IM Security and the Internet Acceleration Newsletter

I have posted very little since Thanksgiving. I spent a fair amount of time with family over the holidays, I developed a passion for Sudoku, and I started skiing again. Together, these activities gave me a bad case of blogger's block.

I hope I am in recovery, but who knows. Anyway, I was reading today's Internet Acceleration Newsletter (which I enjoy a great deal) and saw these two briefs which mentioned a post I did the day Symantec acquired IMLogic

Symantec Strikes Yet Again -- At this rate we probably should devote a separate section of this newsletter to the latest Symantec acquisition.  This time Symantec gobbled up IMlogic, one of the three companies competing for a share of the Instant Messaging security space.  Until this move, IMlogic had been locking horns with FaceTime and Akonix competing for market share in this emerging sector.  FaceTime seems to have maintained leadership having early on sold its products to NY financial institutions, one of the most important verticals in this space and they've since seemed to have smartly expanded their product line to encompass other types of threats.  In all but a few verticals, protecting Instant Messaging hasn't yet caught fire, perhaps because there haven't been that many destructive attacks.  For the past few years these IM competitors have spent half of their marketing budgets trying to convince customers to take IM threats seriously and the other half beating the heck out of each other -- whenever one of them put out a press release about a new feature the others followed within an hour or two.  But it makes perfect sense for companies like Symantec to care about protecting against IM (remember what happened last year when these mainstream security companies ignored the Spyware problems and, in the process, created a bunch of new competitors?) and it might be that the best place for IM protection is either in the hands of a "portfolio" security company (meaning that the valuations of the remaining IM protection players probably goes up as a result of this acquisition) or else handled at the proxy level -- customers say that Blue Coat's IM management and security is perfectly adequate.  With all of this going on and with the increase in real time collaboration applications that use an IM type framework, this space continues to be of interest.

Three Stages of Security -- we had lunch recently with Bob Walters, former CEO of Teros which Citrix acquired at the end of last year.  Bob's got this great way of simplifying a lot of stuff -- in this case we'll call it Walters' Law of Startup Security Company Valuation.  Walters' Law basically says that there are three stages of valuation -- Stage 1 is proving that there are vulnerabilities.  Stage 2 is showing that the "threat" knows enough about the vulnerability to allow exploit (as evidenced by a small number of incidents) and Stage 3 is actual widespread exploitation.  The premise of Walters' law is that if you get to stage one and can convince people that there is a vulnerability, you're probably able to get beta customers and raise some venture money (there's a lot of venture investors out there dying to get in on the latest big thing and they're sure to bite at the chance to get in on the ground floor of a new threat).  If you can convince people that there is a serious threat due to the vulnerability, then Walters points out that you're probably able to find a moderate number of "careful" customers who have big enough concerns about a specific threat and are willing to purchase -- not huge sales numbers but enough to make a security company look credible.  And then of course there is Stage 3 where real world exploits are publicized and customers are in panic mode (think Spam circa 2004 and Spyware circa 2005).  While it's elusive and hard to predict, Stage 3 is where the big money is for startup liquidity.  But most security companies struggle to get to Stage 2 where they wait and wait hoping for the worst (bad guys taking advantage of a vulnerability causing lots of customer pain).

These briefs hit the nail on the head:  IM security is being overlooked; and Bob Walters' point about the market requiring proof of (rather than the potential for) risk is a good one; and the best place for this technology is in the hands of a "portfolio" player like Symantec.

SD Forum Interop Conference: Jan 31st, Santa Clara

One of the topics most likely to fire up enterprise IT teams is interoperability, or rather the lack of it, between vendor offerings. It's a frustrating problem that pits innovation against standards: a new technology, say email, starts to gain acceptance; standards may or may not exist; even if they do, competitors enter the field and add new features which inhibit interoperabilty; someimes it's years before interoperability is fisrt class (take email, or instant messaging).

And so it goes. You can see this as either a healthy  environment for innovation, or a nightmare of incompatibility.

The problem's not likely to go away soon, but there are signs that application interoperability will happen a lot sooner as we begin to settle on base standards for data transfer and identifying people, capabilities and features.

The upcoming Interoperability Forum -- an Open Industry Dialog promises to tackle the topic with a great set of topics and speakers:

• Web Services Interoperability – Hear where XML standards are going from Sun, BEA and startup Forum Systems
• Fireside Chat – Join Anne Thomas Manes as she grills executives Kelvin Lawrence CTO, IBM; Andrew Layman, Dir. Connected Systems, Microsoft; and Graham Hamilton, VP and Fellow, Java Platform Team, Sun
• Identity Management – Learn about new developments in identity standards with Kim Cameron of Microsoft, Parteek Mishra of Oracle and startup Identrus
• Enterprise Systems Management – Hear IBM, H-P and Intel along with startup Centrify discuss new solutions to heterogeneous systems management
• CIOs—Wrap it all up as 3 CIOs discuss their real-world challenges and successes in achieving interoperability

In my opinion.t's worth the cost of admission and time just to hear Kim Cameron on this subject.

Symantec acquires IMLogic -- helps adoption of IM in the enterprise

Mass High Teck reports that IMLogic has been purchased by Symantec, beefing up their security offerngs:

Following the acquisition, IMlogic's threat detection and remediation for instant messages will be combined with Symantec's early warning and response system and augment Symantec¹s system, company officials said.

In 2001, IMlogic was founded by Sakoda and now-President and Chief Executive Francis deSouza, who previously ran Microsoft's Real-Time Collaboration Group and built Microsoft¹s first instant messaging server, Exchange 2000 Instant Messaging.

IMLogic was an early partner of  Microsoft Live Communications Server -- LCS -- in enterprises deploying instant messaging. This acqusition will strengthen the business use of instant messaging in general, and LCS in particular.

I'd expect more acquistions in this space by companies delivering either security or instant real time communications products.