Re: The new model of insecurity

["Marty Roesch (maroesch)" <maroesch () cisco com>]

Hi Dave,

Thanks for the reminder that I hadn't transitioned my membership to dailydave over to my Cisco account and the 
opportunity to significantly impact my career prospects with the company by responding to your message!

I'll leave your critique of my boss' and corporate CTO/CSO's presentation alone although I will point out that putting 
together and delivering an RSA keynote presentation is a particularly thankless task given the broad constituency that 
you're going to end up addressing in such a presentation.  I think it's safe to say that Venn diagram of people on this 
list and people they were trying to reach in the RSA audience maybe doesn't have a lot of overlap.

Regardless, there are a few points that I'll address more directly.

Issue one: wouldn't it be easier if everyone just bought everything from Cisco?  I think that would be a rational 
argument to make if all the Cisco products worked together seamlessly, provided "high fidelity capabilities" (i.e. more 
effective than competitors) and could leverage each other effectively.  I don't think that's where our products are at 
today across the board but we do recognize that it doesn't do anyone a favor to sell you all the stuff we build if 
that's not the place we're headed.

As a high level goal that *is* the place we're headed - in a perfect world everything we offer would be the best in the 
world at a component level and when they are brought together they could leverage each other's capabilities to give 
people a particularly effective security infrastructure to build their operational model/capabilities around.  If we do 
our jobs well, a more effective infrastructure than they can get anywhere else.  That way we have the ability to sell 
to people who just need a component as well as the unusual case where someone actually wants it all.

The integration of our AMP technology across the existing Cisco content security gateway products is a good leading 
indicator that we're heading down this path, it's not purely aspirational.  AMP works well stand-alone but it works 
even better when you have more points of presence on more of our products that support it.

Issue two: OpenAppID.  It's an open source application control module that plugs into Snort, it can identify and 
control apps like the capability you'd typically see in a NGFW.  As you'd expect in Snort there are two pieces, the 
engine and the content.  The engine is GPLv2 and the content that we've shipped is under the same sort of license we 
use with VRT rules.  You can write your own AppID's and you can write Snort rules that are application specific as well 
as being able to allow/block specific applications on the wire when we're operating inline.

Since it's all built on Snort it can go all the places that Snort can go and it's the same technology we're using in 
the commercial product offerings as well.  If you need to get into SSL streams we have gear that can do that but Snort 
doesn't have that capability built-in.

Hopefully that clears a few things up and everyone on the list who works for competitors hasn't suffered eye strain 
from rolling their eyes, I tried to keep this as factual and non-marketing as possible even though this is a critique 
of our messaging that's at issue here.

Marty


On Mar 31, 2014, at 5:54 PM, "Dave Aitel" <dave () immunityinc com<mailto:dave () immunityinc com>> wrote:

http://www.rsaconference.com/videos/126/the-new-model-of-security

Cisco's keynote starts with the traditional eyeball gouging "humorous" video making fun of how it's hard to get 
different security solutions to work together. Wouldn't it be easier if everyone just bought everything from Cisco? I'm 
sure it would! The video ends with all the actors cursing at the audience, which is telling, and then Christopher Young 
apologizing for the video, like it's the first time he's ever seen it and he's sorry for subjecting the audience to the 
cursing parts of it, or, you know, any of the "jokes".

After that it is a painful sit-down between Christopher Young (SVP of Cisco's Security Business Group) and Padmasree 
Warrior (CTO/Chief Strategy Officer of Cisco). Why do companies do these sit-down style keynotes? It's like someone did 
a study on the most unlikely way to capture an audience's attention, and then implemented it as relentlessly as a 
Chinese SSHD password brute forcer.

At one point Padma says "I'm not a security expert and you are, which is why I hired you". The Chief Strategy Officer 
of Cisco is not a security expert?! Lovely.

These things are scripted to sound unscripted, but instead they sound like horribly written scripts delivered by people 
who hate what they are saying. That, or there was some sort of contest on the least funny way to say "Internet of 
Things" eighty times in 24 minutes - and let me tell you, they *found* it.

Open APP ID<http://www.drchaos.com/open-app-id-cisco-commits-to-open-source-and-application-identification/> gets 
announced to no applause whatsoever. "The policy can be dynamic. We need a community working on that. " Or in other 
words, "Please somebody do our work for us so we can catch up to whoever the market leader is in this space". Marty 
might have to explain this to us all in better terms on the list here, cause Padma and Christopher chew their 
explanation up like a three year old eating a Lima bean and Brussels sprouts salad. They want to build controls for 
applications except the mobile systems they want to control are not under enterprise control at all (they "assume the 
devices are untrusted"), and the network traffic will be encrypted. So how are they controlling things again?

In the end, these people got on stage to demonstrate that they have a muddled thought process and no clear vision for 
the future. Look, after watching this you can't help but feel sorry for everyone involved in the production of this 
keynote, and the entire marketing team the CEO of Cisco fired after watching it on YouTube. I'd worry if I was either 
Padma or Christopher as well because they've clearly lost sight of both the forest and trees, if this keynote is 
anything to go by.

-dave





_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com<mailto:Dailydave () lists immunityinc com>
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave