I love the week after RSA. Instead of being stressed to the point of cracking I’m basking in the glow of that euphoria you only experience after passing a major milestone in life.
Well, it lasted almost a full week – until I made the mistake of looking at my multi-page to-do list.
RSA went extremely well this year, and I think most of our pre-show predictions were on the money. Not that they were overly risky, but we got great feedback on the Securosis Guide to RSA 2010, and plan to repeat it next year. The Disaster Recovery Breakfast also went extremely well, with solid numbers and great conversation (thanks to Threatpost for co-sponsoring).
Now it’s back to business, and we need your help. We are currently running a couple concurrent research projects that could use your input.
For the first one, we are looking at the new dynamics of the endpoint protection/antivirus market. If you are interested in helping out, we are seeking for customer references to talk about how your deployments are going. A big focus is on the second-layer players like Sophos, Kaspersky, and ESET; but we also want to talk to a few people with Symantec, McAfee, and Trend.
We are also looking into application and database encryption solutions – if you are on NuBridges, Thales, Voltage, SafeNet, RSA, etc… and using them for application or database encryption support, please drop us a line.
Although we talk to a lot of you when you have questions or problems, you don’t tend to call us when things are running well. Most of the vendors supply us with some clients, but it’s important to balance them out with more independent references.
If you are up for a chat or an email interview, please let us know at firstname.lastname@example.org or one of our personal emails. All interviews are on deep background and never revealed to the outside world. Unless Jack Bauer or Chuck Norris shows up. We have exemptions for them in all our NDAs.
Er… I suppose I should get to this week’s summary now…
But only after we congratulate David Mortman and his wife on the birth of Jesse Jay Campbell-Mortman!
Webcasts, Podcasts, Outside Writing, and Conferences
- Database Security Metrics for the Community at Large
- Security Optimism
- Verizon Offers Up Its Data Breach Framework
- Analysis: Does the storm over cloud security mean opportunity? Some coverage of Rich and Hoff at RSA.
Favorite Securosis Posts
- Adrian Lane: Ten reasons I love RSAC
- Rich: Database Security Fundamentals: Patching. Database Patching. It’s not just a good idea, it’s the… well not the law, but it’s really important.
- Mike Rothman: RSA Tomfoolery: APT is the Fastest Way to Identify Fools and Liars. Rich nails it here. Idiocy is self-selecting, and we are seeing lots of folks choose stupidity.
Other Securosis Posts
- Low Hanging Fruit: Quick Wins with Data Loss Prevention
- Upcoming Webinar: Database Assessment
- Is It Wireless Security or Secure Wireless?
- SecurosisTV: Low Hanging Fruit – Endpoint Security
Favorite Outside Posts
- Adrian Lane: Security Comes in All Different Shapes and Sizes. And yes, I think Caleb’s comments are marketing B.S.
- Rich: On the Risk of Overfocusing on Seductive Details. In paramedic school they teach us to focus not on the screaming patient, but the quiet one who’s likely in a much more serious condition. To ignore the blood, and focus on the breathing. This is an awesome post – it’s far too easy to be distracted by what’s more attention-grabbing than what’s really more important.
- Mike Rothman: Bringing Planned Disruption to the Organization. Change is good. Clearly the status quo isn’t good enough. ‘nuf said.
- Pepper: RSA key extracted with electrical manipulation. “Ve haf vays of making you talk.”
Project Quant Posts
- Project Quant: Database Security – Configuration Management
- Project Quant: Database Security – Masking
- Project Quant: Database Security – WAF
Research Reports and Presentations
Top News and Posts
- Poll – What is your experience with security in the Software Development LifeCycle?
- TJX Conspirator gets 4 years
- Microsoft’s Elevation of Privilege. The Threat Modeling Game, or what I have been calling ‘Threat Deck’. Pretty cool! I picked up three at RSA to play with.
- Verizon’s Incident Framework
- IIS 0-day
- FTC To ControlScan: Your Web Site Security Seals Are Lies
- Vodafone Android Phone: Complete with Mariposa Malware
- Exploit Code Published for Latest IE Zero-Day. It’s in Metasploit folks. Turn on compensating controls now.
- Pennsylvania fires CISO over RSA talk. What an atrocious decision.
- Matasano Releases Open Source Firewall Rule Scanner
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Garry, in response to RSA Tomfoolery: APT is the Fastest Way to Identify Fools and Liars.
APT = China, and we (people who have serious jobs) can’t say bad things about China. That pretty much covers it, yes?