We have written a lot about Oracle’s acquisition of Secerno: the key points of the acquisition, the Secerno technology, and some of the business benefits Oracle gets with the Secerno purchase. We did so mainly because Database Activity Monitoring (DAM) is a technology that Rich and I are intimately familiar with, and this acquisition shakes up the entire market. But we suspect there is more. Rich and I have a feeling that this purchase signals Oracle’s mid-term security strategy, and the Secerno…
There’s nothing like a crisis to bring out the absolute stupidity in a person… especially if said individual works for a big company or government agency. This week alone we’ve had everything from the ongoing BP disaster (the one that really scares me) to the Israeli meltdown. And I’m sure Sarah Palin is in the mix there someplace.
They say the grass is always greener on the other side, and I guess for some folks it is. Most private companies (those which believe they have sustainable businesses, anyway) long for the day when they will be able to trade on the public markets. They know where the Ferrari deal is, and seem to dismiss the angst of Sarbanes-Oxley. On the other hand, most public companies would love the freedom of not having to deal with the quarterly spin cycle and those pesky shareholders who want growth now.
Endpoint Security is a pretty broad topic. Most folks associate it with traditional anti-virus or even the newfangled endpoint security suites. In our opinion, looking at the issue just from the perspective of the endpoint agent is myopic. To us, endpoint security is as much a program as anything else.
Given the craziness of my schedule, I don’t see a lot of movies in the theater anymore. Hard to justify the cost of a babysitter for a movie, when we can sit in the house and watch movies (thanks, Uncle Netflix!). But the Boss does take the kids to the movies because it’s a good activity, burns up a couple hours (especially in the purgatory period between the end of school and beginning of camp), and most of the entertainment is pretty good.
I was catching up on my reading today, and this post by Richard Bejtlich reminded me of the tension we sometimes see between security and privacy. Richard represents the perspective of a Fortune 5 security operator who is tasked with securing customer information and intellectual property, while facing a myriad of international privacy laws – some of which force us to reduce security for the sake of privacy (read the comments).
Continuing our discussion of core SIEM and Log Management technology, we now move into event correlation. This capability was the holy grail that drove most investment in early SIEM products, and probably the security technology creating the most consistent disappointment amongst its users. But ultimately the ability to make sense of the wide variety of data streams, and use them to figure out what is under attack or compromised, is essential to any security practice. This means that despite the…
A holy grail of technology marketing is to define a product category. Back in the olden days of 1998, it was all about establishing a new category with interesting technology and going public, usually on nothing more than a crapload of VC money and a few million eyeballs.
Recently Michael Zalewski posted a rant about the state of security engineering in Security engineering: broken promises. I posted my initial response to this on Twitter: “Great explanation of the issue, zero thoughts on solutions. Bored now.” I still stand behind that response. As a manager, problems without potential solutions are useless to me. The solutions don’t need to be deep technical solutions – sometimes the solution is to monitor or audit. Sometimes the solution is to do nothing,…
We get a lot of requests to sponsor this blog. We got several this week. Not just the spammy “Please link with us,” or “Host our content and make BIG $$$” stuff. And not the PR junk that says “We are absolutely positive your readers would just love to hear what XYZ product manager thinks about data breaches,” or “We just released 7.2.2.4 version of our product, where we changed the order of the tabs in our web interface!” Yeah, we get fascinating stuff like that too. Daily. But that’s not what I…