CSI Show BlogReport

Like any self-respecting New Yorker, I'm still recovering from the Massacre of Nov. 2. My Manhattan neighbors chose regime change nearly 9 to 1, so at least I've had plenty of shoulders to cry on--that is, until my employer sent me to the epicenter of presidential politics, Washington, D.C., for the Computer Security Institute conference this week. Sure, the District of Columbia is mourning the loss on the same scale that the Big Apple is, but I would have preferred to experience all the stages of loss before confronting live images of the White House and the Capitol dome.

Ah, well. I'll have to distract myself with discussions of vulnerability assessment, policy management, configuration management, anomaly detection and, perhaps most important, regulatory compliance.

The day started with a keynote address by Frank Abagnale, the onetime con artist and check forger immortalized by Steven Spielberg and Leonardo DiCaprio in the 2002 film, "Catch Me If You Can." His stories elaborated on many incidents depicted in the movie--how he learned all that aviation and medical jargon so he could pass for a pilot and a doctor, how he filled out a stack of blank deposit slips with his account number and placed them back on the pile so that unsuspecting account holders would mistakenly deposit their hard-earned money into his account, and how he dropped 90 pounds during a grueling four-year stay in federal prison.

Abagnale was paroled in the early 1970s on the condition that he serve out the rest of his sentence in service to the FBI. Some 30 years later, he still teaches at the FBI academy and doesn't get paid. "I'm paying back a debt that I owe," he says. He has also done paid consulting work for all of the 50 largest banks as well as for Novell, Computer Associates, Unisys and other tech companies.

The movie glamorized his juvenile delinquency, Abagnale says. This time in his life was far from glamorous. He says he ran away because he didn't know how to deal with his parents' divorce, and he spent those years hanging out with strangers 20 years his senior and crying his lonely self to sleep at night. He works voluntarily for the FBI all these years later because, he says, he's grateful for the second chance the bureau gave him. Without that chance he wouldn't have met his wife of three decades, and he wouldn't have three boys, one of whom recently became a lawyer while the other two are attending college.

What all this has to do with enterprise security, I'm not sure, but it was a touching and entertaining keynote just the same.

A short time later I met with Gerhard Eschelbeck, the chief technology officer for Qualys Inc., a provider of vulnerability assessment services. The vendor took its first step toward integrated reporting with a new trouble-ticketing module for the vendor's flagship QualysGuard product that funnels vulnerability information into Remedy's help-desk software. A set of XML APIs will make it possible to integrate that same vulnerability data into a variety of intrusion prevention and security information management products after the release of QualysGuard 3.4 this winter, Eschelbeck says. Version 3.4 will also include "trusted scanning" for Unix systems, allowing for scanning down to the PC level without having to run agents on every desktop and server, he says.

Next I sat down with Dmitry Shapiro, chief technology officer for Akonix Systems Inc., a developer of security, logging and auditing software for enterprise instant messaging systems. The company's L7 (Layer 7) Enterprise product provides IM management and a secure proxy server for IM, and it integrates with all the major public and private IM services. It includes policy enforcement, content filtering, logging, archiving and auditing. The company's Enforcer product prevents technical users from circumventing the controls at Layer 7 by policing other ports for traffic that looks like instant messaging. Such software could help an IT organization stop employees from using the Web versions of AOL Instant Messenger and other IM products. Enforcer can also be used to shut down peer-to-peer traffic. Version 4.0 adds support for eDonkey, which has surpassed Morpheus and Kazaa to become the biggest swapper of songs and movies.

Perhaps the most interesting part of our discussion was Shapiro's contention that IM traffic will soon subsume email traffic. To his mind, IM is to the telephone what email is to voicemail. That is, when IM grows up our first inclination will be to try to track down colleagues or friends on IM before leaving them a message to read later. All IM needs is integration among all the major network providers along with better presence awareness, and email will, like voicemail, become a secondary medium for communication, he says, citing various analyst reports agreeing with him.

I heard next from the folks at BigFix Inc., a maker of security configuration management software. Gregory Toto, the company's VP for product management, emphasized the real-time nature of the company's flagship BigFix Enterprise Suite, which is now on its fifth rev. The product can perform a real-time inventory of systems and software and provide instant reporting, a necessity in this age of increasing regulation, Toto says. "Knowing what you have is the firs step toward compliance," he says. The package also includes modules for mobile and remote system configuration, patch management, antivirus and personal firewall management, and vulnerability management. Along with Qualys, BigFix is emphasizing its ability to serve up relevant reports to business-line managers and executives, who increasingly are accountable to customers and government regulators for the security of their systems.

Lancope Inc., maker of network behavior anomaly detection (NBAD) software, used the CSI show to introduce StealthWatch XE (eXtended Enterprise), a component of the vendor's StealthWatch System 4.2 NBAD product. The module collects NetFlow data found in Cisco, Juniper and other routers and sends the information to the StealthWatch System software for analysis. Among other things, StealthWatch XE makes it possible to perform such inspections without having to deploy a StealthWatch System appliance inline between every switch and router.

The finale was Breach Security Inc., a little San Diego startup that specializes in application security. Its BreachGate appliances include Sitegrity, for serving up authenticated content; BreachView SSL, a plug-in decryption module that makes it possible to inspect SSL traffic; and Detect, which protects dynamic content originating in databases.

Products like BreachGate represent the next generation of application protection, says company CEO John Payne. "We look not only at what goes into the application but also what comes out of the application," he says. Such an approach limits the risk and exposure for companies that must comply with strict disclosure regulations, he says.