I am not sure what it is with Richard Stiennon.  Maybe his mom beat him with a NAC stick when he was young.  Hence his Jack Nicholson looks (more like the Joker in Batman, than Col Jessep in A Few Good Men) and his total disdain for NAC.  In any event Richard never seems to miss a chance to take a pot shot at NAC.  I have fired back and debated him many times on this.  In fact I am convinced that Richard's problem with NAC is that like Uncle Joe, he is just moving a little slow.  Richard still thinks of NAC as Cisco???s network admission control, circa Dec ???03.  He has not gotten up to speed on anything happening with NAC since.  Richard is going to debate NAC with Joel Snyder according to this article by Tim Greene today. My prediction is Snyder by a knockout in 3 rounds or less.

Richard???s latest NAC knock comes on a comment to an excellent article by the Hoff.  Chris takes a bold stand for someone working for a vendor and calls BS on the whole analyst thing (I will write more about that later in this article). Richard being an ex-analyst himself (lets face it, with Richard you can take the man out of the analyst job, but you can???t take the analyst out of the man), takes exception to Hoff???s ???whining??? (Richards words, not mine) and tries to tell Hoff that giving up is not the answer and the way to show up analysts, is to prove them wrong.  Great Richard you try to prove them wrong, when because of what they report you don???t have a market, can???t get any capital and have no visibility.  I guess that is when it is time to move on to the next gig, right? Then Richard has a bad NAC deja vu and feels it necessary to write this:

???Look how easy it is to one up the analyst firms, who as near as I can tell support Network Admission Control universally. Everyone except the folks at Updata Ventures know how seriously flawed NAC is with only one viable market, edu.???

I assume Richard is referring to Updata recently leading the Bradford Networks VC round. But more importantly Richard it is time to call a code red on you and give you the cold hard truth.  Richard the fact is that the edu market is not the only viable market for NAC.  In fact, one of the biggest customers of NAC is the DoD.  That is right Richard at least 3 of the 4 armed forces use NAC in helping to secure their networks. To paraphrase my friend Col Jessep - Richard, you want the truth, you can???t handle the truth!  You sleep securely under the blanket of protection that NAC provides.  If it is good enough to help ???clean the sand??? out of laptops coming home from SWA (that is SouthWest Asia, like in Iraq and Afghanistan, in case you don???t know Richard), it should be good enough for you. Think about that next time you are about to bad mouth NAC.

Let me give you some other truths you may not like Richard.  Why do you think every switch vendor (of which we partner with many of them) is lining up and bringing out NAC solutions?  Why has Microsoft put such a big push on NAP?  Why despite the Luddites like you does NAC still draw crowds at conferences like Interop (ask Joel about that).  Richard we are still signing new major OEM partners.  I am afraid you are the one sadly out of touch on this one Richard.  Just as you are out of touch in missing Hoff???s point in his article.

As to Hoff???s article, as I said I give Chris credit for speaking his mind. I spend an ungodly amount of my time speaking with analysts and trying to ???learn??? from them while at the same time trying to educate them.  I am constantly amazed that so many analysts (and press for that matter) just take a vendors word as gospel. I have seen research reports from analysts big and small, that I am sure did not have any more research done than calling a handful of vendors and listening to their spiel. Too many of these vendors if they do speak to customers, base their findings on such a small sample that it is impossible to have an accurate picture.

Personally, like Hoff says, who watches the watchers is the truth. I would like to see a code of conduct among analysts. I would start by dictating that vendors cannot pay analysts.  Take the payola out of the equation the way they did to the DJ/Radio business in the late 50s. Next analyst reports have to come with metrics to back up the findings. I want to know how many customers they spoke to, how big they were, how they were found, etc.  A vendor giving an analyst a real live???pet??? customer is not real research. I want to know if the customer pays the analyst. It is a dirty business.

Hey let me be clear, I play the game as well as the next guy.  But I agree with Hoff we need to clean up the rules to make the whole analyst thing more fair, viable and valuable.

I am not sure what it is with Richard Stiennon.  Maybe his mom beat him with a NAC stick when he was young.  Hence his Jack Nicholson looks (more like the Joker in Batman, than Col Jessep in A Few Good Men) and his total disdain for NAC.  In any event Richard never seems to miss a chance to take a pot shot at NAC.  I have fired back and debated him many times on this.  In fact I am convinced that Richard's problem with NAC is that like Uncle Joe, he is just moving a little slow.  Richard still thinks of NAC as Cisco’s network admission control, circa Dec ‘03.  He has not gotten up to speed on anything happening with NAC since.  Richard is going to debate NAC with Joel Snyder according to this article by Tim Greene today. My prediction is Snyder by a knockout in 3 rounds or less.

Richard’s latest NAC knock comes on a comment to an excellent article by the Hoff.  Chris takes a bold stand for someone working for a vendor and calls BS on the whole analyst thing (I will write more about that later in this article). Richard being an ex-analyst himself (lets face it, with Richard you can take the man out of the analyst job, but you can’t take the analyst out of the man), takes exception to Hoff’s “whining” (Richards words, not mine) and tries to tell Hoff that giving up is not the answer and the way to show up analysts, is to prove them wrong.  Great Richard you try to prove them wrong, when because of what they report you don’t have a market, can’t get any capital and have no visibility.  I guess that is when it is time to move on to the next gig, right? Then Richard has a bad NAC deja vu and feels it necessary to write this:

“Look how easy it is to one up the analyst firms, who as near as I can tell support Network Admission Control universally. Everyone except the folks at Updata Ventures know how seriously flawed NAC is with only one viable market, edu.”

I assume Richard is referring to Updata recently leading the Bradford Networks VC round. But more importantly Richard it is time to call a code red on you and give you the cold hard truth.  Richard the fact is that the edu market is not the only viable market for NAC.  In fact, one of the biggest customers of NAC is the DoD.  That is right Richard at least 3 of the 4 armed forces use NAC in helping to secure their networks. To paraphrase my friend Col Jessep - Richard, you want the truth, you can’t handle the truth!  You sleep securely under the blanket of protection that NAC provides.  If it is good enough to help “clean the sand” out of laptops coming home from SWA (that is SouthWest Asia, like in Iraq and Afghanistan, in case you don’t know Richard), it should be good enough for you. Think about that next time you are about to bad mouth NAC.

Let me give you some other truths you may not like Richard.  Why do you think every switch vendor (of which we partner with many of them) is lining up and bringing out NAC solutions?  Why has Microsoft put such a big push on NAP?  Why despite the Luddites like you does NAC still draw crowds at conferences like Interop (ask Joel about that).  Richard we are still signing new major OEM partners.  I am afraid you are the one sadly out of touch on this one Richard.  Just as you are out of touch in missing Hoff’s point in his article.

As to Hoff’s article, as I said I give Chris credit for speaking his mind. I spend an ungodly amount of my time speaking with analysts and trying to “learn” from them while at the same time trying to educate them.  I am constantly amazed that so many analysts (and press for that matter) just take a vendors word as gospel. I have seen research reports from analysts big and small, that I am sure did not have any more research done than calling a handful of vendors and listening to their spiel. Too many of these vendors if they do speak to customers, base their findings on such a small sample that it is impossible to have an accurate picture.

Personally, like Hoff says, who watches the watchers is the truth. I would like to see a code of conduct among analysts. I would start by dictating that vendors cannot pay analysts.  Take the payola out of the equation the way they did to the DJ/Radio business in the late 50s. Next analyst reports have to come with metrics to back up the findings. I want to know how many customers they spoke to, how big they were, how they were found, etc.  A vendor giving an analyst a real live“pet” customer is not real research. I want to know if the customer pays the analyst. It is a dirty business.

Hey let me be clear, I play the game as well as the next guy.  But I agree with Hoff we need to clean up the rules to make the whole analyst thing more fair, viable and valuable.

Back at the FOSE show in April, we conducted a survey and one of the questions asked was about Web 2.0 usage. Honestly, we expected low adoption of these kinds of collaborative and often very public communications tools and were very surprised by the results.

Over 65% of government IT workers surveyed said that Web 2.0 tools are important to their operations. 20% were currently using things like wikis, blogs and RSS feeds with over 50% more planning on having these tools in place by next year.

Our take: many of the Web 2.0 tools are cheap or even free. Of course there are some server and maintenance costs, but the costs of Web 2.0 solutions are a drop in the bucket compared to other federal IT projects. You’ve heard the stories. Most of these tools are easy to get up and running and don’t require extensive training to be an active user.

Basically, our expectation of low adoption was rooted in the idea that the federal government would have more policies, i.e., restrictions, around usage and tighter controls around content and the dissemination of information. Interestingly, I just met someone who worked in the Air Force’s public affairs office at BlogPotomac, a local social media event. He told me that he was there because the Air Force already had multiple blogs across what is obviously a very big organization, but that there was no single policy around blogging. Surprising and the opposite of what we thought.

Perhaps in the end, the ease and speed of adoption and the speed of social media conversations are outstripping the agencies’ ability to get in front of them. And that’s a big lesson learned for agencies and enterprises alike.

Another note: check out this presentation by Chris Rasmussen, Knowledge Management Officer, Intellipedia, National Geospatial-Intelligence Agency, Department of Defense (yes, that’s the title they published for him) from FCW’s Spring Government CIO Summit on the use of social media software within the US intelligence community. It’s pretty funny and has nuggets of good info for anyone looking at adopting these tools.

Guess what? Government agency management and communications officers have the same issues and fears that enterprises do. What if people give away (trade) secrets? What if people drop the “f-bomb”? Possibly the funniest thing in the recording of Rasmussen’s presentation is when he shares the “worst” blog comment that he got on Intellipedia where someone likens him to traitors like Chris Hansen…for doing a blog.

ShareThis

Was reading Amrit Williams blog today on the AV market and followed a bunch of links back to read more. I have to say reading the articles left me with just a bad taste in my mouth for where is the innovation in security, especially the AV market.  As Amrit points out, the first article has Eva Chen CEO of Trend proclaiming "the AV industry sucks".  She says with 5.5 million new viruses, how can anyone claim they are doing a good job.  I don't disagree with her but unlike Amrit, I don't think the Trend response is such an innovative response. In fact I think it is exactly what the folks at Panda Security in Spain have been talking bout doing for some time now.

A couple of other things that Eva says I found disturbing as well. Most of all was her analogy of open source software and proprietary software to capitalism and Communism.  I don't buy into the whole open source - socialist/communist thing.  I think it once again shows that Eva Chen doesn't get open source at all.

The other interesting article that Amrit pointed out was one announcing the new Symantec endpoint management suite. This represents Symantec integrating endpoint security suite with the Altiris management platform.  I think Amrit is right about it takes more than slapping it all in a yellow box and putting a portal interface on it.  Often times that amounts to little more than seeing how high you can make that pile.

Was reading Amrit Williams blog today on the AV market and followed a bunch of links back to read more. I have to say reading the articles left me with just a bad taste in my mouth for where is the innovation in security, especially the AV market.  As Amrit points out, the first article has Eva Chen CEO of Trend proclaiming "the AV industry sucks".  She says with 5.5 million new viruses, how can anyone claim they are doing a good job.  I don't disagree with her but unlike Amrit, I don't think the Trend response is such an innovative response. In fact I think it is exactly what the folks at Panda Security in Spain have been talking bout doing for some time now.

A couple of other things that Eva says I found disturbing as well. Most of all was her analogy of open source software and proprietary software to capitalism and Communism.  I don't buy into the whole open source - socialist/communist thing.  I think it once again shows that Eva Chen doesn't get open source at all.

The other interesting article that Amrit pointed out was one announcing the new Symantec endpoint management suite. This represents Symantec integrating endpoint security suite with the Altiris management platform.  I think Amrit is right about it takes more than slapping it all in a yellow box and putting a portal interface on it.  Often times that amounts to little more than seeing how high you can make that pile.

With all of my writing this week about lack of truth in much of the data being put on the public whether from vendors or analysts, I thought I would put my money where my mouth is. In order to get some real data to the analysts so that their reports are accurate I am posting a note I received from Aberdeen Group about a new survey they are conducting in vulnerability management.  If you have a few minutes it is an excellent way to contribute.  Remember, the truth shall set you free!

Would you like to learn how Best-in-Class companies successfully maximize their results in IT Security Patch and Vulnerability Management?

By participating in this brief survey, you will be able to see how your experiences in Patch and Vulnerability Management compare with those of your peers, benchmark your performance, and see how you can achieve Best-in-Class results.

My name is Saqib A. Khan, a Senior Research Analyst at Aberdeen Group, and I am conducting a survey that will help companies such as yours determine the Best-in-Class procedures for Vulnerability Management. Your participation is a vital part of the report development, and serves as the foundation of Aberdeen's research. If your company is planning on implementing Vulnerability Management solution, or is simply evaluating the potential benefits, we would appreciate your feedback in this brief, 10-minute survey.

In appreciation for sharing your time and thoughts with us, we will provide complimentary access for you to the full benchmark report as soon as it is published (a $399 value).

Individual responses will be kept strictly confidential, and data will
only be used in aggregate.

We look forward to hearing from you, and greatly appreciate your
time and participation.

Sincerely,

Saqib Khan

With all of my writing this week about lack of truth in much of the data being put on the public whether from vendors or analysts, I thought I would put my money where my mouth is. In order to get some real data to the analysts so that their reports are accurate I am posting a note I received from Aberdeen Group about a new survey they are conducting in vulnerability management.  If you have a few minutes it is an excellent way to contribute.  Remember, the truth shall set you free!

Would you like to learn how Best-in-Class companies successfully maximize their results in IT Security Patch and Vulnerability Management?

By participating in this brief survey, you will be able to see how your experiences in Patch and Vulnerability Management compare with those of your peers, benchmark your performance, and see how you can achieve Best-in-Class results.

My name is Saqib A. Khan, a Senior Research Analyst at Aberdeen Group, and I am conducting a survey that will help companies such as yours determine the Best-in-Class procedures for Vulnerability Management. Your participation is a vital part of the report development, and serves as the foundation of Aberdeen's research. If your company is planning on implementing Vulnerability Management solution, or is simply evaluating the potential benefits, we would appreciate your feedback in this brief, 10-minute survey.

In appreciation for sharing your time and thoughts with us, we will provide complimentary access for you to the full benchmark report as soon as it is published (a $399 value).

Individual responses will be kept strictly confidential, and data will
only be used in aggregate.

We look forward to hearing from you, and greatly appreciate your
time and participation.

Sincerely,

Saqib Khan

Whether it is a train fire, a highrise building fire or worse. People should have more protection than a necktie, their shirt or paper towel to cover their mouth, nose and eyes. As you know an emergency can happen at anytime and in anyplace, leaving one vulnerable. Don't be a sitting duck. The Subivor® Subway Emergency Kit can aid you in seeing and breathing while exiting. This all-in-one compact, portable and easy to use subway emergency kit contains some items never seen before in a kit.

This could have won my Third Movie-Plot Threat Contest.

So, if you’re in ‘the rest’ category, here’s a quick overview of how the chain of love works top-down from manufacturers to VARs to you.

Manufacturer -> Reseller.
First it’s important to note that most IT Manufacturers have some level of Partner Programs. These programs are structured agreements between a Reseller and the Manufacturer and are usually based on 1) volume of their product sold and/or 2) technical expertise. Each Manufacturer is different, but they usually offer 2-4 tiers of partner programs depending on those 2 things, and each tier may have a different discount offered to the Reseller.

Commodity items may just require a Reseller to request to be in the Partner Program, and sign a couple of documents. More involved products, such as the network and security products we deal with, usually require the Reseller to demonstrate competencies and a high level of technical expertise with that product. Some product lines or specific products may require a Reseller to have authorization or certification to sell and/or provide services for a product.

When selecting a Reseller or VAR, it’s important to keep these things in mind and be sure your choice is comfortable with that product line- you should be able to ask them for recommendations and help specifying the correct products and possibly help with the installation and integration. If you send a Reseller a list of part numbers and it’s the wrong ‘stuff’- you’re less likely to get help exchanging it for the correct items, from the Reseller or Manufacturer. It’s also nice to know you have a friend to lean on when you’re installing new products.

You’ll see more info from me on understanding the difference between a Reseller and a VAR soon. Your VAR should be able to help every step along the way, and a Reseller should at least be able to help you select the correct part numbers as part of their pre-sales support.

Distributor -> Reseller
There’s another interesting twist in our chain of IT relationships- the Distributor, or Disti for short. Understanding distribution of a product can be advantageous- some products are sold directly from the Manufacturer to Reseller, but most go through a Disti. The Disti can be another advantage for your Reseller to leverage, but the Customer really should not be involved in any way in these transactions. Sometimes Distis offer an additional discount to a specific product line or type. Other times the Distis may be offering a volume discount or bundles. Sometimes the incentives are for the Reseller, and some times they’re designed to pass through to the Customer. It’s a good idea to just ask your Reseller if there are any additional discounts that could be applied.

Reseller -> Customer
A lot of Customers like to get information directly from the horse’s mouth and at times this Reseller-Customer relationship is bypassed at critical times. Keep in mind the Manufacturer sales rep is most interested in selling you something- and they may be interested in selling you a specific something, depending on what their incentives are. If you, as the Customer, call in a Manufacturer directly for pre-sales support, do you really expect them to honestly tell you “Hey Mr Customer, you really don’t need my widget.”? On the other hand, if you call in a trusted Reseller or VAR, they have a more vested interest in your success, and the success of whatever solution is put in place because they’re responsible for making sure it all works.

Another distinct advantage of a good Reseller/VAR -> Customer relationship is the ability to leverage your Reseller’s relationship with the Manufacturer. Maybe you’re a huge buyer of the Manufacturer’s stuff- and maybe you have enough clout with them directly to get what you want. Congratulations if you’re in that position, but for 99% of Customers, that’s not the case. If your Reseller or VAR is in good standing and either moves a large volume or has extensive technical expertise, they can offer you some great advantages, in pricing, services and more. Your VAR can frequently negotiate additional discounts, maybe free training or reduced service costs and competitive trade-ups.

Another tip- don’t discount smaller Resellers. Our company, for example, is not an International online box-pusher, but we have the best pricing tier with most or all of our Manufacturer partners and offer the majority of our product lines at less than you’ll find from those online e-tailers and wholesalers. Surprise!

That’s a very brief overview- you’ll see more on Vendor-VAR relationships coming soon.

# # #