Cyphort vs. FireEye – FireWhy? The Breach Detection, Advanced Persistent Threat Battle

Cyphort is taking a different tact versus the others in the breach detection, Advanced Persistent Threat (APT) market with their Cyphort Advanced Threat Protection solution (claim: complete 360º APT defense!)   Cyphort positions the company as both superior to FireEye and  able to  coexist with FireEye. Getting their nose under the tent for when renewals coming up? Shortening the review cycle when renewals come up?  Coverage for areas of a company where there aren’t FireEye appliances?  Cyphort didn’t participate in the NSS Labs Breach Detection study.

    

 FireEye is the 800-pound gorilla with respect to market revenue and visibility.  The David vs. Goliath analogy won’t work since FireEye’s CEO’s first name is Dave! Cyphort’s 2014 revenue was around $14 million. FireEye’s was $426 million (this includes revenue from the Mandiant acquisition).

Cyphort claims that their solution delivers malware lateral movement detection. They define this as "the ability to combine advanced targeted attacks and Advanced Persistent Threats (APT) detection with lateral movement." They say that their product provides a  picture of the attack as it happens and the potential spread within an organization, in real-time.

The Cyphort solution is delivered as software that can be installed on general-purpose hardware, virtual machines and cloud environments. The solution consists of four core components:

Collector:  Software-based probes deployed at strategic network locations (Internet egress points, data centers, etc.)   to collect suspect objects and communication.

Core:   This is the centralized detection component of Cyphort’s solution; Cyphort Core analyzes the collected suspicious network objects and associated metadata from the Collectors 

Manager: This is a  web-based,  administrative Interface.  It enables someone to manage the distributed deployment and provides access to reports

Threat Network: This cloud service feeds global threat intelligence to the Cyphort Core for enhanced detection of current threats. It aggregates threat information across all Cyphort installations

At RSA earlier this year,  Cyphort's co-founder and Chief Strategy Officer Fengmin Gong  said, "Today, solutions must look at every stage of the cyber kill chain."  

It’s always good to have more competition. Based on press, one would think that the APT market is the exclusive domain FireEye and the other seven companies that are part of the most recent NSS Breach Detection Systems (BDS) test!

 Is FireEye Cyphort’s Friend or Foe?

On the Cyphort site at http://www.cyphort.com/products/firewhy/   there are pair of threads prospects can go down.  

For those who already have FireEye, Cyphort claims that their Cyphort Advanced Threat Protection solution can be used to address gaps in the FireEye solution.  Their pitch is that they enhance protection.

Enterprise-wide Coverage: Unprotected sites and data centers can be covered with a single global license

Enterprise-wide Deployment: Deployment in days using the virtual machine approach

No appliance proliferation:  Cyphort claims that they cover & correlate email/web/file traffic across multiple operating systems, all in one solution

The second thread is for those considering FireEye.  Cyphort claims that they are   “the clear alternative”.  They have a nice (of course, it’s selective) grid containing points of differentiation (FireEye in ( ) :

Detection: Sandbox evasion detection, Data exfiltration detection, Multi-part threat detection, Golden image sandbox for contextual detection.  (no for all four )

Coverage: Distributed/Decoupled Design for Global Deployment using collectors (Monolithic) , Hardware/Software/VM deployment  (hardware only), Integrated Web/Email threat detection for Windows and Mac OSX threats (multiple appliances needed)

Action: Risk-based Threat Prioritization , Containment Using Existing Firewall, Web Gateway and IPS Devices, Endpoint Infection Verification (no for all three)

Scale and Flexibility: Scalability, clustered design to support any load (limited by highest appliance capacity for FireEye );  IT ecosystem Integration, open API (limited); Licensing is enterprise wide by bandwidth (per appliance for FireEye)

The Radicati Group has a  APT market share and  2015-2019 APT forecast  report available for purchase ($3000)  Radicati APT-Protection-Market-2015-2019-Brochure.pdf

For those wanting another company’s view of Cyphort’s and FireEye’s offerings, LastLine has performed  their own analyses:

Lastline vs. Cyphort

Lastline vs. FireEye

Products in the Breach Detection Systems (BDS) Security Value Map™ 2015

In the August NSS Breach Detection Systems Test,  Cisco had the highest detection rate, Blue Coat the lowest TCO.  FireEye - lower left in the grid.  As mentioned earlier, Cyphort was not in this study.

Five of the eight received a recommended rating (Those on the upper right corner of the value map). Some of the companies tested have the individual reports available on their web site.  To purchase reports, see below.  For the BDS Security Value Map Graphic:

• bds-security-value-map-graphic

Participants in the NSS Breach Detection Systems  Study:

• Blue Coat Security Analytics and Blue Coat Malware Analysis Appliance
• CheckPoint 13500 Next Generation Threat Prevention Appliance with Threat Emulation Cloud Service
• Cisco Advanced Malware Protection
• Fidelis XPS Direct 1000 & Fidelis XPS Internal 1000
• FireEye EX-3400 & NX-4400
• Fortinet FortiSandbox-1000D
• Lastline Breach  Detection Platform
• Trend Micro Deep Discovery Inspector 

 Studies are available on the NSS site. Some are available for free on the participant's site.

Black Eye for FireEye - Hitting Researchers with Injunctions

Sometimes security companies can be a little too heavy handed. Or their lawyers have too much time on their hands. FireEye cleared this hurdle, recently.

Felix Wilhelm, a security researcher working for  Germany based ERNW, was going to present his findings on some vulnerabilities he had found with FireEye’s software.  He was going to present at the 44CON Cyber Security Conference (www.44con.com ) during the week of September 9.  The flaws had been fixed, by the way.

The two parties had a series of discussions regarding what could go into the report (FireEye was concerned about not exposing information on their product’s IP).  To be brief, the parties supposedly agreed on a final report around August 5.  FireEye then sent Wilhelm a cease and desist letter on August 6, obtained a court injunction on August 13 and delivered it to Wilhelm on September 2, a week before the 44Con conference.  Ultimately, Wilhelm did present his findings with some material redacted.

FireEye has a procedure for researchers   to “disclose and inform us of potential security issues”. In this case, FireEye was extremely heavy handed . Their action does little to encourage researchers to share (stifle?) at security conferences.  This comes across as “attacking the messenger”. They also attacked the messenger with  NSS Labs a couple of years ago when FireEye e came in last in a multi-company Breach Detection Systems Test. 

FireEye came in last again in a NSS Break Detection Systems Test (BDS) earlier this year. Eight companies were in the test:   Blue Coat, Check Point, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro. The test measured security effectiveness, performance, and total cost of ownership.

To obtain a copy of the Value Map:  NSS Security Value Map Graphic

To read the complete Forbes article “FireEye Scolded For Injunction Stopping Security Researcher Revealing Source Code”: Forbes - FireEye Scolded 

Is FireEye Fireproof?

Addendum - December 7 :  On 12/7 - FireEye reached a fifty two week  low of  $19.76  This is lower than their IPO opening bell price.

To date, FireEye seems impervious to poor test results.  The market has been more interested in revenue growth. In the NSS Labs Breach Detection Systems Comparative Report issued in Augst, five of the eight vendors tested received a Recommended rating. FireEye was not one of them. 

   

FireEye did not test well in the   NSS Labs report, finishing last, with the lowest security effectiveness (in the 50’s, with the next lowest vendor in the 80’s) and the highest TCO per protected Mbps.

September 28 Addendum - FEYE closed at $31.51. Its opening day closing price was around $36.

Cisco had the highest effectiveness of the eight products tested and Blue coast the lowest TCO per protect Mbps.  FireEye protested the testing methodology when NSS first performed this test a couple of years ago.   

A Frost and Sullivan report “Network Security Sandbox Market Analysis, APTs Create a “Must Have” Security Technology”, gives FireEye 62% of the market.

 From a financial perspective, FireEye sales and marketing expenses as a percent of revenue have finally dropped below 100%. Operating cash flow is finally positive. The company is still losing ”tons” of money. The market finally seems to be paying more attention cash flow, margins, and future profitability.  

The company as of mid August is trading in the low $40’s, well off its peak of $97 in March 2014 (giving executives a chance to cash in for a nice gain) and   above the bottom of $25 in October 2014.  The $40’s is in the area of the pop FireEye had when it first went public. The company CFO, Michael Sheridan, resigned shortly after the last earnings announcement to join DocuSign.

 A free copy the Breach Detection Systems Security Value Map can be obtained at https://www.nsslabs.com/bds-security-value-map-graphic  The full report is available for purchase. A number of the vendors in the report are making their individual vendor reports available.  

Cyphort, one of the vendors tested, is aggressive on their website explaining why they would make a great addition to companies already using FireEye and why they feel they’re the “clear alternative” for companies considering FireEye. People can learn about this at http://www.cyphort.com/products/firewhy/  as well as view a (small) capabilities comparison grid.

AhnLab Faces Uphill Battle in US – An Addendum

  

This is an addendum the February blog - “AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)” http://kensek.blogspot.com/2014/02/ahnlab-faces-uphill-battle-in-us.html

If AhnLab is going to make a go of it with their Advanced Persistent Threat product, Malware Defense System (MDS), they must be doing it in incredible stealth mode.  And they must be trying to do it from Korea, where AhnLab is headquartered. 

• Their top US technology person left for a start-up early this year
• There have been no press releases added to the US web site since November 2013
• The company did appear at the Gartner Risk Security & Management Summit in June following up their appearance at RSA SF.  At RSA, they re_announced AhnLab MDS
• AhnLab had posted that they were going to appear at Black Hat Las Vegasin August.  This was removed from their web site.
• Both AhnLab and FireEye complained about an update NSS Labs issued to their 2013 Breach Detection study.  In the original, AhnLab and FireEye finished second and third respectively.  http://kensek.blogspot.com/2014/04/ahnlab-raises-issues-with-recent-nss.html   In the original update, they finished fifth and sixth respectively.  In the post complaints update, AhnLab MDS ranked sixth and FireEye fifth.  Both were far below the other four companies, SourceFire, Trend Micro, Fortinet, and Fidelis.  The updated value map is available at http://www.fortinet.com/sites/default/files/whitepapers/NSS-Labs-2014-BDS-SVM_0.pdf
• If you try to reach AhnLab at their 800 number, 800.511.Ahnlab (2465), you will receive a “you’ve reached a number that has been disconnected or is no longer in service” message.

Perhaps AhnLab is still trying to break into the US licensing Malware Defense System.  If so, they are being incredibly quiet   about it.

Fire in FireEye Valuation Gets Doused (slightly) With Release of NSS Breach Study Report – He Said, She Said Begins

 NSS Labs issued their Breach Detection Security Value Map on April 2  Neither FireEye nor AhnLab can be pleased.  In brief, the Value Map  measures security effectiveness on the Y-axis and Total Cost of Ownership (TCO) per protected MbPS on the X-axis.  AhnLab and FireEye finished in the dreaded lower left hand corner with FireEye coming in last in security effectiveness (AhnLab was close).  AhnLab had the highest TCO per Protected MBPS. The other four company’s products were in the upper right hand quadrant (Quadrant 1), Fidelis, Fortinet, Trend Micro, and SourceFire. They were all around 98% to 99% effective in NSS testing.  SourceFire was the winner, overall. 

From NSS, “Quadrant 1 contains those products that are recommended for both security effectiveness/management and value.  These devices provide a very high level of protection, manageability, and value for money.”  This document is publicly available from Fortinet as is a detailed report for their FortiSandbox 200D appliance.

http://www.fortinet.com/resource_center/whitepapers/breach-detection-systems-beyond-hype.html

Key findings mentioned in the press release - “Four of Six Leading Vendors Receive Coveted NSS ‘Recommended Rating’”

• Four of six products tested achieved over 95% in overall security effectiveness:   five of the six also received a 0% false positive rate.  AhnLab was the sixth with a 7% false positive rate.  FireEye had the lowest security effectiveness, around 94.5%. 
• Money Doesn’t Always Buy the Best Security: Total Cost of Ownership per Protected-Mbps ranged from $231 to $468 with the highest priced solution,   Conversely, Sourcefire (Cisco) had the lowest TCO and also received one of the highest security effectiveness ratings.
• All BDS Solutions Performed At or Above Vendor Throughput Claims

https://www.nsslabs.com/news/press-releases/nss-labs-reveals-first-security-value-map%E2%84%A2-breach-detection-systems

NSS Labs did not receive any compensation in return for vendor participation; All testing and research was conducted free of charge.

FireEye Stock Price (FEYE)

FireEye stock has dropped 49% percent from its March high of $97.35 to closing at $47.33 on April 11.  52-week range - $33.30 - $97.35.  It will be interesting now to see how the stock performs.  Q1 results won’t be announced until May 6.  Note -  The stock was at   $61.49 on April 2 when the report was released.  FireEye's  Q1 results won’t be comparable to    last year’s Q1 since revenue from their Mandiant acquisition after January 1 will be included.  The stock is up about 15% since the beginning of the year.  NASDAQ is down about 3% ovr the same period of time.

When you’re the market share leader, finishing low in an impartial test, one defense is to attack the attacker.

  

He Said - FireEye

"We are a vendor that specializes in advanced attack detection, not in detecting known, stale samples,” Gupta, FireEye Vice President of Products said.  "We ran their malware samples in our lab and detected every single one of them." A valid test would have used a zero-day exploit to evaluate the detection capabilities of the appliances or, at a minimum, the testing could have been done in a live, customer environment, Gupta added.

FireEye was quick to reply in a blog “Real World vs. Lab Testing: The FireEye Response to NSS Labs Breach Detection Systems Report” At a high level: 

• Issue #1:  Poor sample selection
• Issue #2:  Differing definitions of advanced malware
• Issue #3:  Poor test methodology.   

FireEye offered several paragraphs of detail for each of the above.  It is worth reading the blog.

http://www.fireeye.com/blog/corporate/2014/04/real-world-vs-lab-testing-the-fireeye-response-to-nss-labs-breach-detection-systems-report.html

“The best way to evaluate FireEye is for an organization to deploy our technology in their own environment and they will understand why we are the market leader in stopping advanced attacks, “said Dave Merkel, CTO in an April 2 Network World article.

She Said – NSS Labs

NSS Labs was also quick to replay in a blog “Don't Shoot the Messenger”

Their response is also good reading as most of the response consists of   a 20-bullet point “FireEye Claim” and “NSS Response” table.

“Not everyone can end up in the top right quadrant of the NSS Labs Security Value Map™ (SVM), so it is not unusual for someone to be unhappy.  It is, however, unusual for someone to behave the way FireEye did in this instance.  Normally we would not respond to such attacks, but there are a number of untruths and misdirection’s in their blog post that we feel we must address”, stated Bob Walder, President, and Chief Research Officer at NSS.  “FireEye’s results were not that bad.  The real issue here is that FireEye now has credible competition in the BDS market place and the data from this NSS test shows it.”

https://www.nsslabs.com/blog/dont-shoot-messenger

How Did This Begin

Three companies were tested last summer by NSS Labs in their initial breach study, AhnLab, FireEye, and Fidelis.  Fidelis made their report publicly available and challenged FireEye to do the same.  AhnLab issued a press release about their results, and in a blog went, “FireEye, hello?”  No press release by FireEye on their results.  Demerits to publications not asking about this!  With respect to the three companies, NSS has a multi-page document letting the firms tested know what they can do with the test results.  One thing they can’t do is start-doing comparisons with other companies, combining charts, et cetera from the reports.  The reports were available for purchase.

And What about NSS Labs’ Reputation?

In “IT Security Survey 2014” by  test group AV-Comparatives (www.av-comparatves.org),   issued in February, NSS Labs came in ninth out of 15 vendors.  Over 5800 users responded to the survey.  

 http://www.av-comparatives.org/security-usage-surveys/   

Timing Means Everything When Stock is Sold

On March 12, insider transactions of FireEye stock at $79.54 included: 

1. Norwest Venture Partners IX, LP sold 2 million shares, grossing $160 million.
2. FireEye CTO Aziz Ashar sold 1.04 million shares, grossing $83 million
3. FireEye CEO Dave DeWalt sold 486 thousand shares grossing $38 million

Insiders can’t sell shares whenever they want.  There are windows near the release of financial results that they can’t do anything.  A more comprehensive list of insider transactions can be viewed at

 http://finance.yahoo.com/q/it?s=FEYE+Insider+Transactions

  

It’s difficult to test security products.  Every environment is unique.  The best way for companies to evaluate products is to bring them in and to look at tests by reliable test groups.  The report by NSS Labs probably means   that FireEye will face more testing in house by potential vendors  rather than just be evaluated separately. 

Twitter - ckensek

Just When You Thought the Target Breach Story Was Over. A Tale of Advanced Persistent Threats (APT), FireEye, and Warnings Ignored

In the previous chapter of this adventure, Target CIO Beth Jacob had taken the hit and was going to resign.  Target was going to implement new processes in protecting their network. Prior to this, Target had gone through a number of phases since the attack began in late November – denial, CEO Gregg Steinhafel is  nowhere to be found, “Houston, we’ve got a problem”, “Let’s give customers a ‘we’re sorry’” discount”, CEO is found (finally, some look at a book on crisis management), transparency, free credit watch software for customers, etc.  The Russian hackers involved in this incident were not even very sophisticated with their coding.

Techtarget’s definition of Advanced Persistent Threat – “An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.  The intention of an APT attack is to steal data rather than to cause damage to the network or organization.  APT attacks target organizations in sectors with high-value information, such as national defense, manufacturing, and the financial industry.”

In the Bloomberg story “Missed Alarms and 40 Million Credit Card Numbers.  How Target Blew It”, the author writes about how Target HAD Advanced Persistent Threat appliances from FireEye (an APT company that went public several months ago for a gazillion dollars (Side note – FEYE’s  market cap was $10 B as of February 14, though their stock has dropped a bit less than 20% from its high).

The malware had completed most of the phases of the hacker’s objective. Credit card numbers were being stored on a Target server as they were swiped on store terminals. All that was left was for the numbers to be transmitted the cyber criminals for subsequent sale to other cybercriminals.  In November and early December, the hackers went about installing the SW that would send the customer info out to staging points, (probably a botnet), and then to Russia.  Busted!  Well. Sort of. FireEye appliances sent an alert to Bangalore. They alerted the people in Minnesota and…  Minnesota did nothing!  Then, the transmittal of ultimately 40 million records began (a nagging question – was there a DLP (Data Loss Prevention), installed on the network?  It wasn’t until mid-December when the Department of Justice got involved, that Target really began investigating.

By the way, the option for the FireEye appliance to  automatically delete malware as soon as it was  detected was turned off.  What’s even more ludicrous is that Symantec’s Endpoint Protection software, also identified the malware.  $61 million spent by Target so far. Lawsuits, Abysmal Q4 profit (down almost 50%).

Read the Bloomberg/Business Week article. It’s quite interesting.  http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

McAfee this week wrote  that this particular attack  was "Far from 'advanced,' The BlackPOS malware family is an 'off-the-shelf' exploit kit for sale that can easily be modified and redistributed with little programming skill or knowledge of malware functionality.”  If this was the case, this is even more embarrassing for Target and their IT team.  http://www.mercurynews.com/business/ci_25322189/mcafee-report-says-target-cyber-attackers-used-common

Takeaways from this - If your network does not have them.  Look at investing in an APT solution.  Look at investing in a DLP solution. Don’t ignore your security solutions when you get flagged. NSS Labs, Ellen Messmer at Network World, and Lawrence Pingree at Gartner.  www.nsslabs.com , www.networkworld.com , www.gartner.com  have all written about Advanced Persistent Threat vendors. Type “advanced persistent threat” into a Google search and a slew of vendors will show up on the RHS.  

Craig Kensek  - Twitter - ckensek

AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)

Silver sponsorship at RSA Conference USA 2014 in San Francisco  notwithstanding,  South Korea based AhnLab may face an uphill battle achieving success in the US with AhnLab Malware Defense System (MDS).  MDS is designed to combat Advanced Persistent Threats (APTs) and Advanced Malware.  No press release has been issued, but AhnLab will also be showing AhnLab Malware Defense System   Enterprise (MDSE). This version of Malware Defense System isn’t described on AhnLab website yet. The below isn't a technical evaluation of Malware Defense System, MDS or MDSE. It's more of a business analysis. 

http://conference.ahnlab.com/conference/rsa2014/product_mdse.jsp .

For information on MDSE -  http://conference.ahnlab.com/conference/rsa2014/AhnLab_MDSE_Brochure.pdf

Why It May Be Difficult for AhnLab and AhnLab Malware Defense System (MDS) in the US

FireEye (www.fireeye.com) is the 800-pound gorilla in the industry.  They offer more form factors for their APT solutions over AhnLab Malware Defense System.  For example -   their NX series to combat web-based attacks has six flavors, supporting 50 to 40k users.  Their FX series for file protection comes in 2 sizes; up to 80k and up to 160k files per day, respectively.  The acquisition of Mandiant gives them an endpoint solution.  On Valentine’s Day, FireEye announced an Intrusion Prevention product FireEye® MVX-IPS.  Well, they pre-announced the product.  They are shooting for availability during the first half of 2014.  They promote that they have customers in over 40 countries.   

Crowded marketplace   - AhnLab is among the double handful of competitors Gartner mentions in their August paper “Five Styles of Advanced Threat Defense”.  Competitors besides FireEye include   dedicated APT vendors Lastline, Bromium, and Damballa.  Other competitors (Googling Advanced Persistent Threats) include Palo Alto Networks, Cisco, McAfee, Fidelis Security Systems, Trend Micro,  Bit9, and Tenable.  Everyone has their eye on FireEye 

Limited US Presence -   AhnLab decreased their staffing in the US at the start of the year to a handful despite having just opened their US/EMEA headquarters in the Santa Clara, CA less than two years ago.    

It takes a channel and partners - Two ways to try to   grow sales quickly are to  OEM your product and agressively develop a channel.  AhnLab devotes one  page to recruiting partners.  No Partner Portal.  No Education Portal.  FireEye has a well-developed partner program, including VARs, Value Added Distributors, System Integrators, MSSPs, and Technology Alliance Partners (over a dozen listed in their site).  FireEye’s reseller program seems “standard” with three tiers.

It takes customer support - FireEye has a multiple levels of support for their customers.  For Malware Defense System, AhnLab will have to build off a single email address they currently have for US/EMEA customers.  This suggests that support will be coming from South Korea.  Nothing about multiple levels of support.  Barracuda Networks has an amusing radio commercial asking if you want phone trees  and long distance support for your products.

It takes customers who will talk about your Advanced Persistent Threat product - It is difficult to get customers to publically talk about what security products they have on their network.  FireEye has Sallie Mae, Equifax, and the Department of Defense listed as well as a dozen anonymous case studies across a number of industries. FireEye claims that over 100 of the Fortune 500 are among their customers.

 

It takes marketing and noise - FireEye is “everywhere”.  They appear on multiple security web sites. Multiple CIO and CISO events.  Going public created a lot of visibility.  Their reports and Mandiant’s whom FireEye acquired shortly after the first of the year, get a lot of visibility.  FireEye is aggressive in issuing press releases about threats they have discovered and investigated.  They’re promoting fourteen security events (four in the US),   they’ll be at during the first half of the year.  AhnLab will be at two.  Most PR firms would consider just putting up a product description on your web site a sub-optimal way to announce a product.  That’s not the usual marketing strategy in the North America marketplace.

What AhnLab Malware Defense System May Have Going For it

NSS Breach Detection Study -   AhnLab, Fidelis Security Systems, and FireEye were the only three companies to complete a breach detection study by NSS Labs, (www.nssslabs.com ) last summer.  Fidelis put out a press release about their results, made their report available at no charge, and wrote a blog challenging FireEye to make their summary report available.  AhnLab put out a press release but hasn’t made the report available on their website.  FireEye wrote nothing.

Three types of protection in a single appliance - AhnLab promotes that they provide Web, email, and Content Security in a single appliance.  With FireEye, you would have to purchase three products.

Profits - AhnLab is one of the largest security companies in South Korea.  And profitable.  FireEye has yet to show a profit.  For 2013, Sales and Marketing expenses, by themselves, exceeded Revenue.  Profits and positive cash flow are good things for the long term.

Ultimately, prospects will have to bring the products in house and test them.  Gartner has looked at a number of companies offering a solution.  NSS Labs issued their reach study last summer and undoubtedly has another APT study going on.  www.nsslabs.com

For people visiting RSA 2014 in San Francisco http://www.rsaconference.com/events/us14  a number of the vendors offering solutions will be present.  Coffee and cookies in the AhnLab booth, at 11:30 each morning during the exhibition!  “Learn about the ultimate threat defense.  AhnLab’s announcing APTs Dead!”  (Sic) will be the topic of a talk by AhnLab executive Leo Versola on Wed. February 26 at 1:00PM in the North Expo Hall Briefing Center. Too late for a free RSA pass.

The window is closing for AhnLab and other Advance Persistent Threats vendors.  Obviously, FireEye has made it through.  AhnLab and other vendors are going to have a battle to be one of the other survivors and get share.  The press over some major attacks from cyber criminals Target Stores and over 110 million, among others during 2013  ensures  athat companies will be looking for a solution. craig kensek

twitter - ckensek

A Lighter Look at RSA 2013 San Francisco

RSA 2013 San Francisco was well attended.  There were over twenty thousand attendees.  Over 350 vendors participated in the trade show portion AhnLab owned the view from outside Moscone Center with flags promoting  their presence at the event.  Former Secretary of State Condoleezza Rice was the featured keynote speaker, the last day of event.   You know you’ve been in security for awhile when you go to one booth and recognize a few people that you’ve worked with, at different companies.

Advanced Persistent Threats (APTs), seemed to be the acronym du jour for RSA 2013 San Francisco this year.  There were a number of firewall vendors, as well.  Websense had a huge wall touting the results of a Miercom   test with their Web Security Gateway Anywhere appliance, versus a handful of competitors.  In looking at 2.26 million URLs, they identified and blocked over 132 thousand bad URLs.  The least effective result was achieved by FireEye who blocked 171 with their Web MPS 1300 appliance.  The report is available on the Websense web site.  Other companies in the test included Blue Coat, Cisco IronPort, and McAfee.  Germany had a pavilion with a number of companies.  China did as well.  Huawei,  from China, had a large booth in the corner of the exhibition hall.  No 60 Minute people were around.  The usual antivirus and internet security vendors were present; Trend Micro, McAfee, Symantec, Sophos, and ESET were there. NSS was distributing their latest firewall report.  WatchGuard was probably not pleased with the result.

However, enough about security.  What were the tchotchkes like?  Dentists appeared to sponsor many of the giveaways, since candy was rampant.  The usual pens and stress balls were all over the place.  More than a handful of booths were giving away quite nice water bottles.  Three motorcycles, including a Harley Davidson, were being given away.  The event was lighter than usual on tee shirts this year, but they were available at the Check Point, Kaspersky, AhnLab, and Trend Micro booths.  .  AhnLab had a slot machine with the grand prize being $10 thousand.  Light sabers were being given away.  A wookie and Leia (cinnabon hairstyle and all) were hanging in one booth along with the white storm troopers.   

There was a huge line for autographed copies of Kevin Mitnick’s latest book, The Art of Deception.  Likewise for Bruce Schneier and his latest book.  A $35 mini speaker was another giveaway at one booth, a company branded Rubik’s cube at another.  One company gave away a 3 feet long remote control helicopter at the end of each presentation.  Very cool.  Copious amounts of food and alcohol was served Monday evening during the two-hour preview to the show.  One company had a box to put one of your tchotchkes in.  A lucky person was going to win the whole box.  Seinfeld’s “no soup for you” guy was at the show for people wanting to have their picture taken with him.  Kaspersky himself showed up at the Kaspersky booth.  The Kaspersky  booth was serving most excellent kaspertinis at the show on Wednesday.  Bravilna.