Skip to content

Put up, or shut up!

October 10, 2011

Vijay Basani, President and CEO of eIQnetworks, challenges both McAfee and IBM to prove they can deliver what they claim. He says empty marketing claims and misinformation won’t help it when it comes to convincing the industry.

Following the announcements that IBM and McAfee are to acquire Q1 Labs and NitroSecurity, both vendors are claiming that the acquisition of SIEM tools will magically provide them with the ability to deliver ‘true’ Situational Awareness – we firmly believe that it won’t.  SIEM + Net Flow + some analytics isn’t situational awareness… it’s just SIEM plus a few other things.

Situational Awareness requires the real-time collection of ALL security data – logs and events, system configuration state, vulnerability state, security policies, network traffic analysis, performance, availability and connection state, user activity data, file integrity data, asset state and criticality, etc. – all in a unified view from a single, integrated console.

A true situational awareness solution must deliver three critical benefits in order to protect against APTs and cyber attacks :

1) Accurate, timely and coherent view of the threat, compliance and risk posture

2) Efficient and timely investigative analysis of ALL security data so that security professionals can proactively detect and fix potential problems  

(3) It should not require an army of consultants that would make it un-palatable and expensive.

The cobbled together point product approach from companies like IBM, McAfee, and HP will not deliver on these. Their approaches lack cross-correlation of data that is essential in early detection of an anomaly or threat, will result in swivel chair management to security and high TCO.

Cobbling together 4 or 5 different disjointed products – history tells us that both IBM and McAfee (and HP) have a history of poor integration of acquired technologies – will result in a lack of a unified view, inefficient operations and poor forensic analysis capabilities.  Their road maps will be re-evaluated and in all probability changed, resulting in not delivering what was promised to customers and there will likely be significant confusion and lack of execution among the sales and marketing teams. You only need to look at what happened when IBM acquired Consul for evidence.

IBM abandoned this product after 3 years, to now go acquire Q1 Labs.  As a customer, you have to wonder what will happen to Q1 Labs technology in 2-3 years’ time – will it go the same route of Consul?

Will Q1 Labs’ existing customers be forced to pay for exorbitant IBM services to fix problems?  From their press release It’s clear that IBM sees this as an opportunity to sell services – it clearly stated its goal is going after $90B+  Security Services business. Customers choosing an IBM ‘situational awareness’ tool can expect to see a significant charge for maintenance and servicing, while it is unlikely to deliver on its promised situational awareness.

Many vendors have jumped on our Situational Awareness message in recent months and we’d invite them to put their tools to the test by submitting them to an independent lab evaluation  in order to validate their claims.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: