Schneier on Security

I like securitificators. The domain is availabile!

"Defentegrity" is available, too.

I wonder how much they paid some PR media company to come up with those?

And are we gunna get some Crypto posts from the Conference?

I'm sure that George Bush will come up with some unexpected combination ;-)

Are you implying that 'CounterPane' is much better than any of these?

There should only be one company providing services and the services can be modular and belongs to different people. So instead of an actual company, only the service name is used. :)

Those are just authul.

"And are we gunna get some Crypto posts from the Conference?"

I haven't seen any Crypto yet.

(Bill Gates and Craig Mundie are on stage right now, and they've said absolutely nothing interesting so far.)

"Are you implying that 'CounterPane' is much better than any of these?"

Hey. In 1995 is was a pretty cool name.

@Jay:

Once they transition to CompanyNamev6 there will be plenty of names to go around.

In the future, company names will be a 32-character hex string.

"Are you implying that 'CounterPane' is much better than any of these?"

Sure. They're the name in security blankets.

"Are you implying that 'CounterPane' is much better than any of these?"

Sure. They're the name in security blankets.

Well, at least a counterpane is an actual word, not a made up one.

Although I'm not sure why you'd want to associate an embroidered quilt with managed security services - kind of a sly way of calling your services a security blanket, no?

"Although I'm not sure why you'd want to associate an embroidered quilt with managed security services - kind of a sly way of calling your services a security blanket, no?"

When I formed Counterpane, it was just me doing consulting. I chose the word because 1) "counter" and "pain" were vaguely security related, 2) it sounded cool, and 3) the Robert Louis Stevenson poem. And the domain name wasn't taken.

Counterpane Internet Security, Inc., and managed security services, came along later - in 1999. We kept the name because it was recognized and associated with me.

Maybe it just shows how borring or ill educated these folks are (sorry, no offense meant).

While working as administrator, the most fun was thinking up new servernames along some reasonably wide theme. We used Roman emperors as our servants - got a lot of Roman history that way.

So when your local language runs out, it's just time to pick up a new one, picking something from latin or greek. I found "acsi", latin and translates to "as if" (with some reference to a Herimann, whatever) - so here comes the new company: "Acsi Security", a good one that lists top in dictionary searches.

And any complaints can be responded by "did you actually expect anything?"

This love conference blogging is distracting -- now I keep looking around to try and figure out where Bruce is sitting...

Don't forget securify:
http://www.securify.com/

They probably feel that more descriptive company names, like "Spackle Security", "Palliative Solutions Inc.", and "Computer Iatrogenetics" would depress shareholder value.

I think it's more a lack of available .com domain names.

"...I officially declare that the industry has run out of good names for security companies...."

I concluded this some years back when the UK's DERA rebranded itself as 'Qinetiq'. Nothing good can come from anything which has two Qs in it, whatever James Bond may say to the contrary.

I recommend the following names for security companies:

- Virginkeep
- Green Pea Safety Technologies
- Al'Qaida & Saddam's Datajailing

"They probably feel that more descriptive company names, like `Spackle Security', `Palliative Solutions Inc.', and `Computer Iatrogenetics' would depress shareholder value."

Now wait, "iatrogenetics" is a cool-sounding word. I bet you could get that one past some shareholders. ("It's got `genetics' in it! It must be really advanced!")

@Erik N

"While working as administrator, the most fun was thinking up new servernames "

Yup years ago I was incharge of three intel boxes one had NT, one had UnixWare and the other Novel...

So being from the UK where "Bill and Ben the Flower Pot Men" was indroctranated on me when I was young I named them

BILL = NT
KEN = Unix
LittleDweeb = Novel

For the obvious reasons...

Guess what we actually thought it amusing at the time ;)

P.S. if you are not from the U.K. or have not seen Bill-n-Ben then this will be totaly lost on you 8)

I have a few:

Bitzkrieg
Napalm Pilot (get it?)

Here's one for Bruce. Counterpane is good, but really it's time for him to do what Gwen Steffani did. How about Schneierossity or BruceFish?

"Are you implying that 'CounterPane' is much better than any of these?"

That's BT Counterpane to you.

I like all the imaginative corporate logos as well!

The first couple comment got it exactly right. It's the goddamn domain name squatters. I'm trying to think of a name for a start-up I'm working on (nothing to do with security), and *everything* is taken. It's ridiculous. The only names I can think of that are available suck...

"Are you implying that 'CounterPane' is much better than any of these?"

I think that you need to follow in the footsteps of Xerox and call yourself:

"The security company CounterPane."

http://www.authentify.com/mascot.html

har

"The first couple comment got it exactly right. It's the goddamn domain name squatters. I'm trying to think of a name for a start-up I'm working on (nothing to do with security), and *everything* is taken. It's ridiculous. The only names I can think of that are available suck..."

AVAILABLESUCK.COM is available!

I searched and searched for a domain name for my security consultancy, and came up with quite a few. I went with BlueHat Security, LLC, because it meant something to me (see http://www.bluehatsecurity.com/faq#one for details).

The domains I didn't use are for sale. I think some are pretty good. See the list at http://bluehatsecurity.com/2006/12/21/domains-for-sale/#more-38

Sorry if anyone considers this spam. I consider it to be on-topic for this off-topic thread.

-- Clint

---
. Clint Laskowski, CISSP
. BlueHat Security, LLC
. www.bluehatsecurity.com
. clint@bluehatsecurity.com

@ Evan "I'm trying to think of a name for a start-up I'm working on (nothing to do with security)"

DepartmentOfHomelandSecurity.com?
And then you do a Rot13: QrcnegzragBsUbzrynaqFrphevgl.com

;-)

counterpane? Is that like a anti-windows security company :)

@Bruce,

"Random Observation from the RSA Conference"

How do you know they're really _REALLY_ random?

I have to agree with Bruce's original observation - I just spent the afternoon wandering the exhibit hall and the names are getting too weird.

The redundancy among many of these companies is staggering, too - I don't know how many there were hawking identity and access management solutions, but it was a lot more than there were unique solutions. Same with several other security areas, it's amazing how many players are jumping into the fray.

Oh, c'mon. "Authentify" is a top-notch security name. It has oodles of ... um... what's the infosec buzzword that equates with "truthiness"?

Has anyone got "identicate.com" yet?

@evan:

I made a small script that took in a long list of words that I liked, then combinede them in different ways and made a dns lookup. If no host existed it printed the name - so you come down to consider those unusual combinations that have not yet been taken.

Writing your list of words you should stay away from those that categorize your business segment, they are likely used far too much, especially in abreviated form.

"made a dns lookup"

Shouldn't you do a whois? Just because a domain doesn't have a DNS entry, doesn't necessarily mean it isn't registered.

To go along with the meaningless company names are the meaningless signs in the Expo. While most folks know what McAfee and CA offer, a fair portion of the smaller vendors have booth signs that don't tell you anything about what they do. "Securing the enterprise" tells me nothing. Pictures of serious people with vague tech-ish looking graphics in the background doesn't do much for me either other than that someone paid a graphic designer too much money.

To the wandering attendee at the Expo who doesn't want to engage every last vendor in conversation about their wares, this makes no sense. With over 300 vendors I don't have the time, desire, and for that matter leg endurance to stop at every booth so if I can't figure out what the product is at a glance I keep walking. Even if the swag or drawing looks interesting.

And if any vendors are reading this, drawings for iPods are no longer interesting. Neither are t-shirt giveaways. The vendor who will be drawing for a genuine Cartoon Network advertising sign has it right. (see http://www.schneier.com/blog/archives/2007/02/nonterrorist_em.html )

@SteveJ:

Yes, whois is more accurate, but a whois query reaches all registrars and some may use such a query to put the domain on hold so you can't get it unless you get it from that particular registar at their rates.

Wether this is actually done, I have not confirmed - there are claims that it is done. AFAIK the registrars can put the domain on hold for a short period at no cost, if there was even a minimal fee, it would be easy to DoS such practice out of use.

That's why a dns lookup is good, if the domain is not in use by any host (make an ns query), you go to your prefered registrar and try to register the domain.

"IronDuvet(tm) for when Counterpane just can't cut it."

Trademarkeability may have a role to play; made-up words are definitely trademarkeable, where purely descriptive terms are not.
It's not just the security industry. I worked for a while customer-facing at a networking hardware ODM, and networking-equipment company names all started to sound the same after a while.

Mihir Bellare published this interesting work on generating names for crypto papers :

http://www-cse.ucsd.edu/users/mihir/crypto-topic-generator.html

maybe a similar table can be prepared for truly random generation of names for security enterprises ... :-)

(start with the 'counter' prefix in the first column ;- ) )

vedaal

These aren't bad names. After all they just has been featured to a big audience by Schneier himself. :)

Anyway, if anyone want a company name with an available com domain then there is a list of such names at http://web2q.com. It's free :)

How do you say "Qinetiq"? Is it like kinetic?

One thing's for sure. If any of these guys decide to get out of security and switch to something else, they're not saddled with a name that pins them down.

Application Security Inc. really can't do anything else with that name, but Green Border? They could jump into home decorating without a problem.

I don't have a flipping clue what guys like Decru, Vontu or Tarari are up to. I'll bet you don't either.

The latest trend, though, is AOL-style glomming of numbers onto names: (eg: HotBabe23617587)

8e6 Technologies
A10 Networks
F5 Networks
Rapid7
Route1

Blame this on 3Com...

Steve: Long before 3Com there was 3M - although that was based on real words (Minnesota Mining & Milling), leading to an excessively repetitive acronym, which was cured by the use of a number. And it still meant something, if you knew the history.

But "A10 Networks"? What's that supposed to mean, unless they did mean to bring up the image of a flying 30mm Gatling gun?

I'm pleased with my security company's name, "Sanction." Not only does the word simultaneously mean "explicit permission" and "punishment for violation," but it was actually built off the phrase "Self-Appointed Net Cops."

@RAlberti:

Lemme guess. "Self-Appointed Net Cops Taking Intruders Out Neatly?" Cool name, at any rate.