Rational Survivability

[Ed: I want to add something here…I think people should pay
attention to Cobia for lots of reasons; some of them are apparent and
others cause eyebrows and shoulders to shrug.  Just like when Astaro
announced their "Virtual Security Appliance" that I barfed all over because of egregiously overarching claims to revolutionary impact in the security market, one must consider the audience and motivation for creating a "product" like this.

I think folks should pay attention to Cobia because it continues
to provoke discussion and debate surrounding where, how and why
security is positioned in the network not to mention stirring interesting discussions regarding the definition of Open Source…]

—

Look, I think Cobia is compelling, creative, valuable and very interesting and I think people should pay attention to it.  I think it’s a great idea and I know that Mitchell, Alan and Martin (and the rest of the team) will make it successful.

Alan’s statements to the contrary are just wrong and are overly controversial — unfortunately at the expense of a reasonable debate on an issue central to security today.  I love him, but I suggest he needs Ritalin today!

The SME/SMB market is ripe for this sort of utility, but again, while the packaging and components are put together in new and interesting ways, the underlying framework is not.  That’s not a bad thing, but again, forging yet another market classification in an already fractured industry is potentially difficult for everyone.

The WhistleJet from 1999 was a very similar model.  Sure, it wasn’t open source and it didn’t run on a VM, but it was a very similar model.

I really didn’t want to bring up this point, because it seems contrived and snarky at this point, but it’s interesting that much of what is being presented with Cobia is already done in our boxes.  I have no interest in starting a pissing match because there’s no reason to as Cobia serves a different marketspace than we do and blending utility applications (even though we can) with dedicated security applications isn’t in our interest or business model.

Mitchell even sees some value in running Cobia on Crossbeam. 

Again, I think Cobia is an interesting idea and well-timed for the SME/SMB.  I think it’s very cool and if you’re in the market for this solution you should definitely look at it.

I’m done arguing about something I wasn’t arguing about in the first place.

/Hoff

Just so you don’t think that I personally dislike Richard Stiennon, allow me to clear that up. 

I like Richard very much.  In fact, I like him a lot more today as I was cleaning up my office and came across these little gems (picture below) which was part of a Christmas (?) gift Richard sent when he was bringing up IT-Harvest (his independent analyst and IT/Security compendium business) and we were a customer…

So not only is Richard useful, witty, smart and (*cough*) handsome, his choice of wine (a Bordeaux) works a lot better than the Scotch he referred to earlier.

Thanks, Richard!

/Hoff

As a reprise to the cartoon published earlier today, here’s all you ever need to know about SOA; well, a few things actually.  The entire list is here. 

• SOA is the only thing Chuck Norris can’t kill.
• SOA invented the internet, and the internet was invented for SOA.
• SOA is not complex. You are just dumb.
• In the last year, SOA increased Turkey’s GDP by a factor of 10.
• One person successfully described SOA completely, and immediately died.
• Another person successfully described SOA completely, and was immediately outsourced.
• Larry Ellison once died in a terrible accident, but was quickly
  given SOA. He came back to life, built a multibillion dollar software
  company, and now flies fighter jets.
• Guns don’t kill people, the SOA WS-* stack kills people.
• SOA can write and compile itself.
• SOA is an anagram for OSA, which means female bear in spanish. It
  is a well-known fact in the spanish-speaking world that female bears
  are able to model business processes and optimize reusable IT assets
  better than any other hibernating animal.
• SOA is so great 10 facts aren’t enough.
• SOA is the mistress to all CIOs.
• SOA is just one letter away from SOB. On purpose.
• If a tree falls in the forest, SOA knows about it.
• If you google ‘SAP’ and ‘Chuck Norris’, the top site is SOA Facts.
• SOA is being used in the developing world to solve hunger. Entire populations will be fed on future business value.

…now you know.

Back from Africa.  Successfully summited both Mt. Meru and Mt. Kilimanjaro.  Pictures and war stories later.

Now that’s out of the way, I’m back to "work" this week @ the RSA Conference in San Francisco.  I’ll be there all week (from Tuesday on) so pop me an email (choff[at]crossbeamsys.com) or call me and we can get together if anyone likes.

I’m on two panels; both ought to be good given the participants and the moderators.
I’m especially looking forward to the UTM Smackdown session for some reason.  It’s like a fraternity reunion…without the beer.

Virtualization & Security – DEPL107
On Tuesday, February 6th @ 4:10-5:20 in the Burgundy Room

Virtualization technologies promise better utilization of managing and
provisioning computer resources within an organization, but the concept
of virtualization can make security managers nervous. This panel of
experts will discuss security technologies in the “virtualized” world.
Specific topics include: understanding virtual machine technology in
light of security issues and threat models; advances in virtualization
technologies which improve your security posture; case studies of
organizations who have leveraged virtualization successfully; and
strategies for effective compliance in virtualized environments.

UTM Smackdown: Wading Through the Hype to Select the Best Solution – DEF203
On Wednesday, February 7th @ 10:40 AM in the Gold Room 305

With all the UTM choices available, how is an organization supposed to
pick the right solution? This no-holds barred panel assembles four UTM
CTO’s to debate hot buttons, such as the need for purpose-built
appliances, and the role of integrated management. This presentation
will also examine appropriate solutions for small and large enterprises.

Hope to see you there or at the Crossbeam Systems booth.

Chris

We’ve now established a regular schedule for the BeanSec! events; the third Wednesday of each month.
So you can mark your calendars now for December 20th at 567
Massachusetts Ave. Upstairs at the Enormous Room from 6-9pm.

For the uninitiated:

BeanSec! is an informal meetup of information security professionals and academics
in the Cambridge/Boston area. Unlike other meetings, you will not be
expected to pay dues, “join up”, present a zero-day exploit, or defend
your dissertation to attend.

The location is the Enormous Room (map) in Cambridge. 

— The BeanB0yz!

I’m almost finished with a concept brief on how I describe and liken Enterprise UTM security service layers to a model I define as a Security Service Oriented Architecture (SSOA.)

(Ed: If you like, you can read the brief here — it is a summary compilation of thoughts that forms the basis of several presentations.)

I’ll post the entire brief shortly, but here’s the abstract from the paper titled "Delivering Enterprise Risk Mitigation Utilizing a UTM Security Service Oriented Architecture":

The evolution of modern enterprise information architecture has driven tectonic shifts in how information is made available and consumed across constituent layers within the Enterprise ecosystem.  The paradigm itself has undergone fundamental changes as the delivery mechanism and application model has transitioned from Client/Server to Internet/Web-based and now loosely-coupled componentized Service Oriented Architectures (SOA.)   

SOA provides for transformational methods of producing, accessing and consuming information across a delivery “platform” (the network) and provides quantifiable benefits across multiple boundaries: the reduction of integration and management total cost of ownership (TCO), asset and resource modularity and reusability, business process agility and flexibility, and the overall reduction of business risk.

Enterprise information architects have responded to this paradigm change by adopting methodologies such as Extreme Programming (XP) which is designed to deliver on-demand software layers where and when they are needed.   XP enables and empowers developers and information architects to rapidly respond to changing business requirements across the entire life cycle.  This methodology emphasizes collaboration and a modular approach toward delivering best-of-breed solutions on-demand.

These highly dynamic, just-in-time solutions pose distribution, management, protection and scaling issues that static product-centric network and security paradigms cannot adapt to quickly enough; each new technology presents new architectural changes, new vulnerabilities and new attack surfaces against which threats must be evaluated.  Unfortunately, there is no analog to Extreme Programming in the security world.

The networks charged with the delivery of this information and the infrastructure tasked with its secure operation have failed to keep evolutionary pace, are still mostly rigid and inflexible and are unable to deliver given a misalignment of execution capabilities, methodologies and ideologies.

This brief will first demonstrate that pure network infrastructure is, and always will be, fundamentally and unfortunately at odds with the technology and services designed to protect the information that is transported across it.   

The brief will then introduce the concept of a Security Service Oriented Architecture (SSOA) that effectively addresses the network/security conflict. By using an Enterprise Unified Threat Management (UTM) system overlaid across traditional network technology it becomes possible to eliminate individual security appliance sprawl and provide best-of-breed security value with maximum coverage exactly where needed, when needed and at a cost that can be measured, allocated and applied to most appropriately manage risk.

I’ll be interested in your comments regarding the abstract as well as the entire brief once I link to it.

/Chris