Data Protection Appliances are better than PBBAs (video)

Too many folks categorize every blinky-light box that can be part of a data protection solution as a "Purpose Built Backup Appliance" or PBBA. But the market isn't just a bunch of apples with an orange or two mixed in, data protection appliances (DPAs) can be apples, oranges, bananas, or cherries -- but if you lump them all together, all you have is a fruit salad.

Topics: Data Protection JBuff PBBA Information and Risk Management DPA

Could VeeamON be the next MMS?

This week is the first VeeamON, Availability for the Modern Data Center, conference in Las Vegas.

Topics: Data Protection JBuff Information and Risk Management Veeam

Palo Alto Endpoint Security Announcement: A Proof Point of a Market in Transition

Did you see the Palo Alto Networks announcement yesterday? If not, here’s my synopsis. PAN introduced a new endpoint security technology named “Traps” that is the ultimate result of the company’s acquisition of Cyvera this past March. In simple terms, Traps provides three core security functions:

  1. Advanced malware prevention. Traps is designed to deal with the most important attack vectors such as memory corruption, changes in registry settings, and malware persistency, with no prior knowledge about the malware itself.
  2. Endpoint forensics. Traps captures system level activities to help security analysts understand what changes, if any, were made to compromised systems.
  3. Integration of network and endpoint security. Traps ties into PAN Wildfire and NGFW. This integration provides more holistic protection and gives analysts a vantage point across network and endpoint activities. The integration also ties Traps into Palo Alto threat intelligence.

A few years ago, the endpoint security market was a cozy little oligopoly that was dominated by five vendors: Kaspersky, McAfee, Sophos, Symantec, and Trend Micro. Others like CA, Check Point, and even mighty Microsoft couldn’t crack the code and either exited the market or minimized their product development, marketing, and sales.

Fast forward to 2014 and things have changed. Network security vendors like Cisco (Sourcefire), FireEye, and PAN are jumping into the endpoint security pool. An army of others like Bit9, Bromium, Cylance, Digital Guardian (Verdasys), Guidance Software, IBM, Invincea, Malwarebytes, Raytheon, RSA, and Trimufant are all offering some type of endpoint security technology.

Why the change? For one thing, enterprises are being breached right and left and have no confidence in the efficacy of AV software alone. In fact, 62% of enterprise security professionals strongly agree or agree that AV software is ineffective at blocking all types of advanced malware. From a vendor perspective, there are dollars available for new endpoint security technologies. ESG research also indicates that 51% of enterprise organizations plan to add new layers of endpoint security technology as part of their cybersecurity strategy over the next 2 years (Source: ESG Research Report, Advanced Malware Detection and Protection Trends, September 2013).

PAN is not the only game in town but it may have a market advantage (along with its network security competitors): ESG research indicates that 61% of enterprise organizations are currently rolling out or planning a project to integrate network and endpoint security technologies (Source: ESG Research Report, Network Security Trends in the Era of Cloud and Mobile Computing, August 2014). Since network security captures the majority of security brain power and resources at most enterprises, PAN and others are well positioned to flank the AV crowd with a full frontal assault from the network to the endpoint.

Like other “Endpoint Nuevo” vendors, PAN will not suggest that customers rip-and-replace traditional AV and substitute Traps – at least not for the time being. My guess is that this nice guy strategy won’t last however. In the next 18 months, regulators will eschew AV requirements, replacing these with broader mandates for endpoint security. As this transition plays out, PAN and others will change their collective tune, suggest full replacements, and support this market strategy with security efficacy reports and ROI studies trumpeting AV replacement benefits.

The endpoint security market is changing before our eyes, which puts a $10 billion market in play. PAN’s announcement represents a bold, intelligent move by the company and a sign of things to come in the marketplace.

Topics: Information and Risk Management Security and Privacy

The Mike Brown Era – and the Associated Pressure – Begins at Symantec

Last Thursday, Symantec announced that interim CEO, Mike Brown, has assumed this role on a permanent basis. Wall Street wasn't exactly dancing a jig when it heard the news; the stock was down from after-hours trading on Thursday through the close of the market on Friday. In fact, of the 28 analyst recommendations currently tracked on Yahoo Finance, 20 are issuing a “hold” recommendation and only 3 classify Symantec as a “strong buy.”

Wall Street’s lukewarm reaction to Mike Brown represents what he and the company face moving forward. The market at large (i.e., investors, IT managers, potential employees, etc.) was expecting new blood when Symantec terminated Steve Bennett and promised an “extensive search” for new a new leader and apparently interviewed 100 candidates with 33 seriously vetted for the top job. When Brown was handed the job last week, market cynics quickly concluded that the company couldn’t attract a visible software leader or an inept board wasted time and money before realizing that Brown was the right person for the job. Right or wrong, Symantec faces these and lots of other negative perceptions.

Topics: Storage Information and Risk Management Data Management Security and Privacy

More Alarming Data on the Cybersecurity Skills Shortage

ESG recently published a new research report on network security titled Network Security Trends in the Era of Cloud and Mobile Computing. Within this project, ESG asked 397 security professionals working at enterprise organizations (i.e., more than 1,000 employees) to rate their security teams in a number of network security areas. Once again the data points to a pretty substantial skills gap:

Topics: Network Security Cybersecurity Information and Risk Management Security and Privacy cybersecurity skills shortage

Cisco, FireEye Announcements: A Microcosm of the Enterprise Cybersecurity Market

Just as the leaves started to turn here in New England, I headed out to the Silicon Valley last week to present at an IT event. While I was in California, there were two announcements that illustrate the state of the cybersecurity industry.

Topics: Information and Risk Management Security and Privacy

Why Doesn't IT Back Up BYOD?!

ESG recently started offering TechTruths... single nuggets of data and the analyst perspectives of why they matter. Check out all of them via the link above, but here is my favorite so far on BYOD data protection:

Topics: Backup Data Protection JBuff Information and Risk Management endpoint BYOD

HDS bought Sepaton ... now what?

Have you ever known two people that seemed to tell the same stories and have the same ideas, but just weren’t that into each other? And then one day, BAM, they are besties.

Sepaton was (and is) a deduplication appliance vendor that has always marketed to “the largest of enterprises.” From Sepaton’s perspective, the deduplication market might be segmented into three categories:

  • Small deduplication vendors and software-based deduplication … for midsized companies.
  • Full product-line deduplication vendors, offering a variety of in-line deduplication, single-controller scale-up (but not always with scale-out) appliances from companies that typically produce a wide variety of other IT appliances and solution components … for midsized to large organizations.
  • Sepaton, offering enterprise deduplication efficiency and performance to truly enterprise-scale organizations, particularly when those organizations have outgrown the commodity approach to dedupe.
Topics: Storage IT Infrastructure Data Protection JBuff Information and Risk Management HDS Sepaton deduplication

Enterprise Annexation of Endpoint Security

When it comes to strong cybersecurity, endpoints and servers have often been second-class citizens when compared to the network. I described this situation in a March 2013 network-security-trumps-server-security-in-the-enterprise/index.html" target="_blank">blog. According to ESG research, 58% of security professionals working at enterprise organizations (i.e., more than 1,000 employees) said that network security processes, skills, and technical controls were “much more thorough” or “somewhat more thorough” than server security processes, skills, and technical controls.

Why the discrepancy? Network security includes mature technologies like firewalls, IDS/IPS, and web application firewalls (WAFs). Furthermore, network security often involves a lot of network design and engineering for segmentation, access control, and traffic management. Alternatively, endpoint and server security is typically based on nothing more than AV software and its associated signature downloads and occasional scans.

Topics: Cybersecurity Networking Information and Risk Management Security and Privacy malware endpoint security

Riverbed Announces the End to Excuses in Trying D2D2C

For several months, I’ve been talking about the inevitability of D2D2C (meaning that data goes from primary/production storage to secondary protection storage and then to a tertiary cloud). In fact, I blogged a few months ago that it seems hard to imagine organizations of any size meeting their recovery SLAs with a straight-to-cloud solution. Instead, the intermediary backup server or appliance provides a fast and flexible local restore capability, while the cloud provides longer-term retention.

But even D2D2C has several permutations, including:

  • Backup-as-a-service intermediary caching devices before the BaaS service itself.
  • Traditional backup servers/appliances writing to a cloud tertiary storage tier.
  • Traditional backup servers/appliances replicating to a cloud-hosted copy of the backup engine.
  • Traditional backup storage/dedupe platforms replicating to a cloud-hosed appliance.
Topics: Storage Data Protection JBuff Networking Information and Risk Management Riverbed Amazon Jason Buffington