My Photo

Archives

More...

About

OASIS-08

  • 27a

Got the NAC

« December 2008 | Main | February 2009 »

January 2009

January 21, 2009

A Blast From the Past

Even as some 2 million people (myself included) descended on our nation's capital to party like it was 1999, enterprise network admins were reminded this week that the worm party is not yet over.  In the event you've been caught in an inauguration trance, Conficker (aka Downadup, aka Kido) has managed to infect over 9 million computers by some estimates, with the majority of those infections inside corporate networks.  While Conficker is highly blended (including backdoor command and control along with agressive propogation), the true intent of the malware's authors, beyond rapid spread, does not yet appear known.  However, at least one theory indicates that we'd rather contain and remove this threat before finding out what the authors are really up to.


While we at Mirage take some comfort in the fact that our customer base can detect and contain the Confickr worm with our default out-of-box ruleset, I must admit that I find this latest threat a bit surprising.  I, along with many others, have believed for some time that the days of rapid propagation were over, with malware authors opting for stealthy, long-lived botnets over headline-grabbing infection rates.  Time will tell, I suppose, where this goes and what the authors have in mind.  In the meantime, it's one more reminder that the ability to quarantine must be extended throughout the network access lifecycle, not just at connect time.  Traffic filtering as a post-admission strategy is insufficient for inside-inside propagation that leverages MS Networking (not to mention sneaker nets).  Infection via USB drives also renders fully patched systems vulnerable.  A deep defense is key, and NAC (applied fully throughout the lifecycle) should be the foundation upon which it's built.

Posted by Grant Hartline on January 21, 2009 at 12:02 PM in Network Access Control | | Comments (1) | TrackBack (0)

January 14, 2009

Mirage Beats Cisco in 2008 Patents

Network World has an interesting article up on patents granted in 2008.  While the thrust of NWW's article is that over 50% of US patents in 2008 were granted to non-US based companies, I think they missed the real story.  In addition to having a vastly superior NAC product, Mirage beat Cisco in 2008 patents.  According to IFI, Cisco had 704 patents granted in 2008.  Mirage had one.  How is one greater than 704, you ask?  Simple math (unlike the goofy highly complex math of BCS rankings).

Mirage has 60 employees worldwide, which gives us a patent-to-employee ratio of .017.  Cisco, according to yahoo finance, has 66,129 full time employees worldwide, giving it a patent-to-employee ratio of .011.  Thus, it takes Cisco 94 employees to get a patent, where it only takes Mirage 60 (proving Mirage employees are 63.8% smarter than Cisco employees).  A decisive win, I would say.

How is that the mainstream press always misses the mark?

Posted by Grant Hartline on January 14, 2009 at 01:39 PM in Network Access Control | | Comments (0) | TrackBack (0)

January 06, 2009

Rating College Football Teams (or NAC products)

It remains difficult for me to see how anyone can concentrate on work this time of year.  The first 7-10 days of January, it seems to me, are for spending time with friends and family, reflecting on the year past, and setting goals and plans for the year ahead.  Most importantly, of course, they're for watching college football.  For those of you who don't know, Mirage is based in Austin, Texas, home to The University of Texas Longhorns (yes, capitalization of the 'T' is required).  The Longhorns, as any true college football fan is aware, were utterly screwed out of a championship game this year, forced instead to watch a team they beat in heads up competition play for the national title.


Now, much like with the Electoral College system, I try to avoid getting sucked into conspiracy theories over the current BCS system.  This year's, however, seems beyond the pale, for the simple reason that play on the field was ignored.  With two teams as closely competitive, as well performing and well respected as OU and UT, it is simply inexplicable how anyone can ignore the results of heads up play.  Here's the 5 point speech:

1.  Oklahoma and Texas each finished the regular season with the same 11-1 record.
2.  The strength of schedule of the two teams is virtually identical:  same number of games against opponents with 9 or more wins (5); Oklahoma played one more top 25 ranked teams than Texas did (5 and 4, respectively); but Oklahoma also played more games against teams with no more than 4 wins (3 and 2, respectively)
3.  Texas beat Oklahoma 45-35 on a neutral field in the annual matchup
4.  Texas destroyed Ohio State University 24-21 in the Fiesta Bowl
5.  Number 4 is a bit dodgy; did I mention that Texas beat Oklahoma on a neutral field?

The point is that what happens on the field matters.  Or at least should.  If Oklahoma beats Florida Thursday night, people will refer to them as the National Champions of college football.  Yet they lost to a BCS bowl winner.

That just doesn't make sense to me, any more than the generally taken reference that Cisco has the "Number One" NAC product, when we continue to replace them in account after account.  And can anyone give a coherent description of Cisco's migration plans surrounding the discontinuance of CCA?  Or a "tie-breaking" system that favors the loser over the winner?  Anyone?  Bueller?

Posted by Grant Hartline on January 06, 2009 at 02:00 PM in Network Access Control | | Comments (2) | TrackBack (0)