Just got back from the annual ArcSight user conference.  They were bought by HP and the conference was called HP Protect 2011.  The conference was excellent as usual.  You get to hear from developers, support staff, consultants, and other customers.  My focus this year was attending sessions on performance tuning and using threat intelligence to enhance correlation.

I gave a presentation at the conference this year on using ArcSight ESM to catch malware that was not caught by anti-virus software.  My slide deck will be available on this site soon.  Thank you to everyone that attended the session.  It was a packed room.  I hope it was worth your time.  Any feedback is appreciated!

P2P .... what P2P?

Here is a summary of an email thread between our team and an end user today:

• Security: You have P2P software installed. This is the third time we told you.
• User: I don't know what you're talking about. I didn't do it, nobody saw me do it. Can't prove a thing.
• Security: How about all these movies you have been downloading. Here is the file listing including time stamps.
• User: Oh, those. Oh, right. It was not P2P the movies came from email. Sorry about that. Never happen again.

This is fairly typical. People just want their tunes and movies, man.

The trouble is two-fold:

1. Bad guys use the same protocols to get data about your company.
2. Set up one of these P2P clients wrong and your HR person just shared employee data out to the Internet.