August 29, 2006 - #105
Good Morning:
So much for my slow week. Since I'm not in the marketing game day to day anymore I forgot how useful the last week of summer was. Most folks used to wait until after Labor Day to announce anything interesting, but it turns out the trade pubs still need to publish, so they are always starving for news during the last weeks of the summer. So you do your meaningless point product release on August 28 and the beat reporters swarm. They don't really need customers or anything interesting because they are looking for ANYTHING to write about. So there was lots of news yesterday, most of it meaningless.
Of the interesting stuff I saw, top of the list is Wells Fargo announcing their online security initiative (here [0]). By packaging up a bunch of stuff together and calling it a "platform" it's a good strategy to catch up to folks like Bank of America that has been talking about SiteKey for a while. Wells initiative seems more comprehensive, but remember this is marketing - not reality. So it's about whether customers feel safer and I suspect they will. Look for every other super-regional bank to do similar stuff in the near term.
On the blogging front, the G-people have stepped in some of that brown stuff relative to actually publishing that customers are better off flipping a coin to pick their vendor (here [0]). Talk about undermining your own value proposition! I doubt that was really their point (I didn't read the report because it's not worth $195 to me), since customers do spend too much time picking products that are technically undifferentiated. But it makes for a great sound bite, so we'll be seeing quite a bit about it for the rest of the week.
Have a great day.
Technorati: Information Security [1]
Top Security News
http://biz.yahoo.com/bw/060828/20060828005253.html?.v=1 [2]
Link to this [2]
http://blog.washingtonpost.com/securityfix/2006/08/botnet_operator_sentenced_to_3.html [3]
Link to this [3]
Robert Urich [4] when you need him? Unfortunately, he's dead. TippingPoint seems to be taking a page from the Urich playbook by assembling some 400 "Spenser's [5]" to find vulnerabilities. On one hand, I'm glad that there is a monetary incentive for honest researchers to find stuff and TippingPoint will do the behind the scenes work with the vendor in question, so the researcher doesn't have to. But something about this feels dirty to me. Once again, security research is a big marketing lever (driven by eEye predominately - check out my thoughts on this from May here [5]) and TippingPoint is trying to make itself seem smarter. But are they? They've got a big checkbook, whoop-de-do! So I'm torn about this, but I guess overall this is good for the industry because folks can make money by finding problems. But I hope customers don't mistake TippingPoint for a security research house.
http://www.3com.com/corpinfo/en_US/pressbox/press_release.jsp?INFO_ID=246648 [6]
Link to this [6]
http://www.networkworld.com/techinsider/2006/082806-guide-security-index.html [7]
Link to this [7]
http://news.bitdefender.com/NW280-en--BitDefender-Unveils-Next-Generation-Security-Products.html [8]
Link to this [8]
Top Blog Postings
here [8]) methodology does front-end load a lot of the work. But I think it's a bad, very bad idea to not do a technical lab evaluation for critical infrastructure components (if you are big enough to have a lab). I think more of their point is that technical differentiation is a myth and the opportunity cost of figuring that out yourself is pretty significant. If you do a good job defining the short list, all of the products will work for you.
http://armadgeddon.blogspot.com/2006/08/to-save-time-on-product-selection-dont.html [9]
Link to this [9]
http://blogs.zdnet.com/Ou/?p=306 [10]
Link to this [10]
http://www.matasano.com/log/436/my-dad-can-beat-up-your-dad-part-1/
[11]Link to this [11]
here [11]), but I think add value to the conversation. The first is from Dwaine Van Vuuren of DiData. Dwaine's points pretty much echo mine, which is the deal is better for ISS - but IBM will benefit from the services play as smaller MSSP's inevitably get squeezed. He also points out the problematic product business, which is under siege from all sorts of competition, including Cisco and Microsoft adding more capabilities to their base platforms. The second piece is from Mitchell Ashley, and he looks at it from the perspective of the X-Force, which has really been marginalized over the past few years. When was the last time the X-Force made waves with any of the research they've done? Mitchell believes IBM will re-energize that group, but I don't think so. IBM has one of the biggest and most effective research engines in the world, and perhaps the worst research marketing operation. It's very rare that you hear about anything IBM does. And the security research business isn't about being in the background, it's about having a big megaphone (despite Mitchell's protestations). There will likely be a lot of ex-X-Force (is that X-squared-Force?) folks looking for new gigs.
Dwaine: http://secure-o-gram.blogspot.com/2006/08/ibms-acquisition-of-iss-for-16bn.html [12]
Mitchell: http://www.theconvergingnetwork.com/2006/08/and_the_winner_is_xforce.html [13]
Link to this [13]