Vendor
Genesis
NAI
was nothing more than a Desktop Utility company back in 1993. Through
numerous acquisitions, by the mid 90s it was able to re-brand itself as
a Network Tools company. As year 2000 gets underway, with a new concentrical
ASPish focus, NAI expects to take the Network Tools story, throw in some
management, and evolve into a Distributed Systems Management company.
Today
NAI is trying to brand itself as "The World-leader in Security and Availability
for E-Business." Since it is common knowledge in the world of information
security that "security" is often contrary to "availability," it is clear
that NAI hopes to dispel this myth through a new mission statement and
marketing pitch.
NAI's
history is predated by the creation of its acquired holdings, some of
which were founded as far back as 1989. In its current transfiguration,
NAI did not start trading publicly until December 1997 when Network General
merged with McAfee Associates. The merger brought on the new name, and
further acquisitions continued to add to its suite of information security
point products.
Upon
acquiring Trusted Information Systems (TIS) in April 1998, NAI added the
well-known Gauntlet firewall to its product line. Boasting a throughput
of 11.5mbs, and over 30,000 simultaneous connections, Gauntlet was at
one time among the most highly respected and technologically sound firewalls.
In recent years however, Gauntlet has seen rapid market share decline.
Vendor
Strategy and Trajectory
With
Network Associates expecting to post a loss for FY'99, the bottom line
for Year 2000 will likely see an improvement, thanks to a new focus and
corporate strategy. Though it offers a full suite of security management
products, in prior years, most of the revenues have come from its Protocol
Analyzer and AntiVirus products.
Citing
increased price competition and a maturing anti-virus market; Network
Associates has taken a new approach to combat lagging profits and sluggish
returns. To stabilize the volatility seen in its stock in FY'99, Network
Associates is spinning a new strategy that will bring in investment capital,
require accountability, and, it hopes, keep class action lawsuits to a
minimum. To create new focus, NAI has wrapped its MagicSolutions helpdesk
product around its new portal, MyCio.Com in hopes to spark some interest
through a new front door.
Source:
NAI
MyCio.com is being marketed as your virtual Chief Internet Officer with
the strategy that whatever your information technology problem is, NAI
can point you to an appropriate solution. Since high-level technology
decisions typically are made by CIOs, and CIOs are becoming more visible
in Fortune500 organizations, this is clearly a timely approach, and one
that can only help NAI.
Taking advantage of its consistently reputable and revenue generating
anti-virus products, NAI hopes to use its CIO spin machine to cook up
an Enterprise Anti-Virus ASP that manages viruses for organizations based
on an outsourcing model. Since not all IT organizations have the expertise
or resources to spend on virus management, this innovative new approach
to virus management will likely make in-roads to new customers who have
more pressing projects than to make managing Internet viruses its core
competency.
In
this new cutting-edge approach to virus management, an infected document
is automatically encrypted, sent to NAI, "cured," and sent back to the
customer without customer intervention within a 4-hour time slot. This
approach also removes a certain amount of risk for the anti-virus customer
who will no longer have to wait until viruses reach the desktop to take
action.
NAI's
new four-way focus breaks down its internal divisions into four distinct
divisions: PGP Security, Sniffer Technologies, Magic Solutions, and McAfee
Corporation, which spun off with its own IPO last December. Each of the
four divisions plans to hire its own CEO or president to lead the strategic
developments of the respective organizations.
Network
Associates' savvy business strategy is a new trend that we believe will
become more ubiquitous in the future Information Technology industry as
a whole. As companies start to use the CMGi e-Village strategy to leverage
new business, we will see an increase in the paradigm where larger holding
companies reorganize themselves as directors of smaller independent entities.
This new paradigm has many advantages that large organizations need in
order to survive in this fast-paced and agile playing field of Internet
startups and cyberwannabes.
Vendor
Strengths
The
Sniffer Technologies division of Network Associates, which used to be
Network General, has carved an outstanding reputation among security and
network engineers for its Protocol Analyzer product suite. In fact, its
Sniffer products have been such a success, that the industry often uses
the term "Sniffer" for Protocol Analyzers as a generic term, much the
same way that consumers use the word "Kleenex" for all tissue brands.
After being acquired by Network Associates, the Sniffer product suite
continues to lead the market for Protocol Analyzers.
In the underground, hackers world-over use the term "sniffer" ubiquitously
for all Protocol Analyzers, though NAI does own the trademark for it.
NAI will continue to see substantial revenues from its Sniffer Technologies
division, and will continue to lead the market in Protocol Analyzers.
NAI's security-scanner, Cybercop, is a cutting-edge security scanner that
checks for ## of security weaknesses, including ## Denial of Service attack
risks. Cybercop is far more competitively priced than the leading competition,
the Internet Security Scanner by ISS, and was developed with the input
of the noted security firm the L0pht, and Hobbit, engineer of the acclaimed
freeware Netcat, the swiss-army-knife of network tools. Cybercop does
Information Gathering and Reconnaissance checks, File Transfer checks,
Hardware checks, Backdoor and Misconfiguration checks, SMTP and Messaging
checks, Remote Procedure Call checks, NFS checks, WWW, HTTP, and CGI checks,
72 Optional Vulnerability Checks, and 25 Intrusion Detection checks. Cybercop
is used by both the FBI and CIA.
Vendor
Challenges
Gauntlet
at one time was a firewall market leader, and has seen rapid decline of
new customers in recent years. Checkpoint, Raptor, and Cisco have taken
a significant bite out of Gauntlet's customer base in part because NAI
failed to keep the development of Gauntlet up to date with current standards.
As it exists today, Gauntlet is not HTTP1.1 compliant, and due to this,
with a Gauntlet firewall in place, your organization will be unable to
get to many financial sites. As well, Gauntlet is susceptible to many
buffer overflow exploits and Denial of Service attacks as NAI has done
little to keep the code patched and current.
At
one time, Gauntlet was the featured firewall of BBN's managed firewall
offering. Before TIS was purchased by NAI, BBN partnered with TIS and
wrapped its firewall support services around Gauntlet as their premiere
firewall offering under the trademarked name SitePatrol. Today however,
now under GTEi management, BBN is deploying few if any new customers on
Gauntlet, and is transitioning many of its old Gauntlet customers to Checkpoint's
Firewall-1 product. The development of Gauntlet has unfortunately not
kept pace with the fast-changing customer requirements of the 21st century.
Though
PGP is the original, and perhaps the most widely used e-mail encryption
software available worldwide, it has failed to capitalize on its technically
sound cryptographic architecture - a trend that is often the case with
a product that starts out freeware. Though Phil Zimmerman, the creator
of PGP, and now a Senior Fellow at Network Associates, is clearly a pioneer
in his field, we believe that PGP will be hit hard by a number of up-and-coming
new desktop encryption products that are beginning to hit the market.
Vendor
Predictions
Sparked
by a hot security market that only gets hotter each time a new Federal
agency's website gets hacked, NAI is well-positioned to see a more prosperous
year in 2000 than it did in 1999.
With
its new front door MyCIO.com in place, we expect NAI to leverage this
market attention to create in-roads to new information technology opportunities
in general. Aside from being a new door to their product suite, MyCIO.com
will host security applications, and will in essence operate as a security
ASP.
NAI
will have to scurry to retain Gauntlet as a major player in the firewall
market. If it can't fix Gauntlet this year, by next year it may be too
late. Fixing Gauntlet is not rocket science, but doing it in a timely
fashion, and transitioning the current customer base to a new version
before these customers abandon Gauntlet for another leading firewall will
be the challenge. Since there are no indications that the problems with
Gauntlet will be resolved in the near future, we expect it to continue
to lose market share.
Vendor
Recommendations
To
regain a foothold in the firewall marketplace, Network Associates needs
to transition Gauntlet from an Application Proxy firewall to a
Stateful Packet Inspection firewall. Though they are arguably more
secure than Stateful Packet Inspection firewalls, Application Proxy
firewalls are more complex to develop, and due to this are unable to keep
up with release schedules, bug fixes, and standards updates. All sources
indicate that the market is calling for Stateful Packet Inspection
(SPI) firewalls. Though many security experts insist that Proxy firewalls
are more secure than SPI firewalls, a product that is over-engineered
does not win market share. Just as you don't need a jet plane to go to
the grocery store, most organizations are finding that you don't need
a Proxy firewall when an SPI firewall is secure enough.
As
the desktop publishing industry saw Microsoft Word overtake the more robustly
engineered Framemaker (acquired by Adobe) and Interleaf products, both
of whom at one time had far more marketshare in desktop publishing than
Microsoft, the firewall market has been similarly indicating that the
simple solution is sometimes the best solution. Most organizations are
finding that SPI firewalls are secure enough to get the job done, and
in general, Proxy firewalls are slower to embrace new standards and keep
pace with newfound security exploits.
Network
Asociates is at a crossroads with Gauntlet. It should either remove Gauntlet
from its product line, or recruit a knowledgeable Product Manager to it
to bring it up to snuff. There are embedded standards that need to be
upgraded, bugs that need to be fixed, and an architecture strategy that
needs updating. Since NAI's WebShield security appliance is based on
Gauntlet, it too suffers the same technical challenges found in Gauntlet.
User
Recommendations
- Clients that already have Gauntlet or other Network Associates products
in place, or are making a major Network Associates product acquisition,
can examine Gauntlet as a part of the larger deal, but negotiate hard
on price. Those organizations making a new firewall acquisition should
note that Gauntlet is not currently among the functional leaders, negotiate
hard on price and examine other solutions from Checkpoint, Cisco, and
Axent. Keep in mind that those organizations that use Gauntlet will
find a large number of financial sites unavailable because the Gauntlet
solution is not HTTP1.1 compliant.
- If you're in the market for a Protocol Analyzer, the Sniffer line
of Protocol Analyzers is by far and above the best Protocol Analyzer
product line on the market today, and the Sniffer Technologies division
is one of NAI's crown jewels.
- As far as Network Scanners go, Cybercop is a functional, reputable
product that is far more competitively priced than the other leading
scanner sold by ISS - it's a good product, and a good buy. It would
be hard to justify the exorbitant pricing of the ISS scanner over Cybercop.
- If you're in the market for anti-virus products, the McAfee anti-virus
suite is a solid and tried and true product to use to protect your network.
Other alternatives include Norton Anti-Virus, F-Secure Anti-Virus, and
Trend Micro Anti-Virus. If making sure that desktops are consistently
being updated with the latest anti-virus vaccines is not something you
want your IT staff doing, NAI is now set up to manage viruses remotely
on an Enterprise level as your Anti-Virus ASP. The Anti-Virus ASP model
is particularly attractive to large e-commerce sites that cannot afford
to have financial data tainted by infected macros .