Saturday, February 15, 2014

AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)

Silver sponsorship at RSA Conference USA 2014 in San Francisco  notwithstanding,  South Korea based AhnLab may face an uphill battle achieving success in the US with AhnLab Malware Defense System (MDS).  MDS is designed to combat Advanced Persistent Threats (APTs) and Advanced Malware.  No press release has been issued, but AhnLab will also be showing AhnLab Malware Defense System   Enterprise (MDSE). This version of Malware Defense System isn’t described on AhnLab website yet. The below isn't a technical evaluation of Malware Defense System, MDS or MDSE. It's more of a business analysis. 

Why It May Be Difficult for AhnLab and AhnLab Malware Defense System (MDS) in the US

FireEye ( is the 800-pound gorilla in the industry.  They offer more form factors for their APT solutions over AhnLab Malware Defense System.  For example -   their NX series to combat web-based attacks has six flavors, supporting 50 to 40k users.  Their FX series for file protection comes in 2 sizes; up to 80k and up to 160k files per day, respectively.  The acquisition of Mandiant gives them an endpoint solution.  On Valentine’s Day, FireEye announced an Intrusion Prevention product FireEye® MVX-IPS.  Well, they pre-announced the product.  They are shooting for availability during the first half of 2014.  They promote that they have customers in over 40 countries.   

Crowded marketplace   - AhnLab is among the double handful of competitors Gartner mentions in their August paper “Five Styles of Advanced Threat Defense”.  Competitors besides FireEye include   dedicated APT vendors Lastline, Bromium, and Damballa.  Other competitors (Googling Advanced Persistent Threats) include Palo Alto Networks, Cisco, McAfee, Fidelis Security Systems, Trend Micro,  Bit9, and Tenable.  Everyone has their eye on FireEye 

Limited US Presence -   AhnLab decreased their staffing in the US at the start of the year to a handful despite having just opened their US/EMEA headquarters in the Santa Clara, CA less than two years ago.    

It takes a channel and partners - Two ways to try to   grow sales quickly are to  OEM your product and agressively develop a channel.  AhnLab devotes one  page to recruiting partners.  No Partner Portal.  No Education Portal.  FireEye has a well-developed partner program, including VARs, Value Added Distributors, System Integrators, MSSPs, and Technology Alliance Partners (over a dozen listed in their site).  FireEye’s reseller program seems “standard” with three tiers.

It takes customer support - FireEye has a multiple levels of support for their customers.  For Malware Defense System, AhnLab will have to build off a single email address they currently have for US/EMEA customers.  This suggests that support will be coming from South Korea.  Nothing about multiple levels of support.  Barracuda Networks has an amusing radio commercial asking if you want phone trees  and long distance support for your products.

It takes customers who will talk about your Advanced Persistent Threat product - It is difficult to get customers to publically talk about what security products they have on their network.  FireEye has Sallie Mae, Equifax, and the Department of Defense listed as well as a dozen anonymous case studies across a number of industries. FireEye claims that over 100 of the Fortune 500 are among their customers.
It takes marketing and noise - FireEye is “everywhere”.  They appear on multiple security web sites. Multiple CIO and CISO events.  Going public created a lot of visibility.  Their reports and Mandiant’s whom FireEye acquired shortly after the first of the year, get a lot of visibility.  FireEye is aggressive in issuing press releases about threats they have discovered and investigated.  They’re promoting fourteen security events (four in the US),   they’ll be at during the first half of the year.  AhnLab will be at two.  Most PR firms would consider just putting up a product description on your web site a sub-optimal way to announce a product.  That’s not the usual marketing strategy in the North America marketplace.

What AhnLab Malware Defense System May Have Going For it

NSS Breach Detection Study -   AhnLab, Fidelis Security Systems, and FireEye were the only three companies to complete a breach detection study by NSS Labs, ( ) last summer.  Fidelis put out a press release about their results, made their report available at no charge, and wrote a blog challenging FireEye to make their summary report available.  AhnLab put out a press release but hasn’t made the report available on their website.  FireEye wrote nothing.

Three types of protection in a single appliance - AhnLab promotes that they provide Web, email, and Content Security in a single appliance.  With FireEye, you would have to purchase three products.

Profits - AhnLab is one of the largest security companies in South Korea.  And profitable.  FireEye has yet to show a profit.  For 2013, Sales and Marketing expenses, by themselves, exceeded Revenue.  Profits and positive cash flow are good things for the long term.

Ultimately, prospects will have to bring the products in house and test them.  Gartner has looked at a number of companies offering a solution.  NSS Labs issued their reach study last summer and undoubtedly has another APT study going on.

For people visiting RSA 2014 in San Francisco  a number of the vendors offering solutions will be present.  Coffee and cookies in the AhnLab booth, at 11:30 each morning during the exhibition!  “Learn about the ultimate threat defense.  AhnLab’s announcing APTs Dead!”  (Sic) will be the topic of a talk by AhnLab executive Leo Versola on Wed. February 26 at 1:00PM in the North Expo Hall Briefing Center. Too late for a free RSA pass.

The window is closing for AhnLab and other Advance Persistent Threats vendors.  Obviously, FireEye has made it through.  AhnLab and other vendors are going to have a battle to be one of the other survivors and get share.  The press over some major attacks from cyber criminals Target Stores and over 110 million, among others during 2013  ensures  athat companies will be looking for a solution. craig kensek

twitter - ckensek

No comments: