I’m just back from nearly four full days at the Gartner Risk
and Security Summit held at the National Harbor in MD. This is one of my
favorite conferences. There’s SO much activity. If you don’t like the
presentation you’re in, go next door. Chances are you’ll like that one! Besides
coming home with the ‘conference crud’, this was a great week.
Gartner was terrific for me, and for Red Sky. For me
personally it meant reconnecting many of the connections lost during my last
couple of years working for the government. It’s easy to do, and I
(inadvertently) let them go. For Red Sky
however, it was a very different story.
On my second day I sat in on an earlier session by Dan Blum. Dan was
talking about information sharing. Much of his talk was really on ‘security
intelligence’, or in my lexicon, aggregation of loads of data, but maybe not
actionable knowledge. I was just about
ready to bail when he brought up the next slide and said he’d heard about a new
group called the ‘Red Sky Alliance’ and it sounded promising.
I raised my hand and told him that I was the COO. There were
several questions, and after the meeting I presented and demo’d to him and
three others at a huddle table in the hotel.
I ran the presentation over my blackberry, but the slowness of my
connection didn’t seem to bother them at all. They got it; and best of all, I
think they loved it. Long story short? Seven new companies will be mailed our
membership package this week. I fully expect all seven will come into the portal
(I’ve already received confirmation from one!).
Why? The model produces actionable results.
·
This week we issued our newest Fusion Report. It is
number 12. FR12-012 talks about another domain in the dynamic DNS category, but
calls out more unique indicators of how to track, and mitigate the activity.
This fusion report seems to have created a bit of a following inside the
portal, as several companies’ contributing analysts have commented on how well
done the reporting is, and have offered other pieces of information that might
be added (we’re all about crowd-sourcing!).
·
We’re tracking a new piece of code suspected of
utilizing an 0-day. If true, it’ll be third we’ve identified.
·
We’ve got a couple of new threads going. One is
a new group (at least for me); I don’t recall ever seeing this on in my past
lives. Regardless, a member who has been tracking it for a few months, sent it
in, and it is now a popular topic.
·
Our Associate Members from Kyrus, LookingGlass, and
Norman are cranking up the analytic volume. This week we opened vendors to previously
restricted analytic areas of the portal. For the last several weeks, members
have been asking them for analysis, and they’ve come through nicely. I’ve
talked with the vendors and they agree—no selling in the portal, but I can’t
think of a better way to demonstrate capabilities to a high quality companies
than actually doing real work for them! On top of that, they’re peer reviewing
nicely and getting feedback on their work! Nice!
·
Last? Our blog is about to click past 10,000
hits since March! Wow!
So it’s been another GREAT week in the Red Sky Alliance! I
know you’re probably tired of reading that, but the boards are on fire. Analysts
are talking. New members (GREAT new members) want to come in. And, we’re being
asked to speak to companies and their boards about how great companies operate
with the threat of targeted attacks and APT. We have people in St. Louis,
Baltimore/Washington, and New England. We’re happy to schedule time to help.
Until next time, have a great weekend.
Jeff
