The Industry Needs More Cowbell…


Every-time you turn around there is a new security problem that needs solving, a new threat that needs managing, and a new regulation that needs complying with. Navigating the mine field of marketing “noise” continues to challenge even the most seasoned BS detectors.

Steinnon blogs about trojans representing 60% of all malware, Symantec disclosed in their threat report that phising is up about 80% over previous years and that worms made up 38 of the most top 50 malicious codes and that polymorphic viruses are likely to grow because they are hard to detect (isn’t this why the AV folks added heuristics back in the mid-90’s?), Gartner released their Cyberthreats HC noting that the 5 highest impact threats are targeted threats, identity theft, spyware, social engineering and viruses, it also mentions that rootkits are going to highly impact IT organizations in the next 3-5 years. I could go on here but I think you get the point. The Internet is a scary place and getting scarier – motivation for cybercrime has definitely shifted from hobby-based malware and cybervandilism to financially motivated and often targeted attacks that have the potential to be highly damaging (The US DOJ maintains a list of indictments and prosecutions which can be a good source of information to validate that these threats are real), but we can’t keep deploying a new technology for each new threat, we can’t keep reacting to security problems with a new appliance or a new piece of software. At the end of the day whether we are talking about viruses, worms, trojans, rootkits, spyware, malware, etc isn’t it all the same thing – bad stuff getting onto our computers and our networks? I used to write AV software so I am intimately familiar with why technology companies classify these differently, but come one as consumers of technology are we expected to pay for these as modules, didn’t we learn anything in the last 5 years?

Bottom line: You should not have to pay more for increased functionality year over year – demand more from your vendors, tell them that you don’t need an anti-virus, anti-spyware, anti-rootkit, anti-phishing, anti-x, with a personal firewall, host-based intrusion detection, and wireless security and networking configuration capabilities each sold to you at a premium – get them all for a single price, the price you paid last year for AV. Let them know that turning it up to 11 is not going to win the gig when what you are really looking for is more cow-bell.

4 thoughts on “The Industry Needs More Cowbell…

  1. Pingback: Amrit Loves Cowbell |

  2. The trouble with the idea that “your av vendor” can somehow guess what the next threat is and roll out a product to defend against it is that noone values that new protection until the threat appears. This is the way the market works. All of the AV vendors looked at spyware in 2002-2003. They all decided that there was no call for removing software that the end-user had chosen to install. It was only after spyware become a real problem that they reacted; McAfee well, Symantec not so well.

    I think for industry analysts to advise their clients to “wait for the encumbant” may be OK when you are talking about not switching to Apple because Vista will catch up. Or don’t switch to SAP because the next version of Oracle has the features you are looking for. But in security that does not work. YOU NEED TO DEPLOY DEFENSES AGAINST ATTACKS AS SOON AS THEY ARE AVAILABLE. You need to buy best of breed defenses. Yes you have to contain costs but not at the price of being open to attack. And telling your clients to wait for Symantec on anything is just plain crazy talk.


  3. Ah the old “you need to buy best of breed” defenses just doesn’t cut it on the enterprise desktop anymore, the problem is that managing multiple agents is a nightmare, not to mention the resource (CPU/Mem) constraints. Most enterprises are much better off with a layered approach to security throughout (that is network, gateway, hosts, servers, etc) but when it comes to the desktop enterprises need a centrally managed, integrated solution that provides “good-enough” anti-spyware, anti-virus, personal firewall and intrusion prevention capabilities over 4 seperate best of breed products. Suggesting that an enteprise should deploy multiple “best of breed” agents at the desktop is crazy talk these days – not to mention what constitutes best of breed?

    As for what I would advice clients – I never said “wait for the encumbent” there are tactical considerations and strategic ones, strategically they should absolutely require more from their encumbent and leverage their centrally managed infrastrucutre. Tactically they should deploy defenses as needed – short term – perhaps with a 1-2 year contract. But deploying something like McAfee for AV, Webroot for AS, Sygate for PFW, and something else for HIPS, plus whatever you are running for config management strategically – that just isn’t going to work.

    btw – As for my thoughts on the Anti-spyware market that you just exited check-out my blog posting on the subject (Forrester wave like th special olympics) and let me know how you disagree or see the market differently

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s