Security Pie

If you are not familier with the name of Herve Falciani you should. In my opinion he is “serving” the security community is a similar way that kevin Mitnik (or others, pick your name) did.

Mr. Falciani is a former IT employee at the Swiss subsidiary of HSBC Private Bank (Suisse) SA that, according to the bank and French authorities, “obtained” sensitive customer information and hand it to the tax authorities in France.  The data theft took some time until it was discovered and the bank was suffering some issues.

This is all history now…. The assets are up as HSBC Private Bank shrugs off data theft. The Bank also reported that it has spoken to almost all current clients that were affected by a data theft.

I’m sure that now, ANY bank is taking data protection and activity monitoring more seriously.  Having said that, I do not think for a second that the risk management and  security teams at the bank did not take such issues seriously. Working with different security teams for over a decade, I am sure that they were trying to do the right things for ever. Thanks to folks like Herve, the “risk” factor in data security risk management is more clear and security teams can spend what they need in order to improve security.

On a second thought, I’m sure that many security vendors and consultants also thank Mr. Falciani.

RSA Conference, the biggest security event of the year will take place next month.

IMO now is a good time to review how we are doing as an industry, fulfilling our destination (that is, securing).

On Jone 2003, Gartner declared that IDS are dead and “recommends that enterprises redirect the money they would have spent on IDS toward defense applications such as those offered by thought-leading firewall vendors that offer both network-level and application-level firewall capabilities in an integrated product.”

6.5  years later, are we there yet?

I came across a document that was published few months ago describing Israel’s IT market in 2009.  I’ll let the readers decide if they accept the analysism but as a service I would like to point you to another source of information based on STKI’s summit presentation which is quite detailed.

I’m interested to hear your feedback on opinion.

According to HBP statistics, quoting the Kauffman Foundation, entrepreneurs have been key drivers of economic recovery in past recessions. In fact, since 1980, companies less than five years old have accounted for virtually all net new-job creation in the U.S.

Considering myself as an entrepreneur I read the Entrepreneurs’ Gloom Contradicts Wall Street Optimism.

The Foundation’s September 2009 study of more than 400 entrepreneurs and would-be entrepreneurs shows that 75% think the United States cannot have a sustained economic recovery without another burst of entrepreneurial activity.

Duh. Isn’t that clear? Elementary…

The following statistic tidbit got my attention:

75 percent think the United States cannot have a sustained economic recovery without another burst of entrepreneurial activity.

Duh. Isn’t that clear? Elementary…

Reading the survey summary  (pdf) the following slide was not surprising:

The US is not doing enough

I found out that many successful, talented entrepreneur that are currently in the US with  H1 visa are unable to start a business in the US, even if they willing to go through this difficult process.

The vast majority of entrepreneurs think it should be easier to start a business:

Starting a business in the US

For many entrepreneurs, starting a business in THE US, is NOT an option. You don’t need a Nobel Prize in economy to understand why the US economy need to make it easier to H1 visa holders to start a business in the US and help boost economy.

Fortinet will end the Drought

So the good news arrives from Sunnyvale CA: Fortinet, Inc., a provider of network security appliances and unified threat management (UTM) solutions, announced that it has filed a registration statement on Form S-1 with the Securities and Exchange Commission relating to a proposed initial public offering of its common stock.

This is great news. For our friends working at Fortinet, partners, security vars, VC and anyone who cares about the economy and of course security.

Fortinet is a profitable security vendor. The IPO filling is very encouraging as it represents the first US venture-backed company to submit an IPO filing in more than six months.

I believe that Fortinet’s S-1 filing represents the start of quality security companies IPO filings wave in the coming months which is extremely important in order  to improve the overall sentiment for security companies. I believe that since Websense (WBSN) acquisition of PortAuthority Technologies, our industry financiers (ok, the Venture Capitalists) did not see a good return on their investment…

Go get em’

My friend Zvika (all names are fictional to protect the innocent) drew my attention to Peter Bregman post on Harvard Business blog Why Small Companies Will Win in This Economy. Peter is the CEO of Bregman Partners, Inc., a global management consulting firm, and advises CEOs and their leadership teams. My friend Zvika is an executive in a small company and knows one or two things about selling “against the big guys”.

I read this article and find it to be interesting for multiple reasons:

1. Peter tells a nice story about Passlogix. I like stories. 
2. I second Peter’s thoughts. Customers buy from someone they trust. It does not matter if you work in a big company or a small company. In order to sell, you should gain your customers trust.
3. I was amused that Peter found the mentioned phenomenon interesting. 

Did you ever think why customers buy? why do YOU buy? I always find it awkward when I hear experts talk teach about the art (or science) of selling, but they do not teach why customers buy.  IMO, a customer or a prospect will trust their sales rep if he and the company that he represents are professional, reliable, accurate and will be there when needed. Day or night.  Sun or rain. 

Many years ago, when I sold our first major (at the time) project, I looked at my prospect eyes and told him something along the following lines:

 Believe me… we know what we are doing, you are not the second or third customer for this kind of project

He knew that he was the first, but he trusted us..

 Marc Boroditsky is the president, CEO and a co-founder of Passlogix . He is passionate about his company and will always answer the phone. Companies should have passionate executives at all levels. I wish Mr. Boroditsky (I do not know him) all the best. Such success stories make my day. Learning from my own experience, one day he could not answer the phone for every customer. But then, he must have other executives with the same level of passion that will.

Assaf  adds:  He concludes with “small is the new big”. Maybe the correct line is “Big is the new small?”.

Cisco is #1 in appliance sales

Network World published an interesting story about Cisco’s attempts to keep the number 1 spot in sales of network security gear. (note that I emphasise the words sales).

The article includes several security pies, the kind I like. it also include an analysis of best of breed versus good enough sales.

In my opinion the article is missing one important factors: The departure of Nokia from the network security appliance market.

Cisco is indeed the undisputed leader in sales for the security appliances market. It’s retired PIX firewall was all times best seller. People simply liked the way it worked. The more recent acquisition of IronPort gave it a powerful weapon in the e-mail security market and it also allows Cisco to claim some DLP capabilities. Cisco is also #1 in sales of IPS gear. Take a look at the left pie. While there’s a huge market share belongs to the “other” vendors, Cisco’s slice is bigger than the combined slices of Juniper, Check Point, Nokia and Microsoft!

The other pies show how Cisco rules the network security market (again, in sales).  While the article does not mention emerging market it focus on the main.

The Security Pie

Read the rest of this entry »

I guess that I’m writing this few months later than I should. As a Yahoo share holder I should have taken a more proactive approach. Unfortunately, I have this habit of buying stocks at their highest price just to watch them falling almost as fast as I’m falling during ski (I blame Assaf, he thought me how to ski .

As a service to the new CEO, here is an important lesson from Shpigler the Shark:

2008 is almost over but still there are respectable and notable companies that act like security is non of their business. I find it very irritating that some companies that promote security as a product and company differentiators act in a non secure fashion.  Following the “no one want to see an obese promotes healthy food” analogy, I would expect companies nowadays to act in a secure fashion.  Most of the web sites will send you a thank you letter after registering at their web site, but as I discovered today, some will send you an email confirming your registration alongside your username and password in cleartext.

As a service for those who forgot, here’s how email privacy works:

How email works

And here’s the message that turned me mad (Identifiable elements deleted to protect the innocent):

Ok – So I have a vested interest in DLP. Sue me.

But here is a real cool use of DLP to detect plagurizing of dissertations:
http://ondlp.com/?p=9#respond

Notes:
1. Really cool use of the fingerprinting technology
2. I did not know that Dave’s wife was a professor

/al