IMO now is a good time to review how we are doing as an industry, fulfilling our destination (that is, securing).

On Jone 2003, Gartner declared that IDS are dead and “recommends that enterprises redirect the money they would have spent on IDS toward defense applications such as those offered by thought-leading firewall vendors that offer both network-level and application-level firewall capabilities in an integrated product.”

6.5  years later, are we there yet?

I’m interested to hear your feedback on opinion.

Considering myself as an entrepreneur I read the Entrepreneurs’ Gloom Contradicts Wall Street Optimism.

The Foundation’s September 2009 study of more than 400 entrepreneurs and would-be entrepreneurs shows that 75% think the United States cannot have a sustained economic recovery without another burst of entrepreneurial activity.

Duh. Isn’t that clear? Elementary…

The following statistic tidbit got my attention:

75 percent think the United States cannot have a sustained economic recovery without another burst of entrepreneurial activity.

Duh. Isn’t that clear? Elementary…

Reading the survey summary  (pdf) the following slide was not surprising:

The US is not doing enough

I found out that many successful, talented entrepreneur that are currently in the US with  H1 visa are unable to start a business in the US, even if they willing to go through this difficult process.

The vast majority of entrepreneurs think it should be easier to start a business:

Starting a business in the US

For many entrepreneurs, starting a business in THE US, is NOT an option. You don’t need a Nobel Prize in economy to understand why the US economy need to make it easier to H1 visa holders to start a business in the US and help boost economy.

Fortinet will end the Drought

So the good news arrives from Sunnyvale CA: Fortinet, Inc., a provider of network security appliances and unified threat management (UTM) solutions, announced that it has filed a registration statement on Form S-1 with the Securities and Exchange Commission relating to a proposed initial public offering of its common stock.

This is great news. For our friends working at Fortinet, partners, security vars, VC and anyone who cares about the economy and of course security.

Fortinet is a profitable security vendor. The IPO filling is very encouraging as it represents the first US venture-backed company to submit an IPO filing in more than six months.

I believe that Fortinet’s S-1 filing represents the start of quality security companies IPO filings wave in the coming months which is extremely important in order  to improve the overall sentiment for security companies. I believe that since Websense (WBSN) acquisition of PortAuthority Technologies, our industry financiers (ok, the Venture Capitalists) did not see a good return on their investment…

Go get em’

I read this article and find it to be interesting for multiple reasons:

1. Peter tells a nice story about Passlogix. I like stories. 
2. I second Peter’s thoughts. Customers buy from someone they trust. It does not matter if you work in a big company or a small company. In order to sell, you should gain your customers trust.
3. I was amused that Peter found the mentioned phenomenon interesting. 

Did you ever think why customers buy? why do YOU buy? I always find it awkward when I hear experts talk teach about the art (or science) of selling, but they do not teach why customers buy.  IMO, a customer or a prospect will trust their sales rep if he and the company that he represents are professional, reliable, accurate and will be there when needed. Day or night.  Sun or rain. 

Many years ago, when I sold our first major (at the time) project, I looked at my prospect eyes and told him something along the following lines:

 Believe me… we know what we are doing, you are not the second or third customer for this kind of project

He knew that he was the first, but he trusted us..

 Marc Boroditsky is the president, CEO and a co-founder of Passlogix . He is passionate about his company and will always answer the phone. Companies should have passionate executives at all levels. I wish Mr. Boroditsky (I do not know him) all the best. Such success stories make my day. Learning from my own experience, one day he could not answer the phone for every customer. But then, he must have other executives with the same level of passion that will.

Assaf  adds:  He concludes with “small is the new big”. Maybe the correct line is “Big is the new small?”.

Cisco is #1 in appliance sales

Network World published an interesting story about Cisco’s attempts to keep the number 1 spot in sales of network security gear. (note that I emphasise the words sales).

The article includes several security pies, the kind I like. it also include an analysis of best of breed versus good enough sales.

In my opinion the article is missing one important factors: The departure of Nokia from the network security appliance market.

Cisco is indeed the undisputed leader in sales for the security appliances market. It’s retired PIX firewall was all times best seller. People simply liked the way it worked. The more recent acquisition of IronPort gave it a powerful weapon in the e-mail security market and it also allows Cisco to claim some DLP capabilities. Cisco is also #1 in sales of IPS gear. Take a look at the left pie. While there’s a huge market share belongs to the “other” vendors, Cisco’s slice is bigger than the combined slices of Juniper, Check Point, Nokia and Microsoft!

The other pies show how Cisco rules the network security market (again, in sales).  While the article does not mention emerging market it focus on the main.

The Security Pie

The pies that were provided by Network world also include large slices for Nokia and it also list Check Point. In my opinion, part of the reason Check Point has maintained its marketplace position was Nokia, more specifically , the Nokia appliances. While Check Point partners with other appliance makers, such as Crossbeam Systems, Nokia systems (which used to come from the successful Ipsilon Networks acquisition) was always favored (it probably requires deserves a separate post on how to build appliances).

In my opinion, the pie will be changed: On 29 September 2008, the mobile communications provider Nokia announced that it is negotiating to sell its network security appliance business unit to an unnamed financial investment firm. The plan is part of an overall Nokia move away from enterprise IT channels. (See also Gartner: Nokia’s Planned Security Sale Will Not Benefit Customers. PDF available here).

My prediction: next year’s pie will look different but not very different. I expect that the vendors that can execute well (i.e. Cisco) will be able to increase their market share.

I guess that I’m writing this few months later than I should. As a Yahoo share holder I should have taken a more proactive approach. Unfortunately, I have this habit of buying stocks at their highest price just to watch them falling almost as fast as I’m falling during ski (I blame Assaf, he thought me how to ski .

As a service to the new CEO, here is an important lesson from Shpigler the Shark:

As a service for those who forgot, here’s how email privacy works:

How email works

And here’s the message that turned me mad (Identifiable elements deleted to protect the innocent):

But here is a real cool use of DLP to detect plagurizing of dissertations:
http://ondlp.com/?p=9#respond

Notes:
1. Really cool use of the fingerprinting technology
2. I did not know that Dave’s wife was a professor

/al

Cisco is promoting Diego Rivas

Dave, a developer from Melbourne, Australia brings an interesting story . He was installing a newly purchased VPN product. When he loaded the VPN client software, he discovered that in the place of the usual boring software was an audio disk with 12 tracks of Spanish music (see Cisco\’s Hit). A lively discussion on Dave’s blog tried and successfully managed to identify the musician.  You can watch the video below.

Beyond the anecdotal story there are few things that we can learn from this incident. I’m not picking on Cisco specifically: In the past, one of the products that I was managing was built by very large OEM partner that was responsible for building the appliance, packaging, forwarding etc. Though it was very rare, we had few incidents when customer X received parts of a printer with his order (inside the appliance package), while another customer received the wrong CDs etc. Errors do occur and I believe that Cisco will do everything it can to learn from this manufacturing snafu and improve its quality assurance process. However from a security risk management point of view , this incident is a reminder to trust no one:

Every CD should be considered suspicious, even if it arrived inside a box that has the Cisco logo. Due to the popularity of Cisco’s gear there’s a second hand market and also some fake devices. Softpedia tells that even the United States government is reportedly using some 3500 fake Cisco-branded network devices, including routers, network switches and hubs. “According to the investigation results, the fake devices are worth up to $3.5 million.” 

Trust no one is the moral of this story.  On a side note, this story also explains why the DOD is investing so much money looking for the kill switch. 

Enjoy the music!

(Arik, What’s going on down there in Australia?, we’re getting a steady stream of weird reports recently