Network World

Security Insider

By Mike Rothman

Search Security Insider

Rothman is president and principal analyst of Security Incite, an analyst firm focusing on information security. Read his blog here or e-mail him at mike.rothman (at) securityincite dot com.

Security Insider is also available as an e-mail newsletter called Security in Practice. Sign up to receive the newsletter here

Security awareness Cisco-style: 09/25/06; Now Cisco is turning its attention to security awareness, and it's a very compelling story. First, I am a huge fan of security awareness training. I think much of the hot water we find ourselves in daily could be avoided by teaching unsophisticated users to not do stupid things. A smart user community is worth more than the tightest technical defenses.
IBM legitimizes managed security: 09/11/06; $1.3 billion is a lot of money. If traveling is your thing, you could buy 38 Gulfstream V jets to fly in style and even have a little left over for gas money, or 7,900 Bentley Continental GTs to make sure you (and all your friends) are comfortable at ground level.
We need more security intelligence: 08/28/06; If you are a user, start challenging your strategic security vendors to start acting more proactively. Make it clear that sooner rather than later you are going to start investing your money with vendors that are ahead of the curve, not behind it.
Black Hat: No network is safe: 08/14/06; Having just returned from my first Black Hat experience, I can say it was outstanding. From the engagement of the crowd to the quality of the speakers to the controversy of the subject matter, my only regret was leaving after the first day.
The patch robbers: 07/31/06; Do you think it's a coincidence that major Microsoft Office vulnerabilities with exploit code have appeared within a day of Patch Tuesday? I don't, and it's not just my active imagination going wild.
EMC + RSA = New force in data security: 07/17/06; It's always interesting to see the public response to a game-changing acquisition, namely EMC buying RSA Security. This deal changes the security landscape, so I need to come up with a new name for EMC. How about EMCecurity (pronounced E-M-See-curity)? I
The silver bullet for privacy breaches: 06/30/06; Ask the questions of yourself and your management - do all of those folks REALLY need laptops? Are you doing enough to train your employees about how they can be compromised and how that can result in privacy breaches?
Encryption on way, but keep it secret: 06/19/06; Encryption has always been one of those weird cousins who show up at all the family functions. You're not really sure why they keep showing up because no one really talks to them. Then one day, they blossom and find their voice. They are cool, and you are glad they are part of the family.
Corralling the zombies: 06/05/06; Aren't zombies anonymous? The analogy that I use to help folks understand zombies is the file-sharing networks used to pirate - I mean, share - music. Think about your old script kiddies that would do the dirty work themselves. With a good amount of detective work, you could figure out who they were and put an end to it. The hacker of yesterday was much like Napster, centralized and visible. Focus on shutting down the individual hackers, and the problem was controllable.
You say you want a security revolution: 05/22/06; Well, you know ... I'm not much of a singer. Just ask my kids. But the old Beatles anthem about revolution doesn't have much of a place in today's network and security space. Not that a revolution isn't sometimes needed, but most of the time it's not at all practical. That's why the word of the week is evolution.
Revamp your network security - now: 05/08/06; Did you like to blow things up when you were little? Come on, be honest. I'll come clean. More than a few mailboxes fell under the onslaught of my juvenile pyromania. Being an adult means wanton destruction is frowned upon. But maybe there is something we can do to regain the thrill. Try this on for size: You should blow up your network.
Obscurity vs. business reality: 04/24/06; It seems that after my last Insider column, a lot of people think xenophobia is acceptable. This boggles my mind, but as I'm entitled to my opinion - as is everyone else - let's see whether I can't slay another sacred cow of the new security thinking.
Xenophobia's bad for security business: 04/10/06; Sen. Joseph McCarthy died in 1957, but clearly his spirit lives on. Since the Communist witch hunts of the '50s there have been a number of waves of xenophobia, protectionism and isolationism. Buckle up - here comes another wave.
My beliefs about security: 03/27/06; I'm a big fan of Tom Peters. Right - the Tom Peters who wrote In Search of Excellence and The Brand You. When Tom turned 60, he packaged up a list of 60 things he believes in in a book called Sixty. Many of the things are simple but frequently forgotten. It's useful to go back through these ideas every so often to remind ourselves what we should be focusing on. Because you are still getting a feel for this column, I thought I would discuss things I believe about security.
Maturity ... it happens: 03/13/06; How many of you remember what an uphill battle it was to convince your organization to deploy anti-virus software on every device? Remember the old question: "Do we really need that firewall?" Now it's not if you need security, it's how much and where. Yep, that's a form of maturity.