Things I Like

At the InfoSecurity show last week I had the good fortune of running into many old friends, which is always fun. I wish I could have gotten to everyone, but I wasn't able to spend the entire day at the show - so apologies to anyone I may have missed.

But one of those old friends asked me a pretty interesting question. He first mentioned that he reads my stuff every day (thanks for that), but then asked if there was anything that I liked. I will admit to being guilty as charged relative to calling it like I see it. I also think I do sprinkle in some positives, but for the most part I see a lot of crap in the space - so I call that out.

He does raise a good point, which is since I seems to be very forthright about what I don't like - what about the stuff that I do like? Fair enough. So here goes, a brief list of things that I like in security today.

• Simplification - I've ranted about a million times about the need for simplicity and how big UTM boxes integrate a lot of core functions into a common security platform is a step in the right direction. Folks like Crossbeam have been innovators in the space and clearly the big guys are following rapidly with bigger boxes. Of course, the true leverage of these platforms will be achieved when we get management integration of the components. That's a 3-4 year target.
  
  
• Hot space - Network access control. The need to protect for the "visitor threat" and provide secure external access, while enforcing desktop hygiene is a winning combination. For end users, it's not if, it's when and how to deploy NAC. There are lots of choices and lots of confusion as the market is early. Cisco legitimized this market and remains the thought leader. But we will see a bunch more folks in this space before the shake-out starts.
  
  
• True innovation - so many companies just provide copy-cat new products. It's like they are just going through the motions, hoping to win with the "someone buy me" lottery. I don't know why they bother. Folks that "think different" either from a technology or business model standpoint are cool. Folks that come to mind are Barracuda, who built a substantial business in a market segment no one likes with open source technology. They’re technology may not be innovative, but their go to market strategy certainly was.
  
  
• Perseverance - This is a hard business, there is little differentiation and lots of competition. Folks that spend 4-5 years of grunt work evangelizing a market and then are suddenly "overnight successes" when the market pops deserve great kudos. I'm thinking of the three horsemen of encryption specifically here, PGP, PostX and Voltage. These guys seem to be finally getting lift by solving customer problems, as opposed to selling cool technology. Core Security also comes to mind, who swam upstream by actually packaging exploits - but now have the market playing catch up to them.
  
  
• Great timing - My father in law is a stock broker and I learned that buying is much easier than selling. Knowing exactly when to sell is an art. There are lots of folks that have done this well, but the folks that went first usually received the major spoils. Folks that did this well include Riptech (selling to Symantec just as MSS was heating up), Okena (sold to Cisco before anyone understood what HIPS really was), Neoteris (sold to Netscreen right after their market exploded) and Brightmail, who got out before the entire anti-spam market became a blood bath.

That's a start. See, I don't hate everything.       

From a disclosure standpoint, Voltage and Core Security are clients of Security Incite. I am not currently doing business with any of the other vendors mentioned.