Security Vendor News

Email archiving vendor sues Gartner, doesn’t see magic in quadrant

ZL Technologies is seeking $1.7 billion in damages from Gartner Inc. Analyst firm dismisses claims.

ZL Technologies Inc., an email archiving vendor is suing analyst firm Gartner for eroding its market presence by consistently ranking it in the lower quadrant of its popular Magic Quadrant as a niche player in the market analysis report.

The ZL lawsuit was filed in May. Gartner filed a motion to dismiss the case citing the First Amendment. The lawsuit is continuing this month as both parties argue whether the case should be dismissed.

ZL Technologies CEO Kon Leong said Gartner’s Magic Quadrant consistently ranks vendors with big marketing and sales budgets at the top of its Magic Quadrant. ZL Technologies also sells compliance and encryption products. Leong says his company’s eDiscovery capabilities consistently beat large vendor products, such as Symantec, but XL Technologies gets poor marks for its sales and marketing budget.

Despite low investments in sales and marketing, Leong said his firm has a proven track record and has survived for 10 years.

“We’ve sustained profitability,” Leong said in an interview. “We’ve garnered enough resources to launch challenge against Gartner without affecting our business.”

Still, the firm’s bad Magic Quadrant standing has resulted in losing customers and is making it difficult for the firm to increase sales, Leong said. In the interview, Leong cited a customer win in Asia where the customer was pressured by management to pull out of the deal as a result of the Gartner report. In other cases, the company is being immediately dismissed despite being praised in the report for its features and core capabilities.

“We can go head-to-head with the big guys, but now we’re not being invited to the party in first place because of Gartner and that hurts the most,” Leong said.

My colleague Beth Pariseau wrote a blog entry at Storage Soup detailing the ZL Technologies lawsuit. In it, Beth asks readers: Does ZL have a point about the weight being given to a subjective report in technical purchasing decisions? Or is this a case of impugning an evaluative process because of a disliked outcome?

Michael Krigsman, CEO of software consultancy Asuret, Inc., wrote in a blog entry that the lawsuit does call into question the ties analyst firms have with vendors. Still, Gartner’s analysis could be subjective, he said.

Analyst research and reporting is not an exact science, which does lead to real or perceived conflicts of interest. The analyst industry can reduce potential conflicts by improving transparency around how it forms opinions and makes recommendations. … To increase transparency, analyst firms should also disclose their revenue relationships with vendors.

Unfortunately that could open a big can of worms. It’s a slippery slope that some say could erode the First Amendment. Increasing transparency by disclosing revenue relationships with vendors somewhat would erode the integrity of the product by saying that the analyst who wrote the report could be somehow persuaded to give a firm positive play for its investment in the analyst firm. I don’t doubt that there are some bad apples out there who cave into pressures to alter their opinion on a product or service, but I’m willing to bet that the vast majority of industry analysts (many of whom I know are experts in their field) want to protect the integrity of their work and stay away from the financial side of the company they work for. After all, the quality and integrity of their analysis is how they gain respect.

Earlier this month Gartner analyst Thomas Bittman addressed the issue of analyst integrity in a blog entry appropriately titled: A Rant – My Integrity as an Analyst. Bittman, a vice president and distinguished analyst, has been with Gartner for more than 14 years.

I understand the impression in the marketplace that analyst firms can be bought. But that’s not where I work. My integrity is very important to me. I’m sure we’ll continue to make enemies of vendors, and bloggers who have a vested interest in one thing or another. Badge of honor! But my goal is to provide value to my clients, and to be proven right over time – priceless!

Analyst calls Barracuda-Purewire deal proof of cloud dominance

Forrester analyst calls Barracuda’s acquisition of Purewire proof that cloud computing has gone mainstream.

Barracuda announced its acquisition of Purewire on Tuesday and so far at least one analyst has been caught by surprise. Chenxi Wang of Forrester Research said Barracuda seemed skeptical of cloud-based model of delivering security services during one recent briefing.

Despite having deep pockets, it’s unclear if Barracuda was the right partner for Purewire. In a blog entry Wang said it’s unknown if Barracuda has the ability to execute on its plans to ingegrate Purewire. She said Barracuda will still largely be an appliance vendor, since it will take time to iron out the changes needed to deliver services from the cloud.

Switching from selling appliances to selling services is a non-trivial change. Distribution partners who are used to pushing boxes have to be re-trained to sell services. Incentive models have to be changed to entice them to sell services, or new distribution partners have to be acquired. Barracuda will do well to bring in more experienced personnel in service marketing and sales.

Nokia to sell security business to Check Point

In a move that has been anticipated for some time, Nokia on Monday said it has an agreement in place to sell its security business. What did come as a surprise was the identity of the buyer: Check Point. The two companies have been working together for years, with Nokia deploying Check Point’s software on its own security appliances. The terms of the agreement were not disclosed, though Nokia said it expects the deal to be finalized by the end of March.

“As a pioneer in security appliances, the Nokia security appliance business has been an important strategic partner for Check Point and has helped us achieve early leadership in the security appliance market,” said Gil Shwed, Chairman and CEO at Check Point. “Adding Nokia’s security appliance portfolio into Check Point’s broad range of security solutions is the natural conclusion of our long collaboration, and will assure a smooth path forward for our mutual customers.”

Check Point and Nokia have long provided customers with a range of best-of-breed security solutions, proven in high-performance, mission critical environments.  Nokia’s security appliance business provides purpose-built security platforms optimized for Check Point Firewall, virtual private network (VPN) and unified threat management (UTM) software.

Nokia’s main focus for years has been its mobile handset business, and its security unit has always been something of an odd fit. It’s an enterprise business in the midst of a company that does most of its work selling consumer handsets. Now, with Check Point taking the reins, Nokia will be free to focus on that business, while Check Point can bring the appliances in-house and have an extra revenue stream.

Security chief Window Snyder leaving Mozilla

Window Snyder, the head of security at Mozilla, is leaving the company to help found a start-up venture unrelated to security. Snyder has been at Mozilla for more than two years and has been the driving force behind the company’s effort to make security a top priority in its popular Firefox browser.

 Snyder’s departure is a blow to Mozilla, a small organization that counts on participation from the open-source community for much of its work. Snyder has helped raise the company’s profile in the security community and made transparency about security issues a key initiative. The company currently is working on a  security metrics project with security analyst Rich Mogull of Securosis that is designed to measure the relative security of Firefox in a number of different ways.

It’s unclear who will be replacing Snyder, whose official title never evolved beyond the “chief security something-or-other” she came up with when she was hired. Snyder said she is not yet ready to talk about her new venture, but said it is something she is passionate about. When she joined Mozilla in 2006, Snyder was already one of the more visible personalities in the security community, having spent several years at Microsoft and at @stake before that. During her time at Microsoft, she was one of the key players in the development of Service Pack 2 for Windows XP, a massive security upgrade that was one of the first results of the vendor’s Trustworthy Computing program. After leaving Microsoft, Snyder did a short stint at Matasano Security, a consultancy.

Mogull, who has been working on the metrics program with Mozilla for several months, said he’d been impressed with the way Snyder had worked to make security a priority within the Mozilla community. “I think she’s done a great job. I mean, think about the challenge she faced going into that,” he said. “It’s an open-source project and she’s trying to put in a structured security program in an open-source environment. It’s not the same as a commercial software company where you have very rigid processes. It’s a very engaged community and that’s one of the reasons I was so excited to work with her. She broke new ground in combining the technology for developing secure software with a project like this.”

Google asks for help on Native Client security

Google has been working on a new technology that is designed to help developers create more secure and interesting Web applications that can run on any platform. Known as Native Client, the technology is still in the development stages, but Google is now making it available to developers and security specialists in the hopes that they’ll kick some holes in it and help make it more useful.

Our approach is built around a software containment system called the inner-sandbox that is designed to prevent unintended interactions between a native code module and the host system. The inner-sandbox uses static analysis to detect security defects in untrusted x86 code. Previously, such analysis has been challenging due to such practices as self-modifying code and overlapping instructions. In our work, we disallow such practices through a set of alignment and structural rules that, when observed, enable the native code module to be disassembled reliably and all reachable instructions to be identified during disassembly. With reliable disassembly as a tool, it’s then feasible for the validator to determine whether the executable includes unsafe x86 instructions. For example, the validator can determine whether the executable includes instructions that directly invoke the operating system that could read or write files or subvert the containment system itself.

Interesting approach from Google. One thing that’s important to note here is that Google obviously isn’t doing this out of the goodness of their hearts. Just as Microsoft for years has focused its efforts on getting as many developers as possible working on Windows-compatible projects, Google is interested in Web developers writing browser- and OS-independent applications. Google has its own browser now in Chrome, and while it doesn’t yet have an OS in the wild, it has just about everything else, including persistent rumors of an OS in the works.

So there’s motivation aplenty here and Google continues to do pretty well on the transparency scale. But there’s certainly a number of other security issues facing the company. Malicious search results continue to be a major problem, as does click fraud. But those aren’t solely Google’s problems either.

VMWare loses top security researcher Sotirov and exec Mulchandani

VMWare has lost two of its key security people in the last couple of weeks: Nand Mulchandani and Alexander Sotirov. Mulchandani, the company’s top security executive, left VMWare recently to take the CEO job at OpenDNS, a startup focused on providing cloud-based DNS operations and security services. Mulchandani was the co-founder and former CEO of Determina, a security startup that VMWare acquired in 2007. He served as the senior  director of product management and marketing at VMWare and was the company’s public face on security issues. Before the Determina acquisition, VMWare had been conspicuously quiet about security in general and had been taking some heat from researchers and customers on that front. After Mulchandani came on board, he made a point of talking up the security initiatives the company was working on, including its VMSafe program.

The company also lost one of its key product security experts in Sotirov, who is well known for his work with Mark Dowd on bypassing memory protection mechanisms in Windows Vista through browser exploits. Sotirov’s last day at VMWare is Dec. 2. Like Mulchandani, Sotirov landed at VMWare through the Determina deal, though he’s best known in the security community for his personal research on the browser exploits and other projects. Sotirov said he hasn’t decided on his next destination yet.

Antivirus is dead; long live antivirus

Microsoft’s decision this week to kill its Windows Live OneCare consumer antimalware suite has led to plenty of ruminations on the future of antivirus software and whether it is finally in its golden years. Industry analysts and security vendors have been proclaiming the death of AV for years, telling anyone who would listen that the time for reactive defenses is past. There’s no denying that AV is a product with severe inherent flaws. By design, it can only recognize and stop threats that it has seen before. Even with advanced heuristics, the best AV software can’t stop all of the new threats it sees. It just can’t. So AV has been taking criticism from all quarters for nearly a decade. When I first started covering security in 2000, every vendor I met with couldn’t wait to tell me that AV was going the way of the Newton, and soon. But, somehow, amid all the changes and chaos in the industry, AV has survived.

Why? There are probably a number of reasons, but one key contributor to this unnaturally long life is the worsening threat landscape. The volume, severity and level of innovation of attacks have shot up exponentially in the last six or seven years, leading to a corresponding spike in the volume (if not so much the innovation level) of security products on the market. Some of those products, such as IPS systems and NBAD systems are fairly efficient at detecting and blocking new threats. But there are so many threats out there these days, that systems like AV that are highly effective at finding and stopping known attacks are needed to keep the level of novel, previously unseen attacks manageable.

This has helped keep antimalware suites a necessary component of virtually all enterprise security programs. But whether this will continue to be enough for much longer is unclear. Consumers likely will always need antimalware software, or at least as long as we have our current computing architecture in place. But in the enterprise world? You tell me. Any enterprises out there going commando, sans anvitvirus? Let me know.

Microsoft kills OneCare security suite

Microsoft’s experiment with a paid antimalware offering is over. The company announced on Tuesday that it is killing its Windows Live OneCare offering in June 2009 in favor of a free security suite code-named “Morro.” The new offering will include the same antivirus, antispyware and other security features as OneCare does now, but will not have the other capabilities the paid product has. Morro is designed to be a strictly antimalware product and will be offered as a free download for XP, Vista and Windows 7 users in the second half of next year.

One interesting point in this is what this decision might mean for Microsoft’s Forefront Client Security offering, the company’s  enterprise antimalware and security suite. I doubt that it will mean the demise of Forefront, as Microsoft has a whole lot of time, money and energy invested in the Forefront brand and its presence in the enterprise. It’s a lot easier to pull the plug on a limited consumer offering like OneCare than it is to kill a product like Forefront, which enterprises depend on to protect their critical assets. Microsoft has spent a lot of time convincing IT security staffs that their antimalware product is as good or better than McAfee’s or Symantec’s or Trend Micro’s, and they’re not about to give up that real estate anytime soon.

Speculation about John Thompson joining Obama administration running rampant

Within an hour of the announcement yesterday that John Thompson plans to retire as Symantec CEO next April, speculation on Thompson’s next move began in earnest. After 10 years at the reins of Symantec, Thompson, 59, is still young enough to take on another challenge if he so chooses. But he’s also wealthy enough that he never needs to work another day in his life. As he told the San Jose Mercury News in an interview yesterday, “The only thing I have in mind is a chaise lounge on the beach, and a mai tai. My personal aspirations are just to relax and spend more time with my family.”

That may be so, but plenty of other people believe that Thompson may be preparing himself for a role in Barack Obama’s administration. Thompson was a vocal supporter of Obama’s during the campaign and Obama has said that he plans to create a national CTO position once he’s in office. Sources close to me say that could be a nice fit for Thompson. In addition to his experience running Symantec and growing it from a consumer AV company to a massive enterprise security and data storage firm, Thompson spent a large chunk of his career at IBM, where he learned the Big Blue management style which has served generations of executives well. He also knows his way around Washington fairly well, having served on the National Infrastructure Advisory Committee during President Bush’s first term.

But the real question is, what’s the upside for Thompson? The national CTO job could be a good platform from which he could have a real effect on the way technology is used in this country. Thompson has plenty of allies in Silicon Valley and the wider business world and he’d be able to open some doors and potentially change what so far has been a sad record on information security inside the Beltway. But the downside is just as big. Plenty of former CEOs and executives have gone to Washington thinking they’d shake things up and make the government work for them, and it just doesn’t happen. The federal government is a unique animal that does not respond well to outsiders with their fancy “real-world experience” and “track records.” It can be a maddeningly illogical environment for a seasoned executive to work in.

But then again, Thompson has shown a willingness in the past to do the unexpected (see: Veritas acquisition), so maybe he has one more trick up his sleeve. He’s supposed to be staying at Symantec until April, and Obama would probably like to have his cabinet and senior advisers in place before that, so we’ll just have to see what the next couple of months bring.

John Thompson to step down as Symantec CEO

John Thompson is leaving Symantec in the spring, after 10 years as the CEO of the security company. Enrique Salem, currently the COO, will take over as CEO in April 2009 when Thompson steps down. Thompson has been at the helm of Symantec since the late 1990s and has guided the company through a period of strong growth as well as abundant change. It was Thompson who made the decision in 2004 to acquire storage and backup vendor Veritas for $13.5 billion, a move that was widely questioned at the time and has continued to draw criticism in the years since. For better or for worse, Thompson led Symantec away from its dependence on its core antivirus business and into a number of other markets. A veteran of IBM, Thompson brought a Big Blue-style sense of discipline and structure to Symantec, but some of his acquisitions and product moves — especially the Veritas and @stake acquisitions — were questioned both inside and outside the company.

I interviewed Thompson on several occasions and always found him to be an engaging, smart and interesting guy. (Here’s a feature I wrote on Thompson in 2006.) He always had a clear idea of what he wanted to do with the company, and I can remember meeting with him a couple of weeks before the Veritas acquisition was final and Thompson was adamant about the value of the deal and the coming intersection of security, availability and storage. He seems to have been proven right on the last point, but after peaking at about $31 right before the Veritas deal was announced, the company’s stock has fallen to the $12 range now.
Salem is an interesting choice to succeed Thompson. He’s in his second tour of duty with the company, having first joined in 1990 and returned in 2004 after several years at ID management vendor Oblix. Salem is widely respected in the security industry — and inside Symantec — and has a broad range of experience, which will be vital in the coming months and years at Symantec.