AhnLab Faces Uphill Battle in US – An Addendum

  

This is an addendum the February blog - “AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)” http://kensek.blogspot.com/2014/02/ahnlab-faces-uphill-battle-in-us.html

If AhnLab is going to make a go of it with their Advanced Persistent Threat product, Malware Defense System (MDS), they must be doing it in incredible stealth mode.  And they must be trying to do it from Korea, where AhnLab is headquartered. 

• Their top US technology person left for a start-up early this year
• There have been no press releases added to the US web site since November 2013
• The company did appear at the Gartner Risk Security & Management Summit in June following up their appearance at RSA SF.  At RSA, they re_announced AhnLab MDS
• AhnLab had posted that they were going to appear at Black Hat Las Vegasin August.  This was removed from their web site.
• Both AhnLab and FireEye complained about an update NSS Labs issued to their 2013 Breach Detection study.  In the original, AhnLab and FireEye finished second and third respectively.  http://kensek.blogspot.com/2014/04/ahnlab-raises-issues-with-recent-nss.html   In the original update, they finished fifth and sixth respectively.  In the post complaints update, AhnLab MDS ranked sixth and FireEye fifth.  Both were far below the other four companies, SourceFire, Trend Micro, Fortinet, and Fidelis.  The updated value map is available at http://www.fortinet.com/sites/default/files/whitepapers/NSS-Labs-2014-BDS-SVM_0.pdf
• If you try to reach AhnLab at their 800 number, 800.511.Ahnlab (2465), you will receive a “you’ve reached a number that has been disconnected or is no longer in service” message.

Perhaps AhnLab is still trying to break into the US licensing Malware Defense System.  If so, they are being incredibly quiet   about it.

RSA Conference USA 2014 – Where the World Talks Security - March addendum at the end

Original Post

It’s that time of the year again.  Not the coming of spring, but RSA Conference USA 2014, where the world talks security.  Over 350 security vendors seeking mindshare and wallet share.  RSA San Francisco is running February 24 through 28 at Moscone Center in San Francisco.  For those who haven’t used their free pass code, too late.  http://www.rsaconference.com/events/us14

Before going, place a bet with your colleagues as to what you think the main theme will be.  Breaches and Advanced Persistent Threats may come back for a second year in a row. You may not be visiting Target as much this year. Though there is one on the same street as RSA!

This is Part 1 of Probably 3 about RSA Conference San Francisco 2014.  Don’t look for depth.  I’ll be looking more at things such as who has the best-looking booths, which booths someone on a budget can go to for   coffee, cookies.  In addition, and most importantly for some of you, what are the best tchotchkes being handed out?  

I’m not going to make it totally easy for people.  It’ll be a coin flip as to whether I just mention the tchotchke, or if I share the vendor name and booth location.

The usual suspects will be giving keynotes, it appears (sponsorship $$).  The final keynote by Stephen Colbert should be interesting.  http://www.rsaconference.com/events/us14/agenda/keynotes

For those who actual want to create a filtered list of whom to visit, the following link should be useful

http://www.rsaconference.com/events/us14/exhibitors-sponsors/exhibitor-list   

One would think that vendors would take advantage of this, and possibly put in their competitors names.  I entered “Advanced Persistent Threat” and only five companies came up.  The companies - Lastline, LOGbinder, NPCore, Viewfinity, and Websense.  Sorry, companies that Gartner or Ellen Messmer  lists as being in this space that aren't showing up, you’re not going to be mentioned here.  That may put a fire in your eye, but I’m not going to do it.

For all attendees -   if you’re bringing your laptop, smartphone, or tablet to the event.  Leave them turned off as much as possible.  Install security SW before getting to the event.  If you log onto the RSA net, make sure it is the RSA network.  

It’s show time for some of the less desireables attending RSA.  Reporters at Sochi were finding their devices being attacked literally, as soon as they turned on their devices.  Remember to pack your “mdse”.

For Newbies at RSA Conference USA 2014

The attractive women (and men) working in the booth, don’t work for the company.  Any mobile numbers you received will be fake.

Wearing an “I worked with Edward Snowden” tee may get you some attention.

How many free pens and stress balls do you really need?

Are you ever going to reference or read the book that you stood in line for 20 minutes to get an autographed copy?  What’s your time value of money?

Are you really ever going to wear a tee shirt from a vendor that’s excessively big for you?

Unless you’re collecting them for other people, don’t’ bother.  Trade show vendor tee shirts will not make you a magnet.  If you must collect them (and they do fit!), promise yourself, that you’ll donate two of the ones you have at home to charity that you collected from last year’s RSA conference.

If the collateral is online, why collect it at the event?

Turning your badge backwards to collect competitive intel screams, “I work for a competitor.”  You should have gotten a free exhibitor pass and registered with that.  Did that already?  Are you wearing your booth shirt?  Busted!

If bored during a presentation, count the number of typos that appear on screen during a presentation. An alternative, sneeze or cough, every time an overused phrase or word appears.  Suggestions – leading edge, next generation, intuitive interface   plug and play, and ROI.  Has there ever been a company promoting a non-intuitive interface?  Make your own list using one of the many pens you’ve collected.

Watch one of the booth presentations where they have better tchotchkes, but require that you answer a question or be part of a group on stage.  Don’t register.  Come back later and play.  They’ll often be asking the same questions.

Go up to someone in the booth who doesn’t look like a salesperson, and ask them, “what are the top 3 or 5 things that make you better than (fill in one of their competitor’s names)?"  Go to that competitor’s booth.  Do the same thing.  Bonus points if you then return to booths and say, “Here’s what I’m being told by (fill in the blank).”  You may be given some better intel (or another pen).

On the last day of the show, do an exhibition hall sprint and collect the tchotchkes that you really want.  You probably may not even need to be scanned.

Have a good time!     Remember, you do have to justify the expense when you return to the office.  Pack those mds.

Addendum   

No parts 2 and 3.  Rain tempered the crowds a bit this year. The FireEye robot was nowhere to be seen.  People were lined up for a few of the keynotes.  Some helicopters were given away in drawings at booths.  The usual iPads at others.  The high tech equivalent of a fashionable women's LBD (little black dress) was given out a a number of booths, the LBT (little (actually, usually large or extra large) little black tee.   One give out read, "Life's a Breach", another read "We take the a** out of passwords.

Products in booths seemed to be more evolutionary rather than revolutionary  in nature.

A suggestion  to the RSA people and the presentation theatres in the exhibition halls.  A 42" monitor doesn't cut it when there are over 10 rows of people seating.  In a living room setting, 42" is ideal for sitting about 5 to 7 feet from the screen. Not good for reading multi line, multi font size presentations!  Open the top floor of the South Exhibition hall (not where the exhibits are) on the first day of the keynotes at the same time as the keynotes are given . Some people want to work rather than attend  the first two keynotes. And.....it was raining.  

AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)

Silver sponsorship at RSA Conference USA 2014 in San Francisco  notwithstanding,  South Korea based AhnLab may face an uphill battle achieving success in the US with AhnLab Malware Defense System (MDS).  MDS is designed to combat Advanced Persistent Threats (APTs) and Advanced Malware.  No press release has been issued, but AhnLab will also be showing AhnLab Malware Defense System   Enterprise (MDSE). This version of Malware Defense System isn’t described on AhnLab website yet. The below isn't a technical evaluation of Malware Defense System, MDS or MDSE. It's more of a business analysis. 

http://conference.ahnlab.com/conference/rsa2014/product_mdse.jsp .

For information on MDSE -  http://conference.ahnlab.com/conference/rsa2014/AhnLab_MDSE_Brochure.pdf

Why It May Be Difficult for AhnLab and AhnLab Malware Defense System (MDS) in the US

FireEye (www.fireeye.com) is the 800-pound gorilla in the industry.  They offer more form factors for their APT solutions over AhnLab Malware Defense System.  For example -   their NX series to combat web-based attacks has six flavors, supporting 50 to 40k users.  Their FX series for file protection comes in 2 sizes; up to 80k and up to 160k files per day, respectively.  The acquisition of Mandiant gives them an endpoint solution.  On Valentine’s Day, FireEye announced an Intrusion Prevention product FireEye® MVX-IPS.  Well, they pre-announced the product.  They are shooting for availability during the first half of 2014.  They promote that they have customers in over 40 countries.   

Crowded marketplace   - AhnLab is among the double handful of competitors Gartner mentions in their August paper “Five Styles of Advanced Threat Defense”.  Competitors besides FireEye include   dedicated APT vendors Lastline, Bromium, and Damballa.  Other competitors (Googling Advanced Persistent Threats) include Palo Alto Networks, Cisco, McAfee, Fidelis Security Systems, Trend Micro,  Bit9, and Tenable.  Everyone has their eye on FireEye 

Limited US Presence -   AhnLab decreased their staffing in the US at the start of the year to a handful despite having just opened their US/EMEA headquarters in the Santa Clara, CA less than two years ago.    

It takes a channel and partners - Two ways to try to   grow sales quickly are to  OEM your product and agressively develop a channel.  AhnLab devotes one  page to recruiting partners.  No Partner Portal.  No Education Portal.  FireEye has a well-developed partner program, including VARs, Value Added Distributors, System Integrators, MSSPs, and Technology Alliance Partners (over a dozen listed in their site).  FireEye’s reseller program seems “standard” with three tiers.

It takes customer support - FireEye has a multiple levels of support for their customers.  For Malware Defense System, AhnLab will have to build off a single email address they currently have for US/EMEA customers.  This suggests that support will be coming from South Korea.  Nothing about multiple levels of support.  Barracuda Networks has an amusing radio commercial asking if you want phone trees  and long distance support for your products.

It takes customers who will talk about your Advanced Persistent Threat product - It is difficult to get customers to publically talk about what security products they have on their network.  FireEye has Sallie Mae, Equifax, and the Department of Defense listed as well as a dozen anonymous case studies across a number of industries. FireEye claims that over 100 of the Fortune 500 are among their customers.

 

It takes marketing and noise - FireEye is “everywhere”.  They appear on multiple security web sites. Multiple CIO and CISO events.  Going public created a lot of visibility.  Their reports and Mandiant’s whom FireEye acquired shortly after the first of the year, get a lot of visibility.  FireEye is aggressive in issuing press releases about threats they have discovered and investigated.  They’re promoting fourteen security events (four in the US),   they’ll be at during the first half of the year.  AhnLab will be at two.  Most PR firms would consider just putting up a product description on your web site a sub-optimal way to announce a product.  That’s not the usual marketing strategy in the North America marketplace.

What AhnLab Malware Defense System May Have Going For it

NSS Breach Detection Study -   AhnLab, Fidelis Security Systems, and FireEye were the only three companies to complete a breach detection study by NSS Labs, (www.nssslabs.com ) last summer.  Fidelis put out a press release about their results, made their report available at no charge, and wrote a blog challenging FireEye to make their summary report available.  AhnLab put out a press release but hasn’t made the report available on their website.  FireEye wrote nothing.

Three types of protection in a single appliance - AhnLab promotes that they provide Web, email, and Content Security in a single appliance.  With FireEye, you would have to purchase three products.

Profits - AhnLab is one of the largest security companies in South Korea.  And profitable.  FireEye has yet to show a profit.  For 2013, Sales and Marketing expenses, by themselves, exceeded Revenue.  Profits and positive cash flow are good things for the long term.

Ultimately, prospects will have to bring the products in house and test them.  Gartner has looked at a number of companies offering a solution.  NSS Labs issued their reach study last summer and undoubtedly has another APT study going on.  www.nsslabs.com

For people visiting RSA 2014 in San Francisco http://www.rsaconference.com/events/us14  a number of the vendors offering solutions will be present.  Coffee and cookies in the AhnLab booth, at 11:30 each morning during the exhibition!  “Learn about the ultimate threat defense.  AhnLab’s announcing APTs Dead!”  (Sic) will be the topic of a talk by AhnLab executive Leo Versola on Wed. February 26 at 1:00PM in the North Expo Hall Briefing Center. Too late for a free RSA pass.

The window is closing for AhnLab and other Advance Persistent Threats vendors.  Obviously, FireEye has made it through.  AhnLab and other vendors are going to have a battle to be one of the other survivors and get share.  The press over some major attacks from cyber criminals Target Stores and over 110 million, among others during 2013  ensures  athat companies will be looking for a solution. craig kensek

twitter - ckensek

Secureworld expo 2012, Decrypting the Mayan Code - Santa Clara Day 1 Musings

Day 1 of secureworld expo 2012, Decrypting the Mayan Code, in Santa Clara (Bay Area) was a lightly attended event.  None of the smaller sessions I    attended on Day 1 were more than half-full.  The afternoon panel discussion was full, however.  There were more than sixteen sessions on Day 1, a combination of open sessions, 2-Day   conference attendees’ sessions, and invitation only session.  A sense of déjà vu over a past RSA San Francisco event.  The theme of the conference,   “Decrypting the Mayan Code” 

Some Observations

• Opening   Keynote – PCI in 2012 and Beyond.  More of the presentation was spent on promoting the organization than where PCI was heading.  I learned that the speaker has a hearing-impaired dog.

• Check Point Software - Security Blueprint talk -   Good talk about Check Point’s security map without doing a technology deep dive.  Check Point delivers their technology “your way”, depending on whether you want an appliance,   VMware, or you have fully imbibed the private or public cloud kool aid.  They stated that their solutions provide comparable features, functions, performance, regardless of the form factor you purchase or license their technology.

• RSA - Authentication, Addressing a Changing IT Environment talk -   Quick overview of some authentication alternatives.  Brief mention of “issues” RSA had in the past year with theft.  Other companies involved with authentication were in the audience (and identified themselves).

• Panel discussion – BYOD; Laptops, Smartphones, Tablets, Oh My!  (Absolute, Air-Watch, Appsense, Good Technology, RSA ) – A good discussion.  Well attended.  The consensus was that BYOD has taken off and there is no going back.  Now, it is a matter of protecting the data.  Members of the panel felt that  t there is an obvious positive ROI to implementing BYOD within the company.  Disagreement as to whether the growth has come from the masses demanding (or just doing) this, or from the executive offices demanding it.  One company more or less recommended the 80/20 suggestion for implementation.  Namely, that you could get 80% of what your company needs with 20% of the effort.  Much of the discussion used the briefcase motif.  If the employee owns the briefcase, how can  you justify the company owning the lock if there is  personal information in the briefcase?  The suggestion; consider the company having a smaller briefcase within the personal briefcase.  The company then would own  that briefcase, the lock, the data, and the right to wipe/empty that briefcase of any information.

• Little success in getting competitors to dis one another in the exhibitor area despite my gentle lobbing of hanging curves.  Fortinet stated that they had next generation firewalls, (NGFWs);  before Palo Alto Networks and that Palo Alto Networks took over the phrase, (most people consider them the originator of the term).  Palo Alto Networks recognizes Websense not at the event) as a competitor, but feels that their technology still provides a better solution (it also sounds as Palo Alto Networks   had a nice internal celebration when they had their IPO.  Riverbed; no discussion of interest.  Blue Coat; a tad sensitive.  Their response when I asked what technology was under the hood of their DLP appliance (it appears not be a DLP/Malware appliance as in the previous version); their initial response was a non-confrontational, “why are you asking that?”  They then mentioned that it was from Code Green.

For those who are interested – Tchotchkes!

In addition to the usual data sheets;  tee shirt (leftover  from Black Hat), commuter mugs, BPA free water bottles, mugs with handles pens, pens, pens, transformer like pen!, mobile phone holder, a  ring style Frisbee flying saucer clone, candy, and a sumo wrestler stress toy (very cool).  

 

Casino break! 

Interesting listening to non-professionals explain the game and rules to those who had little experience with the games.

 An advanced screen of the movie “code 2600” is scheduled for day two of the conference. 

About secureworld expo 2012 – Decrypting the Mayan Code

 This is a multi city event.  Events are scheduled for Detroit, Dallas, and Seattle.

 http://www.secureworldpost.secureworldexpo.com/  

SC Magazine Awards 2012 Winners Announced

SC Magazine announced the US SC Magazine Awards winners on February 28 in a ceremony in San Francisco. The ceremony was held during RSA 2012 San Francisco but was not part of RSA. The winners for the Reader Trust categories are below. To view the Finalists for the Reader Trust categories and Winners in the Excellence Award and Professional Award categories, go to:

http://awards.scmagazine.com/winners/2012

Awards were given out in the following categories:

Reader Trust Categories

· Best Anti-Malware Gateway – Cisco for Cisco Web Gateway

· Best Anti-Malware Management (client-based, typically software only) - ESET

· Best Cloud Computing Security - IBM for IBM Cloud Security Solutions

· Best Computer Forensics Tool – RSA for RSA Netwitness 9.6

· Best Data Leakage Prevention (DLP) – McAfee for McAfee Database Security

· Best Database Security Solution – Symantec for Symantec Data Loss Prevention

· Best Email Content Management – Proofpoint for Proofpoint Enterprise Protection/Enterprise Privacy

· Best Email Security - Sophos for Astaro Security Gateway v8.2

· Best Enterprise Firewall – Barracuda Networks for Barracuda NG Firewall

· Best Fraud Prevention – IronKey for IronKey Trusted Access

· Best Identity Management Application - CA Technologies for CA IdentityMinder

· Best Intrusion Detection/Prevention Product – Check Point Software Technologies for Check Point IPS Software Blade

· Best Managed Security Service - Dell Secure Works

· Best Mobile/Portable Device Security - Symantec for PGP Whole Disk Encryption

· Best Multifactor Product – Entrust for Entrust IdentityGuard

· Best NAC Product – ForeScout Technologies for ForeScout CounterACT

· Best Policy Management Solution - Tripwire for Tripwire Enterprise Solution 8.1

· Best Security Information/Event Management (SIEM) Appliance - HP for HP ArcSight Express

· Best UTM Security – Fortinet For FortiGate-60C

· Best Vulnerability Management Tool - Rapid7 for NeXpose Enterprise

· Best Web Application Firewall - SonicWall for SonicWall Web Application Firewall Service

· Best Web Content Management Product – Websense for Websense Web Security Gateway Anywhere

· Best Enterprise Security Solution – Websense for Websense Web Security Anywhere

· Best Regulatory Compliance Solution – Agiliance for Agiliance RiskVision with Agiliance Compliance Manager Application

Excellence Categories

· Best Enterprise Security Solution

· Rookie Security Company of the Year

· Best SME Security Solution

· Rookie Security Company of the Year

· Best Security Company

Professional Categories

· Best Security Team

· Best Professional Certification Program

· Best Professional Training Program

· CSO of the Year

· Editor’s Choice Award

· Best Security Team

What Readers Trust Awards Mean for the Recipients

• Third party validation by a leading dedicated security company

• Third party validation by peers

• Marketing/promotional rights for a year, subject to licensing

• A number of potential marketing/branding/lead generation opportunities for the recipients

Look for winners to be posted only once every four years. Well, actually not. This is a leap year. Congratulations to all winners!

An Irreverent Look at RSA San Francisco 2012 – Suggested Smackdowns

Today is Day three of the Exhibition Hall at RSA San Francisco 2012 - The ceremonial exchanging of chotchkes among vendors will begin shortly after one o'clock and will continue until the show ends at three. The sprint through by some attendees eagerly hoping to build their t-shirt collection without attending a presentation may be out in full force.

Some Day two observations - Day one below. Qualys attracted huge numbers to their booth with their breakfast wraps. Impressed that people will stand in line for some of the hardcover book giveaways/autographed if you would wait (titles to be added later). Not as impressed with how long people will stand in line for a slider. No line at the same booth for a blue martini! Exhibition hall presentations in the booths were "okay" with respect to attendance. The theatre presentations inside the Exhibition Hall, mixed. Sympathies to the booths who had to view the sumo wrestler guy in one booth all day long. Long line to get into a casino party in the evening. Perhaps because after more than 20 minutes of the "start" time, they still weren't letting people in.

Nice study by NSS on next generation firewalls. Capture rates of bad stuff versus price/performance. SonicWall did extremely well. Palo Alto Networks, pretty well. Juniper Systems did not do well at all. Very high price per protected Mbps and a low block rate. Barracuda probably isn't pleased either. They barely finished above average values in the study. Fortinet - great block rate, but expensive (not as high as Juniper, though). This wasn't a single vendor sponsored study. Go to SonicWall's site to obtain the report and and check out the visual.

Day one of the Exhibition Hall at RSA San Francisco 2012 was relatively low key. The presentations were pretty well attended. The walkways weren’t packed. The show people FINALLY put booth numbers on the floor in front of the booths and on ceiling banners, mentioning some of the companies in that row. Bravo!

Many of the presentations were on mobility and security. See a Channelnomics posting, “RSA Conference Buzz is All about Mobility” for a discussion on this. http://channelnomics.com/2012/02/28/rsa-conference-buzz-mobility/

Walking Down the Aisles and Tchotchkes!

A few magicians. A booth with trade show “hostesses” in blue Kate Perry wigs. A handful of racecars. Now a smackdown of these on Howard Street in front of Moscone South where RSA 2012 would have been interesting. Barracuda had one in their booth instead of their tour bus. Interestingly enough, Go Daddy didn’t have a car in their booth. They had an almost life size figure of Danika Patrick and were showing product adverts and Go Daddy commercials in their booth. Sound bites from presentation attendees being filmed in the ESET booth.

Magicians. An eight-foot transformer in the FireEye booth. FireEye also had a packed event in the evening. Several golf games. Opportunities to win iPads. Opportunities to win Kindles. A drawing for a large screen LCD TV. A booth where you could punch some guy.

Complimentary drinks from five to six on Tuesday during the Expo Hall Pub Crawl... Most of these offerings seemed to be in the three digit aisles. Ditto with some free food. Popcorn compliments of Trend Micro. A handful of booths offering coffee drinks. About twenty-eight rows in the event.

Way too many pens. Lots of candy. A return of round stress balls. Lots of LBT’s, Little Black T-shirts (actually they tended to be on the large size). Pink ones seemed to be given out in one both. Did I say pens? Did I say candy? Money clip. Branding bags. Several booths handing out the abbreviated “Something” for Dummies books. These are actually informative. Thanks, Quest, among other companies.

The big keynote will be on Friday by former Britain Prime Minister Tony Blair. Perhaps attendees who purchased his biography will get a partial rebate. Informative, but not too exciting. Tuesday keynotes – Qualys’ CEO Philippe Courtot, McAfee Chief Technology Officer Stuart McClure and New York Times columnist David Brooks.

Some Suggested Smackdowns for the Next RSA San Francisco

These could add some excitement for next year. Instead of “he said, she said” spread across multiple aisles, put some competitors in the front of a room, and have add it. Audience applause for the winner. Losers split the cost of beverages for attendees.

Secure Web Gateway Smackdown - The formerly public traded company McAfee, the formerly publicly traded company Blue Coat Systems, Websense, and Zscaler.

Next Generation Firewall (NGFW) Smackdown - Palo Alto Networks, SonicWall, Check Point. BTW. NSS has put out an interesting study showing that the SonicWall’s largest NGFW firewalls have the best price/performance and capture rates of bad stuff.

Endpoint Security Smackdown (only companies with a booth eligible) - Symantec, McAfee, Sophos, Kaspersky, Ahn, G Data, Trend Micro.

A Suggested Required Drinking Game for Presenters

Every time the audience catches the presenter saying “next generation”, the presenter should have to down a shot of something.