Amrit vs. Various CxO’s in the press

Lately it seems that every time I am quoted in the news I end-up in a virtual debate against some executive or another. Here is a quick recap of the last couple of weeks of Amrit vs. Various CxO’s in the press.

In August SC Magazine ran one of their debate columns pitting yours truly against Steve Orenberg, President of Kaspersky Labs (here) the topic was something about the death or evolution of AV.  I was against, Steve was for – we were basically saying the same thing, stand-alone AV is being subsumed and integrated with other desktop security functions, but Steve feels that there will always be a place for stand-alone AV, I do not believe that stand-alone AV will survive very much longer. In any case he uses an argument from Jon Olstik (who seems to be popping up in the middle of several of my debates – not sure why) equating signature-based AV to seat belt’s and claiming that airbags didn’t make seat belts obsolete. Actually seat belts, like stand-alone AV, have also had to evolve and change design, lap belts have been shown to cause severe and sometimes fatal internal injuries, and when used alone they are far less effective in limiting the impact of an incident than when used in combination with airbags and other forms of accident injury reduction systems – just like a vulnerable copy of Symantec AV, a poorly tested release of McAfee or Trend’s dat file updates. Poor analogy  Steve, but to counter let me state that stand-alone seat-belt’s, especially the legacy lap belt, like stand-alone AV are obsolete and no longer protecting anyone. People need multiple, integrated protection mechanisms.

On September 11th, Patchlink changed their name to something that sounds like a sleep-aid “Lumensia” which also happens to sound like dementia. I questrioned the whole Patchlink integrated, unified, end-point, protection, suite thing (here) and this apparently bothered Clawson so much that he replied “Lementia’s strategy does indeed see the company in competition with CA and McAfee, but added: “We don’t give a sh*t about antivirus or antispyware.” These technologies are passe – “reactive” and “don’t work”, he said. ” – Do you really trust your security to an executive that is this unstable? And how exactly does the company formerly known as Patchlink plan to compete against McAfee, CA, Symantec and other end-point security technologies if they do not offer an integrated set of anti-malware technologies?

McAfee recently released ePO 4.0 claiming to be the first single agent, single console integrated security solution, first to combine security and compliance, first to manage both McAfee and non-McAfee security products, the world’s most scalable solution, and  a bunch of other untruth’s. The world’s most scalable solution? That is quite a claim. Let’s dig into it a little. I have talked to a lot of clients that require on average 1-3 ePO servers per 2,500 end-points. An HMO with 190k end-points had 750 ePO servers deployed with 12 FTE’s, a wall street bank used 500 ePO servers, an Atlanta-based financial service company had to deploy 75 ePO servers for about 45k machines, a London based publisher had 12 ePO servers to manage 20k machines, I could go on like this all day…ePO servers are not tiered, so no single console in a large environment for a consolidated view – how exactly is this the world’s most scalable? I would love to benchmark scalability of BigFix against ePO, while we are at it, let’s toss in all the other first’s as well – you up for it guys? I should mention that I used to work at McAfee back in the day and know all about ePO’s history. Anyway eWeek ran a point-counterpoint type article between myself and McAfee’s director of Product marketing (here) wherein McAfee makes the claim “The fact is that ePO is highly scalable, with our largest installation consisting of more than five million nodes,” – wait a minute, your largest installation of ePO consists of support for 5 million nodes, you must mean AOL, Comcast or Yahoo which are all consumer/SMB oriented uses of McAfee and they do not use ePO at all so nice try.  Knowing what I know about ePO (and I know a lot) to support 5 million nodes, you would need to deploy a minimum of 2000 ePO servers at the low-end. The article goes down hill from there.

It has been fun debating folks and I look forward to more opportunities…in the meantime you all know where to find me.

6 thoughts on “Amrit vs. Various CxO’s in the press

  1. Amrit – funny stuff. I especially like the formerly known as one. Maybe they should have picked a symbol to use. Tell us more about EPO though. Come on, stop dropping threatening hints and come clean!

  2. Clawson is a bit of a loose cannon, aside from his history of cursing to journalists, which is usually a sign of a small minded individual that is unable to find other methods to communicate their position, what small company announces in a press release that they are going IPO?

  3. I wholeheartedly agree with your first three paragraphs, but I must point out that I’ve been running ePO v3.x for nearly five years, and I have two (2) ePO servers serving ~33,000 endpoints with no issues of scalability. Something about your examples doesn’t smell right.

  4. Hi Chris,

    There is wide disparity in how organizations structure their networks, implement software (or dat file) distribution points and manage systems and security technologies at the desktop. A flat, centrally managed organization with limited VLAN or switching with tight coupling between software distribution and security technologies will require less infrastructure to support McAfee than an organization that is highly complex and distributed – I am not claiming you are one or the other, however I am relating the experiences of organizations that expressed their environmental issues with such products as a Gartner client or as a BigFix customer. To give some perspective an organization that is abot 10k desktops shy of 33k required 9 ePO servers based on their network architecture, these ePO servers were not tiered and they needed to export data to produce a single report showing AV health status across this segment of their environment. It is not uncommon for most client/server based technologies, whether they be McAfee or others, to require a single server to support between 2,500 and 5,000 machines. Some environments support much more and some support far less – but I think it is safe to say that McAfee’s claims of having the “world’s most scalable solution” is completely false and baseless.

  5. @Kevin

    I am not disputing the potential for application control to provide additional controls to improve security and protect enterprise desktops, I was more pointing out Pat Clawson’s unstable nature and use of foul language to describe his position. As for Symantec, they may agree that application control should be added as part of the overall endpoint protection platform but there is no way Symantec, McAfee, Trend or the rest of the AV vendors would ever relinquish the cash cow known as AV to make the world a better place.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s