Just in case you felt it was only you as the CISO who had an overwhelming amount of stuff to do, it’s not. This mind map on the Security Advisor Alliance site should bring that message home.
After our little Black Hat and DEF CON induced hiatus, the boys are back to talk about the latest vendor suing Gartner. Yes, there is a Gartner Tax. No, it isn’t what you think. No, there is no pay for play. Yes, there are better ways to handle this. Yes, end users love Magic Quadrants no matter how much you trash talk them. And yeah, somehow we know a bit about how all this works from all sides.
Over the past year or so we have done a bunch of research into denial of service attacks, at both the application and network levels. Tactics are one thing, but we usually start with adversary analysis. You know: who wants to pop your environment and steal your stuff. Or maybe just knock you down so you can’t get up.
Oddly enough my big takeaway from the Black Hat security conference was not about security – it was about innovation. It seems many of the disruptive trends we have been talking about are finally taking hold, finding mainstream acceptance and recognition. We have been talking about cloud computing for a long time – Rich has been teaching cloud security for four years now – but people seem to be really ‘getting’ it. It takes time for the mainstream to fully embrace new technologies, and only then…
One of the noteworthy activities coming out of BlackHat/DEF CON was the open letter to the auto industry from I am the Cavalry espousing 5 principles for making the computers in cars safer – before someone gets hurt. As our pal Josh Corman says in a CSO article on the initiative:
A couple weeks ago we went to see the kids at camp on visiting day. They have so much fun, learn new skills, and grow as individuals at camp – despite being away from the watchful eyes of their parental units. Go figure – let your kids spread their wings, and they do. One of the new skills both XX2 and the Boy tried out was waterskiing. So during visiting day they get to show off for the folks.
It happens every couple years. Some vendor is really pissed at their placement in the Magic Quadrant, and they decide to sue Gartner and make it right. Inevitably the suit involves the words pay to play, and the vendor thinks they will be the company to make things right in the world. They will get justice for all those companies relegated to the loser niche quadrant. They will unmask the evil analysts for the shakedown artists they are.
At Black Hat last week, it became apparent just how mainstream our little part of the world has become. And it’s not so little any more, either. When 2 of the top 5 articles on cnn.com are related to cyber we have hit the big time. But that also means promoters and other shysters will start showing up in even greater numbers to capitalize on the media hype machine looking for any kind of news to drive page views.
This is part 4 of our Security Pro’s Guide to Cloud File Storage and Collaboration (file sync and share). The full paper isavailable on GitHub as we write it. See also part 1, part 2, and part 3.
There is no free lunch. We need to be reminded of that over and over again. Apparently the Australian government wants to mandate telcos store customer data for 2 years. This is ostensibly to combat terrorism.