Network Associates Hopes to Rekindle the Flame

Vendor Genesis

NAI was nothing more than a Desktop Utility company back in 1993. Through numerous acquisitions, by the mid 90s it was able to re-brand itself as a Network Tools company. As year 2000 gets underway, with a new concentrical ASPish focus, NAI expects to take the Network Tools story, throw in some management, and evolve into a Distributed Systems Management company.

Today NAI is trying to brand itself as "The World-leader in Security and Availability for E-Business." Since it is common knowledge in the world of information security that "security" is often contrary to "availability," it is clear that NAI hopes to dispel this myth through a new mission statement and marketing pitch.

NAI's history is predated by the creation of its acquired holdings, some of which were founded as far back as 1989. In its current transfiguration, NAI did not start trading publicly until December 1997 when Network General merged with McAfee Associates. The merger brought on the new name, and further acquisitions continued to add to its suite of information security point products.

Upon acquiring Trusted Information Systems (TIS) in April 1998, NAI added the well-known Gauntlet firewall to its product line. Boasting a throughput of 11.5mbs, and over 30,000 simultaneous connections, Gauntlet was at one time among the most highly respected and technologically sound firewalls. In recent years however, Gauntlet has seen rapid market share decline.

Vendor Strategy and Trajectory

With Network Associates expecting to post a loss for FY'99, the bottom line for Year 2000 will likely see an improvement, thanks to a new focus and corporate strategy. Though it offers a full suite of security management products, in prior years, most of the revenues have come from its Protocol Analyzer and AntiVirus products.

Citing increased price competition and a maturing anti-virus market; Network Associates has taken a new approach to combat lagging profits and sluggish returns. To stabilize the volatility seen in its stock in FY'99, Network Associates is spinning a new strategy that will bring in investment capital, require accountability, and, it hopes, keep class action lawsuits to a minimum. To create new focus, NAI has wrapped its MagicSolutions helpdesk product around its new portal, MyCio.Com in hopes to spark some interest through a new front door.

Source: NAI is being marketed as your virtual Chief Internet Officer with the strategy that whatever your information technology problem is, NAI can point you to an appropriate solution. Since high-level technology decisions typically are made by CIOs, and CIOs are becoming more visible in Fortune500 organizations, this is clearly a timely approach, and one that can only help NAI.

Taking advantage of its consistently reputable and revenue generating anti-virus products, NAI hopes to use its CIO spin machine to cook up an Enterprise Anti-Virus ASP that manages viruses for organizations based on an outsourcing model. Since not all IT organizations have the expertise or resources to spend on virus management, this innovative new approach to virus management will likely make in-roads to new customers who have more pressing projects than to make managing Internet viruses its core competency.

In this new cutting-edge approach to virus management, an infected document is automatically encrypted, sent to NAI, "cured," and sent back to the customer without customer intervention within a 4-hour time slot. This approach also removes a certain amount of risk for the anti-virus customer who will no longer have to wait until viruses reach the desktop to take action.

NAI's new four-way focus breaks down its internal divisions into four distinct divisions: PGP Security, Sniffer Technologies, Magic Solutions, and McAfee Corporation, which spun off with its own IPO last December. Each of the four divisions plans to hire its own CEO or president to lead the strategic developments of the respective organizations.

Network Associates' savvy business strategy is a new trend that we believe will become more ubiquitous in the future Information Technology industry as a whole. As companies start to use the CMGi e-Village strategy to leverage new business, we will see an increase in the paradigm where larger holding companies reorganize themselves as directors of smaller independent entities. This new paradigm has many advantages that large organizations need in order to survive in this fast-paced and agile playing field of Internet startups and cyberwannabes.

Vendor Strengths

The Sniffer Technologies division of Network Associates, which used to be Network General, has carved an outstanding reputation among security and network engineers for its Protocol Analyzer product suite. In fact, its Sniffer products have been such a success, that the industry often uses the term "Sniffer" for Protocol Analyzers as a generic term, much the same way that consumers use the word "Kleenex" for all tissue brands. After being acquired by Network Associates, the Sniffer product suite continues to lead the market for Protocol Analyzers.

In the underground, hackers world-over use the term "sniffer" ubiquitously for all Protocol Analyzers, though NAI does own the trademark for it. NAI will continue to see substantial revenues from its Sniffer Technologies division, and will continue to lead the market in Protocol Analyzers. NAI's security-scanner, Cybercop, is a cutting-edge security scanner that checks for ## of security weaknesses, including ## Denial of Service attack risks. Cybercop is far more competitively priced than the leading competition, the Internet Security Scanner by ISS, and was developed with the input of the noted security firm the L0pht, and Hobbit, engineer of the acclaimed freeware Netcat, the swiss-army-knife of network tools. Cybercop does Information Gathering and Reconnaissance checks, File Transfer checks, Hardware checks, Backdoor and Misconfiguration checks, SMTP and Messaging checks, Remote Procedure Call checks, NFS checks, WWW, HTTP, and CGI checks, 72 Optional Vulnerability Checks, and 25 Intrusion Detection checks. Cybercop is used by both the FBI and CIA.

Vendor Challenges

Gauntlet at one time was a firewall market leader, and has seen rapid decline of new customers in recent years. Checkpoint, Raptor, and Cisco have taken a significant bite out of Gauntlet's customer base in part because NAI failed to keep the development of Gauntlet up to date with current standards. As it exists today, Gauntlet is not HTTP1.1 compliant, and due to this, with a Gauntlet firewall in place, your organization will be unable to get to many financial sites. As well, Gauntlet is susceptible to many buffer overflow exploits and Denial of Service attacks as NAI has done little to keep the code patched and current.

At one time, Gauntlet was the featured firewall of BBN's managed firewall offering. Before TIS was purchased by NAI, BBN partnered with TIS and wrapped its firewall support services around Gauntlet as their premiere firewall offering under the trademarked name SitePatrol. Today however, now under GTEi management, BBN is deploying few if any new customers on Gauntlet, and is transitioning many of its old Gauntlet customers to Checkpoint's Firewall-1 product. The development of Gauntlet has unfortunately not kept pace with the fast-changing customer requirements of the 21st century.

Though PGP is the original, and perhaps the most widely used e-mail encryption software available worldwide, it has failed to capitalize on its technically sound cryptographic architecture - a trend that is often the case with a product that starts out freeware. Though Phil Zimmerman, the creator of PGP, and now a Senior Fellow at Network Associates, is clearly a pioneer in his field, we believe that PGP will be hit hard by a number of up-and-coming new desktop encryption products that are beginning to hit the market.

Vendor Predictions

Sparked by a hot security market that only gets hotter each time a new Federal agency's website gets hacked, NAI is well-positioned to see a more prosperous year in 2000 than it did in 1999.

With its new front door in place, we expect NAI to leverage this market attention to create in-roads to new information technology opportunities in general. Aside from being a new door to their product suite, will host security applications, and will in essence operate as a security ASP.

NAI will have to scurry to retain Gauntlet as a major player in the firewall market. If it can't fix Gauntlet this year, by next year it may be too late. Fixing Gauntlet is not rocket science, but doing it in a timely fashion, and transitioning the current customer base to a new version before these customers abandon Gauntlet for another leading firewall will be the challenge. Since there are no indications that the problems with Gauntlet will be resolved in the near future, we expect it to continue to lose market share.

Vendor Recommendations

To regain a foothold in the firewall marketplace, Network Associates needs to transition Gauntlet from an Application Proxy firewall to a Stateful Packet Inspection firewall. Though they are arguably more secure than Stateful Packet Inspection firewalls, Application Proxy firewalls are more complex to develop, and due to this are unable to keep up with release schedules, bug fixes, and standards updates. All sources indicate that the market is calling for Stateful Packet Inspection (SPI) firewalls. Though many security experts insist that Proxy firewalls are more secure than SPI firewalls, a product that is over-engineered does not win market share. Just as you don't need a jet plane to go to the grocery store, most organizations are finding that you don't need a Proxy firewall when an SPI firewall is secure enough.

As the desktop publishing industry saw Microsoft Word overtake the more robustly engineered Framemaker (acquired by Adobe) and Interleaf products, both of whom at one time had far more marketshare in desktop publishing than Microsoft, the firewall market has been similarly indicating that the simple solution is sometimes the best solution. Most organizations are finding that SPI firewalls are secure enough to get the job done, and in general, Proxy firewalls are slower to embrace new standards and keep pace with newfound security exploits.

Network Asociates is at a crossroads with Gauntlet. It should either remove Gauntlet from its product line, or recruit a knowledgeable Product Manager to it to bring it up to snuff. There are embedded standards that need to be upgraded, bugs that need to be fixed, and an architecture strategy that needs updating. Since NAI's WebShield security appliance is based on Gauntlet, it too suffers the same technical challenges found in Gauntlet.

User Recommendations

  • Clients that already have Gauntlet or other Network Associates products in place, or are making a major Network Associates product acquisition, can examine Gauntlet as a part of the larger deal, but negotiate hard on price. Those organizations making a new firewall acquisition should note that Gauntlet is not currently among the functional leaders, negotiate hard on price and examine other solutions from Checkpoint, Cisco, and Axent. Keep in mind that those organizations that use Gauntlet will find a large number of financial sites unavailable because the Gauntlet solution is not HTTP1.1 compliant.

  • If you're in the market for a Protocol Analyzer, the Sniffer line of Protocol Analyzers is by far and above the best Protocol Analyzer product line on the market today, and the Sniffer Technologies division is one of NAI's crown jewels.

  • As far as Network Scanners go, Cybercop is a functional, reputable product that is far more competitively priced than the other leading scanner sold by ISS - it's a good product, and a good buy. It would be hard to justify the exorbitant pricing of the ISS scanner over Cybercop.

  • If you're in the market for anti-virus products, the McAfee anti-virus suite is a solid and tried and true product to use to protect your network. Other alternatives include Norton Anti-Virus, F-Secure Anti-Virus, and Trend Micro Anti-Virus. If making sure that desktops are consistently being updated with the latest anti-virus vaccines is not something you want your IT staff doing, NAI is now set up to manage viruses remotely on an Enterprise level as your Anti-Virus ASP. The Anti-Virus ASP model is particularly attractive to large e-commerce sites that cannot afford to have financial data tainted by infected macros .

comments powered by Disqus