Real world costs of APT to American Taxpayers

Bejtlich's analysis of a new report on the costs of the new USAF bomber and how much of those costs have increased due to China's APT program ($8B). That's just for this one project that falls under the Special Access Program. Tip of the iceberg, anyone?

DLP vendors and the top three threat vectors (OUTSOURCE!)

I've spent quite a bit of time over the last 6-8 months evaluating Data Loss Prevention solutions for several clients. Apart from the obvious (DLP pre-requisite of having an established data classification policy/program in place), the common thread across several verticals is the top three threat vectors being (gasp) Web, Email and Removable Media. What has surprised me the most during this process is how few of the leading DLP vendors actually can truly address all three. The buzz phrases du jour are data in motion, data at rest and data on the endpoint (which in most cases means managed assets like mobile laptops and not unmanaged devices like smartphones and tablets like the iPad). But how important is the fact that few vendors can adequately address all three vectors? Yes, a single vendor (best of breed or not) having a single interface to manage all three primary threat vectors (regardless of where the data actually sits) would be a best case scenario (budget not included). But I have also repeatedly made the argument that Web and Email threat vector mitigation are two of the easiest business responsibilities to outsource, and there are enough enterprise level SLAs out there to make that decision a no-brainer. So that technically (at this blog post date) leaves the removable media threat vector the last of the three top threat vectors left in the hands of any organization that chooses to outsource the other two. When batting .250 keeps you in the majors, two out of three is a compelling business discussion.