29 posts categorized "Chris Hoff"

February 27, 2009

Google search for real

millenium_tree We have all heard of the millennium generation. Generally it refers to people born after 1985 through now.  The older millennials are already young adults and their impact is being felt in social networking, politics and many other fields.

But it is the younger millenniums who are going to blow us away.  They are growing up in a world where the internet, ubiquitous connectivity and unfettered access to information is the norm.  They never saw an encyclopedia made out of paper. I was reminded of this tonight while getting Google tips from my 7 year old son Bradley.  Bradley was working on some Pokemon character and was looking for a picture that he needed edited.  He asked me to Google the character’s name and then grab a picture and edit it.  When I Googled the name no pictures came up.  Bradley said, “Dad put “for real” after the characters name.” When I asked why, he said that is what he does when he can’t find something on Google.  Frag (Battlestar Galactica word) if that didn’t work!  How did Bradley come up with this?  Is Google aware of it? It must change the search algorithm or something. Glad I have web filtering on the machine.

What is going to happen when Bradley and his friends grow up? What challenges will this present for the security industry?  Maybe they will help with security. I don’t know, but I do know that they have an instinctual intuitiveness around computers and such that previous generations on the whole don’t have.

Anyway, here is something you very rarely get with Mike Rothman’s Incite – a report on Friday!  Have a good weekend!

  1. When open is open only if  or its about the platform stupid – Hoff has a good point today about VMware’s use of the terms open and interoperable.  These two abused terms get tossed around alot. Open used to really mean open source. You had access to the source. Interoperable in my meant that out of the box it would work with other platforms and products. Then open was not really about source, but at least the openness of the product to use generally accepted means of communication. In my mind SQL and ODBC connectivity in databases is a perfect example of this. But I think what Hoff is getting at but is not saying clearly is that now it is all about the platform.  VMware wants to be the platform here. They want you to use tools and applications, as long as you use their platform. By having to use their APIs to connect, you are locked into their platform. That is the real hook and makes it not very open at all.
  2. Can IT Vendors be Objective? Probably not – Michael Farnum has a guest post up from a vendor friend of his venting about the fact that he has been “discriminated” against because he is a vendor and therefore deemed not objective.  I agree that most people out of hand say you are a vendor and therefore not objective.  Not that you can’t try. I have been accused of the same thing.  But being objective on this question, I have to say vendors can’t be objective. Not to say we would lie, but if we didn’t believe that our products were better, could we sell them? So yes IT vendors are not going to be objective.  But here is the kicker, neither can anyone else.  We all bring our own views and prejudices to the game and that effects our objectivity.  Therefore it is up to the audience to filter what they think is truth from fiction, opinion from fact. I think most people recognize that and perform that task.
  3. Mogul calls BS – Rich Mogull calls out Bob Russo of the PCI council.  Seems Russo says that no business that are PCI compliant have ever been breached.  They may have been compliant once, but when they were breached they were not. Rich rightfully I think calls bull on this. I am not sure if Russo is playing semantics here or what.  Maybe he means that having a breach automatically puts you out of compliance? I don’t know but have invited Rich and a few friends I know on the PCI advisory council to appear on a podcast. Stay tuned!

So that is it for this week.  Have a great weekend!

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted at 12:19 AM in Chris Hoff, compliance, Michael Farnum, open source, rich mogull | | TrackBack (0)

February 25, 2009

Baby you're the greatest!

I thought I would continue my Mike Rothman Daily Incite series today.  The only dangers I can see in this are I might start getting grumpy and give up meat!  But hey Fake Steve Jobs stopped blogging, maybe I can be Fake Mike Rothman.  Seriously, this format allows me to comment on a bunch of different things in one blog post, so will go with  it a while.

RetroHoneymooners First of all I want to call out that today is my 19th wedding anniversary! My wife Bonnie (the real Boss) continues to amaze me every day.  Most times it is around how she puts up with me.  But seriously in this day in age where so many couples come and go, 19 years is an accomplishment.  Marriage in some ways is a lot like security.  You are not successful at it without a lot of hard work, staying on top of the game and being passionate about it and it seems I am always one step behind!  In the meantime, I still feel like Ralph Cramden, happy to have my Alice. So in the words of Ralph -  Bonnie, you are the greatest!

Now on to the news and have a great day!


  1. Sourcefire goes into the 3rd party patch business.  Shades of Ross Brown and eEye, the VRT at Sourcefire have released on their blog a “home brew patch” for the critical Adobe Acrobat vulnerability, which is actively being exploited in the wild.  Adobe is supposed to have a patch out by March 11th.  In the meantime just as happened in the past, we really don’t know if the 3rd party patch has been adequately tested.  If it turns out it breaks something, Marty and team may wind up with egg in their face. As I have written before, generally I am against 3rd party patches.  In the meantime, Adobe come on! If you want Acrobat to be ubiquitous, you need to do a better jog of getting patches out.  This vulnerability has been kicking a long time!
  2. Checkpoint comes out with '”software blades” for the UTM. Checkpoint has introduced a new concept in their UTM line up.  They call them software blades. “The company describes a software blade as a security building block that is independent, modular and centrally managed.” The software blades operate on a software chasis.  Checkpoint wants to sell each blade for $1500. I don’t now about you but this sounds a lot like StillSecure Cobia to me! Modular security apps that run as software that can be mixed and matched on the management platform.  Very little is new under the Sun!
  3. Top Ten web hacking techniques of 2008. And the winner is . .  If you did not get enough on Oscar night here is the list of the academy awards of web hacking by Jeremiah with help from an all star cast of judges: The Mogul, HD Moore, Hoff and Forristal). Reading this post and Rich’s post on it, the mice continue to get smarter. That makes us work harder making better mouse traps.  Jeremiah will be presenting on this at a bunch of conferences including RSA. You probably want to catch that one.
  4. New kid on the block.  A friend of mine, Jack Mancini who has been working in security since Symantec first bought Norton (or was that when Ralph met Norton?) has started his own security blog called “Secure or Not Secure”. Jack is just launching a new security VAR down here in Florida. He has already put up some good stuff and I am sure will continue to do so!

Anyway that’s my news for today. I am putting the Pragmatic CSO ad down here. If the real Rothman wants to work out a revenue share deal with me it might find its way back to the top!

image

The Pragmatic CSO:

Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted at 07:47 AM in Chris Hoff, Cobia, patching, rich mogull, vulnerability management | | TrackBack (0)

November 10, 2008

Hoff wants to know who the IF-MAP Haz and Haz'nots are

hoff So Chris Hoff thinks he might have come across the perfect solution to his vexing cloud/virtual security issues.  A comment from from Greg Ness over at Infoblox fired up a synapse in the Hoff's brain and he recalled that the TCG/TNC's IF-MAP protocol could really help with the whole in the cloud/virtual conundrum.  Chris wants to know how many vendors outside of the NAC space are actually supporting IF-MAP.

So while I don't stay as close to the goings on at the TCG/TNC as I would like to, let me venture a guess.  I think very few vendors are actually supporting and have implemented it.  In fact it is not just non-NAC vendors, it is NAC vendors as well. Other than Juniper, I am not aware of another NAC vendor who actually supports MAP yet. Not because we don't want to, it is just not important enough. I was also very jazzed about it last year at Interop. Customers have not demanded it. So no one has the cycles to spend on it. Yes Infoblox would make the comment on your blog.  I think they are the people who originally came up with the idea and pushed it through the TCG with their own server as the storage container.  Beyond that I though ArcSight was behind it, but don't know how far they have gone either.

Chris unfortunately like the TCG/TNC NAC standard itself, without more customers demanding it, it remains in the nice to have category instead of the must have category.  So in your lingo, there are many more haznots, than there are haz's and it will probably stay that way.

Posted at 04:40 PM in Chris Hoff, NAC, trusted computing group | | TrackBack (0)

November 03, 2008

Came across this press release today

mikerothman RENOWNED SECURITY BLOGGER MIA SINCE TAKING JOB

The Pragmatic, Inciteful Mike Rothman Has Gone Missing From His Blogging Since Taking a "Real Job"

(Alpharetta, GA. – November 2, 2008) – The mouth of the south, renowned security blogger, Mike Rothman has turned up missing in action shortly after announcing his acceptance of a full time position as a vendor puke with eIQ. Several inquiries have been made, but even “the boss” has been mum on his whereabouts. Several prominent security experts are already suspecting foul play and some even whisper of some sort of left wing conspiracy.

Rothman originally sounded optimistic about continuing his blogging workload and not abandoning his legion of fans in the RSS feed world. However, it appears that a “real job” has proven more than he had bargained for. Could it be, that after for so long making fun of others who blogged in addition to their full time jobs, the task is more daunting than Mike could handle? Could the Security Twits have kidnapped him? Where is Mike Rothman?

Other rumors flying around the blogosphere have reports of Rothman sightings. One report had him canvassing door-to-door on behalf of Ron Paul in Montana. Still others say that Rothman has been in an “undisclosed location” (the same undisclosed location Dick Cheney uses) working on Barak Obama’s cybersecurity plans. Rothman’s name has been floated as a possible Czar in an Obama administration. Some are saying Mike was holding out to be the Sheik of cybersecurity, not the Czar. Others say Mike was far too pragmatic to get mixed up in politics.

Several other well known security bloggers were asked to comment on Rothman’s whereabouts:

Chris Hoff of Rational Survivability said, “I hope and pray for the best for Mike. Unfortunately my suspicion is that he has been virtualized and sucked up into the cloud. We all know how insecure that can be.”

Martin McKeay of Network Security Blog said, “You know Mike always made fun of my privacy views, but for once I wish we had a way to get past privacy laws and find out what really happened to Mike. I may have to don my purple tights and Captain Privacy suit to lead the search for Mike”

Rich Mogull of Securosis had this to say, “Mike did ask me for a hazmat suit that I used for the Democratic convention. I hope something did not go terribly wrong and Mike winds up as a green, muscular super hero”.

Amrit Williams of Techbuddha had nothing to say at all about Mike. In fact he said he never really liked Mike anyway.

JJ of Security Uncorked said, "I think Mike is just holed up somewhere in the Deep South working on the next set of 802.1x standards. But if I don't start blogging more they may be putting out MIA releases on me next"

Richard Stiennon (sorry Rich, couldn't find your blog URL) said, “Though I am sorry to see Mike’s disappearance, it does leave a real vacuum for blogging security analyst and Stiennon’s first law is “blogging abhors a vacuum”

Alan Shimel  of StillSecure, After all these years, put perhaps the finishing touch on the Rothman situation saying, “You know Mike was a fast-talking NY guy who always spoke his mind. His up front, in your face style might have just rubbed someone the wrong way. He could very well be the security industry’s Jimmy Hoffa. But you know being the huge Giant fan he is, I am sure he would not mind being buried in the end zone of the new Giants Stadium”

In the meantime a Ten ($10.00) Dollar reward has been offered by the Security Bloggers Network for any information leading to the whereabouts of Rothman. Anyone with information regarding this mystery can email podcast@stillsecure.com. All information will be kept confidential, as well as HIPAA and PCI compliant.

**All names and quotes are purely fictitious. Who knows where Rothman really is?**

Posted at 05:14 PM in amrit williams, awards and PR, Chris Hoff, friends, Martin McKeay, rich mogull, Richard Stiennon, security bloggers network, Weblogs | | TrackBack (0)

October 15, 2008

So what exactly does this mean?

". . . and Cisco NAC support is extended to cover all NAC versions, protecting the network from infected guest hosts." Beats the heck out of me.  It is in the last line of F-Secure's press release about their new endpoint agent/suite (when did we get to the point that an agent and a suite are interchangeable anyhow?).  It comes right before the "about F-Secure" paragraph. Is it the proverbial catch all? Do they really support all NAC versions? All versions of Cisco NAC? How? Did they just want to hit all of the buzzwords?  They were sure to mention my boy Hoff's new buzzword, "the cloud". But show me an AV vendor who isn't checking the cloud these days.  The cloud is the new black.

Guys if you are going to mention something you do in your press release at least explain it so people know what you are talking about.  Also, why be the 15th AV vendor to announce what you do in the cloud and make it like your unique.  Why not just say, "we are doing what everyone else is doing".  Of course you could say you did it first. you do it better, yours is bigger or faster. etc. Hey I guess size does matter.  But talk about me too releases, come on.

Posted at 03:17 PM in anti-virus, Chris Hoff, NAC | | TrackBack (0)

Technorati Tags: , , ,

July 11, 2008

You want the truth, you can't handle the truth!

fewgoodmen I am not sure what it is with Richard Stiennon.  Maybe his mom beat him with a NAC stick when he was young.  Hence his Jack Nicholson looks (more like the Joker in Batman, than Col Jessep in A Few Good Men) and his total disdain for NAC.  In any event Richard never seems to miss a chance to take a pot shot at NAC.  I have fired back and debated him many times on this.  In fact I am convinced that Richard's problem with NAC is that like Uncle Joe, he is just moving a little slow.  Richard still thinks of NAC as Cisco’s network admission control, circa Dec ‘03.  He has not gotten up to speed on anything happening with NAC since.  Richard is going to debate NAC with Joel Snyder according to this article by Tim Greene today. My prediction is Snyder by a knockout in 3 rounds or less.

Richard’s latest NAC knock comes on a comment to an excellent article by the Hoff.  Chris takes a bold stand for someone working for a vendor and calls BS on the whole analyst thing (I will write more about that later in this article). Richard being an ex-analyst himself (lets face it, with Richard you can take the man out of the analyst job, but you can’t take the analyst out of the man), takes exception to Hoff’s “whining” (Richards words, not mine) and tries to tell Hoff that giving up is not the answer and the way to show up analysts, is to prove them wrong.  Great Richard you try to prove them wrong, when because of what they report you don’t have a market, can’t get any capital and have no visibility.  I guess that is when it is time to move on to the next gig, right? Then Richard has a bad NAC deja vu and feels it necessary to write this:

“Look how easy it is to one up the analyst firms, who as near as I can tell support Network Admission Control universally. Everyone except the folks at Updata Ventures know how seriously flawed NAC is with only one viable market, edu.”

I assume Richard is referring to Updata recently leading the Bradford Networks VC round. But more importantly Richard it is time to call a code red on you and give you the cold hard truth.  Richard the fact is that the edu market is not the only viable market for NAC.  In fact, one of the biggest customers of NAC is the DoD.  That is right Richard at least 3 of the 4 armed forces use NAC in helping to secure their networks. To paraphrase my friend Col Jessep - Richard, you want the truth, you can’t handle the truth!  You sleep securely under the blanket of protection that NAC provides.  If it is good enough to help “clean the sand” out of laptops coming home from SWA (that is SouthWest Asia, like in Iraq and Afghanistan, in case you don’t know Richard), it should be good enough for you. Think about that next time you are about to bad mouth NAC.

Let me give you some other truths you may not like Richard.  Why do you think every switch vendor (of which we partner with many of them) is lining up and bringing out NAC solutions?  Why has Microsoft put such a big push on NAP?  Why despite the Luddites like you does NAC still draw crowds at conferences like Interop (ask Joel about that).  Richard we are still signing new major OEM partners.  I am afraid you are the one sadly out of touch on this one Richard.  Just as you are out of touch in missing Hoff’s point in his article.

As to Hoff’s article, as I said I give Chris credit for speaking his mind. I spend an ungodly amount of my time speaking with analysts and trying to “learn” from them while at the same time trying to educate them.  I am constantly amazed that so many analysts (and press for that matter) just take a vendors word as gospel. I have seen research reports from analysts big and small, that I am sure did not have any more research done than calling a handful of vendors and listening to their spiel. Too many of these vendors if they do speak to customers, base their findings on such a small sample that it is impossible to have an accurate picture.

Personally, like Hoff says, who watches the watchers is the truth. I would like to see a code of conduct among analysts. I would start by dictating that vendors cannot pay analysts.  Take the payola out of the equation the way they did to the DJ/Radio business in the late 50s. Next analyst reports have to come with metrics to back up the findings. I want to know how many customers they spoke to, how big they were, how they were found, etc.  A vendor giving an analyst a real live“pet” customer is not real research. I want to know if the customer pays the analyst. It is a dirty business.

Hey let me be clear, I play the game as well as the next guy.  But I agree with Hoff we need to clean up the rules to make the whole analyst thing more fair, viable and valuable.

Zemanta Pixie

Posted at 05:50 AM in Chris Hoff, NAC, Richard Stiennon | | TrackBack (0)

March 04, 2008

TippingPoint goes 10GBPS, but do people want just IPS or UTM?

TippingPoint announced their Core Controller appliance today. It is a 10GBPS in line IPS. Actually what it sounds like it is, is a network controller that load balances traffic among several conventional Tipping Point boxes and than puts the flow back together and passes it on.  Sounds cool, but I would like to see the latency involved in doing this.   Sounds like a lot of moving parts.  It also sounds a lot like the way Hoff used to do things over at Crossbeam Systems.

The real question for me though is not whether or not this new appliance does line speed IPS or not.  The question is do we still want our IPS as stand alone IPS or do we want it as part of UTM. Mike Rothman in his 2008 Days of Incite talks about "best of breed DOA". In it Mike talks about 2007 being a year where customers clearly voted for integrated solutions over individual best-of-breed.  He also says 2007 was the year the first open source perimeter platforms hit.  I like to think he is talking about Cobia. But 2008 will be an even bigger year for Cobia functionality! The bottom line though is except for the Ferrari crowd does anyone want to buy a stand alone IPS? Mike says it best when he says. "Market maturity kills product innovation".

Yes people buy UTM for one application at first. It could be firewall, it could be IPS or gateway AV, URL filtering or anti-spam. But they like the idea of getting more than what they just needed and paid for.  They figure they are going to turn on the other stuff soon enough anyway.  Plus they get it all from one vender.  So on this one, I have to agree with Mike.  I think people will buy UTM over single purpose security solutions in increasingly greater numbers in the months to come.  Agree?  Disagree?  Leave a comment with your opinion.

Posted at 06:17 AM in Chris Hoff, Cobia, IDS/IPS, Security Incite, UTM | | TrackBack (0)

February 08, 2008

Why didn't we think of this?

Saw a pretty funny video clip today over on the Hoff-miester's blog.  It is a viral video from the folks over at Palo Alto Networks poking fun at Juniper and Check Point.  Pay attention to the words, as it is good stuff. What could be next, Dancing with the Security Stars? I would like to see Amrit, Tom Ptacek and Mike Rothman (I hear he has been practicing dancing with his daughter for this) as the contestants. 

Seriously, these videos are a great way to get some buzz going and I think Palo Alto has done a great job.  Count on Chris to find this stuff. Enjoy!

Posted at 06:56 AM in Chris Hoff, Film, the security industry | | TrackBack (0)

December 13, 2007

UTM=Linux+open source mash up?

I have been following the Don "Cutaway" Weber/ Chris Hoff "dialog" around whether UTMs just add complexity and risk to the security equation. Of course the peanut gallery than had to join in.  That Georgia peanut, Mike Rothman puts in his 2 cents and complete with a reference to Shinola comes Michael Farnum with his own play-by-play and color commentary. This in addition to lots of comments from various sundry sources like AndyIT Guy and others.  Frankly, I was content to read, chuckle and keep quiet.  However, something Michael Farnum wrote struck a chord with me and reminded me of a discussion I had with some folks at a large tech company recently. 

Michael says that Don, Andy and that crowd are equating "UTM=big Linux box with a bunch of security apps thrown on it."  Michael is of the opinion that "real" companies like Checkpoint, Fortinet, etc. don't use that and have "proprietary OS’s that do not typically fall prey to the same problems that a Linux server with Squid, Snort, and SpamAssassin installed on it".  To that I say, jokes on you Vet.  Many of the biggest names including some of the ones you mention do in fact take a Linux distro, pile on some open source, slap a GUI on and abracadabra you have a UTM.  Yes they  may have ASIC or custom silicon, but many of these UTM's are Linux and many may have one or two non-open apps and then load the open source on from there.  ClamAV, Spam Assassin, etc are staples of these boxes.  Yes, Hoff's old company Crossbeam may not follow this, their schtick (put that with your Shinola, Michael Farnum) was they took best-of-breed apps and put them together on one UTM.  But the rest are guilty as charged.  Let me be clear.  I am a big believer in UTM.  I don't buy the single point of failure stuff, I don't buy the increased complexity and security crap.  But Linux and some open source mash up with a smiley GUI is unfortunately the state-of-the-art with many UTM vendors.

As I said earlier in this post, I was talking to a large tech company who wants to bring a UTM/Network gateway product to market.  In our discussions it was clear what type of applications they would want on the box.  But no matter how much I tried to explain and not matter how much I banged my head on the brick wall, they just could not understand that when you pile crap high one on top of another, you end up with high pile of crap!  There has to be more to it.  You need to leverage efficiencies, you have to make products work together.  Customers want to manage these things out of one GUI.  Not a portal where you click on an app icon and it launches another browser window.  You need a way for them to share information, licensing and user accounts.  In short you need a framework, much like we built with Cobia. If you think you can do a mash up of a bunch of open source apps all just running on Linux without any glue holding them together, you don't have anything worth buying.  I suspect the tech company I was speaking to is going to find this out the hard way.  I also suspect that many of todays UTM players who are not doing more than this are going to learn that hard lesson as well.

In the meantime, Don, Andy and the rest, you are spitting into the wind. The UTM train has already left the station.  Though it may not account for 50% of network security purchases by 2011 as Stiennon and IDC project, it is gaining momentum every day. It is going to be tough to buy a stand alone IPS or firewall in the near future.

Posted at 08:54 AM in Chris Hoff, Michael Farnum, Security Incite, UTM | | Comments (4) | TrackBack (0)

September 19, 2007

Self-selecting or selecting self?

There has been a bit of a brouhaha lately over the Jericho Forum and the amazing shrinking, disappearing, shifting, changing, eternal (take your pick) perimeter.  It started with Chris Hoff teeing off on Rich Mogul. Rich had a get out of jail free card while he was still at Gartner, as not even Hoff while working for a vendor, would piss off a Gartner dude.  However, the Teflon is gone and Hoff is on.  He took umbrage with Rich's views on the Jericho folks.  I was going to jump in, but every time I disagree with the Hoff man lately he accuses me of going off my meds.  No doubt Hoff can write a mean rhyme and a long blog post.  But sometimes he is so deep in the doo-do, that he kind of loses some of the subtler points being made.  Anyway, I digress.  What got this party started was another former Gartner dude weighing in, Rich Stiennon.  For those who do not know, Chris and Rich Stiennon have a long history of antagonizing each other.  Anyway, Dan Weber then brings up a point I wanted to comment on in Rich Stiennons comments.  Rich ends his article with this:

I work for a vendor of network perimeter security appliances. But, keep in mind, I would not be working for a perimeter defense company if I did not truly believe that the answer lies in protecting our networks. If I believed otherwise I would work for a de-perimeterization vendor, if I could find one. :-)

Dan calls BS on this and I agree 100%.  I don't believe for a second that Rich went to work at Fortinet because of his belief in the sanctity of the perimeter.  I think if Rich worked for an anti-spyware company (wait he already did that didn't he), he would be all for anti-spyware. If he worked for an endpoint provider he would be a big supporter of a endpoint security.  Lets be clear, it is not only Rich.  Many folks in the security sphere claim that they came to work where they did because of their deeply held beliefs in the supremacy of their companies technology and approach.  I say give me a break people.  You like it because it is yours and it is paying the bills.  Lets be open and honest about it. That would be a good place to start.

Posted at 10:48 PM in Chris Hoff, General Security, Richard Stiennon, the security industry | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , ,

« Previous | Next »
My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search


Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Blog powered by TypePad
Member since 10/2005

About