Adrian here, and happy Friday the 13th! It’s been a week since Independence day, and it feels like it’s been a month. Mike wanted us to comment on our feelings about Independence Day and what freedom means to us. For me that was easy. As as I usually do, I worked on Independence Day. Always. It’s not a day off. To me, taking time off is anathema to independence. I celebrate independence by working, because working is what earns me the right to be free. I’m long past the age of military service…
As long last (OK, maybe not that long), we have assembled the Evolving Endpoint Malware Detection series and packaged it as a paper. You can check out the landing page to find out more, but this description sum it up:
Last week we celebrated Independence Day in the US. It’s a day when we reflect on the struggles of our forefathers establishing the country, the sacrifices of the Revolutionary War, and what Freedom means to us all. Actually, most folks gorge on BBQ, drink a ton of beer, and light fireworks imported from China. Which I guess is another interpretation of freedom.
We send a quarterly newsletter out to vendor clients as part of our retainer program. Here’s the introduction, which describes how we view the newsletter:
Rich here.
I’m starting to think I might be dealing with a bit of burnout. No, not the “security burnout” that keeps cropping up on Twitter and in blog posts, but a bit of a personal burnout. I just find myself lacking a bit of general enthusiasm and creativity that usually keeps me plowing away at a productive rate.
The question of stopping targeted attacks has been on my mind for a while. Of course my partners and I have to suffer through far too many vendor briefings where they claim to stop an APT with fairy dust and assorted other black magic. But honestly, it is a legitimate and necessary question.
Be quiet. Be vewy vewy quiet. Now listen. What do you hear? Listen very closely. Do you hear anything? No? That’s exactly the point. The Boss and I woke up yesterday morning to the sound of nothing. No grumbling about having to get ready for school. No kvetching about ill-fitting bathing suits, and no asking for this play date or that activity. No crappy Disney Tween shows blaring from the TV. No nothing. The house is quiet.
The final installment in our masking series closes with a simplified buyer’s guide for product selection. As with most security product buyer’s guides, we offer a fairly involved process to help customers identify their needs and evaluate solutions against each other. These guides address the difficulty of getting all stakeholders to agree on a set of use cases and priorities, which is harder than it sounds. We also offer guidance on avoiding pitfalls and vendor BS. Of course you still need to…
I have been wanting to write a bunch of blog posts for the last few weeks. No, not the heavy research work we have been in up to our eyeballs, but about some of the strange and interesting stuff currently been reported. We used to do a lot more commentary and I miss it. I have a little time this Friday, so I though I would comment on a few of the past week’s articles I think warrant discussion – in many ways as interesting for what was not discussed. Here we go:
Earlier this week Joseph Menn published a confusing article over at Reuters that conflated “active defense” with “strike back” technologies. As Chris Hoff said on Twitter: