Cloud & Telecom Security

Of course, in black Jobs is cool. Beetles is his favorite. It is a very interesting interview, a lot of fun, particularly when Jobs talked about their “relationship” with Google…

Last week, Symantec(NASDAQ:SYMC) acquired the security businesses of VeriSign (excluding iDefense). There have been tons of news reports and comments by market observers and analysts.  In general, given that both negative and positive comments are valid, the below chart gave a different perspective to evaluate the acquisition strategy of Symantec.

It’s a 5 year stock price chart of Symantec, with comparison against that of CA(NASDAQ:CA), McAfee(NYSE:MFE), and Nasdaq.

The overall changes in 5 years are:

• Symantec down by: -35.14%
• CA down by: -30.60%
• McAfee up by: +21.87%
• while Nasdaq up by: +9.67% Read more…

Another way of thinking about it, specifically that if you want security then you must control the future, if you want to control the future then you must be able to draw conclusions from what you know, if you want to draw conclusions then the basis for those conclusions must be reproducible, and if you want reproducible bases you have to have a measurement regime.

- Dan Geer

- Good enough is good enough.
- Good enough always beats perfect.
- The really hard part is determining what is good enough.

- by Ravi Sandhu

You can download the whole paper here.

This morning, you might have noticed that the blog title was changed to “Cloud & Telecom Security”. Yes, it’s true.

From one or two years ago, my interests and focus have changed to around cloud computing and telecom or ICT security, while P2P was touched very occasionally.  I believe the new title can reflect the new focus better and hope you like it.

By this acquisition, HP enters enterprise networking market with strong threat management product line from Tippingpoint.

The vulnerability and threats research of DVLabs will greatly improve HP’s capability and image at these areas, so that HP’s competition against IBM will become more effective.  X-Force of ISS is one of the critical advantages of IBM over HP, at overall one-stop IT arena.

Historically, after the acquisition of an independent security company, their selling model and focus will change to more aligned with major businesses.  As for HP’s scenario, their security product lines, including the IPS/UTM, focuses on their global enterprise customers and outsourcing partners.  The security department, mostly, will lose some momentum to find and obtain new customers, instead, they will be more interested at existing customers, bundled within other bigger IT/service orders. Read more…

Actually, the whole thread was originated with a message at discuss@securitymetrics.org “Request for ideas” by Dimitrios Stergiou. Dimitrios likes to have some recommendations for his master program. By a sudden idea, I dropped him a message to recommend him to work on this true or false problem at security metrics.

It’s true or false: 70% of security incidents are due to insider threats?
I just read one book, “The New School of Information Security”, by Adam Shostack, Andrew Stewart, Addison-Wesley, 2008, where I found one interesting argument by the authors. The authors doubt the statement that 70% of security incidents are due to insider threats. You know, many consultants and books, articles regard this statement as one basic hypothesis at security. What’s your idea about it?

Completely a surprise, I found Adam, Andew, Dan and many experts jumped in to this discussion thereafter. A lot of fresh ideas emerged at discussion threads. In order to get more experts into this topic, I submitted a discussion at SecurityMetrics group, LinkedIn.

This RSA/IDC report has some information related to this topic – Insider Risk Management: A Framework Approach to Internal Security(Thanks to Hammud).  It is a good reference. In summary it told us two things that: Read more…

That’s an excellent post on the vision of WAF and vulnerability assessment. I agree to the points that “accuracy” should be the top priority of remote web assessment and integration between VM and WAF.

However, this gives us another hint – we need a commonly adopted standard format to exchange the message – similarly what the industry did on IDMEF before. It’s not an optimistic goal from historical perspective. So in short term, before that standards, integration inside one single vendor and product alliance will be the pioneer on the automation/ integration between VM+WAF.

Gartner, the leading marketing analysis and strategy firm, released its newly-brew TOP 10 technology list today. They are:

• 1 Cloud computing. Cloud has been the top buzz-term in the past months. Gartner raised it from No.2 at 2009 to TOP1 at 2010.  With no doubt, this statement will be quoted by tons of articles and vendor solutions in the following seasons.
• 2 Advanced analytic.  I would rather explain it as data correlation and data mining tech. This seems to be similar to “business intelligence” (No.9 at 2009).
• 3 Client computing. Mostly client computing is critical for the security impact to the whole Internet.
• 4 Greet IT. It was No.1 at 2008, and No.10 at 2009. Anyway, it’s a concept, containing a lot of technologies, customs, culture, etc.
• 5 Reshaping the data center, with new designs and approaches that include building out incrementally in pod-based approaches, adding only power, chillers and generators to support initial needs.
• 6 Social computing. It has been deeply involved into daily life. Facebook, Twitter, LinkedIn, etc.
• 7 Security activity mornitoring.  A variety of complimentary (and sometimes overlapping) monitoring and analysis tools help enterprises better detect and investigate suspicious activity – often with real-time alerting or transaction intervention. Personally,  I think this is similar to the No.2.
• 8 Flash memory. It’s a new face to TOP 10.
• 9 Virtualization for availability. While virtualization has been melted into cloud computing and other diverse areas, Gartner leaves “availability”.
• 10 Mobile applications. No comments at this moment. There have been a lot of developers and app stores you can find at the web. It reflects the hotness. Read more…

This morning Twitter seems to be in trouble of performance issue.  Actually, this is not first time to get the below screen:

Read more…

WordPress released its 2.8.5 today. At this release, WordPress enhanced itself by:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

At the same time, WordPress 2.9 is in development and beta testing process.

CNCERT/CC 2009 Conference

CNCERT/CC 2009 Conference will be held at Oct.21, Changsha, Hunan Province, China. This is the consecutive 6th conference since 2004.  Here is the English agenda.

This annual event is generating more and more influence to not only China information security community, society, industry, but also the related parties at Asia Pacific and even worldwide.  You can find a number of famous regional CERT organizations and reps from carriers, large enterprises, vendors, say, SingCert, ThaiCert, VNCert, China Telecom, China Mobile, China Unicom, ICBC, CCB, etc. Read more…