Archive for January, 2011

My Thoughts on Security Scoreboard

January 25th, 2011 1 comment

There’s been a lot of buzz in the last few weeks about Security Scoreboard, a site I have volunteered to work with as it goes through a bit of an evolution. Several others have blogged about it, including Anton Chuvakin and Lenny Zeltser. A little context for me, since a number of people have asked me how I got involved, why I got involved, and what’s going on.

First, I got involved since Anton is a friend of mine and sits on the Advisory Board for SS. He was speaking with Dominique Levin, who was just appointed CEO of the site as it gets new funding and a new plan (more on that). Dominique called me to discuss, since Anton recommended me, and I knew Dominique from her LogLogic days. Long story short…she convinced me. What do I see in it? Well, I think it’s needed. The security space is so incredibly cynical and biased against vendors, and we need some good general peer commentary on products we’re using or considering. Amazing – we LOVE to hear ourselves talk in security. But we don’t really share a lot of useful tactical info with each other. I’ve ranted on this before, and won’t go there again in this post, but I think we need more “what’s working for me” conversations with each other.

I’ll be maintaining a few of the categories for the site. Virtualization security, vulnerability management, etc. Things I have deep knowledge and experience in, obviously – and that’s the point. I believe Dominique is assembling a solid team of folks who want to help, have domain expertise, and can contribute to shaping the site as it grows and evolves. Which leads to the next point – where’s it going? Well, to some extent, the mission really is the same. Provide information to the community about vendors and their products, with the intent being for the reviews to be FROM the community, not the vendors, their competitors, or professional reviewers of some sort. To that end, we’ve got out work cut out for us. The most common question I get is, “How will you vet the comments?”. Good question, and I don’t have the definitive, end-all answer to that yet. We’ll need some sort of workable moderation, for sure. To ensure credibility and trustworthiness, people have to be able to trust the site and its content. I’ll keep everyone posted, as I can, about what is happening and how things are coming along, as well as opportunities for you to contribute if you’re interested. I know the site will have lots of updates and info, as well, so check there, too. I’m looking forward to the site’s changes and growth with Dominique at the helm, and so should you.

Categories: Information Security Tags:

Log Management…and Beyond

January 20th, 2011 Comments off

Log management is one of those topics that is hard to make “sexy” or exciting. Logs are, after all, well…logs. However, I think the log management industry has reached a point of maturity where we can all say with some confidence that collecting logs and analyzing them SOMEHOW is a best practice of sorts. Whether to “check the box” (yuck) or truly try to get some value from them, we’re all doing more log capture, retention, and analysis than ever before. For what it’s worth, I think log management is actually one of those areas in security/compliance that easily crosses over into IT operations, and ultimately provides benefits to IT Ops and Security simultaneously (or can). Can we detect changes or events with logs? Possibly, thus providing another element of intrusion detection or incident response. Can logs help in troubleshooting and tuning the environment/infrastructure? Yes, in many cases. Logs can also have real business value – what are people using technology for, and how? What kinds of activities are going on, and how can organizations iteratively refine their IT operations (whether for customers, partners, or employees) over time? Logs can be useful here. So I’m a fan of logs. The caveat, of course, being that you have to DO something with the data you’re collecting.

Every year, I help coordinate and contribute to the SANS Log Management Survey. Sponsored by a number of log management vendors, the survey asks a lot of questions about how people are using their log data. What types of solutions do you have, commercial or homegrown? How much data are you gathering, and why? What are the most practical uses of log data in your environment? This is good data to know, for the industry and practitioners alike. Vendors can learn what people really want, and what people are disenchanted with as well. Practitioners can learn how others are using logs, and gather useful information for making business cases about log management operations and products/solutions. To be effective, the survey needs input! If you have any involvement with log management in your organization, please consider taking the survey – it’ll only take 5-10 minutes max, promise.

You can access the survey here:

Categories: Information Security Tags:

Joining the ISD Podcast Crew

January 11th, 2011 Comments off

Yo, yo ,yo, and happy 2011 to everyone! This is really not a full-featured blog post, just a quick update to let everyone know that I’ll be joining the Information Security Daily (ISD) Podcast crew on Monday nights from here on out (as schedules allow, of course). I was feeling a little left out of this whole podcast thing, so these guys were kind enough to let me join in on their daily ranting. Should be a hell of a good time, and I look forward to chatting with some of you on the show!

Site: ISD Podcast

Categories: Musings Tags: