Thursday, December 17, 2015

AV-Comparatives Real World Protection Test – August to November 2015

Kaspersky and BitDefender topped twenty companies in AV-Comparatives Real World Protection Test, August to November 2015. These companies finished in the top two, receiving three stars. Both had only one compromised file. Six other companies received three stars over the test period.  Eight of the twenty companies in the test received two stars. Default settings were used for all products.

Trivia question – which North America based malware company received three stars?

Four companies merit the Hall of Shame award for the period, garnering one or zero stars. From the bottom up, ThreatTrack Vipre, Lavasoft, Quick Heat and BullGuard.   Banished to a timeout corner   for being in triple digits for wrongly blocked files – Mcafee, ThreatTrack, and Lavasoft.

An informative graphic in the report depicts the range of protection over the four-month period for each product. The top products were extremely consistent, which is what you would want in a security solution.  The bottom products, less so. 

Not all results are being provided because there is no charge for the report. It can be downloaded at You can also learn more about the test methodology in the fourteen-page report.  The products tested ranged from free antivirus to internet security suites.  Kudos to AV-Comparatives for detailing some of the statistics methodologies used in compiling their report. Your eyes won’t glaze over as you read about this.

As always, the top products may not be top in terms of number of “likes” they’ve received on their respective Facebook pages.  In  the denouement, should one give more weight to independent third party testing, or a fan club?

An interesting article to read by Adam Winn at San Francisco based OPSWAT,  ( Sorry Symantec - Antivirus is Not Dead .  Today’s antivirus/malware protection utilizes more than just pattern files and heuristics.

Hall of Shame and timeout corners are not part of AV-Comparatives’ formal designations. You can learn about the organization at

The trivia question answer – none.  McAfee and Fortinet received two stars.

Sunday, December 06, 2015

McAfee Going Away as a Brand?

Will 2016 by the  year that the McAfee brand will disappear from the public consciousness, or as a SKU, anyway?  If so, it will be the end of an era that began with McAfee’s founding in 1987. 

About McAfee

Wikipedia has published  a history of McAfee. Some of the below has not made it into that history (or was edited out).

At one point in time, during its growth phase, McAfee actively sold off firms that it did not see as being among the top three in their niche.  One of their sales (when they had the Network Associates name), was the data encryption company PGP (Pretty Good Privacy) which they had originally acquired in 1997, to  some of the founders of PGP. This was probably a whoops. In  2010, Symantec purchased this company, the same year Intel acquired McAfee.

To encourage use of their desktop product, McAfee aggressively gave away trial versions (remember CD’s?) of their endpoint product, causing some of their competitors to refer to the company as “McAfree”.

In the late 1990's, Trend Micro sued McAfee (and ultimately other, for patent infringement) "We are not just in it for the royalty," said Trend Micro's general counsel Bob Lowe. "Our main goal is having the products be prevented from being sold."  Nonetheless, the suit ended with a cross-licensing agreement.

The “rumor mill” had it that one McAfee executive used to keep a firearm in his desk.

In April 2003, after purchasing Intrusion Prevention company Intruvert for $100M, the company’s repositioned itself on its website as an intrusion prevention company. In fact, Barron’s in 2005 referred to McAfee as a leader in intrusion prevention  

On January 4, 2006, the Securities and Exchange Commission filed suit against McAfee for overstating its 1998–2000 net revenue by $622 million. Without admitting any wrongdoing, McAfee simultaneously settled the complaint, and agreed to pay a $50 million penalty and rework its accounting practices.  

Several executives left McAfee in the mid 2000’s in part because of an investigation related to back dating of options. The execs were exonerated.  The  CEO resigned at this time, for other reasons, and, went outside the company for a new CEO.

On August 19, 2010, Intel announced that it would buy McAfee for $48 a share in a deal valued at $7.68 billion. There was some push back from the European Union as they felt this deal would give Intel an unfair advantage in desktop security,  but the deal did go through.

On January 6, 2014, Intel CEO Brian Krzanich announced during the Consumer Electronics Show the name change from McAfee Security to Intel Security.  He stated that the McAfee red shield logo would remain and the firm would continue to operate as a wholly owned Intel subsidiary.

On the consumer side over the years, McAfee has been battling Symantec on the paid front. Market share? Around 12th in the October OPSWAT market share report. Mixed results in AV-Comparatives testing. They haven't been tested by Virus Bulletin in several years. 

Jumping Forward to 2015

October 28, 1915- Search Cloud Security - Intel Pulls Plug on McAfee SaaS Security Products

Intel Security will stop selling McAfee SaaS Endpoint and SaaS Email Protection and Archiving. Although new sales will stop in 2016. Existing customers can continue renewing their subscription and receiving support until Jan. 11, 2019, Intel Security said in its notices. Depending on certain subscription types, limited support will be available for some services until 2021.

October 29 - 2015 Channelnomics - McAfee  Brand Will Stay for Now

McAfee as a brand still holds a lot of equity for Intel Security, Lisa Matherly, and Intel VP of worldwide partner programs, marketing & operations, told Channelnomics at Intel Security's Focus 15 event in Las Vegas. 

"There is a lot of equity in the McAfee brand and there is some association with security with the Intel brand, but not as strong as the McAfee brand," Matherly pointed out. "So that's really what we're trying to do - bridge that and introduce the Intel security brand, start associating the security there, but also leverage what we have in the McAfee brand for the product portfolio. She added that the future of the McAfee brand is uncertain now and will be driven by the market.

November 5, 2015 - Intel Security Confirms Divestiture of McAfee NGFW, Firewall Enterprise Businesses in Memo to Partners 

In a memo to partners, Intel Security confirmed its divestiture of its McAfee Next-Generation Firewall and McAfee Firewall Enterprise businesses to Raytheon/Websense

So, pieces are being sold. Other pieces are being end of lifed. Other pieces are being retained though the word "McAfee" appears to be going away. 

Other Firms to the Rescue

 Since these announcements,  Mimecast and Sophos have leapt to the rescue, offering special pricing for users of some McAfee products.

Mimecast - You need a new solution offering both similar features and a smooth migration path – without worrying about a financial burden.

Sophos Promo - We Can Help Today. McAfee retired its email security and archiving products, and now you are scrambling to find an alternative. However, we have good news. Sophos’ solutions will help you turn an annoying replacement project into an upgrade opportunity. And we can do it right now.

Hold, hold onto those McAfee CD’s, tee shirts, and trade show giveaways. It may be the end of an era but they may be worth something on eBay.

One question (beyond the scope of this piece), is whether Intel should have even purchased McAfee in 2010  years ago? They are keeping some of the components. At the time (and even currently) large companies are purchasing jumping onto the security bandwagon to strengthen their security offerings or get into the business.
Also beyond the scope of this piece is any discussion of John McAfee, McAfee’s founder,  who filed to run for president in early September!

Another discussion - worthy of it's own post, will be the future of desktop/endpoint security since pundits' views on this cross the spectrum as to the solution's viability.

Tuesday, November 10, 2015

AV Comparatives Performance Test – Impact of Security Software on System Performance Report October 2015

AV Comparatives has released their Performance Test – Impact of Security Software on System Performance Report. Nineteen products were tested. Eleven products received three stars.  The top three products were in order,  Avira, Avast, and Kaspersky.   Congrats to these three!  Products tested were a combination of free and paid, antivirus, and internet security suites.  The hall of shame award for this test  goes to Fortinet and ThreatTrack; both received one star.  Windows 10 systems were used during the test.

Note that this test doesn’t test  an ability to protect against malware. For that, you would have to look at other tests by AV-Comparatives. In a tie-breaking situation between a few products that performed equally well at stopping and removing malware, the performance test could be a tiebreaker. 

To access the and download the report:  used  the performance testing suite PC Mark 8 Professional, to measure system impact for the  test.

Monday, November 09, 2015

Security Predictions for 2016 or “Let the internet security prognostication begin”

It’s that time of the year, when security pundits make their security predictions and comment on trends for 2016. Of course, it would be great if the pundits who came out with predictions for 2015 came out with a report card in early 2016. 

Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window - Peter Drucker

Consolidation in the Security Sector
Look for continued security consolidation as some of the larger vendors utilize the strategy that it is quicker and easier to buy a technology to broaden their security portfolio than to develop the technology internally. At the same time, some larger companies will sell off their (incomplete) portfolio of security products to focus on other sectors. There are rumors, for example, about SonicWall being put on the market by Dell.  Of course, FireEye rumors are making the rounds after their Q3 results.

Look for other vendors to analyze the market, do a make/buy analysis and then license missing technology from smaller, more agile, companies.  

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” – Bruce Schneier

Bubble Will Burst on Some Newly Public Security Vendors
At some point in time, companies have to generate cash and after working through the wonders and options of tax accounting, companies have to show a bottom line profit.  Look for investors getting tired of “but we’re going after market share” and selling their stock. For others, shorting activity will increase.  An offshoot of this is that these companies will become less expensive to acquire. Happiness is positive cash flow.

Splitting (breaking?) of Humpty Dumpty. Symantec and Hewlett Packard
Symantec has retired their vision (several years old) of becoming a widely diversified company (begun by John Thompson) and is splitting/divesting into security focused Symantec, and back up and recovery, SDN, and governance focused Veritas. Hewlett Packard has split into two companies. HP Inc.   holds the printing and personal systems side of the business, selling printers, scanners, displays, personal computers (laptop, desktop, and tablets),  and the supplies and services associated with them.  Hewlett-Packard Enterprise will handle the hybrid cloud, servers, storage, converged systems, networking, management software, and the services necessary to run an enterprise.    They are both Fortune 100 companies, the latter led by Meg Whitman, and the former by Dion Weisler.  Not bad for a company that began in a garage in Palo Alto, selling to Disney.

One of these splits will work out much better than the other one.   That one being….Symantec. HP Enterprises, and HP, Inc. are still battleships.   

Life is a Breach
There will be at least one major security breach, for a number of reasons.  Some companies have still not gotten the memo about cybercriminals, thinking, “It can’t happen to us” and are being slow in their investments.  There are a number of bright cybercriminals out there. They design their own methods of attack.  They may rent use of a botnet as part of their attack strategy.  If the CIO/CEO want to maintain their title, look for full transparency, accepting the blame, laying out the groundwork to prevent this from happening again (hopefully), and protecting their customers. Classic disaster recovery procedure, often not followed.

Cybercriminals Will Broaden Their Target Base
Cybercriminals will increase the number of vertical markets they go after and the size of the typical breach will be smaller. The number of breaches (reported anyway) will decrease. From a CSO Online article - Jody Westby, CEO of Global Cyber Risk, “it is the data that makes a business attractive, not the size – especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property.”

The Identity Theft Resource Center (ITRC) reported in October that there has been 606 data breaches recorded through October 13, 2015, and that more than 175 million records have been exposed.    The top 4 sectors with respects to incidents, business (39%), health care (36%), banking (10%), and government (8%) 68% of the records exposed were in the health care sector. There were over 780 data breaches in 2013.

We Will Continue to be Our Own Worst Enemy
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”- Kevin Mitnick

 A warning from your browser not to visit that site?  A found thumb drive?  New pictures of (fill in the name of your favorite celebrity) on the web or as an attachment to your email.  These are the internet equivalent of wet paint signs. Some people just have to check for themselves. More security aware companies will do more than have people look at a slide presentation on security and take a quiz once a year. They’ll send their own employees phishing emails, among other tactics.

The Wisdom of Crowds
James Surowiecki, in the book “The Wisdom of Crowds”, speculated that large groups of people are smarter than an elite few, no matter how brilliant–better at solving problems, fostering innovation, and coming to wise decisions. In 2016, market share of consumer AV/Malware purchases will probably still continue to be more a reflection of how many “likes” a product receives, rather than how they are reviewed by a PC Publication,  or test organizations AV-Comparatives, or AV-Test. Scary. Whom are you going to trust? Your doctor or your Facebook friends?

A  Growing use of Something Other Than Passwords
The top 20 list of passwords for 2016 may not vary greatly from 2015, look for more people to use some sort of biometrics or Multi-factor Authentication (MFA), to enhance the security of their devices. This will occur in businesses more quickly than in the consumer marketplace. According to an article in CNET at the beginning of the year, the top 10 passwords of 2014 were 123456, password, 12345, 12345678, QWERTY, 1234567890, 1234, baseball, dragon, and football. If your password looks anything like this, or is your pet’s name, change it immediately. There are a number of articles on creative ways of making up passwords or using different figures you can draw on your keyboard. At minimum, consider reading a few articles and select a method that works for you.

Showtime” - The Government or a Large Security Vendor will take the Offensive
At some point in time, negotiations just aren’t cutting it.  Look for a concerted attack against some cybercriminals, whether they’re independent, being treated with benign neglect in their native country, or being subsidized.  This is despite any negotiations taking place with some countries on an international level. Sometimes the best defense is a good offense.  “The Darknet: Is the Government Destroying 'the Wild West of the Internet?” is a November Newsweek article that’s an interesting read.

Government Takes the Lead in Sharing of Information between Security Vendors
The bragging right for many security companies is how quickly they identify and react to threats, and update their existing customers almost immediately.  They are not going to want to share this information with competitors as quickly.  Look for the government to be the driver in information sharing. One question that arises – how open will this table be for all security vendors or will it be a selective group?   “Senate passes cybersecurity information sharing bill despite privacy fears.” Washington Post, October 27.   

The News of the Death of Endpoint Security Has Been Greatly Exaggerated
To paraphrase a quotation by American humorist Mark Twain.  The reliance of AV/malware products on signature files to detect threats has been declining for years. The endpoint   is the last line of defense. Technologies relying on heuristics are not the whole solution. Look for endpoints to use such techniques as artificial intelligence and machine learning, whether powered at the endpoint or in the cloud to lead the way. Despite statements by Symantec and others, do not look for AV/malware protection provided at the endpoint either installed their or involving technology in the cloud to disappear anytime soon.

Who will be Among the Top New Innovative Security Companies in 2016?
Good question.

On November 3, SINET announced their top 16 innovators (revenues under $15 million) for 2015. These companies were:  Bayshore Networks, Inc., BehavioSec, Gurucul Solutions, Lastline, Netskope, Onapsis, Inc., Palerra, Inc., PFP Cybersecurity, Pindrop Security,  QuintessenceLabs, RedOwl Analytics, Secure Islands,  SecurityScorecard, Sqrrl Data, Inc., TaaSera, Inc., Vectra Networks, Inc., You may be hearing from these companies over the course of 2016. Gartner and others will be coming out with their lists.

A mantra for 2016, “Friends don’t let their friends be mindless about security.”

Monday, October 26, 2015

CompTia Survey - 17% of people would put a found USB stick in their laptop. Ouch or fantastic?

In a  CompTia survey  written about by Softpedia in “One of the Biggest Security Risks: Naive People Connecting Lost USBs to Their PCs”,   an interesting statistic came up.  As part of the study, 200 USB sticks were left in high traffic locations in US cities.  20% (forty) were picked up and 17% were connected to people’s laptops.  According to the article, The USB sticks used in the experiment contained a text file, which included instructions asking the user to send an email to a specific address, or to click through a trackable URL.

The reporter found the 17% figure worrisome.  I’ll take a contrarian view.

At RSA San Francisco 2013, we conducted a security survey, gathering 300 responses.  78% of those responding said that they had once found a USB and plugged it into their laptop!   68% of those surveyed had been involved in a security breach, either at home, or in their office.

While 17% is a frighteningly high number, that is a 61%% drop from what I found just two and a half years earlier!

A found USB stick is an internet equivalent of coming across  a “Wet Paint” sign. You just have to check it out yourself. We are our own worst enemies. More training is need. 

For an interesting read on the use of infected USB sticks for good, Google and read about Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. 

Sunday, October 18, 2015

The Pareto Principle and the Pursuit of Perfect Internet Security – a Parable

Not so long ago, a bright security professional and a firm believer of the Pareto Principle, was tasked with designing and implementing an impregnable security solution for his company’s internet. He did his research and arrived at what he thought was an accurate total cost of $4M. Just prior to striding into his manager’s office for approval, he had a quick discussion about the project with a recent new hire reporting to him about the project.

“I’d be careful,” she advised. “At my last company, we found that each major phase cost 50% more than the previous phase. We had several discussions about ‘risk profiles’ and ‘perfect protection’ before getting buy-in on deliverables and budget on a less ambitious result.” 

The bright security professional thanked her and said, “I’m quite confident in my projections and will stake my job on this project. In fact, I will bring it in under budget.”

So, the bright security professional met with his somewhat parsimonious manager, and guaranteed the results. “In fact,” he said, “the first phase of the project will get us 80% there for only $800k."  The manager said, “Fine, but go over budget on this and your next position will have you saying, ‘Would you prefer a grande or a venti latte?’” and with that, the project was approved.

At the completion of the project, how much under budget was the confident security professional?

First, the Pareto Principle is named after economist Vilfredo Pareto (1848-1923), From Investopedia, “The principle states that, for many phenomena, 20% of invested input is responsible for 80% of the results obtained. Put another way, 80% of consequences stem from 20% of the causes. Also referred to as the "80/20 rule".”

The answer is – the individual left to “pursue other opportunities” when he found himself having exhausted the budget, told his manager  that he now felt that 100% was unobtainable and that  it would cost an additional $2.5M to get to 97.5% protection.

How did this happen?

Earlier, a factor (chosen by me) added by the wise new hire was that each phase of the project was that each phase of the project was going to cost 50% more than the previous phase.

Phase 1 - $800k spent (total $800K) to reach 80% of perfection

Phase 2 - $1.2M spend (total $2M) to reach 90% of perfection

Phase 3 - $1.8M spent (total $3.8M) to reach 95% of perfection

Phase 4 – Plug pulled on project. The estimate was $2.7M (total $6.5M) to reach 97.5% of perfection and you never reach 100%

Some morals of this parable

·         100% is tough, if not impossible, to achieve

·         Know your risk profile and your company’s risk profile when working on security projects

·         Know how to make coffee drinks

Thursday, October 15, 2015

AV-Comparatives File Detection Test – September 2015

Av-Comparatives prolific team of writers and testers has released their File Detection Test – September 2015. Nine products received three stars. Avira and BitDefender topped the 21 products in the test.   Their false positive rate was only 0.2%. Other companies receiving three stars, in alphabetical order, were Bullguard, Emisoft, eScan, ESET, Kaspersky, Lavasoft, and Panda.  You can download the report  to see the actual order.

ESET, Microsoft, and Panda had zero false positives The hall of shame award for this test goes to AVG Technologies with a false positive rate 32 times larger Avira and Bitdefender, at 6.5%, (139 false positives).

About the AV-Comparatives  File Detection Test

The awards for the File Detection Test were based on a combination of detection rates and false positives.   The File Detection Test assesses the ability of antivirus programs to detect malicious files on a system. It can identify malware attacks from sources other than the Internet, and it  can identify  malicious files already present on the system.

 “With more than 130000 samples in the test, AV-Comparatives uses one of the largest sample collection worldwide to provide statistically valid results”, according to AV-Comparatives’ Andreas Clementi.

ABC Award for the  File Detection Test

The ABC award (Avoids Being Compared) goes to Symantec. The File Detection Test  is one of the core tests the organization performs. Companies cannot choose which of these core tests to be in. It's all or none.  The ABC award is not part of AV-Comparatives’ test   program!

The document can be downloaded at:    

The  file detection rate of a product is only one aspect of a complete anti-virus product. AV-Comparatives also provides a whole-product dynamic “real-world” protection test, as well as other test reports that cover different aspects/features of the products.  For those interested, you can easily do a deep dive into individual company’s historical performances on tests or sign up for the newsletter.   Check them out.  Other documents are available for download from the AV-comparatives website  ( ) website.

Thursday, October 08, 2015

Av-Comparatives – Review of IT Security Suites for Small Business – September 2015

Av-Comparatives has released their Review of IT Security Suites for Small Business   - September 2015.  The review   examines security suites suitable for a company running either the Foundation or the Enterprise edition of Microsoft Windows Server 2012 R2. The Foundation version is suitable for small companies with up to 15 users (from the Microsoft website), while the Essentials version allows an additional ten users. The report considers products for a network of up to 25 client PCs, with one file server/domain controller.

AV-Comparatives’ review covered only the essential everyday tasks needed in all networks. However some products have additional features and could be used for significantly bigger networks reviewed. Products in the Review of IT Security Suites are:
Bitdefender Endpoint GravityZone, ESET Remote Administrator, F-Secure Protection Service For Business, G Data Antivirus Business, Kaspersky Small Office Security, McAfee SaaS Endpoint Protection, Sophos Endpoint Security and Control Cloud, Symantec Endpoint Protection, and Trend Micro Worry Free Business Security Services.  Symantec! They’re here.  They are not present on many of AV-Comparatives’ reviews (companies cannot selectively opt out of a subset of core reviews; it’s all or none).
The document itself runs around 90 pages.  Each product is given a comprehensive overview.  Major categories that AV-Comparatives looked at include:
Supported OS, Documentation, Management Console (cloud based, server based, and virtual appliance) Respective endpoint protection programs for Windows and Mac OS clients, Window Server Protection Software, and Summary

All of the products received the AV-Comparatives’ Approved Business Award.
The advantages of a document like this include, the depth of comparison, the same features/functionality are looked at for each product, and the review was done by a known test organization. A company would not have the time (and for a Small Business, the expertise) to go into this depth for nine products.  Companies looking to replace their current product being used should find this report a valuable (at no charge!) resource.

For those who like to compare products on a feature grid, suffice it to say that AV-Comparatives provides a sizeable (Multiple fingers and toes! Approximately 100 rows) grid as part of the document. This document is more than adequate for you to select one product for your environment or select a short list for evaluation.
The document can be downloaded at:    
The “Death of Antivirus Software is Greatly Exaggerated”, as written in an article in CSO Online (and others).  You still need protection from these threats, whether the protection is provided from software on the device or from the cloud. Greatly Exaggerated

 Av-Comparatives has a fantastic library of test documents. The site organization scores high on surveys.  Check them out.  Other documents are available for download from the AV-comparatives website ( ) website.



Thursday, October 01, 2015

AV-Comparatives Malware Removal Test – September 2015

AV-Comparatives has released the results of their AV-Comparatives Malware Removal Test for 2015. Products tested were a combination of free and paid solutions.  Sixteen products were tested. Five received three stars or the Advanced Plus award. Kaspersky topped the list. BitDefender was third and the three “A’s”, Avast, AVG Technologies and Avira, rounded out the three star recipients.

AV-Comparatives Malware Removal Test

The Malware Removal Test focused only on the malware removal/cleaning capabilities of the products. The report was written with home users in mind and not administrators or advanced users.  These individuals  may have the knowledge and tools for removal of malware on the system.  To compare products for their protection and detection capabilities, you may want to download AV-Comparatives “Real World Protection Test” and “File Detection Test”.

The ABC or “Avoids Being Compared” Award

More data and testing by an unbiased test group help   consumers make an informed decision when selecting products to secure their devices.  The number of likes on a product’s web site doesn’t cut it for security when licensing  a product.  Comparative testing also motivates companies to improve their products.  It’s disappointing when companies decline to be tested.

For the AV-Comparatives Malware Removal Test, the ABC Award or “Avoids Being Compared” Award goes to Symantec, McAfee, and Trend Micro. All three of these companies have solutions with sizeable share in the antivirus/internet security consumer marketplace.  Perhaps they will step up for the next test. McAfee and Trend Micro are usually there. Symantec? Not so much.

The Malware Removal Test  document is located at

All of AV-Comparatives’ tests can be found at

Sunday, September 27, 2015

Cyphort vs. FireEye – FireWhy? The Breach Detection, Advanced Persistent Threat Battle

Cyphort is taking a different tact versus the others in the breach detection, Advanced Persistent Threat (APT) market with their Cyphort Advanced Threat Protection solution (claim: complete 360ยบ APT defense!)   Cyphort positions the company as both superior to FireEye and  able to  coexist with FireEye. Getting their nose under the tent for when renewals coming up? Shortening the review cycle when renewals come up?  Coverage for areas of a company where there aren’t FireEye appliances?  Cyphort didn’t participate in the NSS Labs Breach Detection study.
 FireEye is the 800-pound gorilla with respect to market revenue and visibility.  The David vs. Goliath analogy won’t work since FireEye’s CEO’s first name is Dave! Cyphort’s 2014 revenue was around $14 million. FireEye’s was $426 million (this includes revenue from the Mandiant acquisition).

Cyphort claims that their solution delivers malware lateral movement detection. They define this as "the ability to combine advanced targeted attacks and Advanced Persistent Threats (APT) detection with lateral movement." They say that their product provides a  picture of the attack as it happens and the potential spread within an organization, in real-time.

The Cyphort solution is delivered as software that can be installed on general-purpose hardware, virtual machines and cloud environments. The solution consists of four core components:

Collector:  Software-based probes deployed at strategic network locations (Internet egress points, data centers, etc.)   to collect suspect objects and communication.

Core:   This is the centralized detection component of Cyphort’s solution; Cyphort Core analyzes the collected suspicious network objects and associated metadata from the Collectors 

Manager: This is a  web-based,  administrative Interface.  It enables someone to manage the distributed deployment and provides access to reports

Threat Network: This cloud service feeds global threat intelligence to the Cyphort Core for enhanced detection of current threats. It aggregates threat information across all Cyphort installations

At RSA earlier this year,  Cyphort's co-founder and Chief Strategy Officer Fengmin Gong  said, "Today, solutions must look at every stage of the cyber kill chain."  

It’s always good to have more competition. Based on press, one would think that the APT market is the exclusive domain FireEye and the other seven companies that are part of the most recent NSS Breach Detection Systems (BDS) test!

 Is FireEye Cyphort’s Friend or Foe?

On the Cyphort site at   there are pair of threads prospects can go down.  

For those who already have FireEye, Cyphort claims that their Cyphort Advanced Threat Protection solution can be used to address gaps in the FireEye solution.  Their pitch is that they enhance protection.

Enterprise-wide Coverage: Unprotected sites and data centers can be covered with a single global license

Enterprise-wide Deployment: Deployment in days using the virtual machine approach

No appliance proliferation:  Cyphort claims that they cover & correlate email/web/file traffic across multiple operating systems, all in one solution

The second thread is for those considering FireEye.  Cyphort claims that they are   “the clear alternative”.  They have a nice (of course, it’s selective) grid containing points of differentiation (FireEye in ( ) :

Detection: Sandbox evasion detection, Data exfiltration detection, Multi-part threat detection, Golden image sandbox for contextual detection.  (no for all four )

Coverage: Distributed/Decoupled Design for Global Deployment using collectors (Monolithic) , Hardware/Software/VM deployment  (hardware only), Integrated Web/Email threat detection for Windows and Mac OSX threats (multiple appliances needed)

Action: Risk-based Threat Prioritization , Containment Using Existing Firewall, Web Gateway and IPS Devices, Endpoint Infection Verification (no for all three)

Scale and Flexibility: Scalability, clustered design to support any load (limited by highest appliance capacity for FireEye );  IT ecosystem Integration, open API (limited); Licensing is enterprise wide by bandwidth (per appliance for FireEye)

The Radicati Group has a  APT market share and  2015-2019 APT forecast  report available for purchase ($3000)  Radicati APT-Protection-Market-2015-2019-Brochure.pdf

For those wanting another company’s view of Cyphort’s and FireEye’s offerings, LastLine has performed  their own analyses:

Products in the Breach Detection Systems (BDS) Security Value Map™ 2015

In the August NSS Breach Detection Systems Test,  Cisco had the highest detection rate, Blue Coat the lowest TCO.  FireEye - lower left in the grid.  As mentioned earlier, Cyphort was not in this study.

Five of the eight received a recommended rating (Those on the upper right corner of the value map). Some of the companies tested have the individual reports available on their web site.  To purchase reports, see below.  For the BDS Security Value Map Graphic:
Participants in the NSS Breach Detection Systems  Study:
 Studies are available on the NSS site. Some are available for free on the participant's site.

Friday, September 18, 2015

Carly Fiorina and Her Record at HP

Presidential candidate Carly Fiorina has been taking a lot of heat and defending her record while at Hewlett-Packard ten years ago. Below are a couple of charts summarizing HP’s stock performance during those years. You can draw your own conclusions. Suffice it to say that many employees were glad that Carly Fiorina  was removed from Hewlett-Packard. Unfortunately, by the time she was gone, the “HP Way” had all but disappeared.

And in another chart:

 The sources and crisper images are below. You can also click on the images to expand them.  The analyses point out that the economy was not great during those years. Neither article gives Fiorina  an "A" for her performance, though. 

Wednesday, September 16, 2015

AV-Comparatives Mobile Security Review – August 2015

Austria based AV-Comparatives has released their Mobile Security Review -  August 2015.  This is quite an extensive document, providing a comprehensive review of sixteen security packages running on Android.  The document runs  seventy pages. Ten of the sixteen products are free.  Almost 2400 malicious applications were used in the test.

Mobile security is crucial for both home users (who are constantly checking their mobile) as well as businesses. The BYOD camel has entered its nose into the intranet tent and it’s not going to be removed.  Mobile devices are a major weak spot for network access, as well as a place where data can be accessed. Data stored on the phone can be stolen, as well.    The Global BYOD market is expected to grow at a CAGR of 25.32% from 2014 to 2019 according to a   new market research report published on September 15. market research report  . These devices need to be protected.

AV-Comparatives, while giving each of the products an approved rating, nonetheless found that the there was overall a “significant overall improvement” in the standard of the products.

Four of the  products provided 100% protection:   Trend Micro with no false alarms, BitDefender,   G Data (both with three  false alarms) and Antiy (with five) rounded out the top four.

AVG Technologies  offering trailed all products tested with 98.4% protection and 4 false alarms. Just above AVG Technologies was Sophos with 99.2% protection and 0 false alarms. 

For those who are interested in a tabular deep dive comparison, the first table compares which of 75 permissions are in each of the products. No product had all of them.

The Feature List table compares the products on over forty attributes, broken down into categories including Anti-Malware, Anti-Theft, Anti-Spam, Parental Control, Authentication, Additional Features, and Support. McAfee Mobile Security lacked the fewest, missing only three.  This product drained the mobile battery a bit more than the others did.

A great deal of work went into this document. The Mobile Security Review can be found free (!) at
http: //  .  Complete copyright and disclaimer information is contained in the document and more information about test procedures is on the website.

AVC UnDroid Analyser

AV-Comparatives ( has also introduced a slick malware analysis tool, the UnDroid Analyser that is free to users. It’s a static system for detecting suspected Android malware and adware and generating some statistics about it. Check it out at  .


 View AV-Comparatives September Malware Removal Test at

Malware Removal Test - September 2015

Sunday, September 13, 2015

Black Eye for FireEye - Hitting Researchers with Injunctions

Sometimes security companies can be a little too heavy handed. Or their lawyers have too much time on their hands. FireEye cleared this hurdle, recently.

Felix Wilhelm, a security researcher working for  Germany based ERNW, was going to present his findings on some vulnerabilities he had found with FireEye’s software.  He was going to present at the 44CON Cyber Security Conference ( ) during the week of September 9.  The flaws had been fixed, by the way.

The two parties had a series of discussions regarding what could go into the report (FireEye was concerned about not exposing information on their product’s IP).  To be brief, the parties supposedly agreed on a final report around August 5.  FireEye then sent Wilhelm a cease and desist letter on August 6, obtained a court injunction on August 13 and delivered it to Wilhelm on September 2, a week before the 44Con conference.  Ultimately, Wilhelm did present his findings with some material redacted.

FireEye has a procedure for researchers   to “disclose and inform us of potential security issues”. In this case, FireEye was extremely heavy handed . Their action does little to encourage researchers to share (stifle?) at security conferences.  This comes across as “attacking the messenger”. They also attacked the messenger with  NSS Labs a couple of years ago when FireEye e came in last in a multi-company Breach Detection Systems Test. 

FireEye came in last again in a NSS Break Detection Systems Test (BDS) earlier this year. Eight companies were in the test:   Blue Coat, Check Point, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro. The test measured security effectiveness, performance, and total cost of ownership.

To obtain a copy of the Value Map:  NSS Security Value Map Graphic

To read the complete Forbes article “FireEye Scolded For Injunction Stopping Security Researcher Revealing Source Code”: Forbes - FireEye Scolded 

Sunday, August 16, 2015

Is FireEye Fireproof?

Addendum - December 7 :  On 12/7 - FireEye reached a fifty two week  low of  $19.76  This is lower than their IPO opening bell price.

To date, FireEye seems impervious to poor test results.  The market has been more interested in revenue growth. In the NSS Labs Breach Detection Systems Comparative Report issued in Augst, five of the eight vendors tested received a Recommended rating. FireEye was not one of them. 
FireEye did not test well in the   NSS Labs report, finishing last, with the lowest security effectiveness (in the 50’s, with the next lowest vendor in the 80’s) and the highest TCO per protected Mbps.

September 28 Addendum - FEYE closed at $31.51. Its opening day closing price was around $36.

Cisco had the highest effectiveness of the eight products tested and Blue coast the lowest TCO per protect Mbps.  FireEye protested the testing methodology when NSS first performed this test a couple of years ago.   

A Frost and Sullivan report “Network Security Sandbox Market Analysis, APTs Create a “Must Have” Security Technology”, gives FireEye 62% of the market.

 From a financial perspective, FireEye sales and marketing expenses as a percent of revenue have finally dropped below 100%. Operating cash flow is finally positive. The company is still losing ”tons” of money. The market finally seems to be paying more attention cash flow, margins, and future profitability.  

The company as of mid August is trading in the low $40’s, well off its peak of $97 in March 2014 (giving executives a chance to cash in for a nice gain) and   above the bottom of $25 in October 2014.  The $40’s is in the area of the pop FireEye had when it first went public. The company CFO, Michael Sheridan, resigned shortly after the last earnings announcement to join DocuSign.

 A free copy the Breach Detection Systems Security Value Map can be obtained at  The full report is available for purchase. A number of the vendors in the report are making their individual vendor reports available.  

Cyphort, one of the vendors tested, is aggressive on their website explaining why they would make a great addition to companies already using FireEye and why they feel they’re the “clear alternative” for companies considering FireEye. People can learn about this at  as well as view a (small) capabilities comparison grid.

Saturday, July 25, 2015

AV-Comparatives Mac Security Test and Review – July 2015

Austria-based AV-Comparatives  has released the results of their Mac Security Test and Review, July 2015. This report   evaluates ten products users can license for their Mac systems. Products tested were a combination of free and paid solutions. Overall, nine of the products reviewed received AV-Comparative’s Approved Security Product award. 

Malware Tests

Seven of the ten products scored 100% in the Mac Malware Protection Test. None of the tested products scored lower than 98%.

Many Mac security vendors claim that their products detect Windows malware as well as Mac malware. In the Windows Malware Detection Test, seven of the ten products scored 100%. While Macs cannot be infected by these files, the Macs can distribute them, hence the value of testing with Windows malware.

Mac Review and Usability Test

AV-Comparatives used the following criteria in compiling their 64-page review. The appendix provides a comparative checklist that summarizes protection, features, and support for each product. For the test, evaluators use the following as a guideline:

•    Product version reviewed
•    Operating systems supported
•    Additional features
•    Installation
•    Main window
•    Operating system integration
•    Maintenance
•    Non-administrator access
•    Scanning
•    Settings quarantine and logs
•    Malware and phishing alerts
•    Help

 “Our Mac Security Test and Review document comprises a comprehensive evaluation of the ten products we tested,” said Andreas Clementi. “It’s a valuable document that should help enable users to determine which product is the best for their needs. Mac products are not immune from infection by malware, contrary to the belief held by many individuals.  Users consider performing  their own examination of a few products, where 30-day evaluations are available. We don’t recommend not using a security product!”

A more complete list of antivirus programs for the Mac is available at:

AV-Comparatives performs af  number of tests  over the course of the year. Reports can be downloaded from the company website at:  Their “Real World Protection Test March – June 2015” can be found here. Products from Bitdefender, Kaspersky, and Avira were the top three in this test.  

The Mac Security Test and Review can be found at:

About AV-Comparatives

AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions. Certification by AV-Comparatives provides an official seal of approval for software performance that is globally recognized.

Sunday, March 01, 2015

AVG Technologies Financial Results 2014 – An Alternative View (some quick thoughts on issues for 2015) and AVG ME

AVG Technologies released their financial results in February.  As usual, the focus was on revenue.  Per their announcement,   “Subscription revenue increased 12% to $281.6 million from $250.8 million year over year. Our consumer subscription business grew 11% to $223.1 million and our small business segment by 18.7% to $58.5 million. For the fiscal year 2014, total revenue was $374.1 million”

Looking at the numbers versus fiscal 2013 and Q4 2013 versus 2014 is a little troubling, as a lot of red is involved in the changes.

With the exception of Subscription Revenue, all other figures above were lower in  Q4 and for 2014 overall versus 2013.  Much of the drop in platform derived revenue was expected, however.  The increase in subscription revenue didn’t make up for the decline in platform derived revenue.  AVG’s focus is going to be on subscription revenue.

In the transcript to the press conference, CEO Kovacs commented that, “We have also exceeded a very important user count milestone, as we came in at over 101 million mobile users, to give a total user count reached of 197 million. Both of these are well on our way to the important milestones

Two potential red flags with this.  There may be double counting of users, if a user has AVG product installed on both a smart phone and a laptop.  Also, several years ago, AVG promoted that they had  on the order of 130 million users. This was before they acquired their way into the mobile business (Israeli based company acquisition).   Doing the math, they may have lost, market share on the order of   34 million desktop users.  That’s quite a bit.   How user is/was defined may have changed over the years.  5 million of the additional users were through the acquisition of Location Labs. 

Paid user count for 2014 on the desktop was approximately 19 million.  The means the majority of the consumer base was free, which means zero switching costs and the possibility for churn.

2014 acquisitions by AVG included acquisitions of Locations Labs, Norman Safeground and Winco.  Revenue from these were not broken out separately.

Some Threats for 2015


In 2014, AVG’s SMB revenue grew by an impressive 18.7% to $58.5 million. On February 24th, AVG competitor Avast announced their free Avast for Business.  This product is designed to protect small and medium-sized businesses (SMBs) against viruses and cyber attacks.   

Avast pointed out as part of the introduction  that it plans to introduce programs for MSPs and resellers that enable them "to benefit from the power of free." This could pose a risk to AVG’s growth with their SMB product.  To build their presence in the business marketplace, Avast recruited AVG’s VP of Sales and Operations in June, 2014.

In the Desktop and Android Market

  • AVG has not tested well in some product tests by well known vendors.  This could impact market share growth.
  • AV-Test ( released a report in December on “The best antivirus software for Windows Home Users”.   AVG’s products tested came in 18 and 22 out of the 27 tested.
  • AV-Comparatives ( ) - In AV-Comparatives’ September “File Detection Test”, AVG was awarded 1 star. 18 products were awarded 2 or 3 stars.
  • However,  in the summary report for 2014, AVG  was one of nine vendors to receive a Top Rated designation. Bitdefender won Product of the Year.
  • Av-Test ( ) released a report on “The Best Antivirus SW for Android”.  31 products are in the report.  28 products scored higher the free AVG offering that was tested.
  • AVG was not part of the AV-Compasrative September “Mobile Security Review”.
To jump start even further installations on mobiles, AVG may need to do something like they did with Huawei  and give away paid AVG product. They did this with   Huawei mobiles in the India market, and with Samsung phones in the UK market. This was a  couple of years ago. 

The rumor mill has AVG Introducing “AVG ME”  sometime in the first ½ of this year , potentially as soon as March.   With this product, AVG ME will be providing publishers and advertisers access to validated user data (gathered with customer permission).  Revenue from this is TBD.

The Usual Acquisition Stories

In November, the Wall Street Journal reported that AVG Technologies had been approached by potential buyers.  Nothing has really been in the press about this since then.

Wednesday, February 04, 2015

Av-Comparatives Summary Report – 2014

For those who haven’t made a habit of downloading and looking at the many test reports  test group AV-Comparatives publishes, their AV-Comparatives Summary Report of anti-virus products has been released.  Some of the products in the test were the company’s internet security offerings. The report lists the winners in a number of categories:

  • Overall winner
  • Top rated products
  • Real world protection test
  • File detection
  • False positives
  • Overall performance 
  • Proactive (heuristic/behaviors)
  • Malware removal

Congratulations to BitDefender for being product of the year, receiving 3 stars in all the tests! Two other companies achieved this level with their products, Kaspersky, and Eset.

Most of the products tested were “paid” versions, products from Panda, LavaSoft, and Avast being the exceptions.  Among these three, Panda was the “winner”, finishing twelfth overall.  In alphabetical order, the bottom three companies were AhnLab, McAfee, and ThreatTrack Vipre.

This 151 page report also contains an extensive user interface review section of almost two dozen products.  One of the companies on the list even begins with an S.  Sorry. It’s not Symantec.  One of these days, they’ll step up and be tested.

The demise of anti-virus products and companies offering them  is vastly pre-mature.  The endpoint needs protection. The level of protection provided by these products is superior to that provided years ago, when heuristic technology wasn’t in many endpoint solutions, and there were no cloud solutions for the endpoint. Leave your laptop or tablet unprotected at your own risk!

This report demonstrates quite clearly that the market share leaders in the endpoint security space are not necessarily providing the best security nor performance.  Kaspersky, and Eset, are known in the industry but not as much to the public.  But you can buy them online and in some stores.  

BitDefender has an active and successful OEM program for their antimalware engine. Download and take a look at the AV-Comparatives Anti-Virus Comparative Report.  It’s free. And in 2015, do look at their other reports.  You can also go onto their site and view their results from their dynamic  Real World Test.   

About AV-Comparatives ( )

AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing.  AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions.  Currently, the  AV-Comparatives' Real-World Protection Test is the most comprehensive and complex test available when it comes to evaluating the real-life protection capabilities of antivirus software