Thanksgiving gobblers

With Thanksgiving there are always thoughts of turkeys. A few days ago I mentioned 5 security stories that I think are positive for 2007; now it is time to balance by looking at the other side of the ledger. Most of the security turkeys come from major vendors who could have done so much to raise the bar, but have squandered the opportunity to step up. I try not to call out the small vendors as life is hard enough for them as it is. The gobblers are presented alphabetically ...

3Com had a chance to challenge the network status quo when it acquired the TippingPoint IPS product line, only to make a complete mess of everything. Now 3Com is being rescued by a private equity acquisition with plans to spin out TippingPoint in an IPO.

EMC promised a big string of pearls and an end to the security industry when they acquired RSA. Well, EMC in 2007 has brought us Authentica, Tablus, and Verid acquisitions - not much to cheer about. RSA has certainly posted good revenue numbers for their core authentication business, but they're on the turkey list for not showing the industry anything to back up their bluster from earlier in the year.

Oracle continues to pay the price for not putting wind into its security sails. The company that offers Unbreakable Linux is churning out security bulletins while internally trying to accelerate the benefits of secure coding practices. Its lack of security programming interfaces and effective audit support is fueling a database security market for businesses that desperately need to protect sensitive information.

Symantec lays off employees at the same time as it coughs up $350 million for Vontu. Nice touch. Vontu will now join Altiris as independent business units, each of which represents substantially less than 10% of revenue. What about Norton? Symantec is a very confused company with low growth. It is not going to be a good holiday season for the yellow and black.

Small vendors privately held vendors that are afraid to strongly differentiate their products. I have seen too many startups whose main claim to fame is an executive dashboard or scorecard, bleaching out the exciting stuff in an attempt to look big. You cannot have the breadth of a Cisco, Microsoft or Symantec if you are small, but you can grow a company if you are zealous about your technology.

I ran out of room to talk about the double-edges sword of PCI or any of the turkey W's (Websense web security, Webroot anti-malware, Watchguard SME firewalls). Let's hope they all come around soon! Hope you all had a great Thanksgiving.