The security market has been heating up. With the acquisition of McAfee by Intel Corp for $7.68 billion and ArcSight by Hewlett-Packard for $1.5 billion. Now its time to start looking for new startups. Two companies have caught my eye as they focus on two areas ripe for new ventures– security management and on-demand. identity [...]
Archive for the ‘Security’ category
Two Security Startups To Keep An Eye On
February 8, 2011At the RSA Conference 2011
February 3, 2011Its that time of the year again when all the security vendors are packing their bags and preparing to mob San Francisco’s Moscone Center. I’ve had a set of interesting experiences at RSA – As a graduate student I’ve met brilliant cryptographers; been offered jobs; as a speaker faced a tough crowd and schmoozed by [...]
Secure your Facebook password
January 28, 2011Ok. I’m going to make an exception from my general rule of focusing on deep analysis and not providing technology–specific security how-to’s. Some of my friends and family could definitely benefit from securing their Facebook accounts. The Change: Facebook is rolling out new security features over the next few weeks that will allow you to [...]
Advanced Persistent Threat (APT): Real or just hype?
January 11, 2011Put four CSOs together and sooner or later they’ll start talking about Advanced Persistent Threat (APT). Now imagine the conversation with 20 CSOs together. I recently hosted a session at a security event at Microsoft and the two dozen security executives started discussing APT. Each of them had a different description of APT’s and opinions [...]
Shrinking Budgets: Application Security Tools vs Process Tradeoff
May 10, 2010An all too familiar scene repeated itself two weeks ago. My good friend & CISO of a mid-sized technology company, lets call him Alok, went into a budget planning meeting and came out as a shadow of his former self. To be more precise a 85% version of the Alok that I know. He had just been handed a 15% reduction in budget.
The McAfee Way: Don’t follow it!!
April 25, 2010The chronicles of McAfee’s shoddy security updates have been well chronicled. If you haven’t been following this, let me summarize the situation for you. McAfee sent out a security update that led millions of uninfected machines to think they were infected leading McAfee to commit hara-kiri on themselves. Clearly, this did not make any of [...]
RIP: Jack Louis passes on
March 19, 2009Jack Louis of Outpost24 passed away on Sunday as a result of a house fire in Sweden. He was known for the security scan tool Unicornscan. Some of you may remember him from Sockstress, a vulnerability that can trigger denial of service on any system listens for remote connections using TCP. Jack and my paths [...]
Response to InfoSec X Prize Part 1
March 4, 2009So I’ve been quite amazed by the amount of discussion and feedback i have received from colleagues and peers on my original post on creating fundamental change through competition. I will be posting some of the written replies that I received and which people have kindly consented to having me post. Here is a response [...]
Baking Security In: A Comic Strip View of SDL
February 19, 2009So how do you take your average developer who scoffs at security from the careless and brash aka Kevin, to the poster child for good development practices aka Kevlarr. Well, the Microsoft SDL team has the answer for you. The team recently started publishing a series of web comics detailing the travails of the dev [...]
Microsoft IT Solutions: Full Drive Encryption using BitLocker
February 7, 2009One of the challenges that I have been focusing my team on this fiscal year has been creating new solutions that leverage the learning that Microsoft IT has had in deploying technology or solving problems. Microsoft IT generally has to deploy new technologies from Microsoft several months before they are generally available for general release [...]
