Next to NAC (Network Access/Admission Control), DLP (Data Loss/Leakage Protection/Prevention) is the second most abused acronym in IT. You know there is a problem when there isn’t an agreed upon meaning to a simple TLA (Three Letter Acronym). It turns out the source of the confusion is technology. It’s the last thing you need for DLP; not the first.

Over the past few weeks I’ve discussed agility enablers such as virtualization and unified communications (UC). We find both technologies are also seen as green IT enablers: Virtualization reduces data center power/cooling demands through consolidation and UC facilitates virtual workers (reduced travel) through presence, collaboration, Web conferencing and telepresence. So, what about virtualized security and virtual security engineers?

This week I’m switching gears and writing about unified messaging (UM); another agility enabler. Specifically, how UM raises significant e-discovery challenges.

Last week I mentioned the lack of adoption Nemertes sees for virtualization security (VirtSec); despite a rapidly growing list of vendors. The main explanation we hear from companies we work with is, “We don’t monitor inter-server traffic on physical servers, why should we monitor inter-virtual-server traffic?” So, this got me thinking about a case where the opposite is true: Where VirtSec is required to match the existing controls on the physical network.

I just recently wrote an issue paper on the adventures of dealing with e-discovery and the impact of the amended Federal Rules of Civil Procedure (FRCP). The FRCP defines the rules of engagement for litigants in civil cases and as of last year the rules have been amended to extend the definition of discovery to include any electronically stored information (ESI). Much of ESI discovery is focused on either finding the smoking gun email ("you want to do what with me? To keep my job?") or

Everyone’s going Green. Come-on now, get on the Green Train! Data Centers are going Green. Mobility is now a Green enabler; so is UCC; so is virtualization. It’s fitting that there is so much focus on Green in IT. After all, Mr. Green Jeans himself, Al Gore, has always been a friend to IT; he even invented the Internet ;-). Seriously, all this talk of Green makes me see red.

Last month I listened to a briefing from Verizon Business (NYSE:VZ) where Dr. Peter Tippett and A. Bryan Sartin talked about their recent report on data breach analysis. Verizon analyzed over 500 forensic analyses of breaches from the past four years. We all know that 10’s of millions of records containing personally identifiable information (PII) have been breached in the past four years.

My dad just got new hearing aids. They are very cool with the ability to change the sensitivity based on the situation. For example, in a restaurant there is one setting that will cut out low and high frequency noise and amplify the frequency range associated with human voice. There is another setting for a quiet room where all frequencies are amplified with equal volume. There are a few other settings and of course there’s the setting associated with not listening to me

Two of my favorite movies are Crimson Tide and The Hunt for Red October. OK, so I’ve just aged myself…. But, I’m intrigued by sonar and how it’s used. There is the active sonar that sends out pings that generate that classic submarine sound: PINGggggggg! In IT terms, this is just like using Nessus to actively scan a FW, looking for open ports and possible vulnerabilities: ping!

The challenge for rules-based systems is that humans inject so much variability that determinism itself is suspect. In fact, one can argue that determinism is inversely related to the level of human involvement: the more we muck with things, the less deterministic the outcomes.

My last posts were related to Grissom and the adventures of an IT CSI. An interesting aspect of being an IT CSI is that you’re always forced to reconstruct the crime scene based on clues. In some cases, it’s a slam dunk - gun in hand; GSR on hand; bullet through the head; and, no apparent means of entry: suicide.

OK, the last post was on the need for an IT CSI flashlight. In this post, we look more closely on how this IT flashlight might work. This flashlight needs to provide the IT sleuth with three things: focus, relationship and intensity. First, focus: what is the equivalent of scanning the room and quickly zeroing in on the body-part splatter on the wall?

Recently, my wife and I traveled from Virginia to Arizona in a winter migration to get away from the snow, cold and dampness of the DC area. Each night we’d camp in RV parks and for some strange reason the only show on TV was some variant of CSI. Well, it was either CSI or the local bible channel and being the sinners that we are, we always opted for CSI.