Deal: Novell Buys e-Security

Novell of the walking dead is trying to figure it out, I'll give them that. But I have to say I'm puzzled by their acquisition of e-Security and surprised by the price. At $72 million, that's about 4x this year’s sales (and 6-7x last years) - which is a rich premium for a company not going anywhere fast in a competitive space that ultimately doesn't matter.

Let me explain a bit. First, let’s deal with the Novell side of the equation. It’s not clear what Novell's strategy is. In the release, the marketing folks came up with "Novell will bridge the gap between systems, security and identity management and compliance monitoring and reporting." If you read a bit deeper into the release, you find it's mostly about "compliance." Why do I trust Novell now to handle my compliance needs? Because they have a SIM product? Give me a break.

Here is another great quote from the release: "Novell is the only vendor with the potential to proactively address business needs for a real-time, comprehensive compliance solution that integrates, people, systems and processes." What? I guess CA or IBM don't count? You have to love marketing folks, especially those that have no idea what’s going on in the markets they serve.

Just to be clear Novell is now trying to be in the security, identity, system management, operating system, open source, collaboration and systems integration markets. Obviously a full plate.

I don't know much, but I do know they can't possibly be everything to all people. It's very hard to be competitive in one space nowadays, it's almost impossible to compete effectively in 7. Focus is an issue. But Novell seems intent on throwing crap against the wall until something sticks.

Crap may be the key operative word here. Not that e-Security had a bad product, after 7 years it actually kind of worked. I just think it's a crappy market. Ultimately what is the value that SIM brings to a customer? I've written quite a bit about how reporting needs to be an artifact of doing the right security stuff, if you think in terms of pragmatic security.

Gathering data to look in the rear view mirror to correlate stuff that's already happened is just not interesting. Not even for compliance. The art is to prevent the issues, not to generate a report when a policy violation happens. It doesn't seem that any of the SIM guys are focusing on remediation, which is where I think the action is.

SIM is also old technology. There is a new grouping of vendors, led by folks like Intrusic and GraniteEdge that gather network data (as opposed to log data) and correlate actual traffic dynamics more intelligently to pinpoint "low and slow" attacks that are meant to remain under the radar.

If someone is trying to break down your front door, then SIM would work. But not too many folks use those attack methods anymore. Brute force is out, stealth is in. SIM isn't too useful in detecting stealth attacks.

And the whole security metrics and compliance dashboard positioning is not the answer. I am a fan of fixing something and then pulling a report. A dashboard watches something happen and then tells you about it. Again, how useful is that?

When I worked with Peter Tippett at TruSecure, he would ask customers, "how useful is it to learn that a torpedo just ripped through your engine room?" Customers would laugh. He wasn’t joking. You need to know about the torpedo way before, if you are going to do anything about it. Alright, I'll get off the soapbox now.

e-Security customers should be pleased. They get a few more years of life. Novell will be rescued by someone at some point. They've got a lot of cash, so the e-Security stuff will be around for a while. And e-Security's investors should be very pleased - this is a good outcome all things considered. Clearly folks like Intellitactics and NetForensics need to find partners quickly.