Thank you to the bad guys
I probably have more fun doing this issue than any other, my prior comments to the contrary. To be sure, I have my favorites among the various product groups. But having this annual chance to dig into what's coming next is like being the proverbial kid in the candy store (or, perhaps today, in the app store).
The products this year include several new members of our Hall of Fame – three years as Innovator recipients – and there are quite a few new players. As well, we have updated the categories to recognize changes in the marketplace over the past year. We get a good perspective on those changes as we look at the product groups planned for the year.
Some years back, I bemoaned the fact that innovation was dying in our field and that we needed to get back on track. That has happened in spades and this year we are seeing real evidence of it. I don't think I've seen any year where real innovation was more evident. Why? I think for this we can – unfortunately – thank the bad guys. However, as I wander through the forums on the underground, look at today's big breaches and analyze the current examples of malware, I don't see a lot of real bad guy innovation. What I see mostly is old wine in new bottles. So, what's up with that?
The fact is that we as security experts often trip all over ourselves trying to address relatively simple bad guy tools, techniques and procedures (TTP). Much malware is warmed over versions of things that other VXers have done, that in themselves might well also have been warmed over, and so on. Yet the breaches get bigger and bigger. We pile on the tools at the perimeter. If that doesn't work, we pile them on at the endpoints. And, still the breaches keep coming.
The fact is that we as security experts often trip all over ourselves trying to address relatively simple bad guy tools, techniques and procedures.
Amid the hue and cry for more and better tools, the one area that might provide the most insight – threat intelligence and analysis – isn't even well-defined in our industry. The generalized understanding of it – and what it can do for us – is even less understood. That said, the cool thing about this year's developments is that we might call it the year of threat analysis and machine learning. Those two phrases permeated the conversations that I had with our Innovators this year.
Our next change for the coming year is our SC Lab Approved award. Arguably, this is the highest rating we give. It says that a product or service is so good that we want to spend the coming year using it in our lab. The vendors provide their products to us and they must provide the same level of support that they provide other customers. Starting this year, we will report at the end of 12 months on how the testing and production use went for us. This lets us evaluate the tool under production conditions. As far as I know, nobody else goes to this level of depth of analysis in reviews.
We have bestowed several SC Lab Approved stickers over the years and it has been a sort of haphazard thing. If something really impresses us during a review cycle, we offer the designation. This year, in addition to that, we have taken some of our most impressive vendor submissions and included them as a group. Many of those also appear in our Innovators groups. They – as well as other recipients over the course of the year – will appear on our web pages and may use the badge in their marketing.
So, with my hearty wishes for a wonderful holiday season, I remain – as Orson Wells once put it – obediently yours.