I have often marvelled at that those industries and lucky companies whose revenues seem to accelerate when their customers are screaming about their declining service. Take cellular or mobile phones. How many calls have you wasted minutes of call time moaning to your listener about the abysmal coverage? Meanwhile the phone company is racking up profits and smiling all the way to the bank. The cynic in me suspects that they could actually boost profits by deliberately allowing service levels to degrade. At least to a point!
I have spent my entire career fascinated by the inertia of large companies who seem impervious to the service levels they offer.
Well today is a big day for me. Those among you who are Tom Cruise fans might recall the movie Jerry Maguire, which also happened to star an irresistible Renee Zellweger. Anyhow I loved the movie, twee or not, for its many motivational messages and the triumph of the underdog. The little kid reminded me of my step son Harry when he was around 3 or 4 and Cuba Gooding Jr of Michael Johnson the skipper of Derby County Football Club (DCFC)where I am one of the now infamous league of gentlemen who bailed the club out a year ago and have now restored it to the Premiership of British Football (soccer for the american readers).
But first let me digress about being the underdog, with a quick note about DCFC and its many heroes. Peter Gadsby the Chairman without who we would never have bought the club, Mike Horton (CEO) who helped us guide it back to a modicum of efficiency saving millions, Billy Davies who built, developed and inspired our team to greatness. Stephen Bywater (goalie) who seems to careless about his body when ever a ball comes within 30 feet. Steve Howard for the countless goals and talisman effect on the team. Darren Moore, Marc Edworthy, Dean Leacock and Seth Johnson for their commitment and effort in spoiling the party for so many teams who said and thought they'd slaughter us, including the league favorites West Bromwich Albion who we beat at Wembley in the richest game of English Football ever played. Then to Tyrone Mears and Jay McEveley for some of the balls-iest and most brilliant tackles I have ever seen. Matt Oakley for his pivotal role as team captain. David Jones for his contribution to so many games like Preston and Sheff Weds - what a goal! Giles Barnes for his pace, guts, yes guts for the Sunderland goal and his ability to scare the opposition to death. Then for Jules, Kevin, Andrew, Sophie and the best support team out. And back to Micheal Johnson the squad skipper whose grit, determination , belief, motivation humor and fun attitude on so may occasions. And finally for the new Guiness Book of record candidate Stephen Pearson who scored the World's most expensive Goal in the history of Football. Wow - a £60Million, or $120Million goal at Wembley on May 28th, 2007 to secure Derby County's rise to the promised land - Come on you RAMS!
Now we've covered the sports side of Jerry Maguire - the movie, let's focus on the business messages too. Jerry wanted to revamp the world of Sports promotion. And boy does someone need to address that sometime soon. However, his firm didn't want to accept change. They didn't understand the need, and feared its impact would spoil the party. So Jerry's clever, but half cocked plan was discredited, and he was cast out to fend for himself. Problem was that if he succeeded under those circumstances then Darwin's laws would see him emerge as a real threat. Just like Derby County I suppose.
Now back to business. In a little over a month I will have been in Information Technology for 35 years. And today I saw Prevx launch a product that has the power to really shake the Security Industry. I know you've all heard it before. And so have I.
I have witnessed the battles of the hardware giants. OK, so IBM survived the Mini computer, the PC, and more. But just look at the casualties in those battles. What of Sperry Univac, Burroughs, Digital Equipment, Wang, Prime, Data General. Collectively they had a market cap of over $25 Billion and that was two decades ago. And who would have forseen Dell overtake HP in the PC and probably the WINTEL server market too. I recently priced up a huge server farm and was stunned to find DELL had the best, most cost effective and technically superior offering. Not to mention sales support that actually speaks to you without wanting a credit card payment for their time.
I also remember the system management vendor wars. The battles between IBM, Computer Associates, HP, BMC and Platinum. Ultimately when CA bought Platinum for $3Billion plus it made the rest look tiny. Flip (Andrew Filopowski) had hoovered countless companies including my own to build a $1Billion dollar business in a few short years.
Whilst these battles built bigger and bigger companies, I suspect it stemmed innovation. Big companies really struggle with innovation. Not as a concept, or in their desire to pursue it, but in their ability to harness it. In their defense they have soooooo many customers to satisfy.
After my sale of Prometrics to Platinum in 1997 I had an ambition to build an internet business. By 1999 I launched uDate.com an Internet Dating Agency. What an experience this proved to be. My timing was lousy. I missed the bubble by about 10 weeks. That 10 weeks cost me dearly. Instead of an IPO raising $100Million or more I scrambled to raise just $7.5Million and took the company public via a reverse merger on the NASD Bulletin Board (udat). Entering the market as one of the top 20 dating sites (actually the 20th). We had better technology and we leveraged it brilliantly against our established and superbly financed competitors. Within 18 months we took uDate from 20th to 2nd. In 2003 we sold the business to USA Interactive who already owned Match.com, One and Only and a couple of others. Here again I witnessed what happens when you merge the number one and number two. You lose some market share but strengthen your base. I expected the combined business to be flat for a year or so and wanted to pursue a new application to address a critical issue that prevented the industry from reaching the tipping point. I made the point quite seriously at an off site gathering when I said that in my opinion "Internet Dating Just Won't Achieve Its Potential, Until - 'Less Attractive Guys Can Be Encouraged To Date Less Attractive Women'". Some thought this was impossible. But then it is 'holy grail' for internet dating sites.
Nearly all Internet Dating sites promote their better looking men and women in their ads and also on their web sites. Now, tell me what happens when you show twenty pages of stunningly good looking women to ordinary looking guys. Well they get star struck and would sooner write 200 letters (emails) in the hope of pulling one of the babes, than look further down the list as the quality reduces. The result, the top 5% of good looking women get inundated with letters, but guys they probably wouldn' give a second look to. And before we go on about inner beauty, elieve me the result is that the good looking women leave disillusioned, and the regular guys leave dejected. It's all about the model and the model was/is broken. That's why Internet Dating isn't a $10Billion a year industry.
Now back again, to today. Why is today so darn important. Well my latest company launched a product which is going to turn an industry on its head. I'd like to say that we came across the idea a few months ago and have timed it perfectly - I wish. No this one has been baking since 2003 and has consumed most of my time ever since. But unlike Internet Dating and the system management software industry before that, this one has a really important and passionate aspect to it- PC and Internet Security. Something that affects everyone.
Why does it stand out? Because I passionately believe that cyber-crime knows no boundaries or limits and will continue to grow exponentially. After all it is soooooo lucrative it is completely self funding.
Today Prevx launched a new range of products and services. OK so nothing new in that, new security products abound. So why is this so different? Because it addresses some pretty fundamental issues. Issues that I know worry me, and sure as anything should worry any self respecting Security Admin, CIO, Risk Manager and CEO of any size of business.
The approach we take to securing our IT is so flawed it is almost laughable. It has no parallels with any other security market whatsover. And this makes no sense at all. All effective security methodologies be it domestic, commercial, military or homeland have three aspects protection, surveillance and intelligence. Information Security on the other hand only has protection.
Imagine trying to secure an airport by simply having a high fence and locked doors. No cameras, no information capture, but maybe a book listing photos and details of known terrorists and undersirables. It simply couldn't cope.
Imagine trying to secure an office block where anyone who was not a registered felon was allowed access, given freedom to roam around the building at any time, with no one monitoring his or her movements. Then when something bad happens not having any closed circuit TV to show us who might have done it.
That's how we secure our IT systems today. We install a protection system or systems that try to detect known bad programs or look for known bad behavior. But anything that passes these tests is given total freedeom to do whatever it does, whenever and whereever it chooses with no record or log.
However, there is more to come. Unlike the conventional security models our IT attacker evolves at breath-taking speed. Taking on new forms and exhibiting varied patterns of behavior, at will. The result is that we are potentially facing a new attacker with each and every attack. Our image and behavior recognition systems simply cannot cope.
So back to Prevx. Do we have stronger protection - yes of course. But stronger protection alone isn't enough. We need to know what software enters our environment, exists within it, where it is located, when it tries to run and what it will do and has already done. Prevx 2.0, which we released today, is the only security solution that addreses these fundamental issues.
When conventional security products fail with a new breach or infection occurs it is usually the end user who finds it first. At that point emotion and adrenalin often takes over. Our prime instinct is to quarantine the affected system(s) but these are often hard to identify. If in doubt we take any suspect systems offline too. Meanwhile we have no answers to these fundamental questions when did we get infected, where has the infection been, what might it have done, could any of our intellectual property have been stolen?
In the World of Sarbanes Oxley this is a nightmare. In a public company it could give rise to an embarrassingly material event that could send stocks into a tail spin. And I am not being alarmist. Simply put, companies today just cannot answer the basic questions that can come from any quarter, management, risk assessors, the SEC, auditors et al.
Now back to Prevx 2.0. Not only does it do a superior job of protecting your systems but it also monitors them to record the complete chronology and life span of software on each and every PC. So in the event that even our superior level of protection failed you know the location and exact extent of the issue. When, where, how and what occured. All centrally recorded and readily available.
And as if that's not enough. I did say this was a big day, there's more to come. Prevx 2.0 also incorporates the World's most extensive automated malware research system as part of yours and our protection. And it is this that moves the whole concept from a neat piece of technology towards the holy grail of the security industry.
For years now, security vendors have relied on capturing samples of malware for lab testing in order to develop signatures, hashes or behavior patterns that can be distributed to their customer systems so that they can be protected. There are three fundamental problems with this approach. Firstly, there is an increasing chance that the vendor will not catch the required sample in the wild forcing them to rely on the customer providing it - only possible after they are already infected mind you! Secondly, the whole model is so labor intensive it simply doesn't scale. Even less so if customers are supplying one off malware samples on a regular basis. Which vendor is going to analyse an infection that has only been seen by one company or one computer in the World? Then, the sheer volume of new unique malware being generated daily already exceeds the capacity of the the leading vendor's combined research capabilities forcing them to top slice their workload. The result is a a steady increase in the number of infections bypassing their products with no warning signs unless the malware gives the end user a clue they have been compromised.
Meanwhile security company profits are soaring as detection rates are falling. Hmmmm sounds like I'm back on my hobby horse and back full circle with where I began.
So to continue on about Prevx 2.0, levaeraging information about the full life cycle and behavior of software within a company we have built automated malware research technologies that can analyse this data in real time. Our systems handle vast scale and they do it at light speed compared to the labor intensive processes used by other companies. Currently, we identitify and determine more than 6,000 new mailicious programs each and every day. More than any other security vendor.
And to fill another piece of the 'holy grail' jigsaw puzzle. We think it is reckless to rely on conventional behavior blocking. I actually think HIPS should be renamed more aptly as JITS or Just In Time Security. It's like waiting for an attacker to begin squeezing the trigger before we call time on his behavior. With HIPS or JITS we have little choice unless we are to put up with a myriad of false positives as we prematurely halt the bahvior of dozens of benign but malbehaving applications. Here Prevx 2.0 has another Ace up its sleeve. It actually emulates the program's behavior with no risk to the PC/system or its information. I suppose you could say it has a peak into the future and if the program appears to be mailicious then it is stopped before it even starts, excuse the paradox. In reality, the Prevx 2.0 Malware Virtualization can even figure out the intentions of a program more effectively than a HIPS would observe durin its execution.
Finally, we decided that Prevx 2.0 would perform better and better as its user base increased allowing it to see more and more. So we built it on an architecture that can scale to support hundreds of millions of PCs allowing it to be used to provide managed services on milions of PCs by securty vendors, PC manufacturers, Internet Service Providers, PC Resellers, Managed Service Providers, The Government, Federal and Military, Very Large Scale Enterprises, Small To Medium Businesses and consumers, yes even consumers. It can run as web based service or can be run as a complete centrally controlled in-house deployment.
So yes Today was a VERY BIG DAY for Prevx, and for Me!
Thanks to my wife Charon for her incredible support and insights and to my step-son Harry, Grandsons Zac and Ethan for their patience.
Thanks to the outstanding team at Prevx, Paul, Darren, Markus, Mihai, Joe, Doug and Ashley for the agent technologies. Ant, Siobhan, Nathan, Chris and Me for the Web and Database technologies involved, Jacques, Dave, Chris and Carl for their malware research efforts and guidance, Rupert, Fernando and Tom for the market research, Sarah for helping us maintain our productivity.
Andrew Jacquith at Yankee Group and Neil MacDonald of Gartner for their support and encouragement.
For those of you interested in Information Security and more importantly Security Information check out Prevx 2.0 at our web site at Http://www.prevx.com. We can't wait to show you!
In the meantime I will keep you posted on the impact Prevx 2.0 is having. But if you can't wait you can always try it yourself for free.
Mel
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment