Shavlik

The Daily Incite - March 14, 2006

Submitted by Mike Rothman on Tue, 2006-03-14 08:58.
::
March 14, 2006

Welcome to today's Daily Incite. Given this is the maiden voyage and a bunch of stuff piled up over the weekend, it's a bit longer than normal. But you should still be able to scan it in 5 minutes and stay on top of the security world. I also appreciate your patience as I work out the design concepts for the newsletter. I'm not there yet, but you'll see some rapid improvements this week and I nail down the process.

Have a great day,
Mike.

Top Security News

Identity Federation Potpourri - Ping Identity Raises $3 million and RSA announces Federation Manager 3.0.

So what? - Federation is increasing in importance as more and more companies deploy identity management. The logical first step is to clean your own house, basically implementing identity internally and then you start focusing on your trading community. That's where Federation comes in. All of the big stack players (Oracle, CA, BMC, HP, IBM) have federation products, and RSA and Ping are the most visible niche federation providers.

Links: Ping Identity Press Release - http://biz.yahoo.com/prnews/060313/sfm051.html?.v=42
          RSA Press Release - http://www.rsasecurity.com/press_release.asp?doc_id=6617

Patch Tuesday - Two More on The Way - Microsoft will release two patches today (down from 5 last month).

So what? - Details are sparse, but we know that one is a "critical" issue. Ramp up your patching engines sports fans, you'll probably need to implement this patch sooner rather than later. More details tomorrow I'm sure.

Links: http://www.informationweek.com/story/showArticle.jhtml?articleID=181502557&cid=RSSfeed_IWK_winsecurity
 
"The worst hack ever" - Information Week covers the Citibank (and loads of others) having debit card PINs stolen.

So what? - It seems everyone still has a flare for the dramatic. If this is the "worst" hack ever than we'll see it on the cover of Time Magazine. I don't think that's the case. But it does highlight some of the issues of using Debit Cards (like it's your bank account, as opposed to a fraud protected credit card). There seems to be a pretty simple fix to this - don't use debit cards at point of sale terminals. I know, I know. The consumer banking folks will yell at me about the evils of credit. Blah blah blah. Not everyone has a credit card. Blah blah blah. Whatever. I don't use a debit card - EVER! So I'm personally not too concerned about this.

Links: http://www.informationweek.com/story/showArticle.jhtml?articleID=181502474

Counterpane and MessageLabs Release Joint Intelligence Report - Cyber Attacks To Significantly Impact Financial, Healthcare and Utilities Sectors

So what? - This definitely falls into the category of MASTER OF THE OBVIOUS. Yes, hacking will continue to be an issue. But MSS players see lots of data and they can point out some cool trends that most users just don't have the breadth of information (or time) to figure out. So, things will continue to get worse before they get better. No kidding. Get back to work and make sure your security architecture makes sense.

Link: http://biz.yahoo.com/bw/060313/20060313005260.html?.v=1  

Bit9 Releases New Online Search Engine that Draws from the World's Largest Knowledgebase to Identify Computer Files

So what? - This is a big database of all the files out there and some idea of whether you want them on your machine or not. This kind of thing will save you time. When a machine is acting up, you usually see what applications and processes are running to see if something is amiss. Usually I'll find some executable that I'm not familiar with, so I Google it. Then I need to read a few postings to draw my own conclusions about whether it makes sense or not to have it running. This kind of database can eliminate a few of those steps, so I think it's a good thing.

Link: http://biz.yahoo.com/bw/060313/20060313005163.html?.v=1


Top Blog Postings
 

Shavlik and Ellen Messmer of Network World on Microsoft's anti-spyware stuff - My thoughts on this are covered in the "More Musings on Spyware" blog posting.

http://shavlik.typepad.com/mark_shavliks_blog/2006/03/microsoft_micro.html
http://www.networkworld.com/weblogs/security/011401.html#011401  

Wireless Security is Not that Hard - Paul McNamara of Network World hands over the keyboard to Joel Snyder of Opus One to discuss the lunacy of people being surprised when a neighbor (or worse) jumps onto an unsecured access point. I'll write up my own blog posting on this later today, since I have a few ideas on the topic.

http://www.networkworld.com/community/?q=node/4913&nettx=031306netflash&code=nlnetflash26385  

Teaching the Next Generation of Security Pros - Martin McKeay on the ComputerWorld blog writes about a school that has a 10-week class in cyber-security. This is a great thing, and the shape of things to come. We will see a lot more focus on initial training (like initial computer skills), so today's generation at least knows where the key exposures are. I'm hopefully that my kids know about anti-X and simple network security stuff as they are learning early programming and other computer skills.

http://www.computerworld.com/blogs/node/1995  

Real spyware and botnet stuff - Suzi Turner's blog on ZDnet has a great overview of a real spyware attack and some of the counter measures used to control it. You'll need to jump around a bit (there are lots of links and sites in the post), but it's cool. When these attacks happen, lots of folks need to act quickly, so it's nice to see a bit about what happens in the background that keeps the unsophisticated of us reasonably safe.
http://blogs.zdnet.com/Spyware/?p=791∂=rss&tag=feed&subj=zdblog

 

More Musings on Spyware as a Stand-alone Market

Submitted by Mike Rothman on Mon, 2006-03-13 11:13.
::

Ellen Messmer of NetworkWorld posts on Friday (here) about Microsoft's eventual impact and potential domination of the anti-spyware business. Why? They are bundling Windows Defender (the new name for their anti-spyware) with IE 6 and 7 and Vista. So within a year or two, it will just be there on a majority of PCs. Since it will likely be good enough, why would someone pay for anything else?

The answer - they won't. But not necessarily because everyone will use Microsoft's stuff. I don't think that is the case. Customers will not pay for anti-spyware because it is a feature of their anti-virus and/or desktop security suite. So it may not be Microsoft that gets all the business (though they will get there share), but Symantec, McAfee and Trend will also benefit. Anti-spyware capabilities will be integrated into the unified threat management (UTM) equipment on the perimeter, so the gateway opportunity is not long lived either.

Mark Shavlik posts on his blog as well about the topic (here), even working in a cool Brady Bunch analogy. He maintains that Microsoft will dominate the consumer end of things, but that Microsoft is not going to provide what's needed for enterprises. I do agree with the fact that Microsoft is not going offer anti-spyware for Linux or Mac, and as usual their first couple of releases leave a lot to be desired. But that doesn't mean there is a large opportunity for stand alone anti-spyware vendors.

He goes on to mention some of the functionality that will be in Shavlik's anti-spyware offering:

Our corporate customer focus groups are driving what our Spyware product does, we are being asked for deep clean up, admin level control, enterprise features such as machine grouping and reporting, fast database back-end support, large network support, remote site management all things Microsoft is not providing.

Our corporate customers (we do not sell consumer products) are not comparing us to Microsoft, they are comparing us to the Anti-virus products because those products have the management tools needed.  We tie patching and spyware together, the AV vendors tie AV and Spyware together.  We will add AV management to our line soon to make the choice easier for customers.

So, there you have it. Enterprise customers want enterprise management. Shocker! And Microsoft's product is not really enterprise capable right now. Duh!

More interesting to me is the 2nd paragraph. Shavlik sees themselves as an AV vendor with the differentiation being patching and compliance (whatever that means). Man, that will be a tough road to hoe. Sure, you've got to do something since stand alone patching is not a long term answer either, and Shavlik's reputation on the patch side is sterling. BUT, that does not translate into being able to compete effectively with the folks milking the cash cows. But Shavlik is a privately held, self-funded company, so they very well may be able to build a nice business scraping the barnacles off of Symantec's and McAfee's oceanliners (Sophos and Kaspersky certainly do). 

To be clear, there are some organizations that will want to use stand alone anti-spyware offerings. Just as with every security market, some buyers opt for best of breed, even when the stand alone product isn't very differentiated. That's basic religion and these customers will never move towards a suite approach. They believe their value is in integrating lots of different solutions, thus providing job security because they've built an environment that is too complex for anyone else to manage.

Yes it's cynical. But it's also true. These folks should realize their value is in pushing forward a security agenda, and focusing on high value projects. Not on integrating disparate point products.

OK, back to the topic. I don't believe best of breed anti-spyware is the mass market. Per my ranting in "More Stupid Marketing Sizing Numbers" it's clear to me that anti-spyware is not a stand-alone market. No one seems to be disagreeing with that.

So that means some ferocious consolidation and erosion in that space will happen in the coming 12 months. End users need to choose carefully because there is a great likelihood whichever independent you choose today will be gone (or merged) tomorrow.