Incite 3/7/2012: Perspective
Life is a series of ebbs and flows. Highs and lows. Crests and troughs. It’s a yin/yang thing, and unfortunately most folks can’t appreciate that. Especially when they can’t see their way out of a down period. For a lot of security folks, the last two weeks have been such a contrast between those highs and lows that many are probably feeling whiplash. A lot of folks went to the RSA Conference last week and saw an industry thriving again after 3 years in the doldrums. We all felt good. Those who read blog posts and tweets from folks at the conference felt good. It was one of those highs, and I returned to ATL exhausted but in good spirits. Not necessarily feeling like the tide had turned, but that swimming upstream wouldn’t be as hard for a while – however brief. Then the discussions about whether we are losing started early this week. Ben’s post on LiquidMatrix verbalized a lot of what we all feel from time to time. And the burnout, building brick by brick which Rich described so eloquently is a clear explanation of the phenomenon. Rich’s point is that we will always have bad days, just as we have good days. And those who can survive in security for a long time don’t take things personally – especially the bad days. They know (and appreciate) the futility of the game, and enjoy the battles. The learning. The teamwork. They don’t get bitter and angry about the stupidity or the politics or the apathy. Or they hit the wall. Hard. Which is really the point. It’s not about winning or losing. It’s about enjoying the journey. You will lose some battles, just as you will win some. You may lose more than you win, but that’s because the game is rigged. Like Vegas. In the long run, math wins. It’s always been that way, and yet we (amazingly enough) still function. As Ranum says, the Internet will be as secure as it needs to be. In the wake of the shocking news that Sabu was an informer (sound familiar? Gonzalez the Sequel?) and he provided the smoking guns to take down LulzSec, some folks started gloating. That good wins over evil crap. But now is not the time to gloat. Nor is every compromise or incident the time to let despondency or depression creep in. If you get too high or too low you’ll burn out. Been there. Done that. To remain on even keel requires perspective. Perspective that is hard to appreciate when you are in the trenches and on the front lines. On the flight back from RSA we flew into a pretty nasty storm. The last 30 minutes of the flight was turbulent. Regardless of my understanding of statistics, which dictates that I’m as safe in the air during heavy turbulence as I am now – sitting in a coffee shop writing this missive – it’s still a bit unsettling. So I closed my eyes and visualized riding a roller coaster, which I love to do. The exhilaration, the perception of danger, the adrenaline rush – you get off a coaster feeling alive. Maybe a bit scared, but alive. And you want to do it again. That flight was a microcosm of life. Smooth and comfortable for a while, then not so much. Highs, lows, and everything in between. I enjoyed the flight because the bumpy air is part of the deal. You can’t avoid it – not entirely. So I chose to have perspective and enjoy the coaster. I just wish more folks in security could appreciate the journey… -Mike Photo credits: “Learning Perspective” originally uploaded by Yelnoc Lazy Deal Analysis: Trustwave buys another laggard We don’t care enough about the Trustwave/M86 merger to do a stand-alone post, but it does warrant a least a little snark… erm… analysis. 86-it: Trustwave announced today that they will be putting M86 out of its misery, acquiring the mixed bag of stuff web and email security vendor for an undisclosed sum. For those with long memories, M86 was formed as the merger of creaky web security appliance vendor 8e6 with the seriously outdated Marshall mail security software. The resultant M86 company tried to acquire themselves into relevance, making sage investments in Finjan’s secure web gateway software and Avinti’s behavior-based malware detection software. Yeah, 10 pounds of crap in a 5-pound bag. While those products were great additions, the core capabilities were several years behind the competition – and worse, never fully integrated. Details, details. While their Firefox secure browsing plugin was a fun toy, their ability to protect cloud data was suspect and the product development roadmap seemed driven by the trend du jour, rather than some holistic vision of web user security. Trustwave’s acquisition strategy has been reminiscent of the island of lost toys: buying laggards like Vericept, Mirage Networks, Breach Security, BitArmor, ControlPath, and Intellitactics. From that perspective M86 is a good fit with little overlap, but without really integrating the offerings, this is just more integration on the PO. More likely they will continue to target customers too lazy to perform a head-to-head comparisons with class-leading products and those trying to make audit deficiencies (found by Trustwave themselves, in an unholy alliance of audit and security product) go away. – AL & MR Incite 4 U Don’t be Lulzed into a false sense of security: By the time I submit this to Mike I’m sure someone else will slip in a link to the story about LulzSec getting nailed by the FBI with some good old-fashioned police work. You know, attempting to scare the crap out of the perp and turn him against his friends. Uh, like they did to Sabu. To be honest, the headlines don’t really matter that much to those of us in operational security (including me – someone has to keep Mike and Adrian safe) as we are pretty pragmatic about the media’s incentive to work everyone into a frenzy. Rafal Los does a great job pointing out how to handle headline hysteria. Raf’s point is to ignore the headlines, focus