ALIST: Bill Roth of Log Logic

Name: Bill Roth
Title/Role: EVP / Chief Marketing Officer
Company: LogLogic
Product Focus: Security, Log Management, Compliance
Twitter Handle: @loglogic

1. What is your company’s flagship product, and why is it important for security purposes?
Our flagship product is our Open Log Management Platform, which collects, normalizes, indexes, stores, and searches log data automatically with our easy-to-deploy appliances or hosted solutions. This provides a platform for collecting system information from a wide array of products and devices, especially those related to security. Our security products, on top of the platform, allow system admins and IT security staff to analyze and correlate diverse log data in real-time for identification and management of security events.

2. What areas of security are most important to you professionally, and which do you enjoy working with most?
Security event management. The only true way to detect a security breach is by tracking what actually happens in real time. In addition, it is crucial to be able to understand the security profile across many different devices, systems, and environments, and to be able to correlate those events to detect sophisticated security threats. Personally, I enjoy working on the areas of security which most closely align with public policy, especially in areas like HIPAA and HITECH.

3. What is the most common security challenge you are brought in on to help fix on behalf of customers?
Vsibility of security events in an environment. Most customers we encounter are unaware of the scale of security information they have or do not know the scope of the security issues they have occurring right in front of them. Many companies are stunned to learn the amount of simple, out-of-policy activities that are going undetected in their organizations, such as illegal P2P file sharing or employee-driven data-leakage.

4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
These are three very different topics, each with a different set of security issues surrounding them.

Cloud computing security will be the most vexing issue in the foreseeable future for two reasons. First, it will be vexing because the subject is so ill-defined. Second, because the fundamental essence of cloud computing is to trust your computing assets to “the network.” As soon as you begin to broadcast any of your bits to the internet, your security exposure goes up by several orders of magnitude. Much more attention will need to be paid to secure cloud computing in the future.

The juxtaposition of virtualization and security results in no new security issues, just more of the security issues we already know about. Virtualization is, at its core, about making the hardware boundaries more flexible so that you can run more “images” on the same amount of hardware. This means a proliferation of events to watch and an explosion of correlations to watch for.

Of the three topics mentioned, social media is the likeliest to be transformative. Social media is essentially a means of exposing fine-grained information about oneself, one’s assets, or one’s behavior. This implies a more fine-grained analysis of who has been granted what data, and in what context. The implication of this is that fine-grained authentication and authorization will be more important than ever.

5. Tell me what your most pressing security concern is over the next 1-2 years.
Providing people with the ability to comply with the suite of security and privacy laws around the world. With the major portions of the HITECH act coming into force this year in the US, and with federal penalties of up to $1.5M, my most pressing concern is being able to provide products to protect our customers. I have the same concerns for EU legal regimes.

6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
Oddly enough, RSS via FireFox’s Live Bookmarks feature allows me to quickly scan the day’s news and to get up to date quickly on what is happening around the world. Using this feature, I can quickly scan 5 major newspapers (San Jose Mercury News, New York Times, Washington Post, Wall Street Journal, and USA Today) and 10-15 trade publications. I am a huge fan of CMO.com, from Adobe’s Omniture unit. To be honest, I do not get much information from Social Media. But that is another story for another time.

7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
While systems security is vitally important, security is not just about security products. It is about people, process, and products.

Several recent studies have shown that the greatest sources of security breaches are not from hackers or terrorists, but from people inside your organization. A holistic approach to security involves good systems monitoring, to be certain, but also involves making sure the right processes and people are in place as well.

_________________________________________________

Thank you for playing Bill!

For those of you who want to learn more about the people and process part of this equation, please view one of our archived Security Policy Webinars, courtesy of Erin Jacobs and Anue Systems. We also recommend you sign up for the next three so you can earn your certification in Security Monitoring Optimization!

While this is most certainly a time to enjoy family and be together, I want to take a brief moment to express gratitude for the good things that have befallen our company in the past year.

Harkening back to a weekly sports column I wrote in 2008, I offer you MeThinks. The official definition of the word is “it occurred to me”, so today MeThinks I am thankful for:

1. Every single one of the 500+ customers who have bought Network Emulators and Net Tool Optimizers from Anue Systems in our seven years of existence.
2. Our outstanding group of channel partners who are out there in the field spreading the word about Monitoring Optimization and Pre-Deployment Testing
3. Erin Jacobs, Mike Pennacchi, and Branden Williams, the three thought leaders in packet analysis, security, and PCI compliance who are presenting their outstanding knowledge at the Eye on Security webinar series.
4. Every out of band monitoring tool vendor, without whom Monitoring Optimization would be merely words on a page.
5. Our competitors, for pushing us to make our Monitoring Optimization solution better and better with each passing month.
6. The good folks who offer outstanding and free social media tools such as Twitter, LinkedIn, Facebook, PitchEngine, and WordPress. Social media is here to stay, and we are glad to have the opportunity to take part in the community itself.
7. The City of Austin for providing us such a beautiful city and highly educated population with whom we can interact, work, and thrive. We can’t say how important it is to operate in such a progressive, innovative, and open-minded culture.
8. All of our hard-working employees who have helped poise us for continued growth heading into next year.

And finally, we are thankful for you, the readers of this blog. Without you, these words are just words, but with your gracious attention and feedback, we can enjoy a continuous and rewarding conversation.

MeThinks 2010 will be a great year to know Anue Systems. Join with us for this exciting ride.

Couldn't have said it better myself!

ALIST: Johnnie Konstantas of Altor Networks

After our one-week hiatus from the ALIST series, we turn our attention back here to profile a key executive at Altor Networks. Johnnie Konstantas has a long track record of technical and marketing leadership success at leading companies such as Juniper Networks, CheckPoint, and most recently, Varonis Systems. Now, she leads the charge to market Altor Networks’ virtualization security products. Let’s get right to the interview…

Name: Johnnie Konstantas
Title/Role: Vice President of Marketing
Company: Altor Networks
Product Focus: Security for virtual data centers and clouds
Twitter Handle: @altornetworks

1. What is your company’s flagship product, and why is it important for security purposes?
Altor Networks’ flagship product is Altor VF – an industry first purpose-built firewall that offers comprehensive security of virtualized networks and the hypervisor. Now in it’s third major release, the Altor solution protects virtualized servers and the platform they run on from unwarranted access and malware without impacting throughput or virtualization’s scalability (i.e. vMotion, DRS).

2. What areas of security are most important to you professionally, and which do you enjoy working with most?
Virtual network and cloud security impact me most at the moment, since it’s my current charter to educate the market on the risks and mitigation strategies. After [having spent] 16 years in the market, there are a lot of areas which fascinate me, although I have to admit that, in this place I find myself now,  there is extreme gratification in seeding and educating a market on what you know to be imminent risks. You feel a little like Steve Carrell playing Noah in Evan Almighty, trying to convince the townspeople to come to the boat.

Evangelism: Explaining Virtualization Strategy Akin to Noah's Quandary

3. What is the most common security challenge you are brought in on to help fix on behalf of customers?
Restoring the virtual environment to a compliant or compliance-acceptable security posture is the biggest driver to Altor deployment at the moment. People virtualize their servers and then someone asks “How are we going to demonstrate access control enforcement and separation of duties?”

4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
Enterprises of all sizes are shifting their workloads to virtualized platforms in droves. When they do, the questions start flowing: How do I demonstrate compliance? How do I segment my resources? How do I control VM sprawl and mitigate security risks? There are available products and approaches, but the degree to which they preserve virtualization’s savings vary, so I suspect there will be a rush to educate and implement. To the extent that clouds may use virtualization as their platform, the net effect is the same. How do I protect my business and my customer’s assets?

[Companies need] corporate guidelines in play regarding what can be shared outside the firm via social media outlets, which largely requires that  people know the right thing to do. That effort is largely a focus on  building and “socializing” (pardon the pun) proper use policies.

5. Tell me what your most pressing security concern is over the next 1-2 years.
I worry that, in a rush to build green, efficient, data centers, well-intended folks who are short handed and following corporate mandates may shortchange security in the architecting of these new networks. I worry that my personal information maybe more at risk in the next two years than it is today.

6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
All of the above. It is imperative to leverage the “groups” features of the various social media outlets so that you not only get the latest breaking stories, but for me as a marketeer, I need to understand what the prevalent attitudes are about a company, a market, a trend, etc.

7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
Assuming that you are using some sort of cloud service (and chances are good you are, i.e. Gmail, Hotmail, Salesforce), make sure you know what protects your piece of the cloud from someone else’s? What one measure, policy, or guarantee can the provider make to you?

SPoT: David Mortman / @mortman

Today we focus on a gentleman who we have followed since our very early days on Twitter: David Mortman. According to his bio, Mr. Mortman is a CSO who is currently seeking his new adventure, so if you like what you read here, perhaps you can explore working together.

Together with Alex Hutton and other leading security experts, David is one of the masterminds behind The New School of Information Security. Take a look at David’s most recent post titled Meta-Data? for a good read about the appropriate level of information that is required to have important strategic discussions about security. The post has already spawned a conversation within it’s comments.

Real Name: David Mortman
Twitter Handle: @mortman
Top 3 Social Media/Networking Sites:
Twitter is the main one I use, although I have accounts on Facebook and LinkedIn as well

1. In which area(s) of security are you most involved?
These days I’m largely involved in management, risk, privacy and compliance, although I still do some technical security work as well.

2. What security topics will be the most important in the next 18 months? Why?
Compliance by a long shot, there are lots of new regulations on the horizon, plus PCI and the new changes to HIPAA, all of which will keep lots of folks busy.

3. Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
One of my personal long term goals is for business stakeholders to better understand what security can and can’t do for them.

4. Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
Twitter started out as just an convenient way for me to keep in touch with peers in a more interactive way than  email. It quickly became a great medium to launch discussions about security and privacy issues.

5. Name one security peer whom everyone with an interest in Network Security should follow. (Okay to name 2 if you can’t decide on only one)
Jeremiah Grossman (@JeremiahG), Alex Hutton (@AlexHutton), and Shrdlu (@shrdlu) [EDITOR'S NOTE: Does anyone actually know @shrdlu's real name?].

6. What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.
I think that having security concerns with social media and cloud services is important, but that they are often over-hyped in the media. My biggest concerns are around reliability with regards to uptime / data recovery and compliance. Largely going to the cloud isn’t significantly different than other forms of outsourcing, provided you can get the appropriate protections for your business. This does mean that you can’t just use any cloud service “willy-nilly”, but that’s not any different then any other outsourcing agreement. As for social media, this is largely an education issue, similar to what companies have had to deal with in  public IM services that have been around for over a decade now. We just need to remind employees what is and is not appropriate to discuss, and remind them that social media is, in fact, a public forum.

7. What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?
RSA, Blackhat/Defcon and any conference I am at .

Seriously though, I hear great things about Shmoocon, Toorcon, and SecTor.

Security Pros on Twitter (SPoT) Series Wrap Up

We have greatly enjoyed networking with all of these impressive SPoTs, and we hope you have also found the content enjoyable and informative.  Our next series will profile some key technical sales personnel at security tool companies, and we hope you are looking forward to it as much as we are.

As always, we want your feedback. Got a hot topic you want to see discussed on here? Want to contribute a guest post? Have an idea for an interesting additional series on any topic in network monitoring or security? Bring ‘em on; we’re all ears.

SPoT: Michael R. Farnum / @m1a1vet

Welcome to today’s entry in the ongoing SPoT series. Today, we are covering someone who serves a different role in security, Michael R. Farnum, who is a Pre-Sales Security Engineer for a VAR / Consulting company. Most of our SPoTs to date have been client-side practitioners, but that is most certainly not a requirement to be considered a “Security Pro”. Mr. Farnum is also known for his role in An Information Security Place, a blog which offers insightful security podcasts a minimum of once each month. The podcast discusses a range of topics, including hacking, security breaches, PCI, vulnerabilities, security/compliance audits, and cybersecurity.

Real Name: Michael Farnum
Twitter Handle: @m1a1vet
Top 3 Social Media/Networking Sites:
Twitter, LinkedIn, YouTube

1. In which area(s) of security are you most involved?
Because I am a pre-sales security engineer for a security consultant / VAR, I tend to have my fingers in a lot of pies.  I talk to clients about risk, compliance, and security assessments.  I also talk to them about security technologies to fill the gaps found when doing a gap analysis or assessment.  I have to keep pretty current in those areas as best I can [to] find opportunities to help my clients.  I also podcast about security quite a bit (since Twitter and work has pushed down my blogging volume).

2. What security topics will be the most important in the next 18 months? Why?
I think more and more disillusionment with PCI will really begin to cause the PCI Security Standards Council headaches.  I believe you are going to see some big push back on PCI DSS by companies of all sizes, as more and more money has to be spent on keeping “compliant”.  Though I have had major issues with Robert Carr, CEO of Heartland Payment Systems, in his recent interviews, I believe the auditing process has really come under fire lately and will continue to do so.  It is a broken model.

Of course, cloud computing will continue to move up and up in everyone’s mind, in both infrastructure and, necessarily, security.  Even if the economy improves, I believe this is a train [on which] more and more companies will jump, to varying degrees.  And specific to compliance, if cloud providers can start showing that compliance headaches can at least be eased by the Cloud, then it will grow even more.  I know that is a huge question, but if they can at least make CEOs and CIOs believe it, the Cloud will grow.  I don’t like it, but there it is.

3. Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
Let me change the focus of this question.  I think the failure to secure one’s business infrastructure is a failure of basic responsibility.  This is not just a business stakeholder issue, because security is not just about the ability of the business to turn a profit.  Of course, security is a driver for profit if done right and applied correctly.  But if the economy as a whole has major issues, then that business and every other business will begin to feel pain.

Here is what I mean.  Good security measures contribute to the whole economy.  Just like businesses often become a part of their neighborhood or the community as a whole by contributing money and resources for good causes, those businesses should also contribute resources to the security of the Internet as good Internet citizens.  They must look at how their security posture affects the whole of the Internet.  The Internet is, obviously, a huge part of the economy.  When a company becomes a cesspool of malware, they become a hindrance and a detriment to that economy.  Business over the Internet is not going to stop, but I wonder how much better it could be if even one third of businesses would clean themselves up.

4. Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
Twitter started out simply an outlet for my way of thinking.  I am a “snippet” thinker.  I am a quipper, if that is a word.  I used to blog a lot, and I felt that I always needed to expand on my thoughts when I blogged.  But I often simply wanted to kick out a thought and just forget about it, or at least save it for later.  Twitter gave me a way to do that without feeling “guilty” for not expounding.  I sometimes get into trouble via Twitter, but that is because I sometimes quip without thinking first.  There are a lot of people doing research on various subjects and products via Twitter, so I have to be careful.

That same dimension of Twitter is what makes it so valuable.  So many people are giving their “two-cent’s worth,” that I can literally come up with ideas on security which would never have naturally occurred to me without the inspiration from some Infosec Twit.  It gives me options to take to clients.

5. Name one security peer whom everyone with an interest in Network Security should follow. (Okay to name two if you can’t decide on only one)
Without a doubt, Chris Hoff (@beaker) is on of the top on my list.  His insights into security continue to astound me.  He is always on the forefront of security ideas, and his spectacular imagination makes his method of dispersal of those ideas entertaining.

6. What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.

The Cloud: A Modern-day Jabba the Hut?

As stated above, cloud services make me nervous.  I used to trust that “blob” out there where all my lines seem to terminate in the Visio drawing.  But now that cloud providers want to get all my data floating out there, that trust has diminished quite a bit.  I just don’t see the same enterprise that is buying DLP letting all their data go into this mass that looks more and more like Jabba the Hutt everyday.

Social media is going to grow and grow and grow.  I can’t go a day without hearing about another social network.  I don’t think it is a fad.  But it will continue to cause great security fears for me.  I no longer have a Facebook account, because I just got sucked into it so quickly that I was not guarding my content very well.  Yes, I only allowed certain people to see my page,  but the temptation to let more and more people see it was getting out of control.  That is why it never ceases to amaze me how so many security folks have Facebook pages and are on other social media sites.  I don’t fault them.  if they weigh the risk and deem it appropriate, then more power to ‘em.  But I know my propensities, so I had to stop myself.  If you are an infosec professional, then you have to look very closely to see if those types of sites are good for you [or not].

7. What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?

• I am more and more into local user groups and conferences.  I have attended TRISC here in Texas, and I attend local ISSA meetings.  I am also looking to start up a local Houston NAISG chapter.  That kind of event appeals to me.
• The RSA Conference is something I attend more for the socializing aspect (security bloggers gathering).
• BlackHat/Defcon are a must if you want to rub elbows with the geekier group.

This week we offer you Erin Jacobs, the first of two female Security Pros who have agreed to participate in the SPoT series. Ms. Jacobs goes by “SecBarbie”, or Security Barbie, on Twitter, a nickname she adopted after attending a SANS Conference in 2003. We won’t steal her thunder by telling the story in our own words, but you can read it for yourself on the About page for her blog, Security Sociability.

SPoT: Erin Jacobs (@SecBarbie)

Real Name: Erin Jacobs
Twitter Handle: @SecBarbie
Top 3 Social Media/Networking Sites:
Twitter, FriendFeed, foursquare

1. In which area(s) of security are you most involved?
By Day: Security Compliance, Policy, and strategic forecasting.
By Night: Social Media Security, OS X Security, Social Engineering, and Tech Addict.

2. What security topics will be the most important in the next 18 months? Why?
Mobile Malware attacks: It’s the most logical and largely unprotected space in corporate networks. With the ease of receiving and housing wonderful bits of malicious data though over-the-air transmission, then bringing it back to sync and spread to corporate network from the inside, this is going to be one sexy topic in the next 18 months.

Social Networking Security Compliance: Controlling information about an organization that is being transmitted outside of company networks, not on company equipment but by employees, is already proving to be challenging. This will lead to ease of Social Engineering attacks, as well as changing the landscape of how security professionals direct their efforts.

3.    Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
Sense of entitlement to be exempt from security controls is, and likely will always be, one of my biggest pet peeves. Network and Information Security is everyone’s responsibility, and more so for key stakeholders. Understanding what key stakeholders perceive as important information and what they would consider damaging to the business if there were to be a breech is key in communicating why exemptions should NOT be made, as well as ensuring adequate controls.

4.    Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
Twitter became part of my life in early 2007, but it wasn’t until I attended an industry conference that I really saw great value. Twitter has proven to be a very powerful networking tool, both professionally and socially. It’s also a fantastic barometer of what is going on in the information security space for me, as I follow a lot of people who author some of the most ground breaking research in that space. Twitter also can prove to be a great release, a place where it is okay to be a real person.

5.    Name one security peer whom everyone with an interest in Network Security should follow. (OK to name 2 if you can’t decide on only one)
Ryan Naraine (@ryanaraine)
I’ve followed Ryan about since I first got on Twitter, and his tweets are always extremely interesting and generally full of knowledge or good links. Overall, it’s a great Twitter feed to follow.

6.    What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.
Of the top concerns that I see in cloud services especially in social media are the overstated security controls within these multi-tenant environments, as well as the privacy law and regulations in regards to jurisdiction over data based upon physical presence of the hosting.

7.     What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?
Look for Barcamps or Bsides conferences in your area, these events are wonderful in that there is little or no cost, and it will build your ability to interface with local security professionals.

SOURCE Conferences are the best conference where price and networking abilities are pristine. Top rated speakers are at SOURCE Boston and SOURCE Barcelona, and with the smaller conference size, networking and actually interfacing with industry experts is a lot easier.

RSA Conference is a networking dream for security professionals on a grand scale. It’s very easy to get lost in the crowd at this conference if you do not have the best social skills.

When monitoring networks and applications, it is important to have full visibility or coverage of the network where those applications operate. However, even for data centers that employ an assortment of monitoring tools, it is very difficult to achieve full visibility. This happens for many reasons.

1. Today’s networks are extremely complex. The high cost of tools inhibits network operations teams from deploying a tool on every segment that requires monitoring.
2. Data centers have a limited number of available network access points (SPANs and/or TAPs). Even if network operations were to purchase duplicate tools, where would they attach those tools?
3. Some tools need to see a “big pipe” view, meaning they need access to data from different network segments. Without some form of aggregation solution, there is no practical way for technical teams to get all the required data to these tools with the above types of infrastructure limitations.

Monitoring Optimization solves these problems, enabling full coverage and visibility into the network. Monitoring Optimization products can be customized to accommodate different counts of network access points and tools. Then, once all of these assets are attached, users manage setup, configuration, and management from an intuitive GUI. Basic and Boolean filtering techniques are then used to aggregation, multicast, or broadcast network traffic to the tool(s) that require that data to do their jobs. In this way, network operations and security teams can enjoy the visibility that today’s data centers require to achieve full coverage of the network.

The cost of incomplete network coverage

Network coverage is most important in two key areas: application performance and security/compliance.

Application performance is much more than just avoiding complaints by frustrated employees who cannot download video efficiently. Particularly for industries such as financial services, etailers/retailers, and other high-volume businesses that require 24×7 availability and reliability of the network, the cost of failure can be enormous. Failure, quite simply, can result in lost revenue, and ultimately, lost customers.

However, application performance and availability are very difficult to tie to a specific cost estimate, because there is not a one-to-one correlation between performance issues and revenue. Regardless of this problem, here are some anecdotal industry estimates we’ve found that estimate the impact:

Forrester Research: 1.0-3.6% of annual revenue

Network World: up to 9.0% of annual revenue

1. Half of businesses surveyed have “lost revenue opportunities because of poorly performing applications”
2. 45% of respondents are concerned about lack of visibility into application performance

Security and compliance have one big attribute in common: it’s all about risk. To date, full coverage has been difficult (or even impossible in some cases) to achieve for the reasons cited above. As a result, network operations teams have had to make tradeoffs between full coverage and cost. In many cases, they choose to only monitor key segments and protocols that are the most risky.

The problem with this approach is that some portion of the network is omitted completely, and it is highly unlikely that these teams are staying on top of any of the ongoing changes in the network to ensure a consistent level of coverage is maintained. In this scenario, the cost of continuing to make tradeoffs is equal to the likelihood of facing legal issues (in percent) multiplied by the expected cost-per-incident.

NEXT:  ROI for achieving full network coverage/visibility

Last week, we highlighted Network Performance Daily, the primary blog managed by NetQoS. Today, we turn to a resource that focuses on a similar topic area:

Network Observations

Network Observations Screenshot

Network Observations is authored and managed by Network Instruments, a provider of network and application monitoring solutions. According to the blog archives, this resource appears to have been live and available since May, 2007, so it has been around for a couple of years now. Topic areas are focused on emerging trends in networking, as well as network analysis commentary and technical issues.

This blog is written by three members of Network Instruments. Stephen Brown is the company’s Product Marketing Manager, bringing “nearly a decade of experience in network management and security.” William McClain serves in the role of Marketing Communications Specialist, and he authors white papers and networking related articles in addition to contributing to the blog. Finally, and most interestingly, we have “SecurityDude”. Although SD remains anonymous for an unspecified reason, he offers a wealth of knowledge on storage and security, which we all know are crucial topics in monitoring. He is also a certified CISSP-ISSAP with 20 years of experience in secure networking infrastructures.

Primary topics of focus on the blog are:

• Application Performance
• Compliance
• NetFlow
• Network Analysis
• Security Forensics
• VoIP
• WAN

Another nice feature that we don’t see on many blogs is their list of “Recommended Posts”. Specifically, the following posts caught my interest:

• Gazing Into My Crystal Ball
  
• Common VoIP Myths
• To Span or Tap

Even though postings are infrequent (app. monthly), the blog managers/writers do a great job of mixing commentary on issues, their own messaging, and links to relevant topics of interest. For example, on December 10, 2008 they posted some interesting Network Management Links. Earlier, SecurityDude included a list of “Greatest Hits” from his first year on the blog. Take a look at the information in those two posts to get a flavor for what they are doing. The great part about this blog is that you don’t need to check back daily or weekly to catch up on what they are discussing. Just poke your head in the door every few weeks to see what hot topics they’ve taken on most recently.

Come back once you review the site and let us know what you think in the comments section. And if you know of another resource that is deserving of our attention, please feel free to reach out to us directly. Enjoy!

Welcome to the third installment of “Monitoring Resources” on The Network View. We hope you have found our previous recommendations, MonitoringTools.com and TaoSecurity, both useful and valuable resources. Now we turn our attention to one of our favorites, LoveMyTool.

LOVEMYTOOL

The LoveMyTool blog (LMT) is maintained by a team of very technically adept professionals, including our good friend Tim O’Neill, whom many of you likely know by his online handle, OldCommGuy^TM . Other regular LMT contributors include Denny K. Miu (StartupForLess.org), Tony Fortunato (The Tech Firm), Sake Blok (Wireshark Core Devloper), and Ray Tompkins (Forensics & Training).

One quick look over LMT and you will realize that this is an outstanding resource for thought leadership commentary, current trends, and hands-on tips and tricks for managing network monitoring. As you likely already realize, this is not a small topic. The team does a great job of digging into a slew of related topics including CALEA, SOX, HIPAA, VoIP, PCI Compliance, Forensics, User Experience, Application Performance, Data Loss Prevention, and Lawful Intercept.

What makes LMT even more unique is the way they embrace partners and vendors to help join in the fun. If you are reading this blog, you already have a general idea of what Anue Systems is all about. We are such big fans of LMT that we have decided to both contribute content and to sponsor the site for the first part of 2009. You can find this and all of our blog entries in the Anue “widget” on the home page of LMT, and you can view the posts we have contributed so far via the following hyperlinks:

How to Monitor 10G Networks with 1G Tools

More Aggregation Less Aggravation

This is one of the best blogs on the web for keeping up with the latest news and technologies surrounding network and application monitoring. Here is a sampling of some other great topics that LMT has covered in recent months:

Outlook for Satcom and Netcom Markets (Tim O’Neill)

Identifying Slow Server Response at Packet Level (Chris Greer)

OSTU – Wireshark Case Study: Benchmark Test (Ray Tompkins)

“Aggregation Tap” versus “Tap Aggregation” (Denny K. Miu & Tim O’Neill)

Accurately Measuring VoIP Performance (Robert J. Merrill)

As you can see from this sampling of content, LMT manages to provide quality, useful content from a variety of sources, both internal to their contribution team and from industry experts themselves. Take a few moments today to dig into LoveMyTool.com. You’ll find it is well worth your time.