AhnLab Faces Uphill Battle in US – An Addendum

  

This is an addendum the February blog - “AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)” http://kensek.blogspot.com/2014/02/ahnlab-faces-uphill-battle-in-us.html

If AhnLab is going to make a go of it with their Advanced Persistent Threat product, Malware Defense System (MDS), they must be doing it in incredible stealth mode.  And they must be trying to do it from Korea, where AhnLab is headquartered. 

• Their top US technology person left for a start-up early this year
• There have been no press releases added to the US web site since November 2013
• The company did appear at the Gartner Risk Security & Management Summit in June following up their appearance at RSA SF.  At RSA, they re_announced AhnLab MDS
• AhnLab had posted that they were going to appear at Black Hat Las Vegasin August.  This was removed from their web site.
• Both AhnLab and FireEye complained about an update NSS Labs issued to their 2013 Breach Detection study.  In the original, AhnLab and FireEye finished second and third respectively.  http://kensek.blogspot.com/2014/04/ahnlab-raises-issues-with-recent-nss.html   In the original update, they finished fifth and sixth respectively.  In the post complaints update, AhnLab MDS ranked sixth and FireEye fifth.  Both were far below the other four companies, SourceFire, Trend Micro, Fortinet, and Fidelis.  The updated value map is available at http://www.fortinet.com/sites/default/files/whitepapers/NSS-Labs-2014-BDS-SVM_0.pdf
• If you try to reach AhnLab at their 800 number, 800.511.Ahnlab (2465), you will receive a “you’ve reached a number that has been disconnected or is no longer in service” message.

Perhaps AhnLab is still trying to break into the US licensing Malware Defense System.  If so, they are being incredibly quiet   about it.

RSA Conference USA 2014 – Where the World Talks Security - March addendum at the end

Original Post

It’s that time of the year again.  Not the coming of spring, but RSA Conference USA 2014, where the world talks security.  Over 350 security vendors seeking mindshare and wallet share.  RSA San Francisco is running February 24 through 28 at Moscone Center in San Francisco.  For those who haven’t used their free pass code, too late.  http://www.rsaconference.com/events/us14

Before going, place a bet with your colleagues as to what you think the main theme will be.  Breaches and Advanced Persistent Threats may come back for a second year in a row. You may not be visiting Target as much this year. Though there is one on the same street as RSA!

This is Part 1 of Probably 3 about RSA Conference San Francisco 2014.  Don’t look for depth.  I’ll be looking more at things such as who has the best-looking booths, which booths someone on a budget can go to for   coffee, cookies.  In addition, and most importantly for some of you, what are the best tchotchkes being handed out?  

I’m not going to make it totally easy for people.  It’ll be a coin flip as to whether I just mention the tchotchke, or if I share the vendor name and booth location.

The usual suspects will be giving keynotes, it appears (sponsorship $$).  The final keynote by Stephen Colbert should be interesting.  http://www.rsaconference.com/events/us14/agenda/keynotes

For those who actual want to create a filtered list of whom to visit, the following link should be useful

http://www.rsaconference.com/events/us14/exhibitors-sponsors/exhibitor-list   

One would think that vendors would take advantage of this, and possibly put in their competitors names.  I entered “Advanced Persistent Threat” and only five companies came up.  The companies - Lastline, LOGbinder, NPCore, Viewfinity, and Websense.  Sorry, companies that Gartner or Ellen Messmer  lists as being in this space that aren't showing up, you’re not going to be mentioned here.  That may put a fire in your eye, but I’m not going to do it.

For all attendees -   if you’re bringing your laptop, smartphone, or tablet to the event.  Leave them turned off as much as possible.  Install security SW before getting to the event.  If you log onto the RSA net, make sure it is the RSA network.  

It’s show time for some of the less desireables attending RSA.  Reporters at Sochi were finding their devices being attacked literally, as soon as they turned on their devices.  Remember to pack your “mdse”.

For Newbies at RSA Conference USA 2014

The attractive women (and men) working in the booth, don’t work for the company.  Any mobile numbers you received will be fake.

Wearing an “I worked with Edward Snowden” tee may get you some attention.

How many free pens and stress balls do you really need?

Are you ever going to reference or read the book that you stood in line for 20 minutes to get an autographed copy?  What’s your time value of money?

Are you really ever going to wear a tee shirt from a vendor that’s excessively big for you?

Unless you’re collecting them for other people, don’t’ bother.  Trade show vendor tee shirts will not make you a magnet.  If you must collect them (and they do fit!), promise yourself, that you’ll donate two of the ones you have at home to charity that you collected from last year’s RSA conference.

If the collateral is online, why collect it at the event?

Turning your badge backwards to collect competitive intel screams, “I work for a competitor.”  You should have gotten a free exhibitor pass and registered with that.  Did that already?  Are you wearing your booth shirt?  Busted!

If bored during a presentation, count the number of typos that appear on screen during a presentation. An alternative, sneeze or cough, every time an overused phrase or word appears.  Suggestions – leading edge, next generation, intuitive interface   plug and play, and ROI.  Has there ever been a company promoting a non-intuitive interface?  Make your own list using one of the many pens you’ve collected.

Watch one of the booth presentations where they have better tchotchkes, but require that you answer a question or be part of a group on stage.  Don’t register.  Come back later and play.  They’ll often be asking the same questions.

Go up to someone in the booth who doesn’t look like a salesperson, and ask them, “what are the top 3 or 5 things that make you better than (fill in one of their competitor’s names)?"  Go to that competitor’s booth.  Do the same thing.  Bonus points if you then return to booths and say, “Here’s what I’m being told by (fill in the blank).”  You may be given some better intel (or another pen).

On the last day of the show, do an exhibition hall sprint and collect the tchotchkes that you really want.  You probably may not even need to be scanned.

Have a good time!     Remember, you do have to justify the expense when you return to the office.  Pack those mds.

Addendum   

No parts 2 and 3.  Rain tempered the crowds a bit this year. The FireEye robot was nowhere to be seen.  People were lined up for a few of the keynotes.  Some helicopters were given away in drawings at booths.  The usual iPads at others.  The high tech equivalent of a fashionable women's LBD (little black dress) was given out a a number of booths, the LBT (little (actually, usually large or extra large) little black tee.   One give out read, "Life's a Breach", another read "We take the a** out of passwords.

Products in booths seemed to be more evolutionary rather than revolutionary  in nature.

A suggestion  to the RSA people and the presentation theatres in the exhibition halls.  A 42" monitor doesn't cut it when there are over 10 rows of people seating.  In a living room setting, 42" is ideal for sitting about 5 to 7 feet from the screen. Not good for reading multi line, multi font size presentations!  Open the top floor of the South Exhibition hall (not where the exhibits are) on the first day of the keynotes at the same time as the keynotes are given . Some people want to work rather than attend  the first two keynotes. And.....it was raining.  

AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)

Silver sponsorship at RSA Conference USA 2014 in San Francisco  notwithstanding,  South Korea based AhnLab may face an uphill battle achieving success in the US with AhnLab Malware Defense System (MDS).  MDS is designed to combat Advanced Persistent Threats (APTs) and Advanced Malware.  No press release has been issued, but AhnLab will also be showing AhnLab Malware Defense System   Enterprise (MDSE). This version of Malware Defense System isn’t described on AhnLab website yet. The below isn't a technical evaluation of Malware Defense System, MDS or MDSE. It's more of a business analysis. 

http://conference.ahnlab.com/conference/rsa2014/product_mdse.jsp .

For information on MDSE -  http://conference.ahnlab.com/conference/rsa2014/AhnLab_MDSE_Brochure.pdf

Why It May Be Difficult for AhnLab and AhnLab Malware Defense System (MDS) in the US

FireEye (www.fireeye.com) is the 800-pound gorilla in the industry.  They offer more form factors for their APT solutions over AhnLab Malware Defense System.  For example -   their NX series to combat web-based attacks has six flavors, supporting 50 to 40k users.  Their FX series for file protection comes in 2 sizes; up to 80k and up to 160k files per day, respectively.  The acquisition of Mandiant gives them an endpoint solution.  On Valentine’s Day, FireEye announced an Intrusion Prevention product FireEye® MVX-IPS.  Well, they pre-announced the product.  They are shooting for availability during the first half of 2014.  They promote that they have customers in over 40 countries.   

Crowded marketplace   - AhnLab is among the double handful of competitors Gartner mentions in their August paper “Five Styles of Advanced Threat Defense”.  Competitors besides FireEye include   dedicated APT vendors Lastline, Bromium, and Damballa.  Other competitors (Googling Advanced Persistent Threats) include Palo Alto Networks, Cisco, McAfee, Fidelis Security Systems, Trend Micro,  Bit9, and Tenable.  Everyone has their eye on FireEye 

Limited US Presence -   AhnLab decreased their staffing in the US at the start of the year to a handful despite having just opened their US/EMEA headquarters in the Santa Clara, CA less than two years ago.    

It takes a channel and partners - Two ways to try to   grow sales quickly are to  OEM your product and agressively develop a channel.  AhnLab devotes one  page to recruiting partners.  No Partner Portal.  No Education Portal.  FireEye has a well-developed partner program, including VARs, Value Added Distributors, System Integrators, MSSPs, and Technology Alliance Partners (over a dozen listed in their site).  FireEye’s reseller program seems “standard” with three tiers.

It takes customer support - FireEye has a multiple levels of support for their customers.  For Malware Defense System, AhnLab will have to build off a single email address they currently have for US/EMEA customers.  This suggests that support will be coming from South Korea.  Nothing about multiple levels of support.  Barracuda Networks has an amusing radio commercial asking if you want phone trees  and long distance support for your products.

It takes customers who will talk about your Advanced Persistent Threat product - It is difficult to get customers to publically talk about what security products they have on their network.  FireEye has Sallie Mae, Equifax, and the Department of Defense listed as well as a dozen anonymous case studies across a number of industries. FireEye claims that over 100 of the Fortune 500 are among their customers.

 

It takes marketing and noise - FireEye is “everywhere”.  They appear on multiple security web sites. Multiple CIO and CISO events.  Going public created a lot of visibility.  Their reports and Mandiant’s whom FireEye acquired shortly after the first of the year, get a lot of visibility.  FireEye is aggressive in issuing press releases about threats they have discovered and investigated.  They’re promoting fourteen security events (four in the US),   they’ll be at during the first half of the year.  AhnLab will be at two.  Most PR firms would consider just putting up a product description on your web site a sub-optimal way to announce a product.  That’s not the usual marketing strategy in the North America marketplace.

What AhnLab Malware Defense System May Have Going For it

NSS Breach Detection Study -   AhnLab, Fidelis Security Systems, and FireEye were the only three companies to complete a breach detection study by NSS Labs, (www.nssslabs.com ) last summer.  Fidelis put out a press release about their results, made their report available at no charge, and wrote a blog challenging FireEye to make their summary report available.  AhnLab put out a press release but hasn’t made the report available on their website.  FireEye wrote nothing.

Three types of protection in a single appliance - AhnLab promotes that they provide Web, email, and Content Security in a single appliance.  With FireEye, you would have to purchase three products.

Profits - AhnLab is one of the largest security companies in South Korea.  And profitable.  FireEye has yet to show a profit.  For 2013, Sales and Marketing expenses, by themselves, exceeded Revenue.  Profits and positive cash flow are good things for the long term.

Ultimately, prospects will have to bring the products in house and test them.  Gartner has looked at a number of companies offering a solution.  NSS Labs issued their reach study last summer and undoubtedly has another APT study going on.  www.nsslabs.com

For people visiting RSA 2014 in San Francisco http://www.rsaconference.com/events/us14  a number of the vendors offering solutions will be present.  Coffee and cookies in the AhnLab booth, at 11:30 each morning during the exhibition!  “Learn about the ultimate threat defense.  AhnLab’s announcing APTs Dead!”  (Sic) will be the topic of a talk by AhnLab executive Leo Versola on Wed. February 26 at 1:00PM in the North Expo Hall Briefing Center. Too late for a free RSA pass.

The window is closing for AhnLab and other Advance Persistent Threats vendors.  Obviously, FireEye has made it through.  AhnLab and other vendors are going to have a battle to be one of the other survivors and get share.  The press over some major attacks from cyber criminals Target Stores and over 110 million, among others during 2013  ensures  athat companies will be looking for a solution. craig kensek

twitter - ckensek

Security Acquisitions 2011

Interesting slide show by Channel Insider on the major security acquisitions 2011. No explanation for the order. It’s neither alphabetical nor by value of the acquisition (many of the values not provided).

Dell purchasing SecureWorks, Thoma Bravo acquiring TripWire and Blue Coat Systems (the guys at Thomas Bravo were busy with these two and also have SonicWall), Symantec buying Clearwell, IBM acquiring Q1, McAfee buying Nitro Security and Sentrigo, Sophos buying Astaro, Wave Systems buying Safend, and GFI buying Monitis.

http://www.channelinsider.com/c/a/Security/Top-10-Security-Acquisitions-of-2011-742914/

SC Magazine had their own list in the Reboot 2011 December issue. Ones they had that didn’t overlap with Channel Insider – Check Point acquiring Dynasec, EMC acquiring Netwitness, HP and Autonomy (now that got a lot of news!), IBM with Platform Computing, Algorithmics, and i2 (big companies have to do something with all that cash). Imation purchasing IronKey, Oracle acquiring RightNow and Endeca Technologies (what’s a couple of billion $ here and there), redhat purchasing Gluster, and VMware acquiring Shavlik Technologies.

You can pick your reasons for the acquisitions.

• Broadening a security product portfolio.
• Buying over making.
• Innovation coming from smaller companies.
• Seeing good technologies being poorly managed.
• Perceived synergy.
• Buying share.
• Having a lot of money in the bank.

There were also smaller acquisitions by other security vendors in 2011 but the above seem to be the larger ones. Look for more of the above to occur in 2012. Discussions on the 2011 initial public offering (IPO) market will be a separate blog. 2011 was not a stellar year for IPO’s.

It’s a new year. The RSA Conference 2012 is coming up in late February. Scoping out companies and intercompany bonding to take place over drinks at the W Hotel across from Moscone Center. This is the place to hang. For a bit more discretion, the Clift.

http://www.rsaconference.com/events/2012/usa/

RSA Conference 2011 – February 15th, a Light Look

Messaging, presentations et cetera to be discussed on another blog.

Booth traffic in general was okay. This was the first full day of the exhibition. Extravagance of the booths was definitely toned down as opposed to pre dot com bust.

Tchotchkes - Candy. T-shirts (including an 'IT happens' one), pens,light pens, one eyed plastic creatures, stress capital domes, blinking 'ice cubes', stress balls. Single chapter “IT Topic (fill in the blank) for Dummies”. Next level up, drawings for software for the people attending the presentation, some ear buds, gift cards. iPads are the end of the day giveaway du jour. Grand prize giveaways. A two-person car and a Harley.

Booth activities – the usual talks, magicians. Game show contests. Sliders while watching the preso. Watch a virus being constructed. Whack a something games. Small car racing.

For lack of a better term – “Trade show hostesses”. One booth had male and female pirates. Blue wigs. Spangled short dresses. Shoes that look way too high to wear. Bay Watch type hostesses. These were the “can we scan your badge?” for hire people.

RSA attendees. Pay a buck. Buy the twice-monthly Street Sheet from the street person who walks up with the paper. He/she gets to keep the money.

Parties – Put on by both larger and smaller companies. “W” is still the place to meet. Voltage Security event at Fang’s. Packed. Great food and martinis.

Palo Alto Network event at Jillian’s. Packed. Ronnie Lott, former 49er great there to take pictures with.

Ruby Skye event sponsored by CA. Lighter in attendance. Dancers with neon hula-hoops and on stilts were interesting. As was the juggler.

SC Magazine Awards 2011 (US) winners are being announced Tuesday night. The Info Security Products Guide 2011 Global Product Excellence awards will be given out the evening of February 16.

RSA Conference 2011 February 14 through 18 in San Francisco

Look for serious and not so serious blogs about the companies appearing at RSA Conference 2011 (where the world talks security) to be written about here (about those companies who are at RSA, anyway). Who has the most visibility. What they’re talking about during the RSA security event in their booth. What they’re talking about in any keynotes they’re taking part in. Who among them has the best tchotchkes. http://www.rsaconference.com/2011/usa/index.htm . Quite an event, the RSA security conference is celebrating its 20th anniversary.

Symantec is one of three Golden Diamond sponsors. McAfee is one of three Platinum sponsors. Sophos and Websense are among the Gold sponsors. Trend Micro and Intel (owner of of the Platinum sponsors) are among the Silver sponsors for the event.

The Friday closing keynote will be given by former US President Bill Clinton (whose running mate, Al Gore, invented the Internet ;)) Re RSA - “W” across 3rd Avenue from RSA is one of the places where people hang. Keynote presenters are listed at http://www.rsaconference.com/2011/usa/agenda/keynotes.htm

Security Award Events Taking Place During RSA

Also taking place that week, though not part of the RSA Conference 2011:

The SC Magazine Awards 2011 (US) will be given out the evening of February 15 at the Intercontinental Hotel, just down the street from RSA. For a list of the finalists, go to

http://www.scmagazineus.com/2011-sc-awards-us-finalists/section/1908/ Tickets for the event are also on this site.

The Info Security Products Guide 2011 Global Product Excellence awards will be given out the evening of February 16. To view a list of the finalists, go to

http://www.infosecurityproductsguide.com/excellence/finalists.html Tickets for the event are also on this site.