Friday Summary: January 3, 2013
I have this time dilation theory of aging. The older you get, the smaller a as a fraction of your existence each year is, so the shorter it feels.
I don’t like it.
Anyway, another year down, another at bat. We had a hell of a good year for the company (I’d give a growth number, but we make fun of all the other private companies for doing that), and other than illness I can’t complain about my personal year.
A few weeks ago we finished up our Securosis 2013 planning, and things are looking really interesting. A lot has changed since I started this
This won’t affect our bigger posts – we’ll still do those – but we realized that when we are busy or working on big projects we fall back to little more than the monster posts that build research projects, and less of the lighter daily posts. We realized you don’t need 1,000 words on everything we cover, and a few sentences can cover lots of it. Some days you might see 10 posts, others you might see none – it all depends on what we are up to. This is an experiment, and we definitely need your feedback.
A ton of you are on our daily email list (more than I thought) and since those compile all our posts, that mail might make a good once-a-day every morning – you can sign up.
We are also now tweeting all blog content at the @securosis account, and only pushing bigger stuff through our personal accounts.
Personally, I realized the blogs I tend to read daily are mostly composed of shorter posts highlighting interesting things I can dig into if I want, and we want to bring more of that flavor to Securosis.com.
We are also looking at playing more with short video and maybe even audio content, but we are holding off on other changes while we work out the blog posting and pacing first.
Finally, we have a ton more coming up this year. The Nexus launch is going to happen, for real, and we learned a ton in the beta test, which has driven many adjustments. It’s definitely time to ship that puppy. We are also looking at providing more end-user advisory services, but we don’t want to hire any sales execs so that will all be opportunistic. Additionally, our agendas are firming up nicely, and you will hear more on that soon.
We weirdly think we can pull all this off with our little cadre of folks.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s Dark Reading Post on Database Threats and Countermeasures.
- Rich’s excellent TidBITS post on Apple’s Security Efforts in 2012.
- Adrian’s Dark Reading post on Big Data Security Recommendations.
Favorite Securosis Posts
- Mike Rothman: Best Post of 2012: Inflection. As we enter 2013, I wanted to point to probably the best piece we did in 2012, at least IMO. That’s Rich’s Inflection post. Things are always changing, and if you don’t see the change coming you can get steamrollered. Read this. Then read it again. And see whether you’ll see 2013 from the undercarriage of the bus that’s about to run you over. Or not.
- Mike Rothman: The CloudSec Chicken or the DevOps Egg. I had a very similar conversation regarding the impact of SDN on network security this week. It’s hard to balance being ahead of the market and showing so-called thought leadership against building something the market won’t like. Most of the network security players are waiting for VMWare to define the interfaces and interactions before they commit to much of anything.
- Adrian Lane: Can we effectively monitor big data?. Yes, it’s my post, but I think DAM needs re-engineering to accommodate big data.
Other Securosis Posts
- Yes, honeypots are new again.
- SSLpocalypse, part XXII.
- Responses to AV articles.
- Karmic Career Advancement.
- Incite 1/2/13: Consistent Variety.
- Threatpost: What Have We Learned in 2012.
- The New York Times on Antivirus.
Favorite Outside Posts
- Adrian Lane: A Pickpocket’s Tale. The use of diversion and control of the subject’s attention is the key ingredient. Fascinating story.
- Mike Rothman: How to Live Without Regret in 2013. It’s a new year. Folks take time to reset. But are you moving in the right direction? Interesting food for thought here…
- Mike Rothman: Why Collect Full Content Data?
- Rich: Stephen Haywood on SSH issues. With PoC code, while still debunking the hype. Excellent.
- James Arlen: The process myth. Incredibly useful way of thinking about process for Infosec folks.
Research Reports and Presentations
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
- Pragmatic Key Management for Data Encryption.
- The Endpoint Security Management Buyer’s Guide.
- Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
- Understanding and Selecting Data Masking Solutions.
Top News and Posts
- Does Your Alarm Have a Default Duress Code?
- How PCI Standards Will Really Die.
- Enhancing Certificate Security.
- Dell acquires Credant Technologies.
- Cloudpassage adds file integrity monitoring for cloud servers. Someone totally should have patented that FIM stuff.
Blog Comment of the Week
This week’s best comment goes to our friend Jack Daniels, in response to The New York Times on Antivirus.
Amazing, next the NYT will discover newspapers are largely obsolete, too.
Or maybe we’ll have to read that new flash on an anti-virus company’s blog to even things up.