Tag: Security

  • Security Products, Rules, and Complexity

    Security Products, Rules, and Complexity

    Security products need to detect known knowns, so they build up a corpus of rule content. This corpus grows faster than it shrinks, if it’s maintained at all: new known bad is found at a rapid clip, while software is retired from use very slowly. There are two constraints on security products’ ability to use […]

  • Event Suppression Sucks

    Event Suppression Sucks

    I’ve always hated the concept of event suppression in security products. Let’s start with some definitions of suppression, and where better than product documentation? There’s two common reasons for this feature: The first: “I don’t want to see this thing in my console of actionable items because I don’t have the time, knowledge, perspective, or […]

  • What Should Go Into a CMDB

    What Should Go Into a CMDB

    It’s not every day that information technology work leads you into philosophy, but designing a configuration management database will do it. Spend a little while thinking about what is known or even knowable about the services you’re trying to provide and the entities that compose them, maybe you’ll end up asking “what does existence even […]

  • VMBlog Post on Decentralization

     linking to this piece I wrote for VMblog  Why Decentralized Work Calls for Decentralized Data

  • Two Types of Questioning

    Two Types of Questioning

     Answers to questions can easily fit into two flavors: operationalized and free-form. Classify the use cases: there’s the questions you know how to ask, and the questions you don’t know to ask yet. A question that you know how to ask is operationalized. You’re looking for yes, no, or broken, or perhaps a count. The […]

  • Data Value and Volume are Inversely Proportional

    Data Value and Volume are Inversely Proportional

    In 2006, Clive Humby coined the phrase “Data is the new oil”. This is often misinterpreted as “Data powers the economy”, particularly by folks who sell data processing and storage, but it’s useful to see what someone who actually uses data says. In 2013 Michael Palmer, of the Association of National Advertisers, expanded on Humby’s […]

  • Penny Wise Hardware

    Penny Wise Hardware

    Thesis: Organizations will continue to squeeze their highly paid people into the worst possible computing environments in order to block any accidental efficiency that might evolve in their organizations. Evidence to support that thesis: Of course the thesis is silly, no one really means to starve their organization. It just happens by accident, through shift […]

  • Proving a Negative

    Proving a Negative

    Proving a negative is a tautological impossibility right? That’s the security business. Prove that you haven’t been hacked. Of course, many vendors realize this is impossible. Fact is, it would require the customer to understand everything they do in total detail so they could call out what was bad behavior. Once again, impossible. What else […]

  • Consulting’s Bad Rap

    Consulting’s Bad Rap

    Naming no names… but there’s a type of management consulting shop with an unsavory reputation among middle managers and individual contributors. Let’s look at how the reputation is earned: by training to a model that produces failure as often as not, but always successfully deflects blame. It’s easy to find problems, and easy to sell […]

  • Know everything, then automate!

    Know everything, then automate!

    The concept of virtual patching has set me off on a small rant. If you’re not familiar, the concept is something like this: vulnerability scanners determine that PC42 in the CritStuff system has a nasty problem, but you can’t patch it for reasons. So instead, software magically figures out that exploiting this vulnerability requires access […]