Skip to content

Imitation and Flattery

March 11, 2009

You know the old saying, “Imitation is the sincerest form of flattery.” And that’s true, unless someone is imitating you. Then it’s just irritating.

Yet, that goes with the territory of building a product that redefines the market space. Maybe I’ve been breathing the eIQ exhaust for too long, but I see the recent product announcement from RSA on enVision 4.0 as clear validation of the technical direction eIQ pioneered almost 3 years ago when building SecureVue.

Basically RSA added a number of new capabilities to their log aggregation product, namely the ability to pull in asset data and also vulnerability data. This gives them the capability to get a little more intelligent about which events should result in alerts because of a broader correlation.

If you ask us, they are on the right trail, but they don’t go far enough to truly impact how a customer manages their security and compliance processes. By contrast, eIQ also gathers configuration, performance and network flow data. We put all this data into our correlation machine and draw more intelligent conclusions and help customer more effectively prioritize activities because we are looking a more diverse data stream.

We’re actually pretty comfortable that our technical differentiation will last for a while. And it’s not because that exhaust is so sweet smelling. It’s because gathering these additional data types is hard. Why do you think most of the vendors in the space are forced to use different appliances for SIEM and log management? Right, their data models don’t support the types of data at the speed and scalability required to solve both problems.

Lest the other folks in the space think we are resting on our laurels and standing still, you can forget that. We’ve got some stuff in limited customer deployment that will pretty much turn the industry inside/out. But I’m not in the business of pre-announcing anything, so that’s about all I’m going to say about that.

Of course, this is all the vendor’s version of he said/she said, and in reality most customers are just trying to solve a problem, be it doing better security with fewer resources or making the auditor go away with a smile on their face. They want the answer, not to hear about why our widget is better than theirs.

So I’ll just thank RSA for realizing that log data isn’t enough.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: