Solidcore FIM with EPO is in the works…

I heard from couple of customers that they heard from our competitors that non-security products from Solidcore will not be supported by MFE going forward. This is completely UNTRUE.

We are busy integrating our FIM (file integrity monitoring) into EPO. This will be a 100% integration and will make it very easy for all MFE customers to use FIM with EPO to meet their compliance requirements.

We will release a technology preview of this capability soon for all to see and play with. In addition to real-time FIM that solidcore offered earlier, now you will have the power of EPO and integration with other reporting and search to give you a one-stop compliance, risk and security dashboard.

If you would like an early release feel free to contact me.

Understanding the McAfee (MFE) Power

Just before Solidcore was acquired by MFE, I went to hear Dave Dewalt’s (or DDW as he is called inside MFE) keynote at RSA. To be honest with you, I couldn’t understand what he was talking about. He was giving the analogy of weather and these global sensors and while the analogy kind of made sense but, most people I felt did not connect with what he was saying.

Today one of our customers was visiting and I was sitting through the executive briefing, mostly to learn about the different MFE products. And I had an epiphany, DDW’s talk suddenly made complete sense to me and it struck me that the vision was not only very powerful, but somehow the CEO had managed to get everyone in the company to think in the same direction.

The epiphany came from someone in the Network BU saying that a very large customer recently had a denial of service attack. The sites protected by the MFE firewall were not affected at all since they dropped all the packets. Why did they drop all the packets? Well the source IP addresses belonged to a set of servers which had been flagged as sources of spam over a year back. And I said WOW!!!  Several amazing things happened here, the intelligence collected from the SPAM gateway was used to generate rules understood by the firewall appliance over a period of over 1 year. WOW!!!

Now it makes sense, you have so many security point products, and there will continue to be more,  they all make decisions about good and bad. In some way they block the bad and let the good happen. Now they can share their definitions of good or bad with each other. In addition they can also share “maybe” — I dont know whether its good or bad. By using different dimensions of good or bad a more complete characterization can be developed.

The obvious question to ask is “who” are these attributes characterizing. For example in case of a firewall, they were characterizing the IP address. In case of SiteAdvisor they are characterizing a web site or a domain. They make be characterizing a user where a user is defined by an “web email address” or a “login id” or “a facebook/twitter id”. Or it could be an application such as the case for whitelisting. Or it could be a computer.

The last part of the piece that fell into place for me was why couldn’t somebody do this and go after MFE. After all it seems obvious once you know it. And the answer which popped up was its because of “history”. Imagine you want to open a credit rating service. It would be no good if you did not have the historical data for all the transactions that a person had done. Similarly MFE has historical data for websites, IP addresses, programs going back 2 decades. That you can’t buy and is one of the crown jewels that the company owns. As we begin to see the transformation of that data to build out intelligence and a more complete picture of the “trust model” this company has a long way to grow.

Symantec versus McAfee

Great Article

http://harbor.typepad.com/analysis/2009/07/symantec-vs-mcafee.html
Symantec (SYMC) and McAfee (MFE) are software companies known best by consumers for their antivirus packages.  Symantec is the market leader in almost every segment it operates in, whereas McAfee is generally number two.  Partly due to recent strong revenue growth and partly due to an aggressive marketing strategy to get its software installed on computers by the original equipment manufacturer, McAfee shares are trading at about twice the earnings multiple of Symantec.  Given that Symantec has historically outperformed McAfee, McAfee’s strategy is risky, and the current valuation implies that McAfee will outperform even beyond the horizon visible to analysts, I see an interesting long/short opportunity.

Overview of Thesis

SYMC and MFE are nearly identical companies with the primary difference being that Symantec is larger and involved in data storage, management, and backup.  The key short-term strategic difference is in growth strategy. A few years ago, SYMC seemingly choked on the acquisition of Veritas, a large data storage and management company, but they have since been able to integrate Veritas into a coherent Symantec.  During this integration process, McAfee has been able to gain market share by bundling software into easily used suites for consumers and small businesses, a trend SYMC missed in 2006.  MFE is now attempting to steal market share from SYMC by entering into agreements to have a free-trial of MFE software pre-installed on PCs.  While management and many analysts are optimistic that this will produce strong results, the long-term benefits are limited.  The average user that pays for antivirus software after a free-trial period remains a customer for approximately three years.  If SYMC decides they are loosing valuable market share to MFE’s OEM strategy, they can simply compete by offering OEM’s an equal or better deal than that offered by MFE.  Oligopolies naturally form for a reason, and number two players generally don’t have much success waging turf wars against the number one players by spending more money on distribution.  MFE doesn’t have any sort of a long-term competitive advantage with the OEM strategy.  However, SYMC has an established data storage and management business that offers something unique to customers and will take a while for competitors such as MFE to duplicate.

Analysts’ forecasts for revenue growth from 2008 to 2010, according to Bloomberg, are 29% for MFE (65% earnings growth), and 4% for SYMC (22% earnings growth). This leaves MFE trading at 23x 2010 earnings, compared to 14x 2010 earnings for SYMC, indicating that either McAfee will outperform well beyond the horizon visible to analysts or they will grow earnings by more than 65% over the next two years and maintain it.

To read more: http://harbor.typepad.com/analysis/2009/07/symantec-vs-mcafee.html

XPM & Business Models

As some of you might be aware Microsoft has announced (you can download it) windows XP mode, which is a virtual machine with fully functional XP SP3 & free. It makes sense for MSFT to give this for free, because it helps you migrate to windows 7 faster (or atleast that is the theory). But what about vendors who have software for XPM, backup, security, vpn, compliance among others?

Its a difficult one because with the precendent that MSFT has set, customers would expect that you charge for windows 7 but give the functionality in XPM for free. In reality vendors may have to do a lot of work to make the solution work well inside XPM for the solution to really work well.

The other angle is that a lot of customers have enterprise agreements. So if you customer is on an ELA or equivalent does it really matter. Most likely XPM will be used by the largest organizations which have custom applications. These are the same customers for which applicaiton virtualization didn’t work well, because the custom apps broke the app level virtualization.

I have not seen any pricing come out yet for XPM but will keep you posted!

VDI: early adopters are out there

Having been skeptical about the adoption of VDI, I was surprised recently to learn that atleast 5 major banks have moved large chunks of their desktops or are in the process of moving them to VDI. I did not get a chance to understand what were the drivers for this, but atleast the early adopters are out there.

In addition their architecture looked very similar: ESX backend, Citrix Stack in front, HP thin clients (XPE/Linux). Even that was surprising. Again I did not get a chance to ask what storage they use etc.

Traditionally on sandhill people say that once the financials buy the rest of the country follows. I would be convinced if I see a couple of more industries. But I must say I was surprised.