SIEM (or SEM or SIM) vendors surely cringe when they read articles like yesterday’s NYT piece called We Have Met the Enemy and He Is PowerPoint

PowerPoint makes us stupid, Gen. James N. Mattis of the Marine Corps, the Joint Forces commander, said this month at a military conference in North Carolina. (He spoke without PowerPoint.) Brig. Gen. H. R. McMaster, who banned PowerPoint presentations when he led the successful effort to secure the northern Iraqi city of Tal Afar in 2005, followed up at the same conference by likening PowerPoint to an internal threat.

It’s dangerous because it can create the illusion of understanding and the illusion of control, General McMaster said in a telephone interview afterward. Some problems in the world are not bullet-izable.

Ouch. Although true, McMaster has himself just boiled down the problem into a bullet-ized sound bite. Hypocritical? No, the difference really is in quality versus quantity. Illustration is essential when done properly. Tufte has made this very point for many years in his books:

Keep this in mind the next time you are asked by a vendor to look at a dashboard or a report, especially for a product that includes the word management in its title (e.g. SIEM, SEM, SIM).

Does a management or presentation tool really save time or clearly illustrate the point(s) you need to know?

The best way to find out is to perform some simple tests. Prop open a door and then ask to see the alarm on the system. Run a scan, not even a stealthy one, and ask to see the alarm on the system.

Dark Reading has posted an interview with Ponemon regarding the latest Breach notification study. The study claims Costs Of Data Breaches Much Higher In U.S. Than In Other Countries

“A big reason for [the high cost of churn in the U.S.] is that U.S. companies are required to notify customers of their breaches, even if they only suspect that the customers’ records might be affected,” Ponemon says. “That sort of notification doesn’t happen anywhere else in the world.”

This is not accurate. There are at least twenty four countries in the world with breach notification requirements that involve suspected loss, as I explain in my presentations on breaches.

The UK, for example, requires public entities to disclose a breach after media is lost or missing. This is the reason you will find reports about them in the news. Commercial entities are less regulated, but it is not accurate to say notification doesn’t happen anywhere else in the world.

The Money Stop gives a good example from last month:

The HMRC office that has been involved in the latest breach is the same one that lost the details of 25 million people on discs back in 2007, raising a major alert over identity theft and security.

Why would they disclose this breach or the one three years ago when they only suspect records may be affected? They are required to do so by the Information Commissioner’s Office (ICO) under the Data Protection Act (DPA) of 1998. The Department of Work and Pensions, DVLA and other government bodies have also reported breaches, as documented in the list of DPA violations.

Ponemon’s study gives a few numbers for impact:

Notification accounts for $500,000 of the $6.75 million that the average U.S. company spends on a breach, according to the study; the average French company spends only $120,000 on notification.

I question whether they have found the right cause or they rely too much on a correlation.

Today’s India Times article on malware statistics has an almost boastful tone as they say India is no. 3 haven for hackers

The country saw an average of 788 bots per day during 2009. Bots are malwares that turn computers into zombies and there were 62,623 distinct bot-infected computers observed in the country during 2009. Amongst the cities in India with the highest number of bot-infected computers, Mumbai figured at the top with 50% followed by Delhi at 13% and Hyderabad at 7%.

The recipe for malware growth, both in terms of infection and generation, comes from network speed and ubiquity of hardware.

Symantec suggests this briefly in their April 2010 Global Internet Security Threat Report.

Brazil’s significant increases across all categories
are related to the growing internet infrastructure and broadband usage there.

How much growth? Over what period? The more systems connected, in other words, with high-speed access the more malware you should expect. The article does not give this analysis, nor does Symantec. The more interesting statistic would be the percentage of total systems infected relative to the total number of people with systems and the rate of change, instead of just who has the most infected systems.

Australian researchers have tried to train endangered species to not eat poisonous large toads. It seems to be working.

The challenge, explained Dr Webb, was that the toads have very large toxin glands in their shoulders, primarily containing chemicals called bufadienolides, which can very quickly induce a cardiac arrest.

“The quolls see the toad as a big frog,” he explained.

“It looks good to eat, so they just pounce on it and get a fatal dose of toxin. There’s no chance they can learn from the encounter.”

Now they are being trained by a bad experience from toad-meat that will not kill them. The researchers have worked before with feral cats. Next the question becomes whether this would work for species such as coyotes and wolves.