StillSecure, After All These Years

The Register is reporting that McAfee had another serious mishap recently.  It seems the security company that wants to be everything to everyone in security put out a service pack to their flagship corporate AV product, VSE 8.7. This was a mandatory service pack.  Well it seems that at least in some instances it rendered machines unbootable!  It seems important Windows system files were tagged as malware and in some cases removed.  Obviously some folks got quite upset by this and left some choice words on the McAfee support forums.

Of course this comes on the heels of last months Oops where several McAfee web sites were vulnerable to XSS attacks (this from the company that sells a scanning service for such attacks).  I don’t know about you but it seems to me that there may be a little QA issue over at little Red.  Maybe instead of trying to be everything to everyone in security, they should try doing what they do well.

Over the years on my blog I have repeatedly called out private security companies who put our puff press releases touting another record breaking quarter, but don’t actually release the actual numbers to back up those claims.  Anyone can say they had a great quarter at 140% of goal. 

Public companies on the other hand have to file extended financial information and their us usually a street estimate of what they were supposed to hit, so you can have a hit or miss.  Usually it is unfair then to compare the private company boasting with actual performance metrics of public companies.

Recently however some of the private security companies (maybe in a better market condition they would be public now) have put out some numbers to back up their claims of doing well in this market. CRN has a good article detailing  the impressive growth numbers of both Sophos and Fortinet. You can get the particulars on the CRN site, but both companies seem to be doing very well even in these tough economic times.  The growth, profitability and transparency are all impressive. Congratulations to both organizations. It certainly seems to prove the hypothesis that in good times or bad, there will be winners and losers. Good execution will always be prepared.

So despite his promises to the contrary, my bud Mike Rothman has been a blogging MIA pretty much since RSA. Hey I am sure he has a good reason, like some journey for self-awareness or something that is keeping him away.  Not even a Social Security Blogger award could get his juices flowing again.  So in Mike’s absence I am going to do another in my incite series with a bunch of short stories and even shorter commentaries.

Truth be told, I had too many things to write about today, so I blamed it on Rothman!

Have a great day.

1. InfoExpress does a press release on managed NAC – Last night I banged on InfoExpress for claiming a managed NAC service as reported by Tim Greene. It just didn’t sound like a managed service to me.  Well not sure if Tim jumped the gun or not, but today IE put out a press release on their service (though they still have nothing about it on the web site). To be fair the press release talks about more management of NAC than Tim’s article did.  But here is a bit of advice for the InfoExpress PR team: If you are going to have customer quotes in a press release, it may be worthwhile giving their name and title.  Just having quotes attributed to anonymous customers is a bit unbelievable. Something I would expect from NAC used car salesmen.

2. Mystery Virus plagues FBI and US Marshalls – It seems that a mystery computer virus (no not swine related) has hit both the non-classified FBI network and the US Marshalls network.  The FBI had to take down their network from the Internet, but it has now been reconnected. The US Marshalls service reportedly had 140 machines hit with the virus. They had to be taken down and are being disinfected as you read this.  I don’t have any more information on this, but there are rumors of a one-armed man being seen in the vicinity.  Where is Tommy Lee Jones when you need him?

3. Microsoft puts the heat on security vendors – Looks like my friend Charlotte Dunlap has herself a regular gig over at Forbes writing an infosecurity column sponsored by Juniper.  This time Charlotte writes about Microsoft rolling out a hosted email security solution as part of Stirling-Forefront. Charlotte is right on when she says that Microsoft clearly has Symantec and McAfee in their sights with Forefront.  I have written about this before as well. Go ahead and make fun all you want, Microsoft is serious about this and will keep at it till they get it right.  Of course I love the fact that they are partnering with forward looking security vendors (like StillSecure) and think there is a real opportunity to shake up the security world here.

4. How much work can you do on an iPhone?  Earlier this week I wrote about an iPhone being a Prius to Blackberry being Pinto (hey not my words, but some other author). In continuation of that story, Galen Gruman writes about using an iPhone instead of a laptop for a few weeks. I don’t know but I find it near impossible to write more than a sentence or two with my iPhone. Maybe my fingers are too fat or I just don’t have good hand to eye coordination, but I find it painful compared to my old HTC Windows Mobile phone to type longer then that.

Anyway, that is a wrap on this incite.  Good day to you Mike Rothman, no matter where you are!

Now this is scary and gives new meaning to the “physician heal thyself” quote. It seems that in the company who tries to be everything security to everyone is itself vulnerable to several XSS exploits. The folks over at Read, Write, Web detail more than one McAfee site that appears to be easily compromised.

Besides being hugely embarrassing, one has to wonder if the McAfee technology is just so useless that they did not pick this stuff up with a simple scan or if they were so arrogant that they did not even use their own products to check these web sites before putting them up.  Either way you have to ask yourself if this is the company you want providing your security.

So I have been a busy boy. Passover has been great, catching up with friends and family, enjoying my children. This past Easter weekend was a great relaxing time, spending time with friends and neighbors.  Now finalizing my RSA plans, I really don’t have many open time slots to meet anyone, but if you are going to be there, be sure to say hi! 

Also last week I was the keynote speaker at FIU’s IT Security Awareness Conference here in Miami.  The theme was: Are You In Jeopardy.  Rather than talking about StillSecure I actually recapped my post-Black Hat adventures for the audience and hopefully helped a few people about how to be more savvy about being hacked, as well as what to do if it happens to you.  It was good to speak about it in public. Reading today’s news I felt like I was playing Security Jeopardy and the category was IDS/IPS.  Alex, the answer is:

1. What is IPS, for 100 dollars?.-  When is 10Gbps IPS only 4Gbps? When Sourcefire puts out a new sensor adding to their “10Gbps intrusion prevention system (IPS) leadership.”  Seems a little confusing to me when the only 10Gbps thing about this sensor is it has 10Gbps interfaces, but admittedly only handles traffic up to 4Gbps IPS inspection.  But such is the state of the IDS/IPS monte game around speeds and feeds.

2. What is IPS, for 200 dollars? Why did Sourcefire’s target get raised from 7 to 11 dollars and they closed over 9 dollars today? It seems with the increase in government spending and the attack on the Dali Lama’s  computers, developers of intrusion prevention should benefit. OK, maybe.

3. What is IPS for 300 dollars?  When is being a niche player good enough? When you try to peddle your IPS as a NAC of course.  You have to both admire and wonder about those guys from the semi-autonomous region of Tipping Point. They actually put out a press release to say they made the niche quadrant of the Gartner Magic Quadrant for NAC. While I think the NAC MQ, like most Gartner MQ’s are worthless and Gartner does the whole industry a disservice with their capricious and arbitrary selections, this is the first time I remember a company crowing about making the niche quadrant. Especially a large company like Tipping Point / 3Com. I guess that just about sums up their high expectations for their NAC product.

4. What is IPS for 400 dollars? Whoa, its the daily double! Tipping Point again. This time the answer is what is the best way to provide Web Application defense. Forget all of those web app firewalls, proxies and stuff like that.  You just need a Tipping Point IPS with some custom written Digital Vaccines (some of us call them attack signatures).  Seems that Tipping Point will scan your web apps for vulnerabilities including cross-site scripting and such. Once they find them, they will write custom signatures for you.  I don’t know but this just doesn’t seem like a very scalable solution to me.  Seems like trying to use the wrong tool for the wrong job at the wrong time and probably as a result at the wrong price.  Other then hard core TP fans, can’t imagine this one does too much for the bottom line at 3Com.

5. What is IPS for 9.5 Billion dollars? Well actually that is the whole network security market of which IPS is the second largest segment behind UTM according to Global Industry Analysts, Inc. (how is that for a descriptive name). But the segment will grow slowly as more people opt for multi-function devices.

Have a great day!

Autonomic Networks, the re-named successor to Vernier Networks was finally put down this week according to this article in PEHub. After starting life as a wireless security provider and then jumping on the NAC bandwagon rather early on, Vernier made some hay around their inline NAC technology.  Alas like many of the inline NAC players the technology just did not catch on to achieve critical mass (take note Jon Speer and the rest at McAfee).

Vernier, Nevis Networks and ConSentry Networks all had wire speed, custom silicon, enterprise level hardware.  All three raised north of 50 million dollars each.  Vernier saw the writing on the wall and got out of the NAC business in 2007.  ConSentry and Nevis both tout NAC as just one of several things they do now as part of a secure network solution.  Interesting that not one of that group succeeded in NAC.

In any event I was never clear on what Vernier nee Autonomic was trying to do with the re-launch. Having already raised all of that money and with the state of the economy, I would imagine it was very difficult to get any more capital in the door.  Closing down was probably the only choice left.

I will always remember Simon (I think that was his name, maybe I won’t always remember) presenting at Americas Growth Capital just a few years ago claiming that Vernier had something like a 40% market share of NAC.  I called bull on it then and over time have been proven right.  The technology will probably be put up for sale now.  Let a little rigor mortis set in and maybe McAfee can pick this one up cheap too.

I guess it was only a matter of time. As if NAC doesn’t have enough confusion surrounding it, in a sure sign of the apocalypse being near, the folks at Sophos have gone and slapped the dreaded 2.0 label on their new iteration of NAC.  I saw an ad for their new whitepaper and couldn’t believe anyone would be silly enough to try and slap the 2.0 label on NAC.

I had to download the whitepaper because I had to see what could possibly be so different to earn NAC a 2.0 label.  I was disappointed to see that it spoke only about the different teams (network, desktop, security) that are players in the NAC decision process and how each have their own agenda that you need to meet.  Nothing really new here, just move along.

I guess like most of the 2.0 stuff, there is just more sizzle than steak in this one.

It is no secret that for a long time Tipping Point has tried to run away from its corporate ownership by 3Com.  The Tipping Point people would only admit to 3Com ownership and association if you held their feet to the fire.  Rumors abound that they were pulling hard for the Bain-Chinese purchase of 3Com to go through so that they could be spun off and set free from their corporate masters.  Of course aside from the outrageous price of 400 and something million and like 17 times revenue that 3Com paid for them, what right does 3Com have to have a say in what Tipping Point does anyway?  Most recently Tipping Point was known as an autonomous division of 3Com. I don’t know that sounded like certain parts of the old Soviet Union to me. Semi-autonomous republics and such. 

Anyway, it looks like all of that may be changing. Comes word that 3Com has appointed Alan Kessler as the new President of Tipping Point (I bet there are some Tipping Point folks who would question 3Com’s authority to appoint a new Tipping Point president, but anyway).  According to the article:

“As head of TippingPoint, Kessler will work closely with 3Com’s global organization as the company looks to continue to accelerate sales growth of its industry-leading IPS and NAC solutions worldwide. He will identify areas for additional investment in the network security segment, including in unique TippingPoint solutions and initiatives such as Digital Vaccine and the Zero Day Initiative. Kessler will also work to identify operational synergies between TippingPoint and other parts of 3Com.”

Well I would of course point out that Tipping Point’s NAC is far from industry leading. A very distant relative at best in fact.  But aside from that, this sure does sound to me like they are going to try and integrate Tipping Point more closely with 3Com.

Now just getting these two cultures to work together may be akin to getting the Hatfield and McCoys together.  Maybe Kessler can appoint George Mitchell or someone to be a mediator or special envoy to try and make the peace.  Anyway, I will believe it when I see it.

Image via Wikipedia

Looks like McAfee is going to need a new addition to the ePO uber-suite.  They need something to plug the back door of their own marketing machine!  It seems a product marketing manager at the security firm and her husband steered about 3.8 million dollars to firms that they had a financial interest in.  They were arrested and charged according to this article. I guess the (in)famous Total Protection Suite didn't have an anti-marketing rip off module or maybe it just wasn't up to date ;-)

Seriously it just goes to show that you can have all of the security technology and safeguards you want.  People are still the greatest threat!

I have had my share of blog wars with Richard Stiennon. I try to go easy on him now, so as to stay out of it. But, once again Richard shows that sometimes he just doesn't get it. His latest flub comes in a post on Nokia exiting the security appliance business.

Richard says in essence "good riddance".  He says Nokia was lucky to capitalize on Check Points failure to come to market with an appliance.  But they missed the boat by never developing their own solutions and moving into UTM (isn't UTM the answer to everything for Richard?) and other security technologies.  Richard says they should have sold 5 years ago and now of course will have to take a bargain basement price.

Richard you are wrong because you don't understand Nokia's value. They never claimed to develop great software.  They developed a great hardware platform.  Yes Nokia is a giant telecommunications company and the appliance business was never really more than a small rounding error on the bottom line I guess. But the division that ran the appliance business did a good job.

I have met with and spoken to engineers and sales people who worked for Nokia.  They were able to clearly articulate their value prop and never tried to hide the fact that they ran best of breed software on the appliance.  The Nokia boxes were quality appliances.  In a market where far too many appliances are Dell boxes with a different color bezel, the Nolia appliance was a more than just a white box.  Over the last few years they branched out beyond Checkpoint and ran several other applications on the appliance.  All in all, Nokia had a good product and a good channel. I wish they would sell StillSecure on a Nokia box.

Also, for a good explanation check out the comments to Richard's post by Gray haired security Wonk.  If you think you know who it is, mail me.

Related articles by Zemanta

• Nokia evolves enterprise strategy
• WabiSabiLabi gets into the hardware business