As most of you know, Adrian and I have been pretty slammed lately; bouncing all over the inter-tubes (and airports) on our quest to save freedom and not default on our mortgages. One thing we’ve been wanting to do for a while is summarize everything that’s been going on through the week in a bit more of a structured format, a la Rothman’s Daily Incite. But we’re not nearly as motivated as Mike, but we figure we can handle once a week before we attend the official Securosis Weekly Research Offsite (happy hour). It’s a summary of what we’ve been up to, and our top post selections for the week.
Webcasts, Podcasts, and Conferences:
- I put together the DLP Security School for TechTarget a few weeks back, but it was published while I was in the middle of my travel binge. I really like this education format, and believe it or not there are a few tidbits in there that aren’t in all the other stuff I’ve published on DLP.
- Adrian just finished the SIM Security School. Did I mention we like this format? Unlike the DLP school he put together a full webcast (as opposed to a video segment) with a ton of content.
- I spoke on a data masking panel at Oracle World. Here’s a post inspired by the session.
- This week on the Network Security Podcast Episode 121 our guest was T-Rob discussing Palin’s email hack, and MQ middleware security. Yeah, we thought it was a weird combo too.
- The big one for me this week was Macworld- I was heavily involved in the security issue that’s sitting on newsstands this month. Except where it’s sold out, like my neighborhood Barnes and Noble. (I swear I didn’t buy them all). I’m really proud of the issue- it addresses the security needs and questions of average users, and is the kind of thing I can send to my mom.
Favorite Securosis Posts:
- Rich: The Breach Reporting Dilemma. We really need to start looking at breach reporting differently, but I don’t expect it to happen anytime soon.
- Adrian: Behavioral Modeling. Some of the most significant advances we can make in security are in heuristics, but it’s also an extremely difficult problem.
Favorite Outside Posts:
- Adrian: Jeremiah Grossman on YouTube. (description)
- Rich: Tim Wilson on Premature Chasm Crossing. I love articles/posts on thinking differently about the security market and, oh, I don’t know, focusing on the end users.
- The economy. Is there any other news?
Blog Comment of the Week:
I don’t agree with all of them, but Dre has some of the deepest comments on the blog. Here’s one on our PCI scanning post:
[snip]… Most organizations implement firewall/IPS incorrectly. They assume it’s something you plug in. Most firewalls/IPS don’t protect on the outbound, and most policies allow outbound SYN origination from the DMZ on externally facing interfaces. Most firewalls/IPS don’t provide the real protections one would need without excessive CPU and memory usage. A few null routes (or uRPF) at the border is all that is necessary to prevent traffic to the 80 percent of the Internet we know we can”t trust. …[/snip]
We hope you all have a great weekend.