For those that read this blog for Data Security/DLP reasons, you have good reason to complain that I've been neglecting that area in favour of Identity lately. On the flip side, anyone who doesn't give crap about Data Security or DLP can tune out this time around.
Despite Matt P, Clayton and Nishant jokingly suggesting I should write for sitcoms, I'll put that career on hold for now and get back to business...although if Nishant and Paul Walker continue their thread, I could have more paraphrasing fodder :-)
On to the topic at hand...
McAfee announced late last week that they are acquiring Reconnex for $46 million USD. They acquired a few other companies (Onigma for $20 million USD and Safeboot for $350 million USD) to start themselves along the DLP track and have now filled out the portfolio with assets to address some holes in their offering. What were the holes? Data discovery and network monitoring.
The acquisition wasn't a huge surprise. Symantec have traditionally been McAfee's main competitor and happen to also be their biggest competitor in this space.
Symantec started themselves along the DLP track by acquiring Vontu for $350 million USD. Vontu's strength was in its data discovery and network monitoring capabilities. I should also mention they had lots of customers and were considered to be the market leader in DLP. They've only recently branched out into offering endpoint monitoring and control (I assume this is thanks to Symantec's development budget).
Onigma's technology was an endpoint monitoring and control product. This meant that when McAfee compared itself to Symantec, it found itself sorely lacking from an overall solution standpoint (at least from a marketing perspective). Reconnex fills the void.
Let me take Safeboot out of the picture for a minute because it doesn't compete directly with the Vontu technology. McAfee's only had to pay a fraction ($20+$46 = $66 million USD) of the amount Symantec spent ($350 million USD) to get a comparable set of products. If you do the maths, it's less than one fifth! At face value either McAfee got a steal or Symantec got screwed. To be fair to Symantec, they did have to pay a premium because they were buying "the market leader" and also the set of customers Vontu had. DLP was also a much "hotter" topic at the time (it still is, but the buzz isn't as crazy) and in case you haven't noticed the world economy is in a bit of a slump at the moment. Even after taking these factors into consideration however, I'm not sure that premium should have been 5 times the amount McAfee forked out.
Your move Symantec...which brings me back to Safeboot. Symantec announced their Endpoint Encryption offering earlier this year. In reality, this is an OEM agreement with GuardianEdge and a direct response to McAfee's Safeboot offering. I wonder how long it'll take Symantec to buy GuardianEdge now that McAfee's filled their gaping DLP hole?
Showing posts with label symantec. Show all posts
Showing posts with label symantec. Show all posts
Tuesday, August 05, 2008
Thursday, November 15, 2007
Symantec announce Vontu acquisition
As usual, my travel schedule for work is really screwing with my blogging habits and keeping up to date with news. Of course, this means I'm blaming it on the market's need for Data Security solutions...which is not such a bad thing.
Symantec finally announced their acquisition of Vontu early last week. More about it on Symantec's website here.
I spoke about Vontu briefly in a previous post and mentioned the whole Symantec acquisition of Vontu here when it was still a rumour. As it turns out, it was true and a very badly kept secret.
I'll post more about my thoughts on what this means for Symantec later when I have a spare moment. Hopefully that's sooner rather than later.
Symantec finally announced their acquisition of Vontu early last week. More about it on Symantec's website here.
I spoke about Vontu briefly in a previous post and mentioned the whole Symantec acquisition of Vontu here when it was still a rumour. As it turns out, it was true and a very badly kept secret.
I'll post more about my thoughts on what this means for Symantec later when I have a spare moment. Hopefully that's sooner rather than later.
Saturday, October 13, 2007
Symantec going DLP?
I go and talk about Vontu and the next thing I read is that there's a rumour flying around about an acquisition. If InfoWorld is right, it will be announced next week that Symantec is acquiring Vontu.
No I don't have any inside information. I don't work for Vontu. I know some have been wondering (based on some of the search referrals that have been coming through - although no one's actually piped up and asked me directly). I wasn't exactly full of praise about Vontu in my last post was I? I didn't think so.
So assuming this moves ahead, we'll have 3 BIG Vendors in the DLP space. McAfee, EMC (they acquired Tablus earlier this year and rolled it into their RSA division) and Symantec.
Looks like DLP's going mainstream very quickly, which is obviously good for the industry and organisations looking at a DLP solution.
No I don't have any inside information. I don't work for Vontu. I know some have been wondering (based on some of the search referrals that have been coming through - although no one's actually piped up and asked me directly). I wasn't exactly full of praise about Vontu in my last post was I? I didn't think so.
So assuming this moves ahead, we'll have 3 BIG Vendors in the DLP space. McAfee, EMC (they acquired Tablus earlier this year and rolled it into their RSA division) and Symantec.
Looks like DLP's going mainstream very quickly, which is obviously good for the industry and organisations looking at a DLP solution.
Thursday, February 01, 2007
Symantec's version of Microsoft Passport?
I talked about Symantec's pending announcement of their "Security 2.0" initiative earlier today. Well, they're calling it their "Identity Initiative", but it's essentially Symantec's statement that they've arrived into the world of Identity...and Identity 2.0 at that.
For them to announce it at an event like Demo (traditionally a showcase for Startups) implies they want to be seen as innovators in this space. They've long been in the world of Antivirus and when they realised this was becoming commoditised, they started to diversify and move into managed services and more recently into Security Management software (see earlier post). CEO John Thompson is an ex-IBMer so he clearly understands all about expanding/diversifying a portfolio and moving away from commoditised, low profit margin markets (Note: A slightly IBM-biased view, but my excuse is that I've been force-fed IBM propaganda for the past 6 years).
Symantec understand they have the consumer market with their Antivirus products. So instead of going up against the likes of IBM, CA, Oracle, Sun, Novell, BMC et al in the space we know as Enterprise Identity Management, they've decided to play to their strengths and start their foray into Identity by going where there are far less competitors and where the market is far less mature (Not that one could call Enterprise Identity and Access Management a mature market, but I'm speaking in terms of relativity here). Work in the User Centric Identity space is still very new and their entry allows them to cultivate their image as being innovators.
As I've said before, Microsoft's CardSpace, OpenID and i-names are various popular technologies that attempt to tackle the User Centric Identity issues prevalent within the Internet. They are however, just a bunch of standards, protocols and specifications around how this can be done. Sure, Microsoft has a CardSpace client to enable this to happen and Sxip has a few technologies like Sxipper and Whobar that do similar things in terms of providing some of the infrastructure required. There's just 1 problem...most of the world doesn't know about Identity 2.0. They need to be educated...and this will take awhile - even in light of all the security threats out there in the big bad Internet.
In this respect, Microsoft has a "leg up" on the competition. Eventually, all Windows users will have CardSpace capabilities built into Explorer and there may even be non-web clients that are CardSpace-enabled. If Microsoft's evil plan comes together, we'll all be using CardSpace eventually to do certain things (probably not everything though). It may not be so bad however, because Microsoft learned from their mistakes with their dismal attempts at CardSpace's predecessor, Passport. The biggest problem with Passport was that you had to trust Microsoft with ALL your information. They would store it on their servers and the plan was for them to be your central point of reference for your online identity. CardSpace has no such requirements. Your personal information is stored on your machine as Information Cards. The CardSpace client allows you to select the relevant Information Card required for the purpose of your identity transaction. This way, you don't give up all the keys to your kingdom, and the information exchanges are done securely via encryption mechanisms and set protocols.
Symantec seems to have realised that the key to User Centric Identity is to make it all invisible for the end user/consumer. In fact, it should be seamless, painless, secure and require little impact. What better way to do this than by leveraging existing infrastructure? Enrique Salem, group president with Symantec’s consumer business unit is quoted here as stating the following:
For them to announce it at an event like Demo (traditionally a showcase for Startups) implies they want to be seen as innovators in this space. They've long been in the world of Antivirus and when they realised this was becoming commoditised, they started to diversify and move into managed services and more recently into Security Management software (see earlier post). CEO John Thompson is an ex-IBMer so he clearly understands all about expanding/diversifying a portfolio and moving away from commoditised, low profit margin markets (Note: A slightly IBM-biased view, but my excuse is that I've been force-fed IBM propaganda for the past 6 years).
Symantec understand they have the consumer market with their Antivirus products. So instead of going up against the likes of IBM, CA, Oracle, Sun, Novell, BMC et al in the space we know as Enterprise Identity Management, they've decided to play to their strengths and start their foray into Identity by going where there are far less competitors and where the market is far less mature (Not that one could call Enterprise Identity and Access Management a mature market, but I'm speaking in terms of relativity here). Work in the User Centric Identity space is still very new and their entry allows them to cultivate their image as being innovators.
As I've said before, Microsoft's CardSpace, OpenID and i-names are various popular technologies that attempt to tackle the User Centric Identity issues prevalent within the Internet. They are however, just a bunch of standards, protocols and specifications around how this can be done. Sure, Microsoft has a CardSpace client to enable this to happen and Sxip has a few technologies like Sxipper and Whobar that do similar things in terms of providing some of the infrastructure required. There's just 1 problem...most of the world doesn't know about Identity 2.0. They need to be educated...and this will take awhile - even in light of all the security threats out there in the big bad Internet.
In this respect, Microsoft has a "leg up" on the competition. Eventually, all Windows users will have CardSpace capabilities built into Explorer and there may even be non-web clients that are CardSpace-enabled. If Microsoft's evil plan comes together, we'll all be using CardSpace eventually to do certain things (probably not everything though). It may not be so bad however, because Microsoft learned from their mistakes with their dismal attempts at CardSpace's predecessor, Passport. The biggest problem with Passport was that you had to trust Microsoft with ALL your information. They would store it on their servers and the plan was for them to be your central point of reference for your online identity. CardSpace has no such requirements. Your personal information is stored on your machine as Information Cards. The CardSpace client allows you to select the relevant Information Card required for the purpose of your identity transaction. This way, you don't give up all the keys to your kingdom, and the information exchanges are done securely via encryption mechanisms and set protocols.
Symantec seems to have realised that the key to User Centric Identity is to make it all invisible for the end user/consumer. In fact, it should be seamless, painless, secure and require little impact. What better way to do this than by leveraging existing infrastructure? Enrique Salem, group president with Symantec’s consumer business unit is quoted here as stating the following:
"We have a strong base to build from, with almost half of our active Norton user base already enrolled in a basic Norton Account. We’ll enable our millions of customers to extend the functionality of their Norton Account to manage all their information, all in one place."
Did I read that right? All their information in one place? I hope they don't mean to store everyone's details in one single place and leverage this the same way Microsoft tried to with Passport?
If they DO indeed decide to do that, hopefully they at least have the good sense to practice responsible disclosure of information or even adopt the concepts mentioned as part of the functionality offered by the Higgins project's Identity Mixer (yes it was donated by IBM, but my point here it not to promote it but rather to highlight a feature) which essentially subscribes to the concept of using something akin to "vouch for" tokens. e.g. Instead of saying someone is 35, the token states that they are over 21 because the consuming party often just needs to know that fact rather than their actual age.
I wonder if Symantec are looking long term big picture here and positioning themselves to be the "Identity Oracle" that Bob Blakley talks about here (at the time of posting, Bob's blog seems to be down)? If they are, then it's a very brave move. It may come to be a brilliant move. Only time will tell, but you've got to give them credit for having the guts to think big if this is indeed where they're heading. It may work, as long as they don't make the same mistakes as Microsoft did with Passport. If they keep privacy at the top of their list of considerations with this initiative, they may get somewhere.
Symantec have also stated that the initiative will work with CardSpace and OpenID. That's a good start I suppose. Watch this space.
Symantec on YouTube?
You heard right. Symantec have signed themselves up to YouTube and started to post demonstrations of security vulnerability exploits in action. Well, at least it's more interesting than reading a long technical article (these usually put me to sleep and make me wonder why I even bother to read them) about it. Although looking at the video, you can't really tell what's going on. Apparently the exploit manifests itself when you see the screen flickering. Remember to squint!
Anyway, I just mentioned the fact above because it was a new way of doing things. I really wanted to make a point about Symantec's impending announcement about their new Identity initiative - something they're referring to as Security 2.0. Wonder what it's going to be.
It's also more evidence that they're trying to position themselves to compete against the likes of IBM, CA, BMC and the like, especially in light of their recent announcement to acquire Altiris for $830 million. They have a huge gaping hole in Identity and Access Management if that's what they're going for. Wonder who's next on their acquisition list.
Anyway, I just mentioned the fact above because it was a new way of doing things. I really wanted to make a point about Symantec's impending announcement about their new Identity initiative - something they're referring to as Security 2.0. Wonder what it's going to be.
It's also more evidence that they're trying to position themselves to compete against the likes of IBM, CA, BMC and the like, especially in light of their recent announcement to acquire Altiris for $830 million. They have a huge gaping hole in Identity and Access Management if that's what they're going for. Wonder who's next on their acquisition list.
Subscribe to:
Posts (Atom)