Skip to content

Ruminations on McAfee FOCUS 2010: Day 2, Day 3, and Leaving Las Vegas

October 17, 2010

FOCUS 2010 has now come and gone, and once again McAfee has put on a stellar event.  Great logistics, good venue, and most of all, excellent content.  Some brief observations on the week:

As mentioned in our last post, it’s getting harder and harder to figure out what some security vendors’ products actually do, because everyone is chasing the business problem du jour.  Encryption companies, DLP companies, SIEM vendors, and lots of other point product vendors are selling themselves as “PCI compliance solutions” and “cybersecurity solutions”, and everybody is throwing the terms “Enterprise” and “Platform” into the mix.  Of course, not everyone’s solution is a platform, and there are likely relatively few that are truly enterprise-grade software.  What makes an enterprise-ready platform? I’m glad you asked…

  • Scalability.  A vendor can’t legitimately claim to be an “Enterprise” anything if their product doesn’t scale.  This means both scaling “deep” (to support thousands, or even tens/hundreds of thousands, of whatever it is that their product touches, whether it’s hosts, devices, apps, databases, or users.  Scalability also means scaling “wide”, across geographically disparate networks that are the hallmark of enterprise customers; if a security product can support 50,000 serrvers in a single data center, that’s great — but can it support 100 data centers around the globe with 500 servers each, with the same level of performance?

 

  • Extensibility.  A fixed-function product that doesn’t provide a lot of flexibility is not a “platform”.  A platform provides a framework for a particular function or group of functions, and can easily be modified to extend capabilities to new data sources, or new additional functionality.  A great example of this from this show this week was McAfee’s ePolicy Orchestrator (ePO) — ePO is most definitely a framework: it comes with excellent out-of-box functionality and integration with other McAfee products, but also has well-documented API’s for extension, a tremendous user support community, and lots of readily-available code examples to demonstrate how it’s done.

 

  • Granular Security Controls.  If vendors want their products to be used across the enterprise, they need to ensure that their product has appropriate access and administrative controls; if a vendor’s solution is used by both Network Operations and Security Operations, for example, then the product needs to have granular security (such as ACLs) to ensure appropriate separation of duty across business functions.

Another observation: customers are smart, and many of them have been burned by vendors’ promises not kept.  Countless customers dropped by the eIQ booth this week and regaled us with stories of products that vendors promised would scale (but didn’t… see “Enterprise” above…), wouldn’t support their technologies (see “Platform” above…), and/or wouldn’t solve the business problems they were experiencing due to lack of scope and visibility (a problem that SecureVue has solved for many a customer).  As technology vendors, we need to recognize that our customers keep the lights on; if we’re not helping them solve a business problem — not just providing them with a “technology checkbox” so they can say, “yes, I have DLP/SIEM/NAC/IDS/etc.” – then we’re doing them (and ourselves) a disservice.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: