Richard Stiennon

Chief Research Analyst

IT-Harvest


Survela Aims to Protect Your Personal Brand

Posted on: 14 Jan 2014

Most organizations are familiar with Mark Monitor, A Thomson Reuters  service that continuously scans the Internet for abuses of brands and intellectual property. If a counterfeit website or even a domain is registered Mark Monitor will alert their client’s legal team. Now there is a similar service for your personal brand. Survela is easy to…

Three Must Watch Videos to Understand Why Bitcoin is Disruptive

Posted on: 14 Jan 2014

Bitcoin was the hot topic of summer 2013. It lost some of its luster when the largest Chinese exchange, BTC, announced it was no longer taking deposits in Yuan, and China’s central bank banned financial institutions from accepting Bitcoin. However, Bitcoin stays in the news as online merchants such as overstock.com announced that they are accepting…

Thoughts on Boycotting the RSA Conference

Posted on: 07 Jan 2014

[Full disclosure: As an industry analyst I conduct business with RSA, the security division of EMC, including white papers and recording videos of key executives and customers.] Update Jan 12, 2014:  The Guardian reports that privacy rights groups are petitioning Stephan Colbert to boycott the RSA Conference. My reaction to the several calls that have been made by well-respected security researchers, most notably…

Schneier Joins Co3 Systems as CTO

Posted on: 06 Jan 2014

Security incident handling software company, Co3 Systems, announced today that Bruce Schneier had joined the company as CTO. Schneier is a highly regarded author and cryptographer who writes frequently on topics of privacy and security. Recently he was called on to help interpret documents revealed by Edward Snowden that uncovered the NSA’s subversion of a NIST…

Will FireEye’s Acquisition Strategy Work?

Posted on: 05 Jan 2014

Most of the press and preliminary analysis of the FireEye acquisition of Mandiant has been exuberant. The New York Times got to break the news just after the first of the New Year although the deal closed December 30, 2013. Of course the coverage contained the usual predictions of industry consolidation. This is not a consolidation play,…

Growing Boycott of RSA Conference 2014

Posted on: 05 Jan 2014

[Full disclosure: As an industry analyst I conduct business with RSA, the security division of EMC, including white papers and recording videos of key executives and customers.] It began with a Reuters story from Joe Menn: Exclusive: Secret contract tied NSA and security industry pioneer in which it was disclosed that RSA, the crypto pioneer and security…

IT Security Industry Has a New Adversary

Posted on: 30 Dec 2013

My coverage of the NSA’s massive data gathering and attacks on fundamental security technology has been focused on the expected impact on the IT security industry. I was one of the first to publish trepidation a day after the first Snowden report (NSA Surveillance Threatens US Competitiveness, June 7, 2013) and again a week later…

The Incredible Power of XKeyscore

Posted on: 30 Dec 2013

Der Spiegel makes light of an incredible tidbit they extracted from a 50-page catalog of exploit technology apparently developed by the NSA’s Tailored Access Operations (TAO).  The German newspaper describes, and dismisses as not very threatening the ability of an analyst using XKeyscore to identify a target’s machine, probably by IP address. Then, if that machine ever files a…

IT Security Industry Has a New Adversary

Posted on: 30 Dec 2013

My coverage of the NSA’s massive data gathering and attacks on fundamental security technology has been focused on the expected impact on the IT security industry. I was one of the first to publish trepidation a day after the first Snowden report (NSA Surveillance Threatens US Competitiveness, June 7, 2013) and again a week later…

Update – Nefarious Pseudo Random Number Generator Never Actually Used in SSL

Posted on: 22 Dec 2013

(Updates with RSA denial) There has been a lot of furor over the Random Number Generator that the NSA, with a rather heavy hand, apparently forced NIST to accept into its encryption standards. Bruce Schneier, wrote “ The NSA Is Breaking Most Encryption on the Internet “ and The Guardian reported extensively on the NSA’s project Bullrun, which is apparently…