An RSA Keynote from the Outer Aisles – Demand Disruption

When you are located on the third row of demo booths from the side walls at RSA, suffice it to say, you are not asked to deliver a keynote.  But after the show I have spent some time thinking of what I would have said if I had been given that chance.  Best of all, I will be brief.  So here is a summary:

With all due respect to these distinguished speakers, I would challenge them to walk toward either wall on the exhibit floor and see that there are small, innovative companies that have already solved or are 95% of the way toward solving these problems.  The change that must happen for the market to move forward must come in the attitudes of the larger vendors and the expectations of the users of security products. 

You see, the larger vendors, particularly the ones with signature based technologies, have a lot riding on the continued use of signature based tools.  They have built large infrastructures that feed the beast they have created, positioning armies of people around the world to try and run in front of the avalanche of new attacks that are growing in volume and complexity at an alarming rate.  The admission by Symantec that they had to create 1.6M signatures in 2008 should be a terrifying revelation to users.  So should the fact that this reflected a growth rate of 254% year over year and was 160% more that the total number of combined signatures in 2007 (1M). 

But stepping away from signatures means the fundamental disruption of an ecosystem that has arisen to feed the signature beast, which could put the revenue of some of these companies in danger if they cannot bring an innovative alternative to market.  So while they may speak of innovation, they may in fact have a vested interest in the status quo.  We have gone to calling this process “perfecting the obsolete”.  Many of these companies share a not-invented-here bias or continue to tell their customers that they have alternative solutions that fill the gaps.  But the numbers say otherwise as does their response when they see the capabilities of products like Triumfant Resolution Manager. 

I don’t want to paint all of the market leaders with the same brush as some of the large companies are stepping out and putting real action behind their promises.  As you may know, we announced at RSA that we have joined the McAfee Security Innovation Alliance, and actually were in McAfee’s partner pavilion.  We are pleased that McAfee has taken the time to learn about what Triumfant can offer and sees complementary capabilities.  In speaking with their people, I get a real sense that they know the market has to evolve, and they are looking inside and outside of McAfee to bring to market a solution that provides their customers with an innovative and evolved offering.  But others seem content only to make promises yet simply deliver more of the same.

Make no mistake; promises are frequently a blocking technique to keep customers from looking elsewhere for innovation. All the promises in the world cannot hide the fact that the innovation has been already been realized on the outer aisles of RSA. And not just realized, but available on the market as working viable products, with Triumfant just one proof point.  Today, Triumfant can demonstrate the ability to detect, analyze and remediate a malicious attack without a signature, prior knowledge of the attack, or human intervention in three minutes (view a video demonstration here).  No calls to the vendor to get a script or signature written, no need to push a new signature to the endpoints, no bloated agent with scores of pre-written remediations that may or may not fit the situation, no need to re-image the infected machine.  Three minutes – not four hours or, more likely, days or weeks.  Not a promise, but a reality we are willing to install at a customer site and let them see for themselves in their own environment.

The blame cannot rest completely with the vendors.  Customers bear a responsibility to facilitate the necessary disruption of the security market and should be outraged that the protection of their corporate IT assets is contingent on 15- to 20-year old technologies such as signatures and firewalls.  Organizations allow themselves to enjoy a false sense of security as long as they are not the ones targeted, when in fact they may be under massive and costly attacks now that they have not yet detected because their defensive software misses such attacks at a rate of fifty percent or higher.   Fifty percent is not my number, but Gartner’s, and you can find reputable studies that show a bigger number when looking at the percent of attacks that evade traditional signature based software when there is no known signature.  The fact that customers will accept such a rate of failure means that businesses and government agencies are, at a minimum, an enabling partner in the lack of innovation.  Markets evolve when users demand that they evolve.  It is time to start demanding.

Customers must also not be a slave to old thinking or rely on the large vendors to define their expectation.  For example, one pushback we get is the need to run an agent to use our software.  But open minded customers see that in fact Triumfant can do the work of a security configuration management tool, a whitelist/blacklist tool, an FDCC compliance tool, and even perform endpoint power management – all with one agent and one console.  With a little up-front discomfort to unplug some point solutions, an organization could add the one-of-a-kind capabilities of Triumfant and eliminate some agents.  Don’t let the big boys talk you out of some disruptive change.

In closing, I urge the market to return to the days when we worried less about protecting established ecosystems and concentrated on making customers safer and more secure.  I urge customers to not accept more of the same.  It is your data and your organizational reputation that stands in the balance and you should not accept fifty percent failure rates when the stakes are so very high.  This market has always been about keeping pace with the evolution of cyber crime.  Customers must put pressure on trusted vendors to integrate new technologies, even if they are invented elsewhere.

I fear that we have let hubris give the bad guys too much of an edge while we make promises and proclamations without real progress.   There is innovation out there that can make up lost ground, and the market must accept disruption to move forward. Customers must demand that this disruption happen and happen now.