Lately it seems that every time I am quoted in the news I end-up in a virtual debate against some executive or another. Here is a quick recap of the last couple of weeks of Amrit vs. Various CxO’s in the press.
In August SC Magazine ran one of their debate columns pitting yours truly against Steve Orenberg, President of Kaspersky Labs (here) the topic was something about the death or evolution of AV. I was against, Steve was for – we were basically saying the same thing, stand-alone AV is being subsumed and integrated with other desktop security functions, but Steve feels that there will always be a place for stand-alone AV, I do not believe that stand-alone AV will survive very much longer. In any case he uses an argument from Jon Olstik (who seems to be popping up in the middle of several of my debates – not sure why) equating signature-based AV to seat belt’s and claiming that airbags didn’t make seat belts obsolete. Actually seat belts, like stand-alone AV, have also had to evolve and change design, lap belts have been shown to cause severe and sometimes fatal internal injuries, and when used alone they are far less effective in limiting the impact of an incident than when used in combination with airbags and other forms of accident injury reduction systems – just like a vulnerable copy of Symantec AV, a poorly tested release of McAfee or Trend’s dat file updates. Poor analogy Steve, but to counter let me state that stand-alone seat-belt’s, especially the legacy lap belt, like stand-alone AV are obsolete and no longer protecting anyone. People need multiple, integrated protection mechanisms.
On September 11th, Patchlink changed their name to something that sounds like a sleep-aid “Lumensia” which also happens to sound like dementia. I questrioned the whole Patchlink integrated, unified, end-point, protection, suite thing (here) and this apparently bothered Clawson so much that he replied “Lementia’s strategy does indeed see the company in competition with CA and McAfee, but added: “We don’t give a sh*t about antivirus or antispyware.” These technologies are passe – “reactive” and “don’t work”, he said. ” – Do you really trust your security to an executive that is this unstable? And how exactly does the company formerly known as Patchlink plan to compete against McAfee, CA, Symantec and other end-point security technologies if they do not offer an integrated set of anti-malware technologies?
McAfee recently released ePO 4.0 claiming to be the first single agent, single console integrated security solution, first to combine security and compliance, first to manage both McAfee and non-McAfee security products, the world’s most scalable solution, and a bunch of other untruth’s. The world’s most scalable solution? That is quite a claim. Let’s dig into it a little. I have talked to a lot of clients that require on average 1-3 ePO servers per 2,500 end-points. An HMO with 190k end-points had 750 ePO servers deployed with 12 FTE’s, a wall street bank used 500 ePO servers, an Atlanta-based financial service company had to deploy 75 ePO servers for about 45k machines, a London based publisher had 12 ePO servers to manage 20k machines, I could go on like this all day…ePO servers are not tiered, so no single console in a large environment for a consolidated view – how exactly is this the world’s most scalable? I would love to benchmark scalability of BigFix against ePO, while we are at it, let’s toss in all the other first’s as well – you up for it guys? I should mention that I used to work at McAfee back in the day and know all about ePO’s history. Anyway eWeek ran a point-counterpoint type article between myself and McAfee’s director of Product marketing (here) wherein McAfee makes the claim “The fact is that ePO is highly scalable, with our largest installation consisting of more than five million nodes,” – wait a minute, your largest installation of ePO consists of support for 5 million nodes, you must mean AOL, Comcast or Yahoo which are all consumer/SMB oriented uses of McAfee and they do not use ePO at all so nice try. Knowing what I know about ePO (and I know a lot) to support 5 million nodes, you would need to deploy a minimum of 2000 ePO servers at the low-end. The article goes down hill from there.
It has been fun debating folks and I look forward to more opportunities…in the meantime you all know where to find me.