Perfecting the Obsolete, Part 3 – Customers Need to Demand “That”

For some of the Triumfant team, 2009 was their first RSA experience.  To a person, each remarked to me that when they listened to the pitches by other vendors, they had the same observation: “everyone says that they can do what we do”.   Welcome to RSA, where the innovation was thin but the claims are thick and confusing.  

Such confusing claims are a fundamental component of what I call perfecting the obsolete – the IT security market continuing to push signature based malware detection software on the market in spite of overwhelming evidence that the technology is no longer sustainable. Spackling the cracks in the signature façade with some heuristics or behavioral analysis was a common method used to give the appearance of evolution, but customers need to dig deeper to get the full story.  

Many of the traditional signature based vendors have shown interest in our offering and most came by our booth for a demo during the show.  Just to be clear, these are not marketing or business development folks, they are often technical people or product managers.  In initial conversations when they get a high level overview of our product, they will tell me that they have tools that can detect the malware that evades their signature based software, including zero day attacks.  Many say they can do remediations of such attacks.  That is before they either see the Triumfant product or get a more detailed description. The common reply: “well, we don’t do that”.

But the “that” is precisely what is needed: the ability to detect, analyze and remediate malicious attacks in real-time without the need for a signature or any other previous knowledge of the attack.  Without the need for human intervention or call the vendor for an emergency signature.  Until these vendors can do “that” instead of just saying they do, then there is a critical gap in endpoint protection.  And detection is no longer enough – they must also be able to immediately remediate a machine when it is attacked without the need for human intervention to do the analysis and write a script. 

And “that” is exactly what the customers should not only expect, but demand. After stepping back from RSA for several days and thinking through the entire scene, I have to put some of the blame on the IT security professionals in the companies and government agencies that use these products.  Because the security companies will continue to say they address the obvious gaps in endpoint protection as long as the buyers in the market continue to accept obvious obfuscations as truth.  Everyone perpetuates the ecosystem that has been created – the vendors, the hackers, and yes, even the customers.  Because the customers will live in blissful denial that they are secure right up until the point they end up on the front page of the Wall Street Journal as being the victim of a major breach.

As long as the IT security ecosystem exists undisturbed, we will continue to see more of the same.  The ultimate power to disrupt the ecosystem is with the customers, who vote with their budgets to demand more from the market.  Given what little innovation we saw at RSA, it is time for business and government agencies to exercise that right.