« Sanjay Kumar gets an even dozen | Main | Ross Brown is not an elitist »

November 02, 2006

Security for the everyman

Authors note after publishing: After a series of private emails with Ross after publishing this post, I want to emphasize that this is not an attack on Ross personally. It is instead a contrast in how two security companies can build products for very different classes of users and how that effects their outlook at the market.

You have to admire Ross Brown. He is one of the few folks that I spar with on the blog that keep me on my toes and make it interesting.  However, I have to admit, I was doing a little bit of baiting on my Gods Gift post.  I suspected Ross would come right after it, and frankly had a good idea of what he was going to say.  In fact, the point I wanted to make was something related but not quite the point of that article. But I suspected Ross's pride as a security elitist would shine through and I was right.  So maybe Ross you are right, I do have a truly dizzying intellect (Ross, don't ever think someone from NY does not know when we are being dissed).   So, as I said Ross ran right in and gave his response to my article with his comments here.  I am not going to reprint all of Ross's comment, but feel free to read it yourself.  I just have to respond to one or two errors and then I will get to the real point.

1. Ross, I never said IPS has some value but IDS is kinda not worth it.  That is what the elitists  are saying.  In fact what I was saying, is that IDS and IPS for that matter, may not have lived up to the inflated expectations that were set up for them, but hey nothing ever does.  As a result it ended up in the trough of disillusionment, before reaching the plateau of productivity.  In fact I followed it up with a reference to Michael of MCWResearch for an example of how IDS helps real world security admins in their every day jobs. I don't have to justify our product line, because our product line is designed to help real world admins charged with securing real world networks everyday. That is the job it was designed for and the job it does. It was not designed to make the security researchers and elitists ooh and ahh over how slick or sophisticated it is.  I think Ross you missed the finer nuances of what I meant.  Not meeting inflated expectations is not equivalent to having no or little value.

2. Ross your constant harping on the superiority of host based security over network based security is rather odd in light of the Retina/REM product being network based.  I know your new love is Blink, but just as someone would never say network based security is all you need, lets not say that host based is all you ever need as well (now the Beatles did say, love is all you ever need, but that is another album).

Everyman_2The name of this album and the point of this post though Ross is, For Everyman.  Ross the elitist view and arrogance of your position is why you and I see this stuff from a different angle.  It was made crystal clear to me in a series of comments on your blog this week.  I asked as security vendors do we design products for the meat and potatoes security admins or the guys at the forefront of security research.  You answered as a security vendor you design for the meat and potatoes, but as a company with a security research team, you design products for the forefront.  Ross your pride has bit you right in the butt. You are so proud of your research team and all of the headlines it grabs, you honestly think it is your job to educate us and let us all learn from you. This holier than thou position comes through again and again in your comment on my post.  Let me give you some more examples:

1. Ross says: "Lastly, sometimes people are smarter and a 'smarter than thou' attitude
is deserved, especially when faced with someone who would persist in
ignorance. While I certainly have a high respect for people that do
security for a living, the vast majority of them are open to learning."

Ross what you are really saying is that you and your researchers are smart and the attitude is well deserved. Your condescending "high respect for people that do security for a living, the vast majority of them are open to learning", sounds like an 18th century feudal lord talking about the serfs who work his land.  Except Ross in this case those folks are the ones buying your product and keeping you in business.

2. It wasn't an army of security guys saying IDS is worthless, it was any army of analysts and security elitists.  The security everyman was saying it most certainly is worth it.  But you don't really value their opinion because after all, as a hot shot security research team, you think these people are "open to learning".  Hey Ross, news for you, not only are they open to learning, they may actually teach you and your hot shots a thing or two!

Ross, it goes to how we design our products here at StillSecure.  We go out and talk not to the security guru or pros as you call them, but to the overwhelming majority of overworked, underpaid guys who are charged with securing real networks.  Often security admin is not their only role at their company.  Often before taking this role on, they were not security pros.  We ask them what keeps them up at night, what do they waste a lot of time on, what tools would allow them to be more efficient and more secure.  We design our products based upon this for those guys Ross.  Not for the hot shots, not the elitists or security gurus.  Maybe that is why the "pros" may think our products are not cool enough or cutting edge enough.  But that doesn't really bother us Ross, it is not who we design our products to help.  Fundamentally, we are focused on the everyman.  You Ross and eEye appear to be focused on the pro's who are willing to learn what you teach.

Ross, this is why you and I have such different views of the market and security.  I respect where you are coming from. I don't agree with the elitist approach, but hey that may have more do with my politics as well.  You don't have to agree with my everyman approach, but I do ask that you respect it and the hard work that these everymen put in every day with a near impossible task, even if they are using tools that you think are dormant or toys!

http://www.amazon.com/gp/music/clipserve/B000002GYU001001/0/ref=mu_sam_wma_001_001/002-2864520-4560825

Posted at 10:43 PM in General Security |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d8346749a869e2

Listed below are links to weblogs that reference Security for the everyman:

» Security is a part of the Service and Support Group from Security Ripcord
I have been thinking a lot about work this week and Alan Shimels recent blog post titled Security for the everyman has really driven it home. Security professionals, security researchers, network and system administrators, and de... [Read More]

Tracked on Nov 4, 2006 9:13:12 AM

Comments

My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About