Speakers:
J. Tyler Rohrer, Sr. Product Marketing Manager, VMware
John Dodge, Worldwide Release Engineer, VMware

Tags: VDI, John Dodge, Thin Clients, Thinapp, VMware, virtual desktop deployment

Tags: PCI, Payment Card Industry, application security, Web Application Firewall, F5

Tags: Application security, firewalls, Application Firewall, BIG-IP, Application Security Manager, ASM, F5, Drop and Go, BIG-IP ASM

Tags: Symantec, antivirus, antispyware, firewall, intrusion prevention, device control

Tags: Sapphire, Thomas Otter, developer, blogs, wikis, Cluetrain

Tags: ProSafe, NETGEAR, Peter Newton

Tags: John Yoon, Bill Harper, Control4

This podcast was commissioned by Success Magazine.

(more…)

Tags: Mobile, Anita Campbell, Small Business Trends, Jeff Zbar, Pamela Baker, Success Magazine

(more…)

Tags: Frank Russell, GeoLearning, SaaS

This is an EMC podcast.
(more…)

Tags: enterprise content management, ECM, EMC

More images on Flickr.

Transcript:

Host: Michael Johnson - PodTech
Guest: Martin McKeay - Network Security Podcast
Guest: Stephen Toulouse - Microsoft
Guest: Richard Stiennon - Fortinet
Guest: Richard Mogull - Gartner
Guest: Bruce Schneier - Schneir.com
Guest: Lori MacVittie - F5 Networks
Guest: Eric Green - Larstanpodcasting.com
Guest: Ron Gula – blog.tenablesecurity.com
Guest: Ryan Singel - 27bstroke6
Guest: Brian Krebs - Washington Post
Guest: Michelle McLean - ConSentry Networks

Michael Johnson - PodTech
This is Michael Johnson and we’re here at the Foreign Cinema restaurant in San Francisco, a very unique restaurant in which many of the nights they show movies outside, projected on a wall. We’re here at the site and on the occasion of the RSA 2007 Conference, and we’re here with a lot of people from across the country that are security bloggers, we’re going to talk to a few of them to see what’s on their minds or what they’ve been blogging about lately.

Martin McKeay - Network Security Podcast
I mean this is only happening once a year, there is a lot of us with a lot of voices out there, and well, we like to talk. So, it’s a really good thing to have this group together and (Voice Overlap). So, I wanted to give our sponsors, Microsoft and Fortinet, a couple of minutes to talk and they will tell you why they decided that it was worth sponsoring this event.

Stephen Toulouse - Microsoft
Hello everyone, I’m a Mac

Speaker
Don’t do that to me, I want to be the Mac.

Speaker
(Inaudible)

Stephen Toulouse - Microsoft
He said, I believe the exact phrase was, if I were shopping for a computer today, I would want to buy a Mac, that’s what he said, in that email, he’s being purposely dramatic, but that was Jim, as those who have ever talked to him know.

Speaker
That was Jim in the past tense.

Stephen Toulouse - Microsoft
Yeah, well, he retired, he retired, he’s gone. So, I want to talk a little bit about why we really wanted to help put this together. Most of you actually probably don’t know me as Stephen Toulouse, you probably know me as Stepto, which is what everybody calls me, it’s my email name at Microsoft, stepto@microsoft.com and my blog is stepto.com. I actually began — I’ve been with Microsoft since April of 1994 and I started off supporting Windows 3.1 and DOS 5.0, which I am proud to say had no remotely exploitable hole in the default install.

Speaker
Have you gone through that?

Stephen Toulouse - Microsoft
Had no network stack, but yeah, that it will, so we’ve come a long way since then. One of the things that Microsoft has done over the past couple of years, thanks to people like Scoble and thanks to a lot of the people that work at Microsoft and do blogging is we’ve embraced the blogging culture. So, last year we held a little lunch in, got some people together, it was just a dozen people, it was a lot fun, so when we heard the idea to do it again and do something a little bit bigger, a little bit fancier and invite more people, we jumped at the chance. I’m so glad, I mean seriously I’m so happy there are so many people here, there’s going to be so many great conversations. We’re just happy to be here, and happy to sponsor. I wish more of us were here, but planning for the next version of Windows is currently going on in Webinn (ph), so there is a lot of…

Speaker
Next after Vista?

Stephen Toulouse - Microsoft
Next after Vista, so there’s a lot of split. So, as I said diverse a few minutes ago, I know it sounds a little bit crazy to say for a company that has $34 billion in the bank, but it’s a resource issue, so we don’t have everybody down here, but I’m here, happy to be here, and happy to be with Fortinet in sponsoring this. So, thank you very much for coming, we don’t want to spend a lot of time in (Voice Overlap), so you guys have great conversations and Richard, what did you want to say?

Richard Stiennon - Fortinet
Cool, so I don’t have a lot of time to talk.

Stephen Toulouse - Microsoft
You’ve got as much as you want, you’re sponsoring.

Richard Stiennon - Fortinet
(Inaudible) Technorati ranking, somewhere way north of 12,000. I think that it is being a little site a Technorati blog ranking is kind of interesting when we all get together and meet, but what’s really, really, really interesting is that we are changing how people access information, because we all are in our own right experts or we all are in our own right good communicators and we know that because people are coming to our blogs, we’re all reading each others blogs, and doing the back and forth thing. This is new, we all know that, this is, in the security world for certain, this is the way that the end users are going to learn new stuff, we highlight things that just don’t get into the press, the press just doesn’t focus the same way that we do.

I’m super, super excited about what the blogging community does, so of course, when the opportunity came up, the timing was just right, I could say, Hey Rich, we’ll sponsor that, we’ll get there, that’s very cool.” As everybody talks to me this evening, I need a little help, I’ve got a bloggers dilemma, I’ve lost my bloggers voice, as you may have noticed, I can’t post anymore. Last week, for example, so TJX gets totally whacked by hackers, steals 40 million credit cards, I can’t find anything to say about it, because I have to check with our VP of North American sales to see if we’re doing a deal with TJX. That just stops you dead in your tracks, I could no longer be the (Inaudible) bloggers.

Speaker
Talk about that.

Richard Stiennon - Fortinet
Yeah, there was (Inaudible), so what do I do. I personally want to settle on a travel log because I travel a lot. So, I’m going to blog about shady hotels, and how they don’t have enough power plugs and stuff like that. Anyway, any other ideas, please let me know, and just thanks for everybody contributing to the community that we are, here it goes.

Martin McKeay - Network Security Podcast
Rich Mogull said he had a couple of (Voice Overlap) to say.

Stephen Toulouse - Microsoft
Yeah, Rich you want to say something?

Martin McKeay - Network Security Podcast
He’s the originator of this whole problem.

Richard Mogull - Gartner
You guys are joking, but — never mind, I’ll save that for when the camera’s not on. I want to thank everybody for coming, I got to be honest this went far beyond my expectations, I thought there would be a dozen guys, sitting in a room, paying for our own drinks…

Martin McKeay - Network Security Podcast
You’re paying for ours actually.

Richard Mogull - Gartner
Yeah, I though I was going to buy a round or two and that was going to be the end of it. When I started blogging as an experiment, it was, let’s just see what this is about, let’s see what’s going on out there in the community and it was mind boggling how valuable it was. The ability to have a — so let’s look who’s in the room? We have Brian from the Washington Post, reporter from a major newspaper here. We have representatives from all parts of the vendor community. We have representatives from the analyst side and we have end users everywhere. There is no place else in the world where we can all have a dialogue on a common issue, and at the same time, people read this stuff. If you were at the opening session for — I don’t normally go to the keynotes because come on, who needs to see Bill speak again. Hey now, that’s the truth really.

One of the things that Ze Frank said was, he called us the defenders of the renaissance. When you want to see the thought leadership, there’s two sides, there’s the back room, development being done, the really smart guys. When you want to see the people who are influencing, — I think that is us, but people who are influencing the community. If you look at where security came from and where security is going, I don’t care what Art (ph) says, security is not going away in two to three years, not going to be all embedded into the infrastructure.

There is a new wave of security thought readers that are building in this industry. There’s the old wave, first and then — so I love the dialogue, it’s incredible that we can all talk in an open environment, especially guys like Allan and Richard now, talking about analyst side versus vendors versus end users, all of this, (Voice Overlap). So, I’ve talked too long, thank you all for coming, I know there is more people coming on the way, let’s go drink more, and make fun of each other.

Michael Johnson - PodTech
We’re here with Bruce Schneier. Bruce, tell me a little bit about what you do?

Bruce Schneier - Schneir.com
Oh God, I am a Security Technologist, I write, I speak, I work for BT Counterpane, and I piss of the government, I do a lot of things.

Michael Johnson - PodTech
What have you been excited about over the last year or so, and what’s been some of the more interesting things that you have documented in some of your studies and some of your blogs?

Bruce Schneier - Schneir.com
Well, what I wrote about — writing about now, what I posted this week, and what I talked about here at the RSA Conference is the psychology of security, how we perceive security. Security is both a feeling and a reality, and they’re different. You can feel secure and not be secure and you can be secure and not feel secure, and there’s a lot to learn in that difference, why it happens, what about the human brain makes us get security wrong? I’ve been reading a lot of psychology, a lot of human brain physiology, a lot of — there are studies about risk, there’s a whole lot of research being done in the psychology community, that we’ve never seen here in the security community, but I think is directly relevant to what we’re doing.

Michael Johnson - PodTech
That sounds fascinating, I think it is a concept of security that people are thinking about more these days, because certainly in the United States and in other places as well, this idea of what our security is, is certainly being called into question.

Bruce Schneier - Schneir.com
Right, and there’s a lot of crap security, I call it security theater (ph), security that doesn’t do anything good, but just makes you feel better, and that’s security that doesn’t target to the reality, but targets to the feeling. There are times, they’re not common, but there are times when that kind of thing is useful. There are times when it’s really bad, and how do you know the difference. I think there’s a lot of stuff there.

Michael Johnson - PodTech
What times would you say we’re in now; say the perspective of obviously the United States and Homeland Security, that’s a big name right now, but it seems to sort of be talking more to that feeling part that you’re addressing?

Bruce Schneier - Schneir.com
We’re definitely in the stupid security season, what happened in Boston last week is an example, that happens every time you get on an airplane, security is really stupid right now.

Michael Johnson - PodTech
If folks wanted to check out your blog and see some of the stuff that you’re writing about, where can they go?

Bruce Schneier - Schneir.com
Schneir.com, actually I think if you just type security blog into Google, I pop up as the first name, but its www.schneir.com, easy to find.

Michael Johnson - PodTech
Bruce Schneier, thanks a lot.

Bruce Schneier - Schneir.com
Hey, thanks for having me.

Michael Johnson - PodTech
We’re here with Lori MacVittie who is the blogger for F5 Networks, and welcome to the party Lori.

Lori MacVittie - F5 Networks
Thanks, it’s very exciting thus far.

Michael Johnson - PodTech
Well, it’s a really interesting group of security bloggers, we’re on the occasion of the RSA 2007 Conference in San Francisco, tell me a little bit about what you blog about for F5?

Lori MacVittie - F5 Networks
I blog about a number of things, security and otherwise, but generally just trying to apply all sorts of new technology to use in our products and how they can be used and extended and just trying to be innovative and then also commenting on what other people have to say about anything related to SOA, AJAX Security, those kind of topics.

Michael Johnson - PodTech
What excites you about this, what are the things that you find really interesting in this security portion of the blogosphere?

Lori MacVittie - F5 Networks
Well, I think that emerging technology, security is very exciting because it’s new and it’s different and we have to come up with innovative ways to solve that, something that we at F5 take very seriously, but also just some of the social issues. We were just having a conversation about teenagers and security and social networking, and it’s a very interesting problem that we have to solve because it’s not necessarily a technological problem but a people problem. So, it’s something different that we have to solve, so it’s a challenge, I like that.

Michael Johnson - PodTech
We were speaking with Brice Schneier a little bit early about the sort of the concept of security and how we have a lot of solutions around, and now it’s a question of getting those things implemented, are you seeing that implementation happening now slowly but surely, or is it something that’s going to take a while do you think for the concept to sort of follow the implementation of these things?

Lori MacVittie - F5 Networks
I think as usual, unfortunately security comes last. People wait until there is a problem to actually solve it. You don’t change locks on your doors until someone breaks in. I wish that we could change that view so that people thought of it upfront, but I still think it’s a after the issue problem.

Michael Johnson - PodTech
If folks want to check out your blog, where could they go?

Lori MacVittie - F5 Networks
You can go to devcentral.f5.com/macvittie

Michael Johnson - PodTech
Alright, Lori MacVittie of F5 Networks, thanks for being with us here, enjoy the party.

Lori MacVittie - F5 Networks
Thank you.

Michael Johnson - PodTech
Tell me your name?

Eric Green - Larstanpodcasting.com
I am Eric Green.

Michael Johnson - PodTech
Eric, what do you blog about or Podcast about?

Eric Green - Larstandpodcasting.com
We’re across a lot of different spaces, I mean personally I’m our security guy, so we do a lot of stuff on Information Warfare, Information Operations and a couple of other security Podcasts. Company wise, we do — we cut across personal finance supply chain technology and cross technology, we do a lot of federal government stuff as well.

Michael Johnson - PodTech
What kind of interesting stuff have you come across in the last number of months?

Eric Green - Larstandpodcasting.com
The last number of months have been interesting on the IO space for me. So, if you look at Info Operations and Info Warfare, the critical infrastructure side of being sort of finance and telecommunications on the security side has seen a lot of people — like a resurgence of people wanting to talk about IT security, everything all the way up to SIOPs, it’s the psychological warfare and the like. So, it’s fun being back at RSA to see what people are saying on the floor about things like that.

Michael Johnson - PodTech
So, tell me your names.

Ron Gula - blog.tenablesecurity.com
I’m Ron Gula.

Michael Johnson - PodTech
What’s your blog?

Ron Gula - blog.tenablesecurity.com
I’m blog.tenablesecurity.com.

Michael Johnson - PodTech
And you?

Ryan Singel - 27bstroke6
I’m Ryan Single, my blog is 27bstroke6, which is blog.wired.com/27bstroke6.

Brian Krebs - Washington Post
I’m Brian Krebs of the Washingtonpost.com and I blog on Security Fix.

Michael Johnson - PodTech
So, what have you — I saw you three talking in a circle, what have you been really excited about, or what have you been putting in your blogs lately, is there been any dialogue between all of you other than here in person or is it been happening on the blogosphere?

Ron Gula - blog.tenablesecurity.com
Well, right now, one of the good things about getting together is, you have a lot of different disciplines. These two are from the media side of the house, I’m a vendor, so we were just kind of talking about different things that we can blog about, we all blog about dramatically different things.

Michael Johnson - PodTech
What’s your favorite topic?

Ron Gula - blog.tenablesecurity.com
I like to talk about computer security, vulnerabilities, intrusion detection, that kind of thing.

Michael Johnson - PodTech
What do you like to blog about?

Ryan Singel - 27bstroke6
You should jump to Brian on that one, because you guys do kind of similar things.

Brian Krebs - Washington Post
I mean basically for me this is great because I’m getting to meet a lot of the people whose blogs I read everyday and put a name with the face.

Ryan Singel - 27bstroke6
So, I do a little bit of the higher level kind of things. We cover government databases, privacy, kind of higher level security, so a lot of these folks know a lot more than I do at the — sort of nitty-gritty, kernel level kind of stuff, whereas we’re kind of higher level, a little bit more snarky.

Michael Johnson - PodTech
Now, one of the things I’ve been hearing here at the conference as well as in this group is that the thinking about security, has to really be the thing that has to change for a lot of people, not so much we have the technologies, we have a lot of solutions at the show. At RSA, we certainly see hundreds of solutions that are offered up, but the thinking about security has to change, what do you think about that?

Ron Gula - blog.tenablesecurity.com
Well, everything is related. Long time ago, if you were the firewall guy, you just had to worry about the firewall, or the virus guy just had to worry about making sure the viruses were update. Nowadays, everybody realize everything is linked, the operating system, the router, the policy, everything is together, and you’re probably seeing vendors start to offer solutions along those lines and consultants talk along those lines and people blog about that kind of stuff, so I’m happy to se that kind of change.

Ryan Singel - 27bstroke6
Oh, it’s kind of interesting to hear a lot of people getting sort of some of the old time religion, which is about securing the data not about securing the firewall or securing the perimeter. I’m still waiting for the sort of the big change, where security becomes easy and the Internet becomes safe and it’s not here yet.

Michael Johnson - PodTech
How long do you think it’s going to take?

Ryan Singel - 27bstroke6
Forever.

Brian Krebs - Washington Post
I write generally for a much wider audience, so I don’t tend to write much about technology solutions and things like that. Basically, I’m writing for people, the everyday Joe, average Internet user, and so I think that’s a constant education effort because it’s real easy to I think over estimate people’s grasp of technology and security issues, and that’s a dangerous thing.

Michael Johnson - PodTech
Do you think information is getting out from the blogosphere to the general public, where people read it, or does the pubic need to know more about what goes into security or do you think it actually has to stay at the enterprise level and got to go down from there?

Brian Krebs - Washington Post
I’d like to see more mainstream publications covering this important issue. I happen to think that most of the people who really need to know most about what it is they need to do, to stay secure online, don’t read blogs, I mean they’re still reading mainstream publications.

Ryan Singel - 27bstroke6
I think the mainstream folks that really need to know what they do should go to his blog, because I pick things up from you, he’s one of the best at sort of translating — like he understands the high level stuff, but translates it into what does this means for you, how do I get Flash 8 off my system, when you didn’t even know you had it on there.

Brian Krebs - Washington Post
It is always Flash 8, why do I need it?

Ron Gula - blog.tenablesecurity.com
Yeah, I mean the biggest failure of the vendor so far is all the solutions we offer are extremely technical, the average person doesn’t know, should I click this, should I not click that, am I going to be safe, am I going to lose my credit card data, it’s very difficult, so, things are getting better, we just have a long way to go.

Michael Johnson - PodTech
Alright, well, thanks for speaking with us and enjoy the party.

Michelle McLean - ConSentry Networks
Hi, I’m Michelle McLean with ConSentry Networks

Michael Johnson - PodTech
What do you do at ConSentry, Michelle?

Michelle McLean - ConSentry Networks
I’m actually in charge of Product Marketing.

Michael Johnson - PodTech
And you blog?

Michelle McLean - ConSentry Networks
I do, we’ve just recently launched the En Garde blog and there are several of us posting to it by commenting on security, how security is being perceived, what we’re seeing in the customer business that we have, and just how the market is evolving around how to secure what happens on the LAN, inside the enterprise.

Michael Johnson - PodTech
What’s the importance of the blog to ConSentry Networks?

Michelle McLean - ConSentry Networks
It’s multidimensional, there is the notion that for your customers, you’re trying to give them a little bit of an inside view into what’s going on, helping them understand their peers. There is definitely this notion of an industry level dialogue, where you know that press and analysts and other bloggers are reading some of your thoughts and it fosters the dialogue, it’s definitely a level of discussion that’s more fast moving and a little bit more straightforward than what you can see in the press necessarily, that’s just the nature of the flexibility of the medium. You can be very quick to get a whole dialogue going and in two days worth of comments you’ve moved the whole goal line forward around what the industry’s thinking about the topic, it’s really dynamic.

Michael Johnson - PodTech
Do you think it really helps the industry?

Michelle McLean - ConSentry Networks
I think it does, because I think you end up shaping how people talk about the problems, the solutions, how they’re trying to cope with certain issues in the enterprise. I used to be a journalist and an analyst actually for nine years, and it’s really nice to be back in that thought leadership domain that a blog can give you, it’s a lot of fun, and I do think it benefits both the consumers of technology as well as those who are charged with thinking about and writing about the industry.

Michael Johnson - PodTech
Michelle McLean of ConSentry Networks, thanks for talking with us.

Michelle McLean - ConSentry Networks
Thank you so much, it’s good to see you.

Richard Mogull - Gartner
Richard Mogull, and I’m an analyst with Gartner and mostly contribute to the Gartner blogs.

Michael Johnson - PodTech
Obviously you’re doing something about security, right?

Richard Mogull - Gartner
Yeah, exactly, I’m on the information, security and risk team over there, so that’s — well, it’s pretty much what I’ve been doing since I was 16.

Michael Johnson - PodTech
Since you were 16?

Richard Mogull - Gartner
Believe it or not, I started in physical security back when I was in high school and eventually got into — it was at PC tech job, and eventually that led to my information security career.

Michael Johnson - PodTech
What has been the most interesting thing for you or what area do you focus on a particular, and what over the last few years has been some of the top one or two security issues?

Richard Mogull - Gartner
Well, it has been really fascinating actually, I’ve been covering data security for about five, maybe six years now, and back then it was something nobody would pay attention to, the research wasn’t read very frequently, not a lot of conversations about it. Last year, data security has exploded, protecting people’s private information, protecting corporation’s intellectual property, incredible amount — vendors all over the place addressing it, we couldn’t go to a keynote without a mention of data security. So, I think it has been just fascinating to watch it over this five year period, as this has finally developed and has finally started to hit the mainstream.

Michael Johnson - PodTech
What do you think changed, what was it that sort of pushed it over the edge?

Richard Mogull - Gartner
Oh, to be honest, it’s because of couple of factors. One is we actually start putting things back up on the Internet and making them potentially available that people had monetary value. There were no safe crackers except for 14 year teenage boys until people put money in the safes, then the bad guys figured it out. We put those things up there, the bad guys had a little bit of time to realize not only what was there, but learn the techniques to get at it. So, now all of a sudden, information security, we’ve always called it information security, it was network security, now we’re getting back to the information, we’re getting back to the data, we’re protecting private information, we’re protecting our intellectual property.

Michael Johnson - PodTech
So, has the mindset caught up, because it’s the scene that I’m hearing at RSA, I’m hearing it tonight, has the mindset of the enterprise community that deals with that data, whether it’s data in flight or data at rest, and even some of the marginal network, firms that are out there, large storage firms that are out there, have they really caught up with the idea about what security is?

Richard Mogull - Gartner
I think we have a lot of work to do there. We know there is a problem. Now, a lot of it right now is mostly compliance driven, so people are implementing data security as much for compliance as anything else, and a lot of part of it is we don’t really know how big or how bad the problem is. Over the next few years, we’re really going to start raising that awareness, we’re going to start understanding how to build security as opposed to just layering it on, and we will get back to the concept that it’s about protecting the data, and it’s about protecting our sensitive information. So, we got a little ways to go, it’s not quite there yet.

Michael Johnson - PodTech
Thanks for talking with us, enjoy the party.

Richard Mogull - Gartner
Thank you very much, this is great.

Michael Johnson - PodTech
So, that wraps it up for our blogger evening, security bloggers from all over the country, all over the Web, all of the blogosphere, coming together here in San Francisco at the Foreign Cinema restaurant as part of the RSA 2007 Security Conference in San Francisco, I’m Michael Johnson, well see you next time.

Copyright ©2006 PodTech.net. All rights reserved. Privacy policy

Tags: RSA 2007, security bloggers, Foreign Cinema, network security, Martin McKeay, Shift, Kristalle Ward, Fortinet

Host: Michael Johnson – PodTech
Guest: Paul Brady - Mazu Networks
Guest: Dimitri Vlachos – Mazu Networks

Michael Johnson – PodTech
This is Michael Johnson and we are here on the floor of RSA 2007 in the Moscone Center in San Francisco, and we are here at one of the interesting booths. It is Mazu and we are here with the CEO of Mazu, Paul Brady and also the Senior Product Manager Dimitri Vlachos. Welcome both of you to the podcast.

Paul Brady - Mazu Networks
Thank you Michael, thanks for having us.

Dimitri Vlachos – Mazu Networks
Thanks Michael.

Michael Johnson – PodTech
Okay. Well, Paul, let’s start, tell me a little bit about what Mazu is?

Paul Brady - Mazu Networks
Well, simply stated Mazu provides continuous global visibility into our users application hosting devices are behaving on your network. Simply stated, it gives you a window into what users and applications do. How they are behaving? And it helps both security and network professionals, secure and optimize their network.

Michael Johnson – PodTech
Okay, now we’ve seen a lot of boxes here, a lot of things, lot of the interesting sort of the applications. They all pretend to have the answers. Tell me what Mazu’s approach is and why you selected visibility as a way of looking at the network and the problems with that?

Paul Brady - Mazu Networks
Sure, well, what we have seen is there is lots of devices like firewalls, IPS, parameter-based tools that if you can program signatures or rules into them, you can stop people from getting in. The reality is the network parameters become more porous. it’s open, it’d be partnerships and business relationships and things like Voice over IP, the network end-points are expanding and people just did not know what’s happening on the network and is usage of the network and the mission critical nature of the network becomes more important.

They really need to understand what’s happening on the network? Who is doing what, where and how? And we do that in a unique way. We are able to without agents or inline devices through the use of NetFlow which is pervasive on almost all networks and transparent meaning very little to know overhead. We can very quickly tell users, how people are behaving on the network? What threats exist? And help them optimize it for business purposes.

Michael Johnson – PodTech
Okay. Now, as the value of this that maybe a lot of people are finally getting into the security, getting to realize that they really need to get up to speed on security and this is kind of an easy interface way for them.

Paul Brady - Mazu Networks
Well, I think the key drivers are — applications are more tightly bound than ever to the network and there is pressure on network and security operations teams to understand and resolve issues more quickly. Five years ago, if you had an outage, people were a little bit frustrated because email was not there and you couldn’t surf the Web. Now, the cost of having any sort of network downtime is huge for most companies and the exposure of any sort of breach of critical data is also very expensive in terms of brand and so having that visibility on your network, we think is more critical than ever and is evidence by the growth we have had as a business in 2006.

Michael Johnson – PodTech
Dimitri, what are you hearing from folks out there about what they are expressing as far as a need for security? Because one of the things that I have gathered at the conference is that, lot of people are thinking that the thinking about security, the mindset about security has to change. What are you hearing about?

Dimitri Vlachos – Mazu Networks
Well, so, what I hear about security is, the policy based all these detecting of known problems or most associations today are based on the fact that you can figure logs to send data to a central entity and the problem with that is on most of those solutions you have to know what you are looking for and they fail to realize that they are host-centric a lot of times and they fail to realize that the network is what’s connecting everything. So, the network no longer is kind of network issues and security issues isolated. If a worm breaks out in your network it not only affects your host it can clog your network and affect other pieces of your infrastructure.

So, I think there’s this commonality that is missing from a lot of products and solutions is that the network how it interacts is key to security just as it is key to network professionals as well. So, that’s an area I think, we are starting to see a lot of demand for — I don’t understand my network before I can do anything. I need to really understand what’s going on.

Paul Brady - Mazu Networks
Yeah, and now I would simply add to that. I think what users are demanding is security tools help move them from reactive to proactive to predictive and we think technology like Mazu Networks that gives you a behavioral based view of what’s actually happening on your network, real time, historically and can alert you to problems both with out of the box heuristics and by point clip policy to tell you about things like suspicious connections or users are using Peer-to-Peer or Instant Messenger and the firm has made a policy against it. We can out of the box, swat things like that and just help people understand and secure and optimize your network.

One of the exciting things we did in our most recent release which was last September, was we all — prior to that release we had a very IP-centric view of the world. Now, we are able to integrate with things like Active Directory, so instead of IP addresses user and we also are able to finger print over 500 applications. So, instead of IP address, it’s SAP Server, Oracle Server.

So, when you get into the Mazu appliance you are looking with a very solid contact which user Paul is talking to that server SAP and he is doing something unusual that he has never done before. Let’s zoom into and see exactly what he is doing? How is that vary from what he has typically done historically, and is it a problem and if to an extent there is a problem we can look into any device from the network user or application and say, who else is he connecting to? Who else is connected right now?

Last week we had a call from one of our customers in the East Coast, a large financial services firm and they had, like many financial services firm, they have a policy against using IM. They want to control, they have gateway products, they want to control communication in and out. Well, any guy with a little bit of technical capability knows how to tunnel IM over port 80 pretty easily.

So, the policy was in, we helped them establish a policy, simple policy within Mazu and they called us up to tell us say, they had caught a user transferring 10 Gig over IM which obviously — they didn’t tell us what was contained and I do not know if it is anything bad but they were quite excited that they were able to identify it quickly and stop it and I think that will get out there and it will be a way for them to enforce the rational policies that they’re setting pretty easily.

Michael Johnson – PodTech
Okay, so the folks who want to find out about Mazu, where can they go? Is there a Website?

Paul Brady - Mazu Networks
www.mazunetworks.com

Michael Johnson – PodTech
Okay. I have been speaking today with the CEO of Mazu Networks and that is Paul Brady and also the Senior Product Manager Dimitri Vlachos. It’s been great talking with both of you. It sounds like a fascinating product and we’ll have a link up on PodTech and thanks for talking both of you.

Paul Brady - Mazu Networks
Thank you, Michael. Nice to meet you.

Dimitri Vlachos – Mazu Networks
Thank you, Michael. Very nice to meet you.

Copyright ©2006 PodTech.net. All rights reserved. Privacy policy

Tags: RSA 2007, Paul Brady, Dimitri Vlachos, MAZU Networks

Tags: Michael Marcellin, Verizon Business, firewall, Verizon

This Juniper Networks podcast is part of the Juniper Networks Master of IT program.

Transcript:
Host: John Furrier - PodTech
Guest: Eric Walters - 7-eleven

John Furrier - PodTech
Welcome to the PodTech.net, Master of IT Podcasts, we are here with Eric Walters the 7-eleven Manager of Network Services, is that your title, what’s your title Eric?

Eric Walters - 7-eleven
Manager of Network Services.

John Furrier - PodTech
Tell us what’s involved in being the manager of network services for 7-eleven, big corporation, lot of activity, lot of locations?

Eric Walters - 7-eleven
It is, I am in charge of the Network for North American Stores including the continental US and Canada as well as, we have 60 yard field sides around the continental US and Canada as well.

John Furrier - PodTech
So, tell us how did you get to where you are as Master of IT, tell us about what led you to being a Master of IT at 7-eleven?

Eric Walters - 7-eleven
Well, I have always been in IT; I have worked in many areas of IT in the network side specifically, done a lot in the areas of security and networking from large corporations.

John Furrier - PodTech
Eric, tell us something a little about managing the 7-eleven network, I mean it’s not your standard corporate organization, I mean every one knows 7-eleven, who has had to have make quick stops, talk about the security environment over there and a little about the network.

Eric Walters - 7-eleven
Well, the challenges are wide spread, depending on if you’re talking about stores or just the general corporate network, but the biggest challenge, we have today is really our stores, where we have a lot of change going on, we’re using a lot of technology in our stores and providing a robust network to support those new requirements as an ongoing challenge.

John Furrier - PodTech
What kind of technologies are we talking about over there?

Eric Walters - 7-eleven
Well, we are implementing a lot of new technologies for, we have a particular technology called vCom, which is a virtual commerce and that is an ATM machine that does a lot of transactions including check cashing, money orders as well as carrying standard ATM transactions.

John Furrier - PodTech
You must have had a lot of challenges, how many stores do you guys have?

Eric Walters - 7-eleven
We’re trying about 53 hundred in the US and 500 stores in Canada.

John Furrier - PodTech
And your network includes all of those?

Eric Walters - 7-eleven
Yes, correct.

John Furrier - PodTech
Tell us about your security challenge, that you guys face over there at 7-eleven.

Eric Walters - 7-eleven
Well, I think with any company doing financial services or financial transactions, PCI certification has to be the largest challenge and we’re currently implementing a lot of different technologies to make sure that our network is highly secure and that we can carry customers transactions without any compromise of their data.

John Furrier - PodTech
Can you give an example of something that happened recently?

Eric Walters - 7-eleven
Well, one of the things is we are adding into our stores, a wireless network, that we’re using for a running use, not for a wireless hotspot, but we’re using it for carrying a wireless device in a store called MOT and it’s a Mobile Operations Terminal, it’s used to do store ordering and product check-in and the like and obviously implementing a technology like that in our stores we wanted to do it very securely, but also giving some flexibility to expand the capabilities of it.

John Furrier - PodTech
Eric, tell us about some of the access challenges, is wireless a challenge as everyone wireless these days, so talk about that?

Eric Walters - 7-eleven
The biggest challenge is making sure that the wireless network in a store is secure against any outside access, obviously wireless Sting what it is, it can be accessed from both inside our location, as well as in outside of our location so we have to be careful in making sure that the level of security is at — what it needs to be to prevent access and not only that to monitor against access by an outside party.

John Furrier - PodTech
Juniper has the Master of IT program and also you’ve been designated as one, talk about a little about what Juniper has brought to the table, what they’ve done with you?

Eric Walters - 7-eleven
Well they’ve tapped out significantly both internally with our network as well as, all the way down to the stores, where we’re rolling out those wireless access points. The Juniper product is working out very well for us in that area, provides a very robust wireless access point, basically it’s a firewall with wireless access point built on top of it, as to our a lot of the other applications, there’re our other access points that are out there in the industry are really kind of the reverse, but there was an access point first and they kind of bolted some security on top of it.

We’re already very familiar with the platform that Juniper added this wireless capability too, so that was obviously a big benefit to us because we knew the capabilities of the device from a security perspective. So adding wireless on to that was a natural fit and really met the challenges that we had facing is quite well.

John Furrier - PodTech
Eric, you’re a master of IT, which is a great accomplishment, share with the folks out there about some of the things that you’ve learned, share with them something that you could help them way, so someone is out there who may have some of the similar issues that you had, what could you tell them?

Eric Walters - 7-eleven
Well, I think the key is being flexible. In today’s changing IT world, things are changing very rapidly, being able to be flexible and being able to have a vision towards where you want your organization or where you want your network to go and marrying that up with, what the executives at the organization are looking for is really challenging. It’s quite fun, but there’s a lot of challenge with staying up in IT these days, so really staying intend with the industry and with your peers in the industry is key to understanding the different ways that other organizations are addressing their security and network concerns and being able to carry that in your own organization as well.

John Furrier - PodTech
As you go forward, for the next few years, what do you see out there as the future challenges around the corner and the security and being just a master of IT, what does that outlook look like to you?

Eric Walters - 7-eleven
Well, I think the future challenges are that we are continuing to become more and more a Webified world and we’re seeing a lot of security challenges, all around the industry and in point security has become a really hot topic and how do you protect the in points in your network, whether it be an individual, whether desktop or a laptop mobile user, or our systems down in our stores, so security is really continuing to be at the fore front of every network manager’s mind.

John Furrier - PodTech
What you’re doing out there to keep on the cutting edge of the security issue, because security is really not going away, it’s always changing in morphing thing, what are the some of the things that you’re doing?

Eric Walters - 7-eleven
Well, I think the biggest thing is staying in touch with my vendors and making sure that the manufacturers of the products that I use within our network are really in tune with what my issues are and also identifying whether the issues that I’m looking at are marrying up with where the products are going and making sure that I can address everything that we need to with as fewer vendors as possible and making sure that the security that they provide marries up with what we want to do.

John Furrier - PodTech
Eric, what do you enjoy the most about your job obviously being a Master of IT is a great accomplishment, what do you like the most about what you do?

John Furrier - PodTech
Well I think the thing that’s — the most intriguing is that it’s an ever changing world, there are constantly new challenges, which require you to stretch your thought process and coming up with new and creative ideas and ways of dealing with those challenges, this industry, there’s no way you can know everything there is to know about technology. And so there is always more to learn and more to get to know and that is the thing that enjoy the most about this, the work that I do is that you can never know it all, there’s just way too much that is out there.
We’re here at the Juniper Networks, Master of IT Podcast, talking about all masters of IT across the board.

For more information just see where all the Masters of IT are located, there’s a website www.masterofit.net, we’re here with Eric Walters, Manager of Network Services for 7-eleven, great company, good business, IT is a big part of it, a lot of locations. Eric thanks so much for the Podcast.

Eric Walters - 7-eleven
Thank you very much.

Copyright ©2006 PodTech.net. All rights reserved. Privacy policy

Tags: Eric Walters, 7-eleven, Juniper Networks, Master of IT, PodTech, John Furrier

More information at:
Symantec.com

Transcript:
Editor – PodTech

Hello and welcome to this Security Response Podcast presentation for January 22, 2007 brought to you by Symantec, the world leader in providing solutions to help individuals, small businesses and enterprise; assure the security, availability and integrity of their information. Today’s Podcast is focused on ‘Trojan.Peacomm’ or is it also known ‘Storm Worm’. Trojan.Peacomm and his variance or a new Category 3 threat that Symantec has seen propagating in the wild. The goal of this Podcast is to provide you with the summary of what the threat is, its impact, as well as provide you with some information on how to protect yourself and your organization.

On January 19th, 2007 Symantec begin receiving alerts on Trojan.Peacomm. Due to an increase in the speed and volume in which this threat is being spammed across the Internet, Symantec has raised the threat level this particular malicious code the category three. Initially, appearing to come from Russia, this Trojan horse program targets Microsoft Operating Systems and arrives as an attachment and email currently being spammed to users around the world.

In the hopes of spreading spam that pumps up penny stocks the author of this malicious code or attempting to trick users into installing the Trojan horse contained in the email. Attackers are using fake news headlines and the promise of a video clip to get unsuspecting users to open the message. Examples of the emails subject lines or 230 dead as storm batters Europe and Fidel Castro is dead. Contained in the email is an EXE attachment with title such as full video.exe, greeting postcard.exe and fullnews.exe among several others.

If an unsuspecting user is tricked to opening one of these attachments, the Trojan will install a number of threads including a rootkit, which attempts to hide itself in the operating system as well as the UDP based peer-to-peer communication channel, which can be used by the Trojan to communicate with several known IP addresses. Once the Trojan has been successfully installed, the infected machines will attempt to connect these addresses and then in turn begin to distribute high volume of penny stock spam.

Symantec Labs have observed an average of over 3500 spam messages per minute being sent on infected machines. In order to protect yourself from Trojan.Peacomm and his variance users and system administrator are advised to perform the following actions. Update your antivirus signatures, antivirus signatures have been available from Symantec since January 19th , but users and system administrator are advised to check for updates on possible new variance of this thread, make sure to configure your Firewalls, email solutions and gateway machine to drop all executable attachments. Update your antispam products to ensure that spam messages distributed by Trojan.Peacomm are stopped at the email gateway, as well as filtering incoming and outgoing activity over UDP port 4078, 71.

Finally, Symantec recommends that users never open any email or attachments from unknown or untrusted sources. For more information on this particular threat, point your browser to www.symantec.com/enterprise/security_response/index.jsp. That concludes our Podcast for today. Thank you for downloading and listening to the Security Response Podcast brought to you by Symantec, the global leader in information integrity, providing software appliances and services to help individual and enterprises secure and manage their most important asset, their information. For more information about this subject related products or additional Podcasts, make sure to visit www.symantec.com.

Copyright ©2006 PodTech.net. All rights reserved. Privacy policy

Tags: Symantec, Security Response, Trojan.Peacomm, trojan horse, Symantec

Tags: Cindy Bellefeuille, Chris Hunsaker, Verizon Business

From RSA 2006 in San Jose, California. Listen to Vivek Chugh, Product Line Manager for Business, Firewall, VPN and wired and wireless technologies at NETGEAR. He says that small businesses with limited assets are at the greatest risk for security breaches, and talks about NETGEAR’s solutions for small business.

” … Unified Threat Management … is one of the key messages for security this year… ”

Download the Podcast

With Web 2.0 being one of the more exciting developments on the Internet in the last couple of years, there’s been sustained interest by large businesses trying to figure out how Web 2.0 affects them. Recently Darren McKnight, Vice President for Technology of government contractor SAIC, invited Chief Technology Officer of premier enterprise IT firm Sphere of Influence, Dion Hinchcliffe, to come and talk about Web 2.0 at their Enterprise Content Exploitation Industry Day on November 16th, 2005 in Tysons Corner, Virginia. Dion has been publicly discussing lately the similarity between many aspects of Web 2.0 and the popular IT software architecture approach, Service-Oriented Architecture (SOA). With Gartner saying that by 2008 up to 80% of all software development will be based on SOA, it’s clear that Web 2.0 and SOA will be highly interrelated and Dion thinks even mostly overlapping.

Dion’s Web 2.0 luncheon address at the Enterprise Content Exploitation Day gathering was about how Web 2.0 radically opens up and enriches the content trapped within the massive IT systems of most large organizations. SAIC’s customers are often in the government space and have firewall and security issues that many do not. So Dion focused the speech on their specific requirements in his wide ranging speech that opens up on how Web 2.0 concepts were used to locate Hurricane Katrina survivors, to the origins of Web 2.0, what Web 2.0 is exactly, good Web 2.0 exemplars, and much more. The speech is non-technical and is an excellent resource for anyone trying to get up to speed on the emerging concepts in the Web 2.0 toolkit that have made Google and Amazon major successes while fostering a new generation of innovation and startups for building a two-way Web.

Dion Hinchcliffe is Chief Technology Officer of premier enterprise IT firm Sphere of Influence, leader in agile/lean methods and Service-Oriented Architecture. He regularly advises SOI’s clients in the federal government and Fortune 500. Dion’s Web 2.0 blog is a member of the Web 2.0 Workgroup and is one of the leading sources of Web 2.0 commentary and analysis on the Web.

This is a must listen for anyone developing and selling into the enterprise.

On the podcast we talk about the difference between the Google and HP presentations and how Google didn’t hit the mark with the audience.

Biggest change that Mitchell’s is observing (35 years of experience) his view about this massive change isn’t archictural. It’s how enterprise customers want to do business. They no longer want to do the big multimillion prepaid deals. The enterprise buyers want to buy “by the drink” not “by the case”. That says that no matter how you build your software and how you deliver it whether behind the firewall or hosted as a service - that selling a subscription or some other “by the drink” model is the way enterprise customers want to buy. The old days of you build something and sell it at 250k a pop and that’s the minimum purchase is a very difficult business model in the enterprise now. Enterprise want a return on their investment fast and want to spend their money as close to the return of the investment as possible.

Enterprises are still looking for new technologies. That’s good news for startups. Enterprise customers buying “by the drink” is good news for startups.

Information Technology groups are continuing to be tied to the business units and the business goals of their companies. Enterprise will be very focused on cost savings, and their focus will continue to be on security.

Much more from Mitchell - great stuff and as they say in radio - “nice pipes”.

This is a must listen for anyone developing and selling into the enterprise.

Note: Check out the Master of IT Podcast Series - by Juniper Networks

NetApp is also a leader in corporate blogging with one of the founders David Hitz blogging hard for the company.. Now NetApp is podcasting. Dave blogs about his trip with Kevin Brown to DC which was a pretext to this announcement.

Full Transcript for the NetApp Podcast Announcement:

Host: John Furrier, Founder PodTech.net
Guest: Kevin Brown, VP of Marketing, Decru a Network Appliance Company

John Furrier: Welcome to the PodTech.net Infotalk series. We are here at the Network Appliance headquarters with Kevin Brown the Vice President of Marketing here at NetApp in charge of marketing at Decru.

John Furrier: Welcome to the podcast.

Kevin Brown: Thanks.

John Furrier: Network Appliance has been a leader for years in pioneering storage … storage area network among other technologies. Now you guys are moving into a new area extending the pioneering work with data encryption and intersecting in security. Talk about what you guys are announcing today.

Kevin Brown: Yeah that’s right. If you look at NetApp’s history, it has really grown up from an innovator in mass storage to a unified storage platform that could handle multi protocols in the same appliance to a whole storage system company with replication and disaster recovery. There are a lot of innovations around how do you create snapshots of data and comply with regulations Now, what customers are pushing for is expansion of that into the next level up, into data management. It’s not just can you store the data, but can you really manage it? Part and parcel of data management today is security. This is one of the top topics that everyone in the federal government to Wall Street to the entire Fortune 500… Fortune 2000 are really looking at as a priority. Building security into data management; that is where the innovation is. That is where the acquisition of Decru has played in over the last few months.

John Furrier: The world is changing. Everyone talks about how the environment is changing…with security. Everyone is always connected…always on. There is huge talk about security. You were with Decru which recently was purchased by NetApps this past summer. Talk about what Decru is doing and how that fit into NetApp’s plans.

Kevin Brown: Sure, NetApps had a number of security initiatives in the past around the NetCash product line for gateway access… for Internet access and security and a number of native security features. The Decru acquisition brings in some expertise around encryption, around access control, authentication … some of the tightly bound features that are being injected into the storage networks themselves. One of the things that was unique about Decru is we took some thing that was relatively hard and slow…encryption and it was very difficult to employ in an enterprise type of an environment. Much like NetApp has done over the past few years, we did a lot to simplify and remove the tradeoffs. What used to be slow, invasive and difficult we’ve taken and made it really fast. We made it very easy. We tried to simplify and make it very robust…taking something that’s been hard to do, for enterprises, and simplifying that to address a major business need.

John Furrier: Storage is getting bigger. Everyone is storing more photos, more podcasts; these files are getting bigger. People are always connected. Storage is part of the critical infrastructure. From a security standpoint what did Decru do in terms of speed? What other things fit into, from a user perspective, where the security (for enterprise) what this means?

Kevin Brown: Sure. If you look at the history of storage it started out as direct attached … a little disk drive attached to a server. Over the last few years, to handle the explosion of data, as you mentioned data has increasingly been centralized into very large pools of shared data, and now increasingly being replicated… so there are multiple copies of that data. You take all your eggs and you put them in one basket and you make eight copies of that basket for disaster recovery and for information sharing and compliance. All of a sudden, what used to be little pools of data which were relatively separate are now all in the same basket. From a security perspective, this is a real problem. It gives you benefits in terms of not losing your data. There is a dilemma you want to make copies so you don’t lose it if there is a hurricane or some other type of disaster. You’ve got to have copies. But the more copies you make, the more risky it is in terms of theft. What Decru has come in with is a turnkey appliance, a piece of hardware very much like NetApp storage. We sit in the middle of the data path, and we can encrypt selectively everything at wire speed. Our new box that we just launched, our 10 port box, we are doing a total of 10 Gb/second of throughput in single box. These are very, very fast pieces of hardware. We can do it invisibly without changing any of your existing infrastructure or workflow. It’s taking something that is very hard and applying military grade security. We are used on the battle field today by the military. Those same boxes are now being plugged into credit unions to protect your credit card number.

John Furrier: That’s unbelievable. Basically, it evolves to… First, it was secure your network. Now everyone is always connected. Now the next phase is secure your data. It is obviously key.

Kevin Brown: It’s a good observation. Where security started, ten years ago you would telnet to each others computers over the Internet. It was totally cool. People started to realize there are a lot of threats over the Internet. So today if you plug in a network without a firewall you are fired. Things start as a good idea maybe for the military or banks, but then really quickly move into best practices. Data encryption. If you look at data in flight, like shopping on the Internet, you wouldn’t shop on a site that didn’t have a secure webserver or Https. You just probably wouldn’t do it, because you would be concerned about your credit card. How much more so for the company that is storing 14 million credit cards in a server and they are sitting there all in clear text…readable formats? That is just the way the storage grew up. You start from these little pools of data. They never changed the formats. What we’re doing is we are trying to change that, so that you have layers of defense. So that whether you are a bank or an HMO or the government or a manufacturing company…everyone has secret data that they are trying to protect. As you look at the layered defenses… one sort of tongue and cheek comment from our team was, “What do you call a firewall with a lot of holes punched in it to work from home and to work with partners? That’s called a router.

John Furrier: It’s unbelievable; you have to really protect that data. You can’t side load anymore. Everything is about complete ubiquity in terms of access. Let’s talk about the announcement. You are announcing at NetApp today a new initiative. Talk about the new initiative you are doing. It is called Uncompromised Security.

Kevin Brown: What we are trying to do is to put a wrapper around all of the different initiatives and product announcements and so forth that we have within the company so that people understand the direction and where we are going and the commitment that we are making to the customers. I just came back from Wall Street. Some of biggest customers just came back from a meeting with a lot of the Fortune 500…a meeting on Capitol Hill with legislatures. There is a real concern about we need the tech vendors to make a real commitment to securing data, to building security into their systems. We are responding with is, really, that commitment of, “we are going to build products, we are going to partner with other companies to make it all work, we are going to organize ourselves in a way that we can very quickly integrate in this area.” There is a pretty holistic push. There are a number of products, for example, which really come with substance today. For instance, NetCash product for the Internet access, gateway security, the Decru products that we are shipping today many, many large customers using that in production today. Iron Mountain, for example just announced that they are using it for all their data and they’ve now recommended to all 40,000 of their customers that they ought to encrypt data before giving it to the courier. We are making a pretty big push around the technology itself and also all of the business backing. There is no one product that is a silver bullet. This is a sustained initiative. What our customers told us is it is important for our vendors that we rely on to invest in us.

John Furrier: You guys are using your leadership position as a company to go out and spearhead… pulling together the policy side and the business side… leading the charge of what the policy should be for data security.

Kevin Brown: Yes that’s right. And we have been serving as a resource for Congress, who is starting to look at these issues that involve technology. We have been asked. We have met with various Congress People and their staffs, to talk over these issues, to make sure that we can help streamline legislations and regulations for companies, so that it makes sense for them. We can do all the things that are needed to protect consumer data as well.

John Furrier: You mentioned in your press release, it states, “The accepted definition of acceptable security is alarmingly weak.” What do you mean by that?

Kevin Brown: Let me give you a couple of examples, easy to understand ones. You look at backup tapes. They have been falling off the back of trucks, probably for a long time. It is only in the recent past that people had to start thinking about how much exposure there is. If you look at the new backup tapes that companies are using, you can hold almost a terabyte of data on a single tape. You are able to put all the data you want on that. You could put every credit card on the world on a single backup tape and put it in your back pocket. If you printed that much data out on paper, that’s twenty million pounds of paper. All the rules that have to do with, that have lasted for a million years, of what you do with paper or papyrus or stone tablets, all of those types of media which were well understood, the rules all change when you go digital. The issue that people have is they are starting to realize, “Wow, there is a lot of exposure.” Ninety-three percent of companies are sending these offsite with no protection at all. It is a matter of statistics. If you send around millions of tapes, some of them are going to fall of the back of trucks. Some of them are going to get lost. In this case, you can expose many, many millions of people. As a public policy issue and as a company’s responsibilities to its consumers this is a hot topic.

John Furrier: So this is where the encryption comes in I imagine.

Kevin Brown: Exactly whether it is a backup tape you want to have it encrypted in case it falls off the truck…or whether it is a big database holding millions of credit card transactions or bank account or x-rays…you can imagine the different kinds of data…source code, pharmaceutical designs.

John Furrier: It sounds so easy, just encrypt it. You are saying was it has been an issue of “slow”, “practices”?

Kevin Brown: If you look at today’s networks these are Gigabit Ethernet, 2 Gigabit fiber channel going to 4 Gig going to 10 Gig. These are very very fast networks. There are a lot of products than can do encryption. Encryption has been around for 4,000 years, but to do it fast in these kinds of environments without disrupting any of your enterprise applications or systems with all the interoperability and with a level of security that has been certified up to the military levels of security, that’s pretty unique. That is what people are looking at. If we are going to put security in we can’t have any of the compromises. We can’t have the tradeoffs of slowing down our networks, or making harder to recover data in a disaster. We can’t have it harder to manage. We are already up to our eyebrows in work. That is the set of data management challenges that NetApp excels at. The idea of simplifying data management now including not only the storage, but really the manipulation and the security of that data, that is the bigger vision that we want to make sure that people understand as we are rolling out new products, new initiatives, new partnerships.

John Furrier: What you are saying too is, “It is not just network-centric it is storage-centric.”

Kevin Brown: It is data-centric.

John Furrier: Exactly.

Kevin Brown: The other important thing about this is the customers are asking for us to have a very grown up and mature approach to this. They say, “Look we’ve got many different vendors in our data center…your competitors…different companies.”
We need solutions that work across all of these. One of the things we did, again to fit with this initiative, is we have carved a crew off as a separate subsidiary. That is fire walled off. So we can work with any storage company, even if they compete with NetApp storage products. We can collaborate with them to solve a customer problem, to work on engineering, interoperability, testing and all the things that make it easier for customers.

John Furrier: You have to get behind the curtain. You have to be exposed to some of the customers “jewels” in terms of systems, and that would include your competitors. That would make a lot of sense.

Kevin Brown: Yeah, think about IBM. They have had to deal with this. Everyone competes with IBM. Everyone works with IBM. They have learned how to deal with this. As you look at different companies like NetApp that are growing quickly, it is something where all of us realize that we need to be able to accommodate a more complicated model of working for customers’ benefit.

John Furrier: Well Decru is a great solution. We are here with KEVIN BROWN the VP of Marketing of Decru, a NetApp subsidiary company…fire walled off to work with customers in all types of areas. Final question for you, what types of solutions can NetApp customers and Decru customers see in the next year or two?

Kevin Brown: I think you’ll see us continue to innovate in terms of being able to cover the entire enterprise with a single platform. We’ve already rolled out NAS, DAS, SAN, and ISCUSI Tape. We’ve just rolled out SCUSI tape. We rolled out our new 10 port encryption appliance, software that automates all the key management and really bundling this together with NetApp storage and other solutions to really make it easier for customers. If you look at the analogy of the car, when they invented the Model T, it didn’t have any windows, locks alarms… today you just wouldn’t buy a car with out security. There’s one button on your key ring that turns it all on and off. It is very simple, even though that is different companies working together. It’s that same model for the customer. We’ve got to make it simple. One button, simple, all works together, it’s tested, you get it and it works. That is really where a lot of the focus is in terms of partnering, in terms of solutions, testing and innovations. We are really excited about the opportunity to work closely with customers to really solve some pretty challenging problems coming up over the next few years.

John Furrier: That is a great analogy. Make it comfortable. Make it work. Make things easier for customers.

Kevin Brown: Yes.

John Furrier: Well I do have one more question, which I realized that I wanted to ask. You mentioned that you were in D.C. What are some of the legal things? You were out with the founder of NetApp, talking to the legislators. What was the outcome of that? What were some of the discussions that you guys were having?

Kevin Brown: What is happening right now is there are a number of bills in Congress that are in committee and are being looked at and are working their way through. The way that D.C. works is they take the different bills and ideas, and they sort of combine during the process to come up with some sort of an aggregate… sometimes better, sometimes worse. The idea is some of the people who are writing this legislation today, either the Congress People or their legislative staff, we have been in contact with them. They asked if we could provide some perspective in terms of “how practical is this?” What is really the test? For example, if a tape falls of the back of the truck and it is encrypted with military grade encryption that is used on the battlefield today, is that good enough for credit cards? We think it is, but that is … a lot of these things that are a combination of public policy, business and technology. Where we have a unique role to play is we are working with government as a customer and in other ways. We are working with all the big enterprises and we make the technology. That is a place where we can try to contribute, to end up with a good win-win for consumers, for enterprises, for everyone.

John Furrier: The uncompromised security issue. How do customers get involved? Is there a forum? Is there website? How do people get involved with you guys?

Kevin Brown: What we would love to invite folks to do is to continue to track us. We have got a few customer newsletters and other ways that you can stay up on this. If your job involves data management and looking after the compliance and the safety of the data in the corporation, these are topics we think are pretty good to be smart about. We can certainly help out in terms of the technologies, how it is working, and some perspectives on how this rolls out. Again, what we believe is that there is no one point in time that you launch security and you’ve got it forever, right? It is an ongoing process. We would invite folks to stay in touch with us by our website or through podcasts like this, and to continue to educate themselves. We want to help out. From the perspective of technology, our commitment is we want to deliver a set of solutions that don’t compromise on either security…really give you the top end military grade of security when you need it… and don’t force you to compromise to trade off all of the things that have been painful in the past, whether it is performance or simplicity or inoperability etc. That is our brand promise, “How can we simplify data management? How can we let you get your business done with no compromise?”

John Furrier: Simplifying data management. We are here with Kevin Brown VP of Marketing with Decru a NetApp company announcing the Uncompromised Security Initiative – really pioneering a whole other level of our history, which is security-centric, data-centric…security and data. Thank you for the podcast.

Support out sponsors and download the NextPage client software to handle real time document changes!
Podcast sponsored by Nextpage.com
Support our sponsor NextPage.com - download their new viral “Digital Thread” technology to manage document chaos. Sign up for free, try it, then buy it

Find PodTech.NETwork on iTunes

Find PodTech.NETwork on Yahoo! Podcasts

Also check out the best spam firewall and spyware killer product for your enterprise at Barracuda Networks.
{Podcast sponsored by Barracuda Networks - Best Email Spam and Spyware Appliance and No per user license fee}

McDonald’sBlogOn InfoTalk PodTech.net PodTechTechnology Podcast Silicon Valley Technology Podcast John Furrier InfoTalk podcast shows PodTech.net

Support out sponsors and download the NextPage client software to handle real time document changes!
Podcast sponsored by Nextpage.com
Support our sponsor NextPage.com - download their new viral “Digital Thread” technology to manage document chaos. Sign up for free, try it, then buy it

Find PodTech.NETwork on iTunes

Find PodTech.NETwork on Yahoo! Podcasts

Also check out the best spam firewall and spyware killer product for your enterprise at Barracuda Networks.
{Podcast sponsored by Barracuda Networks - Best Email Spam and Spyware Appliance and No per user license fee}

Cathy Brooksevent InfoTalk PodTech.net PodTechTechnology Podcast Silicon Valley Technology Podcast John Furrier InfoTalk podcast shows PodTech.net

Support out sponsors and download the NextPage client software to handle real time document changes!
Podcast sponsored by Nextpage.com
Support our sponsor NextPage.com - download their new viral “Digital Thread” technology to manage document chaos. Sign up for free, try it, then buy it

Find PodTech.NETwork on iTunes

Find PodTech.NETwork on Yahoo! Podcasts

Also check out the best spam firewall and spyware killer product for your enterprise at Barracuda Networks.
{Podcast sponsored by Barracuda Networks - Best Email Spam and Spyware Appliance and No per user license fee}

Vassil Mladjov BlogOn InfoTalk PodTech.net PodTechTechnology Podcast Silicon Valley Technology Podcast John Furrier InfoTalk podcast shows PodTech.net

Support out sponsors and download the NextPage client software to handle real time document changes!
Podcast sponsored by Nextpage.com
Support our sponsor NextPage.com - download their new viral “Digital Thread” technology to manage document chaos. Sign up for free, try it, then buy it

Find PodTech.NETwork on iTunes

Find PodTech.NETwork on Yahoo! Podcasts

Also check out the best spam firewall and spyware killer product for your enterprise at Barracuda Networks.
{Podcast sponsored by Barracuda Networks - Best Email Spam and Spyware Appliance and No per user license fee}

Bill Flitter BlogOn InfoTalk PodTech.net PodTechTechnology Podcast Silicon Valley Technology Podcast John Furrier InfoTalk podcast shows PodTech.net

Support out sponsors and download the NextPage client software to handle real time document changes!
Podcast sponsored by Nextpage.com
Support our sponsor NextPage.com - download their new viral “Digital Thread” technology to manage document chaos. Sign up for free, try it, then buy it

Find PodTech.NETwork on iTunes

Find PodTech.NETwork on Yahoo! Podcasts

Also check out the best spam firewall and spyware killer product for your enterprise at Barracuda Networks.
{Podcast sponsored by Barracuda Networks - Best Email Spam and Spyware Appliance and No per user license fee}

Jeremey PepperBlogOn InfoTalk PodTech.net PodTechTechnology Podcast Silicon Valley Technology Podcast John Furrier InfoTalk podcast shows PodTech.net