May 7, 2009
Given the mountain of evidence at the inability of traditional, signature based defensive software to keep up with the geometric growth in volume and complexity of attacks, any evaluation of signature based tools strikes me somewhat as a Consumer Reports evaluation of standard definition, analog televisions. In other words, which vendor is excelling at perfecting the obsolete.
The Magic Quadrant for Endpoint Protection Platforms was released by Gartner on May 4. I am not saying that this report serves no purpose – I understand that organizations need to know which one of these suites offers them the best protection, even if that protection erodes by the moment. For at least the near term, you will need the defensive software such as the software covered in this research, and Gartner does an excellent job of evaluating the offerings to ensure that you get the most out of your investment.
This is also not a rant by a vendor with hurt feelings of where their dot was placed on the quadrant. Triumfant is not part of this research, as we don’t pass the basic requirements of having a personal firewall and antivirus capability in our offering. We knew that before the research was done and we do not position ourselves as an end-to-end suite and we have no issues with the research or the results. To reiterate, we have never positioned ourselves as a replacement for antivirus software, but as a complement and extension and as such we are partners with some of the vendors on the magic quadrant.
If you are a Gartner customer, you owe it to yourself to read the market overview at the beginning of the report. It notes that the ability of signature based technologies – antivirus, heuristics and HIPS – is “declining” and that Gartner clients have seen increases in infection rates in 2008 and the first parts of 2009. I will keep myself out of trouble and let you interpret these remarks for yourselves, but I think there is plenty of information between the lines.
Our CEO, John Prisco hit the nail on the head in his RSA Keynote from the Outer Aisles when he said that organizations need to look outside of the “usual suspects” for innovation. My hats are off to the vendors on this quadrant because I have spent more than a little bit of energy in my time trying to move my dot into the top right of such research. But many of these companies are the ones promising innovation rather than delivering at the moment, and customers owe it to themselves to look beyond the vendors on this report for alternative approaches to detecting and remediating malware.
When it is your data, your endpoints, your company’s reputation, the word “declining” should send a shiver down your spine. And to play out the analog television analogy, don’t look toward the usual suspects to help you “bridge the gap” that Gartner points out in the study. You may end up with a really high end VHS deck to go with that analog television.
Leave a Comment » | 
Endpoint Security | Tagged: endpoint protection, Endpoint Security, Gartner, perfecting the obsolete, RSA Conference 2009 | 
Permalink
Posted by Jim Ivers
April 2, 2009
Good entry by John Pescatore on his Gartner blog today about the day after the April 1 Conficker hype. I agree with his take, which supported my post from yesterday. Conficker was not built to be a public spectacle – it was built for the long term and while the April 1 date has come and gone, it still is out there. I do think we cannot completely blame the press for the hype as the creation of the Conficker Cabal and the Microsoft $250K bounty certainly gave the whole affair gravitas.
I did find one funny item in the Security Fix blog by Brian Krebbs of the Washington Post. It seems that Big Ben stopped just before midnight on March 31. The stoppage was immediately seen as the work of Conficker. Makes sense – build a worm, get it distributed to millions of computers worldwide, have it confound the best and brightest of IT security, and then instruct it to stop Big Ben.
On a final note, yesterday I had the chance to spend time with Dave Hooks, our CTO. Dave walked me through the demo for the next release of our product, which features our real-time detection and remediation capability, which we will be unveiling in the next several weeks. To visually witness the software detect malware that was just introduced to a machine, do the analysis, synthesize a remediation, and remove the malware and reset any changes the malware made to the machine in the span of 90 seconds was very cool. No one touched the machine during that span, making Triumfant able to see zero day malware and remediate the machine with zero human interaction. Best of all – no signature required. Much more to come.
Leave a Comment » | Endpoint Security | Tagged: Endpoint Security, Gartner, zero day malware | Permalink
Posted by Jim Ivers
March 27, 2009
Yesterday, Gartner released some studies about endpoint power management. The first, “When to Consider Commercial PC Power Management Tools” is a good general guide to the subject, while the second, “PC Power Management Tools Market Update, 2009” does an in-depth look at the tools available on the market. I invite you to download these reports via the Gartner web site. Triumfant is pleased to be one of the tools assessed in the study and proud of what we believe to be a positive evaluation.
In both the wider study and the product update the Gartner Analyst, Terry Cosgrove, notes that power management is becoming an integrated element of broader offerings. We at Triumfant believe that this is a logical evolution and will be the path to broader adoption of endpoint power management (see “What’s Next for IT Power Management for the Endpoint” ). With all due respect to the other vendors that have point offerings, it just makes sense that Power Management would be a logical extension of existing tools for compliance and configuration on the desktop. For Triumfant, Power Management literally uses 300 of the 200,000 attributes we track, the power policies are easily represented in our policy management processes, and our analytical capability allowed us to add some compelling capabilities to our Wake-on-LAN functionality. The customer gets the capabilities they need without adding an additional agent or introducing a new management console.
Let me give you an analogy. You own an office building and you know that turning off lights throughout the building when most offices are vacant will save you money. You could hire someone to come in every day at 6pm and go office to office turning off every light. But the cost of the extra person would greatly impact if not eliminate the savings. Then it hits you – you already have someone who comes in at 6pm and goes office to office. So you make it a new duty of the cleaning staff to turn off all lights on their way out of an office. It is a very small fraction of their responsibilities and capabilities, and requires no additional costs or infrastructure.
Furthermore, broader offerings tend to have well developed reporting capabilities, which we have found to be a strong requirement with prospects. As Terry Cosgrove points out in his studies, the people implementing and funding power management rarely see power bills, so they need actionable reports to show the return on investment. In fact we find ourselves speaking with organizations that already have power management software but are looking for better reporting, specifically to show the ROI.
I think the path is clear, and power management just makes too much sense to ignore. The disconnect is not technical but political, as the people that pay the bill are often completely disconnected from the IT staff that would procure, deploy, and manage the software. It is up to companies to encourage and incent the IT staff to look for tools that have integrated power management and implement the policies to make it work.
Leave a Comment » | Green IT Power Management | Tagged: Gartner, IT Power Management | Permalink
Posted by John Prisco
Click here to subscribe
