Can't help but blog on this as INTC was my first Silicon valley employer in 1992-95 and MFE my last in 2008-2009.
Here's 4 potential disruptions that I see could come out of this transaction:
1) Disruption of AV market distribution .... OK, Andy Janquith may call PCs today's horseless carraiges but there still a lotta PCs to be sold, with a lot of AV licenses to be had. Even before Intel moves AV to firmware, they can move incentives to Intel Inside, regulators notwithstanding. I worked on the I2 program at Intel, and it is a well oiled and managed machine. Intel will not be shy to use its significant marketing muscle to push MFE desktop share up.
Timeframe: Short after close
Likelihood: High
Potential Impact: Medium - with a nod to AJ
2) High perfomance silicon to MFE Network Security devices: Having access to Intel's design and build silicon might has to have the FW/IPS/Web security guys at MFE drooling. Hi perf silicon can be a real differentiator in NW security, yet I've seen little discussion of this. Bandwidth, mobility and content all lead to need for hotter silicon on network security
Timeframe: 2-3 yrs
Likelihood: High
Potential Impact: High
3) Cloud Computing Security - What is it? A wide open playing field. Owning cloud servers and network security assets makes for an interesting mix. Not sure what to expect here, but I am sure smart people are thinking about it
Timeframe: 1-3 years
Likelihood: Not sure
Potential Impact: High or nothing, one to watch
4) MacIntelafee - Remember that Intel is a major supplier to Apple. Many in IT Sec think Apple products are the next horizon of for malware and cybersecurity risk. Yes, I know ARM plays a big role in Apple, but so does Intel. And what a better alliance against Google and a way to keep MSFT honest.
Timeframe - Hmmm
Likelihood - High that something happens
Impact - Time will tell
This acquisition will be very interesting to watch. One thing I can tell you from personal experience is that the companies are a very good cultural fit. Disrupt away, we will all be watching!!!
Thursday, August 19, 2010
Tuesday, August 17, 2010
NEWSFLASH - PCI Drives security product categories, HUH, what's the news???
The 451, which I think does great work, put out a report today entitled; "The chosen few: has PCI anointed nine 'winning' technologies (and a lot of losers)?"
Wow, this article is OLD news. Security marketers have been glommed hard onto PCI for what, 4 years??? Every IT buyer knows this, and I'd venture to say that 90% of all the PCI pitches are essentially the same story, with the same punchline, "buy my product and meet this requirement".
The PCI standard is a good baseline, and many organizations pass the audit and stop there. Anyone who is serious about security will meet this audit easily, because to protect yourself today, you've got to do MORE than is in the spec.
HOWEVER, that will never stop every vendor from positioning themselves as a checkmark. OK, we got that, congrats you are on the list, now why should I replace my current with yours, or buy you for the next implementation, I hope the story has a bit more depth than "pass PCI requirement x.y and y.z"
Wow, this article is OLD news. Security marketers have been glommed hard onto PCI for what, 4 years??? Every IT buyer knows this, and I'd venture to say that 90% of all the PCI pitches are essentially the same story, with the same punchline, "buy my product and meet this requirement".
The PCI standard is a good baseline, and many organizations pass the audit and stop there. Anyone who is serious about security will meet this audit easily, because to protect yourself today, you've got to do MORE than is in the spec.
HOWEVER, that will never stop every vendor from positioning themselves as a checkmark. OK, we got that, congrats you are on the list, now why should I replace my current with yours, or buy you for the next implementation, I hope the story has a bit more depth than "pass PCI requirement x.y and y.z"
Monday, August 9, 2010
A Rose by any other name is still a ...firewall??? Or the category of 1 problem...
Security marketers are constantly, more so that other Enterprise software marketers, faced with the "category" problem. Often heard as "yeah, but which magic quadrant are you in?"
Security is an odd bird, most purchases, for better or worse, are motivated by one of two things:
1) Compliance check box - ie "best practices"
2) Post incident panic
In the first case, the PCI spec or the NERC Guidelines or the competitive benchmarking say I must have x,y,z in place, where x,y, and z are typically a firewall, AV and IPS. In the second case, I have all of these, but I still got "breached" or had a data leak or major attack. Whatta surprise!
The reality is, that we are in the insurance business, and the risk trade off is often made in the short term time horizon. There is much value to debating the maturity of buying and why a more enlightened approach by CISO is needed, but at the end of the day, the above behavior has been a constant observation of mine over the last 15 yrs in this industry.
The big aha, is that if you don't fit into an established category, you are fighting an uphill (though not unwinnable) battle...
Here's a few examples of those who navigated this well
1) Fit into a round hole - Palo Alto Networks. Strategy: We are the next gen firewall. What Palo Alto did well was to not fight the fight, they leveraged their founders credibility to say "Yes, you need a firewall, but it's time to take a new approach to this check mark" The beauty of this approach is that it allows for early adopters to pave the way and push through the org. Palo Alto did a lot of things well, and this piece was critical
2) Drill a new hole: Vontu. Strategy: Privacy leaks are in the news big time, create a new category to respond to them. Vontu led a group of aggressive start-up to establish DLP. They did this by becoming thought (and product leaders) in a nascent space. Few have worked the influence game better. In addition, they went after new $$s from compliance driven budgets, NOT from IT security. Because of this, they could sit next to x,y and z without threatening them.
And one that has struggled: IM messaging. These products from companies such as Facetime, Barrucuda, and others failed to separate their value prop from x,y and z, in this case Secure Web gateways and web filtering. Because the category just never caught on with buyers, the products never penetrated past niche plays. Contrasted to DLP, the amount of customer (and shareholder value) created was significantly less.
Why did IM Messaging struggle compare do DLP in establishing a category. For me, the biggest thing was timing, while DLP had the fortune of compliance mandate and high profile privacy leaks, IM messaging never was as fortunate. Luck or planned??? HMMMM....
So, at the end of the day, look for one of the two buying drivers, and if you are going to drill a new hole, make sure it's clear of existing in the mind of the market, but do so with caution. I like replacement strategies better, but both can work wonders if done well... Whichever direction you take, do so with eyes wide open to the challenges of either....
Thoughts?
Security is an odd bird, most purchases, for better or worse, are motivated by one of two things:
1) Compliance check box - ie "best practices"
2) Post incident panic
In the first case, the PCI spec or the NERC Guidelines or the competitive benchmarking say I must have x,y,z in place, where x,y, and z are typically a firewall, AV and IPS. In the second case, I have all of these, but I still got "breached" or had a data leak or major attack. Whatta surprise!
The reality is, that we are in the insurance business, and the risk trade off is often made in the short term time horizon. There is much value to debating the maturity of buying and why a more enlightened approach by CISO is needed, but at the end of the day, the above behavior has been a constant observation of mine over the last 15 yrs in this industry.
The big aha, is that if you don't fit into an established category, you are fighting an uphill (though not unwinnable) battle...
Here's a few examples of those who navigated this well
1) Fit into a round hole - Palo Alto Networks. Strategy: We are the next gen firewall. What Palo Alto did well was to not fight the fight, they leveraged their founders credibility to say "Yes, you need a firewall, but it's time to take a new approach to this check mark" The beauty of this approach is that it allows for early adopters to pave the way and push through the org. Palo Alto did a lot of things well, and this piece was critical
2) Drill a new hole: Vontu. Strategy: Privacy leaks are in the news big time, create a new category to respond to them. Vontu led a group of aggressive start-up to establish DLP. They did this by becoming thought (and product leaders) in a nascent space. Few have worked the influence game better. In addition, they went after new $$s from compliance driven budgets, NOT from IT security. Because of this, they could sit next to x,y and z without threatening them.
And one that has struggled: IM messaging. These products from companies such as Facetime, Barrucuda, and others failed to separate their value prop from x,y and z, in this case Secure Web gateways and web filtering. Because the category just never caught on with buyers, the products never penetrated past niche plays. Contrasted to DLP, the amount of customer (and shareholder value) created was significantly less.
Why did IM Messaging struggle compare do DLP in establishing a category. For me, the biggest thing was timing, while DLP had the fortune of compliance mandate and high profile privacy leaks, IM messaging never was as fortunate. Luck or planned??? HMMMM....
So, at the end of the day, look for one of the two buying drivers, and if you are going to drill a new hole, make sure it's clear of existing in the mind of the market, but do so with caution. I like replacement strategies better, but both can work wonders if done well... Whichever direction you take, do so with eyes wide open to the challenges of either....
Thoughts?
Thursday, August 5, 2010
Why Checkpoint (and Cisco and Fortinet and PAN) Should Take Notice of McAfee...
(Disclaimer: I previously ran product Marketing for Secure Computing and McAfee Network Security so has some bias, though hold NO market positions in any of the companies in this blog)
In Sept of 2008, days before the market collapse, Secure Computing accepted an all-cash offer from McAfee. In November, the deal closed. Many wondered what the future of Sidewinder, one of the oldest, but arguably most secure and revered product in the market. In less than 2 yrs, we now have the answer, with McAfee Firewall Enterprise V8.0. 8.0 is a BIG release, even if it only does some of what was announced. Application and user awareness, ePO integration and more make this a big product.
Next generation firewalls are coming hard and fast into the market, led by the innovative and disruptive Palo Alto Networks. Fortinet and others also have some level of this capability, and you can bet that network players Cisco and Juniper are not far behind.
With 8.0 , McAfee has fired a broad shot across the bow of the firewall market. Sure, lotsa questions remain, everything from performance to IPS on 8.0 and its impact on the OTHER McAfee IPS product line, to can McAfee win the love of the channel. However, this is a shot to be reckoned with. McAfee has a $500M+ Netsec business and wants more.
A bit more on IPS. The market seems to be saying this...1) IPS is part of the Next Gen FW 2) IPS provides compliance level protection 3) We need more innovation for threat prevention (witness the recent SNORT NRG initiative.) Now, I see this convergence as a leaving a wide open space for Next generation threat prevention at the NW level, a product that protects against today's browser based attacks, not the network probes of the past. Who/What will emerge to fill that gap?? That's a post for another time...
In Sept of 2008, days before the market collapse, Secure Computing accepted an all-cash offer from McAfee. In November, the deal closed. Many wondered what the future of Sidewinder, one of the oldest, but arguably most secure and revered product in the market. In less than 2 yrs, we now have the answer, with McAfee Firewall Enterprise V8.0. 8.0 is a BIG release, even if it only does some of what was announced. Application and user awareness, ePO integration and more make this a big product.
Next generation firewalls are coming hard and fast into the market, led by the innovative and disruptive Palo Alto Networks. Fortinet and others also have some level of this capability, and you can bet that network players Cisco and Juniper are not far behind.
With 8.0 , McAfee has fired a broad shot across the bow of the firewall market. Sure, lotsa questions remain, everything from performance to IPS on 8.0 and its impact on the OTHER McAfee IPS product line, to can McAfee win the love of the channel. However, this is a shot to be reckoned with. McAfee has a $500M+ Netsec business and wants more.
A bit more on IPS. The market seems to be saying this...1) IPS is part of the Next Gen FW 2) IPS provides compliance level protection 3) We need more innovation for threat prevention (witness the recent SNORT NRG initiative.) Now, I see this convergence as a leaving a wide open space for Next generation threat prevention at the NW level, a product that protects against today's browser based attacks, not the network probes of the past. Who/What will emerge to fill that gap?? That's a post for another time...
Wednesday, August 4, 2010
Results are in from FireEye ModernMalwareExposed!
Custom website to educate customers and prospects land leads for FireEye
This is a very cool program that I created with the team at FireEye...
Key learnings:
1) Interactive, educational content is key
2) Great design matters (thx Sara at Juicy!)
3) This sh#$t works!
K
This is a very cool program that I created with the team at FireEye...
Key learnings:
1) Interactive, educational content is key
2) Great design matters (thx Sara at Juicy!)
3) This sh#$t works!
K
5 Things I Learned at Blackhat That Marketers Should Know
Last week I went to Blackhat for the first time. Despite over 10 years in Security marketing, I've always either had a conflict, not been attending or sent the team. I am glad I finally got to go, it was a real eye opener. Here's the top 5 things I learned (or confirmed) while there...
5) The attendees are hardcore as I expected. Very technical, some very nefarious, and very smart. The IQ is about 50 points higher than the RSA show IQ. Implication: send your best and brightest technical minds, leave your sales reps at home.
4) Most of the action happens off the show floor. I did not attend Bsides, but from what I hear, the sessions there were amazing, same with Defcon. It's hard to say which of these is actually the main event. Implication - Find unique sponsorship angles and venues, yes, Paul Judge DID co present with the PMOY (Playmate of the Year) at Defcon.
3) Buyers are probably few and far between. These are practitioners, and mostly of the deep arts of security. Say what you want about Suits vs. tshirts, but the only suits at this show are vendor execs. Implication - What is it about you product or service that will interest this audience, this is NOT a cut and repeat of your RSA or Gartner messaging. Second, what is you influence goal, can the audience actually accomplish a business objective for you?
2) The spectacular gets the attention. Jackpot an ATM, intercept cell phone calls. These are the type of demos that matter at Blackhat. Implication - If you've got it, flaunt it, but if it won't be noticed in Vegas, then leave it at home.
1) Appreciate the people. What a variety of folks. After attending, I have a much fuller understanding of researchers, Blackhats, hackers, etc. This is the critical underbelly( in a good way) of the security industry. Implication - Marketers won't get much respect at this show, and that is cool! But you gotta attend, at least once, to really appreciate the challenges and problems that your company solves and the full ecosystem and breadth of people involved. Great stuff!
Oh, by the way, walking the exhibit hall, I was struck by how BAD a lot of marketing still is, but that's a topic for another post.
I leave you with a quick story. Overheard at registration:
Dude, long black hair, black t, goatee, you get the picture : "I want a pass"
Registration Guy: "Great, ID please?"
Dude: "No, I want a pass.:
Reg guy: "OK I need your ID and credit card"
Dude: "No, I will pay cash" ($1595 I think)
Reg guy: "Great, cash works, I still need an ID"
Dude: "That's Bull*&^*!." Walks away mumbling.
Blackhat is so NOT RSA Conference, need more convincing???
5) The attendees are hardcore as I expected. Very technical, some very nefarious, and very smart. The IQ is about 50 points higher than the RSA show IQ. Implication: send your best and brightest technical minds, leave your sales reps at home.
4) Most of the action happens off the show floor. I did not attend Bsides, but from what I hear, the sessions there were amazing, same with Defcon. It's hard to say which of these is actually the main event. Implication - Find unique sponsorship angles and venues, yes, Paul Judge DID co present with the PMOY (Playmate of the Year) at Defcon.
3) Buyers are probably few and far between. These are practitioners, and mostly of the deep arts of security. Say what you want about Suits vs. tshirts, but the only suits at this show are vendor execs. Implication - What is it about you product or service that will interest this audience, this is NOT a cut and repeat of your RSA or Gartner messaging. Second, what is you influence goal, can the audience actually accomplish a business objective for you?
2) The spectacular gets the attention. Jackpot an ATM, intercept cell phone calls. These are the type of demos that matter at Blackhat. Implication - If you've got it, flaunt it, but if it won't be noticed in Vegas, then leave it at home.
1) Appreciate the people. What a variety of folks. After attending, I have a much fuller understanding of researchers, Blackhats, hackers, etc. This is the critical underbelly( in a good way) of the security industry. Implication - Marketers won't get much respect at this show, and that is cool! But you gotta attend, at least once, to really appreciate the challenges and problems that your company solves and the full ecosystem and breadth of people involved. Great stuff!
Oh, by the way, walking the exhibit hall, I was struck by how BAD a lot of marketing still is, but that's a topic for another post.
I leave you with a quick story. Overheard at registration:
Dude, long black hair, black t, goatee, you get the picture : "I want a pass"
Registration Guy: "Great, ID please?"
Dude: "No, I want a pass.:
Reg guy: "OK I need your ID and credit card"
Dude: "No, I will pay cash" ($1595 I think)
Reg guy: "Great, cash works, I still need an ID"
Dude: "That's Bull*&^*!." Walks away mumbling.
Blackhat is so NOT RSA Conference, need more convincing???
Stuxnet, a big deal, but not a big surprise...
The recent story on Stuxnet is big. An broad attack on power systems using both a Windows and a Control system vulnerability, and as ThreatPost points out here, probably launched by a nationstate or other politically motivated actor.
So, why is this no surprise?
What to do about it?
1) We need stronger regulation AND action to push real controls and regulations with teeth. We have more regulatory control over credit card numbers than our electrical grid.
2) We need greater focus and cooperation between IT Sec and Control systems professionals
3) We need more discussion and openness on the risks to our critical infrastructure and what to do about them
4) We need the mainstream media to take the time to understand and report on this threat, and push both industry and regulators to action (fat chance:)
Over
Ken
So, why is this no surprise?
- It's simple: Control systems used to depend on total isolation as the key to their security. The systems were NOT connected, were physically secured, and therefore safe.
- Over the last 10 years, systems have lost that isolation, becoming connected to the intranet, which of course is connected to the internet
- New implementations even have "Secure" connections direct to the internet
- Overall, with a few exceptions, the strategy of the energy industry is to cover up, not talk about security risks and threats
What to do about it?
1) We need stronger regulation AND action to push real controls and regulations with teeth. We have more regulatory control over credit card numbers than our electrical grid.
2) We need greater focus and cooperation between IT Sec and Control systems professionals
3) We need more discussion and openness on the risks to our critical infrastructure and what to do about them
4) We need the mainstream media to take the time to understand and report on this threat, and push both industry and regulators to action (fat chance:)
Over
Ken
Subscribe to:
Posts (Atom)