Some days I miss when the kids were little. It’s not that I don’t appreciate being able to talk in full sentences, pick apart their arguments and have them understand what I’m talking about, or apply a heavy bit of sarcasm when I respond to some silly request. I don’t think I’d go back to the days of changing diapers, but there was a simplicity to child rearing back then. We don’t really appreciate how quickly time flies – at least I don’t. I blinked and the toddlers are little people. We were too busy making sure all the trains ran on time to appreciate those days.

The other day the Boss and I were franticly trying to get dinner ready. Being the helpful guy I am (at times), I asked what was for dinner, so I could get the proper bowls and utensils. I think it was hot dogs, corn, and fruit salad. Once she said, “fruit salad,” I instinctively blurted out “Yummy Yummy.” She started cracking up. Those of you not going through the toddler phase over the past 7 years probably have no idea what I’m talking about.

Those who have know I am talking about the Wiggles. I remember back to the days of watching those 4 Australians dance around to silly, catchy songs – and maybe even teach the kids a thing or two. But far more important at that time, the Wiggles kept the kids occupied for 30 minutes and allowed us frantic parents to get a little of our sanity back. So in a strange way, I miss the Wiggles.

I don’t miss the time we drove up to Maryland for the holidays and the kids watched all of the Wiggles DVDs we had in a row. After 10 hours of that, if I saw any Wiggles I certainly wouldn’t have been wielding a Feathersword. And now that I think about it, most of the songs were pretty annoying. So I guess I don’t miss the Wiggles after all.

But I do miss that stage when the kids were easier. When it was about learning the ABCs, not putting competitive grades on the board to get into a good college. When we could focus on learning T-ball skills, not what sport to specialize in to have any hope of playing in high school. When the biggest issue was the kids not sharing the blocks nicely, rather than the $tween hormonal mayhem we need to manage now.

As I look back, the songs may not actually have been yummy, yummy, but those times were.


Photo credits: Ben-Anthony-throw-fruit originally uploaded by OneTigerFan

Heavy Research

We are back at work on a variety of blog series, so here is a list of the research currently underway. Remember you can get our Heavy Feed via RSS, where you can get all our content in its unabridged glory. And you can get all our research papers too.

Implementing and Managing Patch and Configuration Management

Understanding and Selecting a Key Manager

Defending Against Denial of Service (DoS) Attacks

Understanding and Selecting Identity Management for Cloud Services

Incite 4 U

  1. It’s about finding the unknown unknowns: I seem to constantly be talking to enterprises about SIEM, and they seem surprised when I state the obvious. Deploying this technology involves knowing what question you’re trying to answer, right? The idea of finding a targeted attack via correlation rules is pretty much hogwash. Wendy makes a good point in her recent Dark Reading post. She’s exactly right that having a lot of data doesn’t mean you know what to do with it. Data aggregation and simple correlation is only the first wave of the story. Harnessing new data analysis techniques, for those willing to make the investment, enables interesting technologies to identify patterns and indicate activity you don’t know about. Of course you still need some HUMINT (human intelligence) to figure out whether the patterns mean anything to your organization – like that you are under attack – but the current state of the art is finding what you already know, so this makes a nice improvement in the impact of analytics on security operations. – MR
  2. Ignorance is bliss: A recent study suggests that small organizations are confident in their security without any real plans. These results are really not surprising, and closely match my own research. Just about every small firm I speak with has no idea about what protections they should have in place. They also have no clue about possible threats. Sure, some are vaguely aware of what could happen, but they generally choose not to take the time or spend the money on security controls that could be ‘better’ spent elsewhere. But I worry more about the dozen or so small merchants I have spoken with, who must comply with PCI-DSS, but don’t understand any of the items described in their self-assessment questionnaires. It might as well be written in a foreign language. And of course they don’t have security policies or procedures to achieve compliance – they have passwords and a firewall, all managed by the same guy! Failure just waiting to happen. – AL
  3. 2008 called, and it wants its whitelist back: I read this announcement of new Forrester research calling for increased use of application whitelisting. Wait, what? I thought that battle was over – and we had all agreed that AWL is a good alternative for fixed function devices like kiosks, ATMs, factory floor equipment, and call center devices – but for knowledge workers not so much. At least that’s what Mr. Market says. To be fair, I agree with the concept. If malware can’t execute that’s a good thing. But the collateral user experience damage makes this a non-starter for many enterprises. Especially when there are other alternatives refining the behavioral approaches of the past. – MR
  4. Elephant in a box: While it’s not a security related issue, Teradata’s (TD) announcement of their integration with HortonWorks is part of a larger trend among established data center players who are miffed at not being included in the hype around “Big Data”. Teradata’s integration with Hadoop is geared toward providing multiple capabilities without requiring two standalone databases. But that’s not really an issue we hear about from customers. Even if it was, consider the essential characteristics of big data – clearly a giant Teradata appliance does not fit into the public cloud and private cloud/VM deployment models in use. The impedance mismatch is not just for Hadoop clusters, but also with the deployment models. That’s not a criticism of TD, which has its own clustered scalability model and blindingly fast analysis capabilities on giant data sets. It’s nice that TD is creating a bridge between the two worlds, but the real play here is Teradata trying to convince their customers they play well with Big Data. – AL
  5. Derivative endpoint forensics: Tim does a little review of an endpoint forensics tool. It sounds like cool technology and provides a lot of granularity for what’s happening on each endpoint, greatly facilitating root cause analysis and damage assessment of malware during an investigation. Will you have this running on all your devices all the time? Maybe, but most likely not. And that’s kind of the problem – we only use these technologies after the brown stuff is splattered on the wall. Given security folks’ general reactive stance, I don’t expect to see any change. But Tim mentions another very cool use case, which I call “proliferation analytics.” Basically, having very granular information about what’s running on an endpoint allows you to search for specific executables or processes running, even before you knew it was bad. For example, you identify malware and figure out exactly what it does. You clean up the first device, and usually your process would stop there. But with an endpoint forensics tool like what Tim describes, you can then search to figure out if any other devices show the same indicators. So you aren’t just playing whack-a-mole with every obviously infected devices, but doing second-order remediation and fixing devices where the malware is still dormant. Cool stuff. – MR
  6. The Internet never forgets: For your Wednesday laughs, check out this ComputerWorld article reminiscing over some of the worst tech predictions on record. I’m old enough to remember most of them, and was at Ground Zero for Bill Gate’s prognostication of the end of spam. When you’re selling email security gear, you kind of don’t want to see the end of spam. He was wrong, as many prognosticators turn out to be – myself included. I still tell the story of telling the Netscreen guys that their idea for a firewall appliance was stupid because Checkpoint owned that market. The difference now? The Internet is there to remember everything you have said or written publicly (and often privately), ever. – MR