Back in 2007, ESG asked 206 IT security professionals to respond to the following statement: “Desktop security has become a commodity market with little difference between products.” As expected, 58% of respondents either strongly agreed (17%) or agreed (41%) with this statement. In other words, it really didn’t matter whether you ran Internet security tools from Kaspersky, McAfee, Microsoft, Sophos, Symantec, or Trend Micro; all would be equally effective.
ESG hasn’t re-visited this question since, but many anecdotal conversations with IT security professionals lead me to believe that nothing has changed. If anything, more people believe that endpoint security tools are a commodity today than four years ago.
In my opinion, this perception is not only wrong, it could also be dangerous. Why? For one thing, threat vectors have changed. The main threat vector today is the web and the primary target is the browser. In addition, traditional antivirus signatures have been joined by other defense-in-depth safeguards, like behavior-based heuristics and cloud services, to protect endpoints. Finally, there are the endpoints themselves. In 2007, the term “endpoint” really meant a Windows PC. Now it could mean a Mac, iPad, or some type of mobile device like a Blackberry, Droid, or iPhone.
Given these changes, CISOs should really take a hard look at their endpoint security tools before signing off on a new subscription. During this assessment, examine endpoint security tools in terms of:
The main point here is that far from commodity products, the endpoint security tools used could mean the difference between business-as-usual or a costly security breach. Choose wisely.
Tags: Antivirus, Blackberry, Droid, endpoint security, ESG, Firewall, iPad, iPhone, Kaspersky, Mac, Macintosh, McAfee, Microsoft, mobile phone, PC security, Security. anti-spyware, Sophos, Symantec, Trend Micro, Windows Posted in Uncategorized | No Comments »
Here is some interesting data that came out of the 2011 IT Spending Intentions report from ESG Research. In a global survey of 611 IT professionals from mid-market (i.e., 100-1000 employees) and enterprise (i.e., more than 1,000 employees) organizations, 46% of all firms reported they will increase investment in networking products and services in 2011 while 58% said they will increase investment in security products and services this year.
What I found especially intriguing is that both networking and security professionals claim that their organizations will make their most significant investments in network security over the next 12-18 months. In other words, networking AND security folks believe that network security is their highest priority. This emphasis on network security also came out with regard to infrastructure management. When IT professionals were asked which areas of infrastructure management their organizations would make the most significant investments in, the top two responses were security management (31%) and network management (29%).
What does this data mean? It’s easy to dismiss firewalls, IDS/IPS and SIEM software as mature legacy technologies. The ESG data indicates just the opposite–these venerable safeguards are going through a metamorphosis. Why? Perhaps data center consolidation and rich-media applications are driving new scaling needs. It may be that the threat landscape demands new types of safeguards. It is possible that existing network security and management tools have simply grown long in the tooth. I believe that all of these factors are driving network security upgrades and new requirements.
From an industry perspective, there is a lot of opportunity here. Some possible winners include:
Beyond these mainstream players, there is plenty of business for others like Blue Coat, Citrix, F5 Networks, and Riverbed.
Tags: application firewall, ArcSight, AXA, Blue Coat, Borderless Networks, Check Point Software, Cisco, Citrix, Crossbeam Systems, F5, Firewall, Gateway, HP, IDS, IPS, Juniper Networks, Log Logic, LogRhythm, MARS, McAfee, NetWitness, network security, Nitro Security, Palo Alto Networks, perimeter security, Q1 Labs, Riverbed, Security, Sidewinder, Sourcefire, TippingPoint, TrustSec Posted in Uncategorized | No Comments »
Back around 2005, DLP was the buzz term Du Jour within the information security industry. DLP was designed to find sensitive data and make sure that this data wasn’t accidentally or maliciously misused. The most common DLP implementation was as a network gateway for filtering Layer 7 content. When a DLP device spotted credit card numbers in an e-mail, it simply blocked this transmission, thus preventing a data breach.
Back then, DLP was the proverbial low-hanging fruit for security protection so lots of firms were ready to buy. This prompted VCs to fund companies like PortAuthority, Reconnex, Tablus, Vericept and Vontu to complete in this burgeoning space.
Fast forward to 2010 and DLP has a bit of an identity crisis. Why? DLP was once a tactical point tool for blocking content on the network. Now however, DLP has evolved into:
With these features, DLP is slowly morphing from a security policy enforcement point to a more holistic technology for data governance. In other words, this is an enterprise domain (i.e., consulting, distributed architecture, central command-and-control, etc.), not a tactical security domain. As such, the term DLP minimizes the technology value and no longer accurately describes what the technology does.
I know Gartner is often the default analyst firm for naming IT technologies but since nothing new is coming out of Stamford, let the people decide. I am partial to the term Enterprise Data Governance (EDG) myself–anyone have another suggestion?
Tags: Data loss prevention, DLP, EMC, McAfee, PortAuthority, Reconnex, Symantec, Tablus, Vericept, Vontu, Websense Posted in Uncategorized | No Comments »
Now that we all have an assortment of iPhones, Droids, tablet devices, and Windows devices, lots of industry folks believe that mobile security is the next hot market. There are a number of players already in this market from pure plays like Good Security and Mobile Active Defense. Traditional endpoint security vendors like McAfee see this as an extension of its antivirus business. Symantec is in the same boat with antivirus as well as encryption software from PGP. Networking vendors also see up-side in the mobile device security market. Cisco has AnyConnect and ScanSafe while Juniper Networks wants to combine its Pulse client with its recent acquisition of SMobile.
These vendors come at mobile security from many different angles with different security functionality in different places–some on the device and some on the network. Will this confuse the market? No. Enterprises are actually looking for a wide range of mobile device security functionality. According to an ESG Research survey of 174 security professionals working at enterprise (i.e., more than 1,000 employees) organizations, the top three most important mobile device features are 1) device encryption, 2) device firewall, and 3) strong authentication. They also want things like DLP, VPN, and device locking.
Beyond security functionality, most enterprises also want an integrated platform for mobile device security and management. In other words, they want a single software package for device provisioning, configuration, reporting, etc. They also want a common set of features for all mobile devices rather than a potpourri of different features for iPhone, Windows 7, Droid, Palm, etc.
It appears then that the mobile device security market will include networking, security, and management vendors along with device manufacturers and carriers as well. Personally, I think mobile device security will have a network architecture look to it, with technology safeguards built into devices, the enterprise, and the cloud. If this happens, integration will be critical for all leading products.
Tags: Android, AnyConnect, Cisco, Droid, Good Security, iPhone, Juniper Networks, McAfee, Mobile Active Defenses, Palm, PGP, ScanSafe, SMobile, Symantec, Windows 7, Windows 7 Phone Posted in Uncategorized | No Comments »
I was at Oracle Open World yesterday when I heard the rumor that IBM was going to buy Brocade. At the time, I was meeting with a group that had collective industry experience of more than 100 years. We all laughed this off as hearsay.
The fact is that IBM already OEMs equipment from Brocade (as well as Juniper) so it is not lacking in engineering experience or alternatives. Does IBM want to start a stand-alone networking business? Does it want to OEM Fibre Channel switches to and HP? Does it want to bet on Brocade/Foundry Ethernet switches against the rest of the industry? No, no, and no.
This is not the only silly rumor we’ve heard lately. Last week, Microsoft was going to buy Symantec. Yeah sure, there are no antitrust implications there. And does Microsoft really want to buy a company that has about a dozen products that are redundant to its own?
How about Oracle buying HP? Larry may be spinning this up for fun, but it’s simply crazy talk. Oracle, a software company focused on business applications and industry solutions, wants to get into the PC and printer businesses? Yeah, I know, “What about servers and storage?” To which I answer, “What about Sun?”
These rumors are circulating because of the recent uptick in M&A activity, but my strong bet is that nothing remotely similar will happen. The rumors must then be coming from one of two sources:
Not all mergers make sense, but there tends to be some business logic inherent in most transactions. Let’s try and remember that before spreading rumors for personal or unethical gain.
Tags: Brocade, HP, IBM, Juniper Networks, McAfee, Oracle, Symantec Posted in Uncategorized | 1 Comment »
Earlier today, IBM announced its intention to acquire OpenPages, a privately-held software company focused on identifying and managing risk and compliance.
There is obvious value in this deal based upon market interest in risk management alone. In the past ten years we’ve seen the subprime mortgage securities collapse, a rise in global terrorism, and explosive growth in cybercrime. Certainly businesses need better risk management tools to cope with these kinds of events.
With OpenPages, IBM gets to throw its hat further into the risk management ring, but that’s not all. OpenPages provides IBM with strong synergies around other IBM business opportunities like:
Clearly the OpenPages wasn’t as newsworthy as HP buying ArcSight or Intel buying McAfee, but it certainly aligns with IBM’s strategy, complements existing products and services, and gives IBM sales reps another solution to sell to customers.
Tags: ArcSight, Consul, HP, IBM, Intel, IT Risk Management, McAfee, OpenPages, Risk Management Posted in Uncategorized | No Comments »
An industry friend just sent me a story from the Wall Street Journal proclaiming that security management leader ArcSight will be acquired within the next week. The story goes on to say that the likely buyers include Oracle, HP, , IBM, and CA.
Hmm. First of all, anyone familiar with ArcSight was sure this was coming. The company is a leader in a growing market segment, has a great Federal business, and is one of few real enterprise players. It is interesting to me that the Wall Street Journal is spreading rumors but that’s another story.
Let me weigh in by handicapping the field:
Given the Intel deal, McAfee is likely out of the running. I’ve heard through the grapevine that McAfee made several attempts at ArcSight but the price tag was just too big. Symantec, like IBM and CA, has also developed security management products that haven’t taken off in the market. If Enrique Salem is up for another big acquisition, ArcSight would be a great fit.
Finally, wherever ArcSight ends up, there are plenty of other innovative security management companies that may quickly follow. Feisty Q1 Labs would be a natural for Juniper. Brainy Nitro Security could be a fit for Cisco or CA. LogRhythm could be a good addition for HP, Check Point, Websense, etc.
ArcSight deserves what it gets as it really guided the security market moving forward. Its fate will greatly influence the enterprise security market moving forward.
Tags: ArcSight, CA, EMC, HP, IBM, Juniper Networks, LogRhythm, McAfee, Nitro Security, Oracle, Q1 Labs, Symantec, Wall Street Journal, WSJ Posted in Uncategorized | No Comments »
It’s been a few days since Intel‘s surprising McAfee acquisition announcement. This weekend, I took time to read what others were saying about the merger and there seems to be a lot of posturing and confusion out there. Here is a short list of some of the misconceptions:
Many of the smartest financial and industry analysts can’t make heads or tails out of this deal and I can understand their confusion. There really are no obvious synergies between the two technologies. Nevertheless, I believe that the security market is in transition where new products will need a whole new level of scale, intelligence, integration, and enterprise-class sophistication. The “new” security market will start abruptly and grow to over $1 billion extremely quickly. Intel wants a piece of this transition as well as portfolio diversification. It’s that simple.
Tags: Good Technology, Intel, Juniper, McAfee, Microsoft, Mobile Active Defense, SafeBoot, SMobile, vPro Posted in Uncategorized | No Comments »
Before the bell rang on Wall Street, Intel shocked the army of Latte sipping financial wonks by announcing its intentions to buy security leader McAfee. The deal is valued at $7.7 billion or $48 per share, about a 60% premium on the stock price.
A few financial analysts who cover Intel say that this is about Intel’s mobile device aspirations. Maybe, but McAfee just got into the mobile device security market and my guess is that this business accounts for $5 million in revenue or less.
Sorry Wall Street but that ain’t it at all. I believe that Intel sees the same thing I see. The security market is wildly fragmented with vendors producing tactical point products for its customers. These point products can no longer address the environment of sophisticated and massive threats. In the very near future, enterprise and service provider security technologies must deliver unprecedented levels of scalability, manageability and integration.
Guess what? In today’s market there isn’t a single vendor who can deliver a security product suite anywhere near what’s needed in the market. Get it Wall Street? There is massive emotional demand but no supply. Here’s the kicker — without significant improvements in security, this whole Internet party hosted by companies like , eBay, , , etc. could get really, really ugly soon.
To be fair, McAfee can’t deliver the level of scale, manageability and integration that the market demands but it’s as close as any other vendor. Combine this with Intel hardware, money, and brainpower and you’ve gotten something.
I believe Intel sees a market opportunity, not a product opportunity. Yes, there is plenty of room to integrate McAfee with mobile phones, microprocessors, and NSPs but this is a footnote to the story.
A few other observations:
Tags: ArcSight, Check Point, Fortinet, IBM, Intel, LogRhythm, McAfee, Nitro Security, RedSeal, RSA, Sourcefire, Symantec Posted in Uncategorized | No Comments »
If you aren’t familiar with Web threats, you should be. A Web threat uses the ubiquity of the WWW as a threat vector to propagate malicious exploits and payloads. Web threats lead to PCs infected with keyboard loggers, botnet code, or traditional worms and viruses.
Traditional threats like e-mail viruses and automated Internet worms still exist, but the bad guys now find the Web more effective. Cybercriminals can use dynamic links, scripts, URLs, or files to infect PCs. Even worse, they regularly exploit sites like Facebook for social engineering attacks.
This is a very serious threat– each and every enterprise should be implementing Web threat defenses. There are a number available from companies like Blue Coat, Cisco, McAfee, Symantec, Trend Micro, and Websense. Unfortunately, this activity isn’t as urgent as it should be because:
Independent product testing would help educate users and illustrate the types of threats we face. NSS Labs is poised to test a number of products, but since this space is somewhat immature, many vendors are hesitant to step up to the plate. This is unfortunate as it places business concerns over security protection.
To address Web threats, users have to demand help from their vendors. This help should come in the form of education services, product testing, and a contextual framework of where Web threat management fits within overall information security. This needs to happen now, not when products mature and a high percentage of PCs are already infected.
Tags: Blue Coat, Cisco, McAfee, NSS Labs, Symantec, Trend Micro, Websense Posted in Uncategorized | No Comments »
Your email: