The Converging Network

As predicted (on a previous SSATY podcast) the squabbles have already started between the AV vendors and Microsoft over Vista's security additions.

The war of words has now moved onto the security dashboard playing field (Windows Security Center vs. 3rd party AV vendor dashboards). Microsoft says third parties can tie into and report status through the Windows Security Center but that it always must be enabled. AV vendors are crying foul since it can't be disabled and replaced by their own dashboard (as was the option in Windows XP.) Both sides have valid arguments. If you disable the security center, then what about reporting patch status or firewall (if a 3rd party one isn't installed)? On the other hand, two security shields / dashboards doesn't make sense either.

The bottom line? Clearly, the AV gravy train is coming to an end. This is really about losing the ground AV vendors have had for many years and just as importantly creating the console that serves as point for valuable security applications.

Microsoft should be able to compete in the AV market and give current AV vendors a run for their money. Current AV vendors of course should be able to compete to maintain their foothold and attempt to win the hearts and minds of Vista users. But just fighting over the security dashboard isn’t going to win the game for AV vendors. I’m afraid that AV vendors are missing the point here. Keeping the dashboard doesn’t mean you keep the underlying security apps too. Not if Microsoft’s apps are better.

Vendors are playing all sides of this issue; sticking Microsoft in the eyes by marketing the vulnerabilities they find in Microsoft products, taking advantage of loopholes in the kernel to develop security products, and making $'s hand over fist on AV, firewall and spyware products. Quotes like "Why does Microsoft have to the be the sole voice about [Vista] security?" from Symantec are a bit ridiculous when they are the ones making such an issue about the security issues in Windows in the first place. There is a bit of a conflict of goals having a vulnerability research team joined at the hip with marketing when what they are doing is pointing out flaws in the host system’s OS.

Similarly, complaints are being lodged against the new Kernel PatchGuard and fixed-layout document standard (XPS) document formats. Cisco has also weighed in the press about their views on the new Vista security features subject.

Now the issue is being taken to the EU where it could garner some attention, where they previously determined that Microsoft was a "near" monopoly and fined them $600m. ("Near" right, EU.)

And this is only the beginning. Symantec seems to have taken the lead in voicing concerns in the public about the threats Vista posses to it’s markets. So hang tight for some real controversy over all these Vista security enhancements. It would be surprising if all of them don’t come under attack at some point in time.

Thursday was a short day for me at Interop. The morning began with an in depth conversation about deploying our Safe Access product inside an international financial services company. It is always a pleasure to learn about customers’ networks, the challenges they face, and to really understand their interest and needs for NAC. The lengthy customer meeting was followed by an analyst session and then a dash to La Guardia airport.

Unfortunately I missed the session with Symantec's CTO discussing their new Symantec 2.0 announcement. I have to admit, the announcement seems rather confusing; dropping out of the security appliances business, now back in them with Juniper, NAC's a back burner and now lets add support for TNC, etc. Mike Rothman made some pretty intelligent comments about this that backs up why this all seems so confusing. Maybe in the next few months we'll get more clear insight into Symantec's plans and what exactly all this means.

I was contacted by a Symantec representative about a survey Symantec did at Interop. According to the representative, "the most startling response was that 40% of those surveyed said their organizations experienced at least one breach during the past 12 months." Actually, I'm not surprised at all. Every breach doesn't get publicized and there are so many that happen which most of us just don't know about unless we are insiders at that company. Anyway, thanks Frank (who contacted me) for sharing a bit of the survey. Hopefully we can learn more about the survey and possibly blog or podcast about it. (If anyone would like to be put in contact with Frank, please email me and I'll be happy to do so.)

Dave Greenstein (StillSecure Chief Architect) had some very nice coverage in the press about his participation on the NAC deployment experiences panel with Joel Snyder. Again, I think many of the attendees (but certainly not Dave) got lost in the Cisco / Microsoft slight of hand messaging that NAC is something we're all gonna do in the future. It's here now. We are just waiting for the 800 lb. gorillas to start tap dancing (iffy) so we can teach them the tango next (not likely). While they are still talking about what they're gonna do, the rest of us will be deploying Safe Access in Cisco, Extreme, Nortel, Enterasys, ... and Microsoft networks using product that's available today.

I am happy to also report that my day wrapped up one of the best ways possible (that is if you are a guitar player, like I am anyway.) Upon returning to Denver and spending time enough to share a meal with the family, I drove downtown to attend the Jeff Beck concert. Wow, 2 1/2 hours of unbelievable musicianship, talent and just pure guitar fun entertainment. It makes you want to rush home and start practicing for hours (or just drop the guitar and pick up a different instrument all together - that's not gonna happen for me though.) I wish every trip capped off with a concert like that. Jeff Beck is a one of a kind and a spectacle to see in concert.

Thanks for reading and I hope sharing some of these thoughts about Interop NYC '06 over the past few days were interesting and insightful. As always, please email any questions or feedback! :)

Another very successful day at Interop in New York City. The traffic by the booth was brisk and many people stopped by because they’ve heard about StillSecure's success in the NAC marketplace. It makes a big difference when you can talk about specific experiences with NAC over the last 3 1/2 years (we started working on Safe Access back in 2003, before MS Blaster hit and before anybody heard of C-NAC or NAC) and the successful experiences customers are having today. I'm struck by how Interop has changed, how security is a much more dominant theme of Interop now.

Again, a day full of customer meetings and media/analyst briefings. Alan and I were able to meet up with Mike Rothman (SecurityIncite) during lunch. All three of us commented about the podcast recording Monday night with Rothman, Martin McKeay, Michael Farnum and Bobby Dominguez. It was a pretty amazing conversation (we should have the podcast posted by Friday at the latest.)

Rothman posed an interesting question to me; why supporting industry efforts like TNC/TCG would be important to us, since one of Safe Access' differentiators is working across all of the various vendor architectures and product technologies. Customers certainly are looking for support of standards and frankly it is a way for customers to hedge their bets against being locked into the wrong solution. It also means your stuff will work with their existing stuff. It is also very important to technology partners, such as OEMs, so they are ensured compatibility in a heterogeneous world of network infrastructure, protocols and software.

That's one of the reasons I've been working with and supporting the Trusted Computing Group. Alan has also been nominated for the TCG board of directors so please jump in and offer your support if you can. I know he would bring a lot of real world experience in NAC to the table and be a valuable asset to TCG.

The best highlight of the day was listening to Kevin Porter's (of HP) presentation at the Trusted Computing Group briefings. Kevin has a real way with words and did a great job of communicating how the various aspects of the TCG architecture works and the value this brings to customers. Following the last presentation there was a TCG "social" get together with various members of TCG. Great job, Kevin, and thanks for your continued involvement and support.

We wrapped up the business day with a dinner with a customer in NYC who has deployed Safe Access at multiple locations within their enterprise network. I can't think of a better way to end the day than to spend it listening to a customer.

Alan and I then made a quick trip down to the new Apple store in front the of the GM building. The store is open 24 hrs a day! It's more than a store, it's a hangout. The Apple store is actually underground but the entrance is a big glass cube above ground with a clear spiral staircase and clear glass elevator. Apple's always been a cool company (my first computer was an Apple II) and they have a great sense for style in their products and how they do business.

Blog, email, review some documents, to bed, and then get up for my last day at Interop NYC.