Every few weeks a new security company is born. No matter what the brand or the segment, the data flow looks the same from on high: let’s get smart people and write some smart software, suck in all kinds of telemetry and samples, and produce threat feeds and reputation feeds, and then…profit! This plan works more often than not, due to the problem space and therefore the market continues to grow.
But why? Why if we’re putting that many smart people to work on security, and writing all that smart software, and making all this money, does the problem space, and therefore the market, continue to grow?
Are we doing this right — since everybody’s making money?
Or are we doing this wrong — and we’re a bunch of corrupt dolts who aren’t even recognizing the real problem or at least not trying very hard to solve it?
ISC’s theory is that the nature of information sharing in the security industry is part of the problem. Having N security companies each have 1/Nth of the available telemetry and samples means that nobody has a chance of seeing everything — and mostly nobody sees anything. To that end we launched in 2008 the ISC Security Information Exchange (SIE), and today (2012) we’re sharing about 500Mbit/sec of real time security telemetry.
Dr. Vixie, co-founder of ISC, will explain where we are with ISC SIE, how we got here, and where we’re going. Of special interest is our first “vertical application”, a high speed high quality Passive DNS database (ISC DNSDB), which Vixie will demo for the crowd in a couple of creepy ways.
For more information about ISC’s security project, visit ISC’s Resiliency and Security Forum.