Friday, April 12, 2013

A few things to consider before you buy the next hot commodity.

With Jeff on the road making his way up the east coast in yet another wet and soggy commute, I’ve been handed the digital pen for this week’s blog.  

This week, I was having a beer with a couple of colleagues and the discussion turned to the “commoditization” of security.  We all know that security is one of the hottest market spaces on the planet.  Security firms are selling firewalls and IDS/IPS boxes at a breakneck pace to keep up with the growing security threats and to be fair, the demands for these solutions are growing as well.  But what happens when the supply outweighs the demand?  You look for new things to commoditize!

In my opinion, there is more demand for knowledge and expertise than there is for the next firewall.   In fact, I predict that by the end of 2013, the emerging hot commodity in security will be security related communities where people collaborate and share information in a trusted and secure environment.

You’re already seeing many of the big players and security vendors hanging communities off the solutions they are already providing – “Buy our Incident Response service and you have access to our community.”  This demand for communities is nothing new for us at Red Sky. We’ve been supplying this demand for well over a year and half now.  

What drives this demand?  It’s pretty simple.  The large companies have the incident response teams to deal with APT but don’t have enough actionable information to act upon and the small companies are lost somewhere between buying solutions, outsourcing functions, and an uneasy feeling that they are not seeing everything they should – that sinking feeling they’re missing something.  Sadly, they are.

Like any hot commodity, your inboxes will be inundated with offers to join such a community.  The costs can range from free, as a value add to an existing product, and be as high as many hundreds of thousands of dollars.  To help navigate your inbox, I wanted to share with you what I believe should be some of the important things you should consider when choosing which community you partner with:

  1. Do I trust this community? – You have to have TRUST with whom you are sharing your most sensitive vulnerability data. Do you know the identities of the other contributors?  If you don’t have trust that your information will remain private, you won’t use the community or get the most of your investment.
  2. Can I count on this community when I need them most? – In time of crisis, when your Incident Response Team is fully engaged, can you lean on someone for help?  Do you have a lifeline that will help you or find the resources that can?
  3. Is the information vetted? – Make sure the information you’re receiving form the community is vetted. If the information you’re receiving is invalid or inaccurate, you’re going to waste a lot of time going back fixing things you shouldn’t have to.
  4.  Is the community moderated? – Or is it a free for all? Moderation is important.  An un-moderated community is a time killer.  No one wants to sift through pages of chatter to get to actionable information.
  5. Is there any context to the information I’m receiving?  – Is the information you’re consuming in a context you understand?  No one wants to take action and not understand as to why the action being taken is important.
  6. Cost? – You get what you pay for.  If you opt for a no-cost community, you may not get quality information or too much data.  If you opt for the most expensive, you may see high turnover of membership or little return on investment.

These are just a few. There are several other things you should consider, but this is a good starting point.  We at Red Sky have a clear vision of how a security community should work and we’re continually improving on our strong foundation, growing our competencies, to sustain our leadership position before the big companies unleash their armies of salespeople!

Red Sky has built a highly trusted, cost effective, and content rich sharing environment to help solve the APT problem by putting together some of the most advance Incident Response Teams in the world.  If you’re looking for such a community and you’re asking yourself the question of how Red Sky can help you, please email me at