Greg Young

Get a glass jar or empty coffee can and a marker.  Write on the container in bold letters "Security Silly Jar: $0.25". Have people put a quarter in the Security Silly jar every time they say: ‘UTM’ and ‘Enterprise’ in the same sentence. in fact, anytime they same UTM. Manage and Threat in the same [...]

12 Comments »

Category: Uncategorized     Tags:

Share

See the analysis in the Gartner First Take here regarding the network security impacts.  We also have a separate First Take on the Secure Web Gateway aspects of the events here. Anyone who says that there will be a new buying center created from the convergence of host security and network security has to put a [...]

1 Comment »

Category: Security Events     Tags:

Share

DMZs are expensive to begin with.   It is remarkable the growth in the amount and variety of security equipment we need provide web access, send emails, and give staff access to some information the need: multiple firewalls, IPS, anti-spam, anti-virus, SSL termination, web application firewalls, SSL VPNs, … a lot of expensive stuff.   This is the [...]

Comments Off

Category: Security     Tags:

Share

A high number of client inquiries I receive are around DMZ redesign.  This is the hardest task in network security you can undertake because there is no one-size-fits-all DMZ design and there are many moving parts in play.  The good news is that getting the DMZ right will likely be one of the most beneficial [...]

Comments Off

Category: Security Security Research In Progress     Tags:

Share

A lot of the datasheets for network security products have made it really hard for customers to conduct an apple-to-apple comparison.  I’m not talking about the overall IT industry practices with datasheets.  In the last 24 months, especially in the areas of firewall and IPS throughput,  a number of companies have started listing uninspected port throughput as the [...]

Comments Off

Category: Security     Tags:

Share

It used to be that having a honeypot was a sign that you had good IT security.  The reverse is now the case.  When the threats went from motivated to automated, determining if you are a target is not that valuable.  Everyone is now equally a target, and the threat is persistent. Your network is [...]

Comments Off

Category: Security     Tags:

Share

(whew)  The 2008 Hype Cycle for Infrastructure Protection presents a significant change from the previous edition.  Several technologies have been obsolesced, some new ones included, and some have been merged together.  Like a game of king of the hill, the top of the peak of inflated expectations is somewhat unoccupied but both slopes are crowded. One side with [...]

2 Comments »

Category: Uncategorized     Tags:

Share

If you work in IT security and haven’t read Franz Kafka’s The Trial, you need to.  One of the themes from the novel is that when the rules are unclear, authorities have only as much authority as you give them.  This doesn’t make for good law or security.  Although life is full of gray areas, you should minimize them when [...]

Comments Off

Category: Security Security Events     Tags:

Share

Security geeks love tired old metaphors and saws.  Often these are used like a threatened octopus spouting ink to confound opponents and provide intellectual cover to escape under, but sometimes they are helpful. One oldie but a goodie is that “brakes don’t help you stop, they make it so you can go faster”.  Good network security let’s [...]

Comments Off

Category: Security     Tags:

Share

…we also assess the companies that make and deliver them.  I could have ended things there and have this be a really short post, but let me expand on this. After you buy the security product, you pay on average about 20% per annum for support.  And you use that support and have interaction with the vendor.  And [...]

Comments Off

Category: Uncategorized     Tags:

Share