[Dailydave] The new model of insecurity

Marty Roesch (maroesch) maroesch at cisco.com
Tue Apr 1 06:21:52 EDT 2014


Hi Dave,

Thanks for the reminder that I hadn't transitioned my membership to dailydave over to my Cisco account and the opportunity to significantly impact my career prospects with the company by responding to your message!

I'll leave your critique of my boss' and corporate CTO/CSO's presentation alone although I will point out that putting together and delivering an RSA keynote presentation is a particularly thankless task given the broad constituency that you're going to end up addressing in such a presentation.  I think it's safe to say that Venn diagram of people on this list and people they were trying to reach in the RSA audience maybe doesn't have a lot of overlap.

Regardless, there are a few points that I'll address more directly.

Issue one: wouldn't it be easier if everyone just bought everything from Cisco?  I think that would be a rational argument to make if all the Cisco products worked together seamlessly, provided "high fidelity capabilities" (i.e. more effective than competitors) and could leverage each other effectively.  I don't think that's where our products are at today across the board but we do recognize that it doesn't do anyone a favor to sell you all the stuff we build if that's not the place we're headed.

As a high level goal that *is* the place we're headed - in a perfect world everything we offer would be the best in the world at a component level and when they are brought together they could leverage each other's capabilities to give people a particularly effective security infrastructure to build their operational model/capabilities around.  If we do our jobs well, a more effective infrastructure than they can get anywhere else.  That way we have the ability to sell to people who just need a component as well as the unusual case where someone actually wants it all.

The integration of our AMP technology across the existing Cisco content security gateway products is a good leading indicator that we're heading down this path, it's not purely aspirational.  AMP works well stand-alone but it works even better when you have more points of presence on more of our products that support it.

Issue two: OpenAppID.  It's an open source application control module that plugs into Snort, it can identify and control apps like the capability you'd typically see in a NGFW.  As you'd expect in Snort there are two pieces, the engine and the content.  The engine is GPLv2 and the content that we've shipped is under the same sort of license we use with VRT rules.  You can write your own AppID's and you can write Snort rules that are application specific as well as being able to allow/block specific applications on the wire when we're operating inline.

Since it's all built on Snort it can go all the places that Snort can go and it's the same technology we're using in the commercial product offerings as well.  If you need to get into SSL streams we have gear that can do that but Snort doesn't have that capability built-in.

Hopefully that clears a few things up and everyone on the list who works for competitors hasn't suffered eye strain from rolling their eyes, I tried to keep this as factual and non-marketing as possible even though this is a critique of our messaging that's at issue here.

Marty


On Mar 31, 2014, at 5:54 PM, "Dave Aitel" <dave at immunityinc.com<mailto:dave at immunityinc.com>> wrote:

http://www.rsaconference.com/videos/126/the-new-model-of-security

Cisco's keynote starts with the traditional eyeball gouging "humorous" video making fun of how it's hard to get different security solutions to work together. Wouldn't it be easier if everyone just bought everything from Cisco? I'm sure it would! The video ends with all the actors cursing at the audience, which is telling, and then Christopher Young apologizing for the video, like it's the first time he's ever seen it and he's sorry for subjecting the audience to the cursing parts of it, or, you know, any of the "jokes".

After that it is a painful sit-down between Christopher Young (SVP of Cisco's Security Business Group) and Padmasree Warrior (CTO/Chief Strategy Officer of Cisco). Why do companies do these sit-down style keynotes? It's like someone did a study on the most unlikely way to capture an audience's attention, and then implemented it as relentlessly as a Chinese SSHD password brute forcer.

At one point Padma says "I'm not a security expert and you are, which is why I hired you". The Chief Strategy Officer of Cisco is not a security expert?! Lovely.

These things are scripted to sound unscripted, but instead they sound like horribly written scripts delivered by people who hate what they are saying. That, or there was some sort of contest on the least funny way to say "Internet of Things" eighty times in 24 minutes - and let me tell you, they *found* it.

Open APP ID<http://www.drchaos.com/open-app-id-cisco-commits-to-open-source-and-application-identification/> gets announced to no applause whatsoever. "The policy can be dynamic. We need a community working on that. " Or in other words, "Please somebody do our work for us so we can catch up to whoever the market leader is in this space". Marty might have to explain this to us all in better terms on the list here, cause Padma and Christopher chew their explanation up like a three year old eating a Lima bean and Brussels sprouts salad. They want to build controls for applications except the mobile systems they want to control are not under enterprise control at all (they "assume the devices are untrusted"), and the network traffic will be encrypted. So how are they controlling things again?

In the end, these people got on stage to demonstrate that they have a muddled thought process and no clear vision for the future. Look, after watching this you can't help but feel sorry for everyone involved in the production of this keynote, and the entire marketing team the CEO of Cisco fired after watching it on YouTube. I'd worry if I was either Padma or Christopher as well because they've clearly lost sight of both the forest and trees, if this keynote is anything to go by.

-dave





_______________________________________________
Dailydave mailing list
Dailydave at lists.immunityinc.com<mailto:Dailydave at lists.immunityinc.com>
https://lists.immunityinc.com/mailman/listinfo/dailydave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140401/aa29dcb5/attachment-0001.html>


More information about the Dailydave mailing list