Welcome to Minute with Maiffret, a quick mind-read on Marc Maiffret, eEye CTO and one of the industry's most trusted sources for IT security info.
12.7.2010 - Retina CS 2.0 Has Arrived!
Retina CS 2.0 is here! We’ve worked hard, invested heavily and brought to market the most advanced vulnerability management solution available. As a technologist, I hate buzzwords as much as the next person does but in some cases — for the sake of an accurate description — they just cannot be avoided. You simply cannot describe what Retina CS 2.0 does without using phrases and words such as end-to-end, integrated and centralized. After all, that is exactly what Retina CS 2.0 provides: the ability to automate, centralize and integrate all of your critical vulnerability management functions one location. For a more in-depth look at what’s new check out: www.eeye.com
To keep updated on our latest research and free tools, follow eEye on Twitter, Facebook, LinkedIn, or at our Security In-Focus Blog.
12.6.2010 - Investments Paying Off
About a year ago, our CEO Kevin Hickey and the executive team started making investments in our R&D teams in order to re-invigorate our strong tradition of providing valuable information to the IT security community. When I returned to eEye as CTO in July, one of my goals was to help lead these efforts. I can now say with utmost confidence that those investments are paying off. We have already been feeding the IT security community information on the latest Zero-Day vulnerabilities through our Zero-Day Tracker, in the near future we will be releasing another free Zero-Day scanning tool, our Vulnerability Experts Forum (VEF) is going gangbusters, and we will soon be providing some significant, research-driven discoveries to the market.
To keep updated on our latest research and free tools, follow eEye on Twitter, Facebook, LinkedIn, or at our Security In-Focus Blog.
12.3.2010 - The Tech of TRON: When Art Imitates Life … but Makes it a Little More Dramatic
Disney and Hollywood have always wildly exaggerated depictions of hackers, but they have derived baseline story elements from real life. Hacking is exciting to hackers, but doesn’t always provide big screen-friendly visuals. No one really wants to watch a guy in front of a monitor with text flying at him for two hours, but dress up the process in black leather and all of the sudden everyone wants to watch Trinity using nmap. Most people don’t want to watch a hacker breaking through the next line of code in an application, but put him on an electrified motorcycle advancing through different levels and you can fill a theater. Most people don’t want to watch a hacker trying to password crack, but set him in front of a laptop in a trendy nightclub with John Travolta and … Well, you get the picture.
I have always been amazed at how Disney and Hollywood can use their magic and imagination to turn geeks into heroes, make the mundane exciting, and add drama to routine. This month, we will all have an opportunity to see if Disney can pull it off again in TRON: Legacy.
11.5.2010 - The Tech of TRON: When Technology Imitates Art
TRON Legacy will undoubtedly be the blockbuster film of the holiday season. Is there excitement over it? Try to find a DVD of the 1982 film and see what you'll pay for a new or used version.
When TRON debuted, IT security as a practice didn't even exist. As it turned out, Disney had an amazingly accurate vision of what the future of computing would hold, especially with regard to hacking. Towards the end of the film, Jeff Bridges' character Kevin Flynn plays a deadly game of Ultimate Frisbee, searching for a vulnerability in the security program. Remember this scene: click here and watch from the 12:30-minute mark forward. If hurling electrified disks at Master Control in an attempt to penetrate the system isn't an animated representation of hacking, I don't know what is.
On Dec. 17, it will be interesting to see Disney's vision of the future. But if you need to refresh your memory on their vision of the past, enter to win a DVD version of the original movie. That's right; we've got one. And want to give it to some lucky friend of eEye. Enter to win a TRON DVD.
10.11.2010 - The Forrester Zero Trust Model for Information Security is doing a great job at driving awareness on a topic that many in IT security have been talking about for years, which is that while the perimeter may be hard and crunchy, the center remains soft and chewy. It reminds me once again that those of us in the solutions industry have got to work towards giving enterprise IT professionals tactical and strategic recommendations that go beyond candy-coated analogies...
You would think the idea of not trusting anything by default would improve security, but we have seen too many times examples where that is not the case. As far as the trade off on how cumbersome and complex Zero Trust will make security ... to offer another analogy — don't expect to see this coming to a theater near you very soon.
10.7.2010 - Stuxnet has gone viral in not only the computing world but also in the world of social media. Search #stuxnet on Twitter and you will see tweets such as:"Is that a #stuxnet in your pocket or are you just happy to see me?"
Stuxnet - if you are not already familiar with it - was the attack that has plagued various critical infrastructure systems, particularly those in Iran. While this attack gets us closer to having some "James Bond" style references for computer breaches, it is also another distraction in a long line of distractions from what matters to day-to-day IT employees working to protect their organizations.
Cyber terrorism and espionage are not looming around the corner for the average IT environment. While Stuxnet is interesting, it should not be your primary concern. If your security vendor is telling you, "Stuxnet is scary. Buy our new security widget so you're not Stuxnet'd," then you should probably tell that security vendor to "go pound sand."