Friday, October 10, 2008

When Once Is Not Enough?

Interesting article by GFI software in IT World about why one virus engine is insufficient in today's world.

A number of security appliances have multiple scan engines. Several years ago, Trend Micro had the "named" scan engine in a 3rd party appliance and Kaspersky's scan engine was so far under the head that it did not appear on data sheets.

An issue not really addressed in the article - would you run the engines in parallel? Does everything get tested by both? Is the testing random between the two (or more engines) with an equal or unequal weighting? Microsoft's acquisition a few years ago (I haven't looked what Microsoft does with respect to this with their product(s)) permitted you to tweak the percentages.

And of course - what is the effect of multiple scan engines on performance?

Go to for the complete article.

Thursday, October 09, 2008

Message in a SaAS Bottle - Symantec Acquires MessageLabs

This acquisition makes sense for Symantec. It increases their share in the SaAS marketplace, MessageLabs has a good name. Symantec customers and prospects will now have another flavor of messaging security that they can chose from. It shouldn't cannibalize their appliance business. Integration into Symantec's management console will probably be a priority.

MessageLabs was also positioned in the leaders quadrant in an E-mail Security Boundary Magic Quadrant by a "leading industry research firm."

This will increase the heat among the larger security vendors as to who is providing the most comprehensive security solution for their customers. As always, when one of the larger players makes an acquisition, let the spinning begin.

Read more from Tim Wilson at darkREADING

Wednesday, October 08, 2008

Security ROI - Can It Be Measured

ROI is one of the holy grails of financial analysis. The problem is, the numbers to perform the analysis can be hard to obtain. This can be especially true when performing an ROI analysis on acquiring security technology.

Generating the ROI involves making assumptions, assumptions, assumptions! A lot of ROI models also assume that should there be a security problem, people sit down and do nothing until the problem is fixed (can't get on the PC, pick up the phone, walk down the hall? Sorry, people aren't completely shut down when there's a problem. Assuming they are, this lets the vendor generate a bigger ROI!). Most ROI models also combine hard and soft dollar losses. This weakens the model.

From attending analyst conferences where security ROI is discussed - see if the vendor trying to sell you a security solution can provide you with real a customers' ex post facto analysis to showing what the actual ROI was. A panelist at the conference I attended felt that this analysis was rarely done.

Good article by Computerworld's Bruce Schneier on "Security ROI: Fact or fiction?" at

Sophos' Acquisition of Utimaco - DLP Consolidation

AV/Content security has been perceived as a contest dominated by two 800 pound gorillas (Symantec and McAfee) with Trend lagging behind. These three have about 1/2 their revenue coming from the consumer side, which Sophos lacks. Sophos' Utimaco acquisition makes them even a stronger contender in providing a more comprehensive security in the B2B space. This could become more of a four way race (5 if you include Check Point?) It'll be interesting to see if Code Green Networks (another DLP contender) is swallowed next and by whom.

More details by IT Analysis' Nigel Stanley at

Symantec's Proposed Acquisition of MessageLabs

Owning the company "formerly known as Brightmail" and now acquiring MessageLabs. Major increase in market share for them. Hopefully, for the investor, Symantec will be able to digest this acquisition more easily than they have Veritas. This acquisition is more in sync with their core offerings, though. Another security vendor on the other side of Silicon Valley will still lay claim as "the world's largest dedicated security technology company" (emphasis on the word dedicated). It's a DNA thing! Nonetheless, SYMC will still be able to talk about being a (the?) overall leader in security revenue.

Read Channel Web's Stephanie Hoffman's article at