Welcome to Collaborative Strategy Guild

Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.

Why Check Point should buy RSA

By

Well, things have changed from almost 10 years ago, but I was taking a trip down memory lane with the new HP – Arcsight acquisition and came across this. I suppose nowadays perhaps RSA (EMC) should be buying Check Point, and clearly OPSEC is nothing like what it was back then, but I found it intriguing. It was a Hurwitz Group Trend Watch.

Security Strategies – January 31, 2002

Why Check Point should buy RSA

By: Pete Lindstrom, Director — Reply to:plindstrom@hurwitz.com [not active anymore]

It is no secret that the security space is highly fragmented. Hundreds of companies vie for market share and mindshare amidst hundreds of others, all with a bit of a unique spin – operating within the Four… Continue reading: Why Check Point should buy RSA

September 13th, 2010 | Category: Identity Management, Vulnerability Management | Leave a comment

Disclosing the Elephant in the Room of the Disclosure Debate

By

There has been a lot of discussion lately about vulnerability disclosure, with Google and Microsoft respectively weighing in with their latest opinions on the topic.

There is really nothing new here, as evidenced by the Google folks referencing a 9-year-old Bruce Schneier essay on the topic. I have written extensively on the topic and the related software liability in previous years (some highlighted below) and get castigated quite a bit when pointing out some fairly obvious points. I believe these points are important and are sometimes ignored, so I will go ahead and point some of them out again, as there is a big elephant in this room and I think it is the real reason that folks… Continue reading: Disclosing the Elephant in the Room of the Disclosure Debate

July 23rd, 2010 | Category: Economics and Risk, Highlights, Random, Vulnerability Management | Leave a comment

Charlie Miller’s “Teach a Man to Fish” approach to disclosure: the happy medium?

By

Pre-eminent bugfinder Charlie Miller mentioned an interesting approach to disclosure after he compromised another Apple system – demonstrate the attack, describe how the vulnerability was found, and let the chips fall where they may. (Actually, I think his “teach a man to fish” approach might have been ancillary to the pwn2own contest…)

At this stage of the game, this might be an interesting approach to disclosure (I guess this is sort of like the video approach that Dave Maynor did a few years back…). I am not completely sold, since I am not clear on how much this approach would lower the attacker’s cost.

This contrasts with Tavis Ormandy’s disclosure of the Java Web Start vulnerability which was simply a debacle of… Continue reading: Charlie Miller’s “Teach a Man to Fish” approach to disclosure: the happy medium?

April 29th, 2010 | Category: Economics and Risk, Highlights, Random, Vulnerability Management | Leave a comment

Vswitch isolation and segmentation – an Illusion

By

Brad Hedlund points out a common misunderstanding in the virtualization networking world – you can segment and isolate all you want, but it is simply a logical construct.

From a risk perspective, I equate this type of virtual segmentation (for DMZs) to connecting the physical DMZ components all to the same switch.

There is lots of other goodness in Brad’s post. Check it out.

Continue reading: Vswitch isolation and segmentation – an Illusion

March 26th, 2010 | Category: Highlights, Vulnerability Management | Leave a comment
« Newer Entries