec patches pcAnywhere, says it’s safe.
- Secure Virtual Storage – the AWS way. Missed this in last week’s summary.
- Low Orbit Ion Cannon DDoS Analysis. Not new, but newsworthy.
- Android Malware Infection. Android can be a more powerful platform as you can run more powerful apps on it. This is made possible by a lax security model. That’s the tradeoff.
- Google to Censor Blogger Blogs on a ‘Per Country Basis’. The tradeoff is either Google blogs get banned on a ‘Per Country Basis’ or Google bans select blogs. Revenue trumps ethics every time.
Blog Comment of the Week
None this week.