Friday, June 15, 2012

Red Sky Weekly Wrap-up

I’m just back from nearly four full days at the Gartner Risk and Security Summit held at the National Harbor in MD. This is one of my favorite conferences. There’s SO much activity. If you don’t like the presentation you’re in, go next door. Chances are you’ll like that one! Besides coming home with the ‘conference crud’, this was a great week.
Gartner was terrific for me, and for Red Sky. For me personally it meant reconnecting many of the connections lost during my last couple of years working for the government. It’s easy to do, and I (inadvertently) let them go.  For Red Sky however, it was a very different story.  On my second day I sat in on an earlier session by Dan Blum. Dan was talking about information sharing. Much of his talk was really on ‘security intelligence’, or in my lexicon, aggregation of loads of data, but maybe not actionable knowledge.  I was just about ready to bail when he brought up the next slide and said he’d heard about a new group called the ‘Red Sky Alliance’ and it sounded promising.

I raised my hand and told him that I was the COO. There were several questions, and after the meeting I presented and demo’d to him and three others at a huddle table in the hotel.  I ran the presentation over my blackberry, but the slowness of my connection didn’t seem to bother them at all. They got it; and best of all, I think they loved it. Long story short? Seven new companies will be mailed our membership package this week. I fully expect all seven will come into the portal (I’ve already received confirmation from one!).
Why? The model produces actionable results.
·       This week we issued our newest Fusion Report. It is number 12. FR12-012 talks about another domain in the dynamic DNS category, but calls out more unique indicators of how to track, and mitigate the activity. This fusion report seems to have created a bit of a following inside the portal, as several companies’ contributing analysts have commented on how well done the reporting is, and have offered other pieces of information that might be added (we’re all about crowd-sourcing!).
·      We’re tracking a new piece of code suspected of utilizing an 0-day. If true, it’ll be third we’ve identified.
·      We’ve got a couple of new threads going. One is a new group (at least for me); I don’t recall ever seeing this on in my past lives. Regardless, a member who has been tracking it for a few months, sent it in, and it is now a popular topic.
·      Our Associate Members from Kyrus, LookingGlass, and Norman are cranking up the analytic volume. This week we opened vendors to previously restricted analytic areas of the portal. For the last several weeks, members have been asking them for analysis, and they’ve come through nicely. I’ve talked with the vendors and they agree—no selling in the portal, but I can’t think of a better way to demonstrate capabilities to a high quality companies than actually doing real work for them! On top of that, they’re peer reviewing nicely and getting feedback on their work! Nice!
·      Last? Our blog is about to click past 10,000 hits since March! Wow!
So it’s been another GREAT week in the Red Sky Alliance! I know you’re probably tired of reading that, but the boards are on fire. Analysts are talking. New members (GREAT new members) want to come in. And, we’re being asked to speak to companies and their boards about how great companies operate with the threat of targeted attacks and APT.  We have people in St. Louis, Baltimore/Washington, and New England. We’re happy to schedule time to help.  
Until next time, have a great weekend.
Jeff