Richard Stiennon

Chief Research Analyst

IT-Harvest


Key Management a Fast Growing Space

Posted on: 17 Jun 2014

When I predicted a surge in growth in the IT security industry last year (24% CAGR for ten years leading to a $640 billion industry by 2023) I pointed out that encryption would lead the way and that that was not possible without good key management. Perhaps because of that I have monitored key management…

Battling Web Bots

Posted on: 16 Jun 2014

Back in 2005 we launched a directory of IT security vendors as part of IT-Harvest. Three people in Salt Lake City worked 4 months to compile and categorize 1,200 vendors, their products, and their executives. On the day of the launch an engineer at a Canadian vendor wrote a script and systematically began sucking down…

Time to Rethink Wide Area Networks

Posted on: 13 Jun 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. In the early days of the Internet the most powerful driver was the opportunity to reduce telecom costs. Large enterprises…

6 Tips to Avoid Scammers on LinkedIn

Posted on: 06 Jun 2014

LinkedIn announced in April that it had surpassed 300 million users. While LinkedIn has become a valuable networking tool and even somewhat of a useable social networking platform, especially its Groups, like all such platforms it attracts unsavory types. As of today there are actually 348,553,337 LinkedIn “accounts.”  I can tell because I get several…

Gameover Zeus and Cryptolocker Botnets Shut Down! But Wait, Are they Really?

Posted on: 03 Jun 2014

The US department of Justice has announced with not just a touch of self congratulations that they have taken down the Gameover Zeus and Cryptolocker botnets. The Gameover Zeus malware intercepted the bank account numbers and passwords that unwitting victims typed into computers into the US which were then used to empty their accounts. In…

TrueCrypt Dies, Not a Huge Issue for the Enterprise

Posted on: 30 May 2014

The sudden and inexplicable demise of the popular TrueCrypt product is raising eyebrows this week. TrueCrypt was a free encryption product supported by anonymous developers. There was quite a bit of suspicion already about the provenience of TrueCrypt, which sparked an effort to independently validate that it did not contain backdoors or vulnerabilities. Last October…

Security Industry Fights Surveillance State with Words

Posted on: 23 May 2014

Cisco’s General Counsel Mark Chandler on May 13 reacted strongly to further news of NSA exploiting Cisco gear, sparked in part by the publication of Glenn Greenwald’s book on Snowden and the leaked documents. Chandler protested that the US government is causing damage to the tech industry. Along with the publishing of No Place to Hide:…

Cisco Acquires ThreatGrid

Posted on: 21 May 2014

Cisco announced this morning that they are adding ThreatGrid to their portfolio. ThreatGrid uses instrumented sandboxes to conduct its research of advanced malware. They address the issue created when advanced malware started to modify its behavior when it detected it was in a virtual environment, a common defense against sandboxing. Relying on emulation and a…

Sandbox Vendors Ignore Microsoft Licensing Agreements

Posted on: 16 May 2014

An examination of Microsoft’s Customer License Agreement (CLA) for embedded systems indicates that there is no provision for a vendor to ship appliances with multiple virtual instances of Windows, or its popular Office productivity suite. In fact shipping Windows in a virtualized environment is expressly prohibited. From the CLA: (2b3) “Company may distribute more than…

FireEye Finally Makes a Good Acquisition

Posted on: 09 May 2014

This week FireEye announced both its quarterly results and the acquisition of nPulse, a network forensics tool. I was critical of FireEye’s Mandiant acquisition for one billion dollars mostly because they stressed the endpoint product, not the accretive revenue from Mandiant’s vaunted breach response services. (Taking into account today’s stock price of FEYE the Mandiant…