Enterprise Strategy Group | Getting to the bigger truth.TM

Posts Tagged ‘McAfee’

It’s Time To Re-Examine Endpoint Security

Wednesday, February 2nd, 2011

Back in 2007, ESG asked 206 IT security professionals to respond to the following statement: “Desktop security has become a commodity market with little difference between products.” As expected, 58% of respondents either strongly agreed (17%) or agreed (41%) with this statement. In other words, it really didn’t matter whether you ran Internet security tools from Kaspersky, McAfee, Microsoft, Sophos, Symantec, or Trend Micro; all would be equally effective.

ESG hasn’t re-visited this question since, but many anecdotal conversations with IT security professionals lead me to believe that nothing has changed. If anything, more people believe that endpoint security tools are a commodity today than four years ago.

In my opinion, this perception is not only wrong, it could also be dangerous. Why? For one thing, threat vectors have changed. The main threat vector today is the web and the primary target is the browser. In addition, traditional antivirus signatures have been joined by other defense-in-depth safeguards, like behavior-based heuristics and cloud services, to protect endpoints. Finally, there are the endpoints themselves. In 2007, the term “endpoint” really meant a Windows PC. Now it could mean a Mac, iPad, or some type of mobile device like a Blackberry, Droid, or iPhone.

Given these changes, CISOs should really take a hard look at their endpoint security tools before signing off on a new subscription. During this assessment, examine endpoint security tools in terms of:

  1. Security protection. This is far and away the most important thing you are buying, so prioritize the product’s efficacy over price, manageability, integration capabilities, etc. Endpoint security products should offer defense-in-depth capabilities for all types of threats. Progressive vendors are also using intelligence gathered from their install base and security intelligence to offer much more proactive protection. If your vendor is NOT doing this, there is a problem. Note that I’m somewhat surprised endpoint security vendors haven’t really bundled disk encryption with antivirus and firewalls, but that’s another story.
  2. Integration. Endpoint security tools should easily interoperate with network security (i.e., NAC/NAP/identity-based networking, SIEM), and endpoint management tools (i.e., patch management, vulnerability management, asset/inventory management). Other endpoint tools like disk encryption, eRM, and DLP also should fit here. This will help you keep endpoint configurations up to date, monitor behavior, and enforce security policies.
  3. Management. Endpoint security tools should have their own management consoles for command-and-control. And it may not be a requirement, but I believe that central management of all types of endpoint devices will become the default configuration over time.

The main point here is that far from commodity products, the endpoint security tools used could mean the difference between business-as-usual or a costly security breach. Choose wisely.

Big Network Security Investments –And Market Opportunities — Ahead

Thursday, January 20th, 2011

Here is some interesting data that came out of the 2011 IT Spending Intentions report from ESG Research. In a global survey of 611 IT professionals from mid-market (i.e.,  100-1000 employees) and enterprise (i.e., more than 1,000 employees) organizations, 46% of all firms reported they will increase investment in networking products and services in 2011 while 58% said they will increase investment in security products and services this year.

What I found especially intriguing is that both networking and security professionals claim that their organizations will make their most significant investments in network security over the next 12-18 months. In other words, networking AND security folks believe that network security is their highest priority. This emphasis on network security also came out with regard to infrastructure management. When IT professionals were asked which areas of infrastructure management their organizations would make the most significant investments in, the top two responses were security management (31%) and network management (29%).

What does this data mean? It’s easy to dismiss firewalls, IDS/IPS and SIEM software as mature legacy technologies. The ESG data indicates just the opposite–these venerable safeguards are going through a metamorphosis. Why? Perhaps data center consolidation and rich-media applications are driving new scaling needs. It may be that the threat landscape demands new types of safeguards. It is possible that existing network security and management tools have simply grown long in the tooth. I believe that all of these factors are driving network security upgrades and new requirements.

From an industry perspective, there is a lot of opportunity here. Some possible winners include:

  • Cisco. Cisco always gets its share of the pie but the ESG data indicates a better than usual opportunity for Cisco initiatives like TrustSec and Borderless networks. Cisco is also back in the high-end with its AXA 5585X.
  • Crossbeam/Check Point and Juniper. These companies lead in large enterprise perimeter security–a nice place to be with data center consolidation, wireless carriers, and cloud computing investments galore. Crossbeam and Check Point work well together but Crossbeam is building its multi-platform status with relationships with other leaders like McAfee as well.
  • HP. HP paid a lot for ArcSight but the ESG data shows that the timing may be fortuitous. HP is also re-investing in TippingPoint after the company’s on-again-off-again relationship with 3Com. HP should look at acquiring as a complement to ArcSight in the federal and large enterprise space.
  • Sourcefire. When is someone (perhaps HP) going to buy this successful firm? Should be another good year for Sourcefire both inside and outside the federal market.
  • McAfee. Killing it with IPS/IDS and has something up its sleeve with Sidewinder integration. The ESG data indicates that the market is ready for new solutions so the timing may be perfect for a new visionary offering.
  • The App firewall crowd. Palo Alto leads here but I keep hearing that its acquisition price is too rich for anyone. Better hurry as Check Point, Juniper, and others are catching up quickly.
  • Other SIEM vendors. Many organizations will be upgrading old SIEM systems or migrating away from Cisco MARS. Good opportunity for upstarts like LogLogic, LogRhythm, NitroSecurity, and Q1 Labs.

Beyond these mainstream players, there is plenty of business for others like Blue Coat, Citrix, F5 Networks, and Riverbed.

It’s Time For A New Name for Data Loss Prevention (DLP)

Monday, November 8th, 2010

Back around 2005, DLP was the buzz term Du Jour within the information security industry. DLP was designed to find sensitive data and make sure that this data wasn’t accidentally or maliciously misused. The most common DLP implementation was as a network gateway for filtering Layer 7 content. When a DLP device spotted credit card numbers in an e-mail, it simply blocked this transmission, thus preventing a data breach.

Back then, DLP was the proverbial low-hanging fruit for security protection so lots of firms were ready to buy. This prompted VCs to fund companies like PortAuthority, Reconnex, Tablus, Vericept and Vontu to complete in this burgeoning space.

Fast forward to 2010 and DLP has a bit of an identity crisis. Why? DLP was once a tactical point tool for blocking content on the network. Now however, DLP has evolved into:

  1. An architecture. Network DLP gateways, desktop software, and file systems agents are now part of a broader network architecture with central command-and-control and policy management.
  2. An integration nexus. DLP now integrates with encryption software, virtual desktop technology, and eRM.
  3. A policy engine. “Canned” compliance policies are no longer enough for large organizations. They want to develop and test custom policies for their own internal content. This is especially true for high security organizations or those with lots of digital intellectual property.
  4. A meta data hub. DLP is getting better at discovering and classifying data. More recently, DLP is gaining knowledge on who is actually using the data as well.

With these features, DLP is slowly morphing from a security policy enforcement point to a more holistic technology for data governance. In other words, this is an enterprise domain (i.e., consulting, distributed architecture, central command-and-control, etc.), not a tactical security domain. As such, the term DLP minimizes the technology value and no longer accurately describes what the technology does.

I know Gartner is often the default analyst firm for naming IT technologies but since nothing new is coming out of Stamford, let the people decide. I am partial to the term Enterprise Data Governance (EDG) myself–anyone have another suggestion?

Enterprises Want Broad Functionality for Mobile Device Security

Monday, November 1st, 2010

Now that we all have an assortment of iPhones, Droids, tablet devices, and Windows devices, lots of industry folks believe that mobile security is the next hot market.  There are a number of players already in this market from pure plays like Good Security and Mobile Active Defense.  Traditional endpoint security vendors like McAfee see this as an extension of its antivirus business.  Symantec is in the same boat with antivirus as well as encryption software from PGP.  Networking vendors also see up-side in the mobile device security market.  Cisco has AnyConnect and ScanSafe while Juniper Networks wants to combine its Pulse client with its recent acquisition of SMobile.

These vendors come at mobile security from many different angles with different security functionality in different places–some on the device and some on the network.  Will this confuse the market?  No.  Enterprises are actually looking for a wide range of mobile device security functionality.  According to an ESG Research survey of 174 security professionals working at enterprise (i.e., more than 1,000 employees) organizations, the top three most important mobile device features are 1) device encryption, 2) device firewall, and 3) strong authentication.  They also want things like DLP, VPN, and device locking.

Beyond security functionality, most enterprises also want an integrated platform for mobile device security and management.  In other words, they want a single software package for device provisioning, configuration, reporting, etc.  They also want a common set of features for all mobile devices rather than a potpourri of different features for iPhone, Windows 7, Droid, Palm, etc.

It appears then that the mobile device security market will include networking, security, and management vendors along with device manufacturers and carriers as well.  Personally, I think mobile device security will have a network architecture look to it, with technology safeguards built into devices, the enterprise, and the cloud.  If this happens, integration will be critical for all leading products.

IBM To Buy Brocade And Other Stupid M&A Rumors

Thursday, September 23rd, 2010

I was at Oracle Open World yesterday when I heard the rumor that IBM was going to buy Brocade. At the time, I was meeting with a group that had collective industry experience of more than 100 years. We all laughed this off as hearsay.

The fact is that IBM already OEMs equipment from Brocade (as well as Juniper) so it is not lacking in engineering experience or alternatives. Does IBM want to start a stand-alone networking business? Does it want to OEM Fibre Channel switches to and HP? Does it want to bet on Brocade/Foundry Ethernet switches against the rest of the industry? No, no, and no.

This is not the only silly rumor we’ve heard lately. Last week, Microsoft was going to buy Symantec. Yeah sure, there are no antitrust implications there. And does Microsoft really want to buy a company that has about a dozen products that are redundant to its own?

How about Oracle buying HP? Larry may be spinning this up for fun, but it’s simply crazy talk. Oracle, a software company focused on business applications and industry solutions, wants to get into the PC and printer businesses? Yeah, I know, “What about servers and storage?” To which I answer, “What about Sun?”

These rumors are circulating because of the recent uptick in M&A activity, but my strong bet is that nothing remotely similar will happen. The rumors must then be coming from one of two sources:

  1. Wall Streeters executing a “pump and dump” play. Given the activity in Brocade’s stock yesterday, this is likely. I hope the SEC is all over this unethical practice.
  2. Bloggers and Tweeters trying to “stir the pot.” Maybe the Internet has become the great equalizer between intelligent discourse and ignorance.

Not all mergers make sense, but there tends to be some business logic inherent in most transactions. Let’s try and remember that before spreading rumors for personal or unethical gain.

The Many Reasons Why IBM/OpenPages Makes Sense

Wednesday, September 15th, 2010

Earlier today, IBM announced its intention to acquire OpenPages, a privately-held software company focused on identifying and managing risk and compliance.

There is obvious value in this deal based upon market interest in risk management alone. In the past ten years we’ve seen the subprime mortgage securities collapse, a rise in global terrorism, and explosive growth in cybercrime. Certainly businesses need better risk management tools to cope with these kinds of events.

With OpenPages, IBM gets to throw its hat further into the risk management ring, but that’s not all. OpenPages provides IBM with strong synergies around other IBM business opportunities like:

  1. Analytics. IBM has invested billions and dedicated thousands of people to create an advanced data analytics capability. Now that this expertise is in place, IBM has an analytics foundation to look at just about any type of data-centric issues. With OpenPages, IBM can combine risk management and analytics products with its existing IT and vertical industry strengths for new product and services sales.
  2. Information security. Over the past 10 years, information security has slowly evolved from tactical threat management to regulatory compliance controls. Given the global cybercrime wave, this is no longer enough — large organizations need real-time IT visibility and solid threat management analytics. IBM can combine OpenPages with the compliance management assets it purchased from Consul as well as its traditional Tivoli security products. If customers need help here, IBM Global and Managed services will be happy to chip in.
  3. “Smarter planet” projects. IBM has always told a great story around “smarter planet” projects like health care networks and next-generation smart grids. True, these visionary initiatives can cut cost and improve efficiency but what happens to the smart grid in the event of a Category 5 hurricane or a cyber supply chain attack that makes 1 million “smart toasters” part of a global botnet? With OpenPages, IBM can now build a “smarter planet” while keeping an eye focused on increasing risks.

Clearly the OpenPages wasn’t as newsworthy as HP buying ArcSight or Intel buying McAfee, but it certainly aligns with IBM’s strategy, complements existing products and services, and gives IBM sales reps another solution to sell to customers.

WSJ Reports Imminent Sale of ArcSight: Handicapping the Suitors

Thursday, August 26th, 2010

An industry friend just sent me a story from the Wall Street Journal proclaiming that security management leader ArcSight will be acquired within the next week. The story goes on to say that the likely buyers include Oracle, HP, , IBM, and CA.

Hmm. First of all, anyone familiar with ArcSight was sure this was coming. The company is a leader in a growing market segment, has a great Federal business, and is one of few real enterprise players. It is interesting to me that the Wall Street Journal is spreading rumors but that’s another story.

Let me weigh in by handicapping the field:

  1. Oracle. This would be a bold strategic move as Oracle plays in security tools and the identity management space, but not the broader security market. ArcSight is an enterprise software company so it fits with Oracle sales and channels. ArcSight also runs on an Oracle database (for better and for worse). To me, Oracle makes sense as a potential suitor.
  2. HP. HP people always tell me that they want to be in the security services, not the security products business. The company backed this up when it sold its identity management portfolio to Novell. ArcSight fits with OpenView/Opsware as enterprise software so it may have changed its mind, but HP probably wants to be careful with acquisitions in the wake of the Mark Hurd scandal. Heck, HP put in a bid for 3PAR this week and Wall Street went nuts. Given these factors, I’d be surprised if it were HP.
  3. EMC. Forget this rumor. EMC already bought one of ArcSight’s primary competitors (Network Intelligence, now RSA EnVision). There are a dozen security acquisitions I could think of that would make more sense for EMC/RSA.
  4. IBM. Great fit in terms of enterprise software but this would be IBM’s third security management offering (the original Tivoli security manager and then GuardedNet which IBM got as a result of the Micromuse deal). Neither of these products have really resonated in the market. If anyone can erase two previous products, IBM can. I rate this one as likely as Oracle.
  5. CA. CA’s security presence is really limited to the identity space. Like IBM, CA has tried several times to penetrate the security management market with little success. I can see CA wanting ArcSight but if Oracle or IBM jump in, the price may quickly get too high for CA.

Given the Intel deal, McAfee is likely out of the running. I’ve heard through the grapevine that McAfee made several attempts at ArcSight but the price tag was just too big. Symantec, like IBM and CA, has also developed security management products that haven’t taken off in the market. If Enrique Salem is up for another big acquisition, ArcSight would be a great fit.

Finally, wherever ArcSight ends up, there are plenty of other innovative security management companies that may quickly follow. Feisty Q1 Labs would be a natural for Juniper. Brainy Nitro Security could be a fit for Cisco or CA. LogRhythm could be a good addition for HP, Check Point, Websense, etc.

ArcSight deserves what it gets as it really guided the security market moving forward. Its fate will greatly influence the enterprise security market moving forward.

Making Sense of Intel and McAfee: What this Acquisition is and is not.

Monday, August 23rd, 2010

It’s been a few days since Intel‘s surprising McAfee acquisition announcement. This weekend, I took time to read what others were saying about the merger and there seems to be a lot of posturing and confusion out there. Here is a short list of some of the misconceptions:

  1. Intel is buying McAfee for mobile security. This may have strategic merit, but mobile security can’t possibly be a major motivation. Why? The whole mobile security market is extremely fragmented and worth a few $100 million today. McAfee recently acquired its way into mobile security, so internal efforts are a work-in-progress. Rather than spend $7.7 billion on McAfee, Intel could have grabbed a vendor like Good Technology or Mobile Active Defense for a fraction of what it paid for McAfee. By comparison, Juniper just picked up SMobile for $70 million.
  2. Intel will bundle McAfee security functionality into vPro. Intel vPro has some security functionality for cryptography and secure communications, but nothing else. Why not integrate McAfee desktop security and even Safeboot encryption? Intel actually tried this for years with lots of partners and then buried the effort as if it never happened. I have to imagine that development was too difficult and too costly to proceed. I don’t think the McAfee acquisition changes anything.
  3. Intel wants to create hardware/software bundles for consumers. Some people think this will center around distribution alone, while others believe that Intel will create a vPro-like chip for consumer PCs. Neither of these things will happen. Consumer vPro won’t happen because it is too hard to do. Bundling won’t happen because of anti-trust. If bundling was possible, Microsoft would have done it two years ago.

Many of the smartest financial and industry analysts can’t make heads or tails out of this deal and I can understand their confusion. There really are no obvious synergies between the two technologies. Nevertheless, I believe that the security market is in transition where new products will need a whole new level of scale, intelligence, integration, and enterprise-class sophistication. The “new” security market will start abruptly and grow to over $1 billion extremely quickly. Intel wants a piece of this transition as well as portfolio diversification. It’s that simple.

Why Intel Bought McAfee, Hint: It’s All About Massive Changes In the Security Market

Thursday, August 19th, 2010

Before the bell rang on Wall Street, Intel shocked the army of Latte sipping financial wonks by announcing its intentions to buy security leader McAfee. The deal is valued at $7.7 billion or $48 per share, about a 60% premium on the stock price.

A few financial analysts who cover Intel say that this is about Intel’s mobile device aspirations. Maybe, but McAfee just got into the mobile device security market and my guess is that this business accounts for $5 million in revenue or less.

Sorry Wall Street but that ain’t it at all. I believe that Intel sees the same thing I see. The security market is wildly fragmented with vendors producing tactical point products for its customers. These point products can no longer address the environment of sophisticated and massive threats. In the very near future, enterprise and service provider security technologies must deliver unprecedented levels of scalability, manageability and integration.

Guess what? In today’s market there isn’t a single vendor who can deliver a security product suite anywhere near what’s needed in the market. Get it Wall Street? There is massive emotional demand but no supply. Here’s the kicker — without significant improvements in security, this whole Internet party hosted by companies like , eBay, , , etc. could get really, really ugly soon.

To be fair, McAfee can’t deliver the level of scale, manageability and integration that the market demands but it’s as close as any other vendor. Combine this with Intel hardware, money, and brainpower and you’ve gotten something.

I believe Intel sees a market opportunity, not a product opportunity. Yes, there is plenty of room to integrate McAfee with mobile phones, microprocessors, and NSPs but this is a footnote to the story.

A few other observations:

  1. With its deep pockets, Intel should free McAfee to continue to bolster its portfolio. McAfee should grab ArcSight soon to fill its security management gap with an enterprise leader.
  2. The next logical candidates to double down on security are IBM and /RSA. The next logical target, Check Point — maybe others like Fortinet, Sourcefire, RedSeal, Nitro Security, LogRhythm, etc.
  3. While Symantec’s position just got stronger, Wall Street is waiting to see how the company will digest, integrate, and build upon recent acquisitions PGP and Verisign.
  4. If there is a better CEO success story than Dave DeWalt’s, I’m not aware of it. DeWalt came in a few years ago when McAfee was knee deep in a stock options scandal. He took over, changed the culture, acquired well, pointed the company at the enterprise and voila, sells the whole enchilada to Intel. Not sure if Dave will stick around but I’ll bet HP’s interest in him is sky high.
  5. The combination of Intel and McAfee is a “dream team” for the Feds’ cybersecurity efforts. The two together have security software and can throw massive amounts of hardware at monitoring, filtering, and recording all of the traffic on Federal networks. McAfee already gets hundreds of millions from the Feds. I can see this revenue going beyond $1 billion over the next few years.

The Security Industry Needs to do More Around Web Threats

Tuesday, August 10th, 2010

If you aren’t familiar with Web threats, you should be. A Web threat uses the ubiquity of the WWW as a threat vector to propagate malicious exploits and payloads. Web threats lead to PCs infected with keyboard loggers, botnet code, or traditional worms and viruses.

Traditional threats like e-mail viruses and automated Internet worms still exist, but the bad guys now find the Web more effective. Cybercriminals can use dynamic links, scripts, URLs, or files to infect PCs. Even worse, they regularly exploit sites like Facebook for social engineering attacks.

This is a very serious threat– each and every enterprise should be implementing Web threat defenses. There are a number available from companies like Blue Coat, Cisco, McAfee, Symantec, Trend Micro, and Websense. Unfortunately, this activity isn’t as urgent as it should be because:

  1. Users don’t always understand. Security threats morph and grow more sophisticated all the time and many users simply can’t keep up with the changes. There hasn’t been enough user education about Web threats.
  2. The industry hasn’t done a good job of bridging this gap. Some vendors insist that exploits are the same thing as malicious code threats. They aren’t and this type of rhetoric confuses the market. Others simply position Web threat management as the next security point tool du jour. This doesn’t really help users understand the context here.

Independent product testing would help educate users and illustrate the types of threats we face. NSS Labs is poised to test a number of products, but since this space is somewhat immature, many vendors are hesitant to step up to the plate. This is unfortunate as it places business concerns over security protection.

To address Web threats, users have to demand help from their vendors. This help should come in the form of education services, product testing, and a contextual framework of where Web threat management fits within overall information security. This needs to happen now, not when products mature and a high percentage of PCs are already infected.

Search
© 2011 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site