• United States



One Big Blur

Aug 23, 20013 mins
CSO and CISOData and Information Security

No wonder you’re confused about security. I mean, I knew it was bad, but I didn’t know it was this awful.

I’m speaking of the maddening naming habits of security vendors. I consistently confused a few Netegrity, Netscreen and Network Associates, for example but until I started surfing vendor’s sites and checking out their partner lists, I had no idea.

There’s i-Verify, Securify, Authentify and Authentica.

Then there’s CertCo., Certia, Certicom, ValiCert, VeriSign and signOnline. And don’t forget Digital Signature Trust. Entrust. TrustE. E-lock. Evincible and VigilantE, which merged with Network Vigilance.

Want metaphors? There’s CheckPoint, AppGate and Fortress. Good old fashioned acronyms? ISS and RSA.

Or pseudo-Latin roots: Identrus.

CyberSafe is not KyberPass is not PassLogix is not CrossLogix. I stopped there and popped two aspirin.

This seems like a mild annoyance, but it speaks to a larger issue. Security vendors’ names in many ways reflect their products. Often, they are indistinguishable and confusing. They are as blase as a made-up word. They are overbranded and underdeveloped.

This happened because security grew up as a gold rush industry a microcosm of the Internet boom itself. The vendor who got there first would strike it rich because a year of living in the shadows of ILOVEYOU and denial of service attacks gave CIOs carte blanche for security spending. And when time is money,vendors don’t build a nice, strong house before panning for gold. They build a shack that’ll keep out the rain and hope they get the gold before the shack falls down.

CIO recently published the CIO-100 awards, which focused on innovation, and that got me thinking who’s innovating in the security realm? I can’t think of a single vendor. Who’s going to give CIOs what they need straightforward, easy to use products that attack security not just with computers but with effective policy, too?

What we have now, besides dopey names, is technology that can’t keep up or simply doesn’t fit. Reactive, signature based antivirus and intrusion detection is well and good, but Sircam, Code Red, etc., are still getting by. We need something smarter on top of it. Where is that disruptor, the vendor that approaches security in an entirely new way?

I’m really setting myself up for an e-mail barrage from overeager PR reps. But I’m lucky. I can mostly ignore the pitches that come across my desk. You, though, you’re trying to build a security infrastructure. You have the miserable task of deciding which of these are bad names worth investing in and which are simply bad names. I don’t envy you.

Security needs a browser-like event. A product and/or service so wildly innovative and far ahead of today’s 63 shades of vanilla that it revolutionizes tech security.

And, preferably, this bit of brilliance will come from a company named Acme Security, not eSecuraSafeTegrify.