Would you buy a used car from this company?

Would you buy a security product from a vendor who couldn’t write English properly, didn’t understand fundamentals of data security and pushed the envelope on claims for product functionality?

A prospect recently told us that he was using Lumension end point security software – we’re trying to upsell him to a data security solution that will prevent loss of data by his outsourcing partners and customer service call center.

I took a look at the web site and was dutifully impressed with the amount of grammatical and semantic mistakes. Here’s a quote from the web site landing page:

Complete Endpoint Security is Achieved with Lumension’s Sanctuary by:

  • Enforcing endpoint security policies that prevent known and unknown threats from executing, such as malware, viruses, spyware and zero-day threats
  • Controlling and monitoring the flow of inbound and outbound data
  • Safeguarding the confidentiality, integrity and availability of sensitive data on desktops
  • Protecting against network and desktop security breaches where confidential data could be exposed to fraud
  • Providing a detailed audit trail of all device and application execution attempts, by tracking data that is copied to and from removable devices and by controlling what data is allowed to be copied to a device at the file leve

“Enforcing endpoint security policies that prevent known and unknown threats from executing..”

Good example of a dangling participle. Enforcing … policies…from executing?

Also poor understanding of security basics – how do they mitigate unknown threats exactly if they don’t even know what vulnerabilities are being exploited?  I don’t think so.

How about controlling inbound and outbound data flows when the software – “enables only authorized applications to run and only authorized devices to connect to a server, terminal services server, thin client, laptop or desktop”.

I’m curious how they prevent employees from sending confidential marketing documents to private gmail accounts if they only inspect removable device and application authorizations. Can they prevent an employee from jacking in an iPhone or notebook running Ubuntu into the network, getting a DHCP address and running untethered?

or how about Safeguarding the confidentiality, integrity and availability of sensitive data on desktops – when they cannot classify the documents as confidential (since they don’t do content inspection)

Is Lumension doing some kind of check-sum or water marking on files in order to ensure data integrity? Are they providing backup and restore of data that enables them to ensure availability.

or how about Protecting against network and desktop security breaches where confidential data could be exposed to fraud

Is Lumension aware that fraud is orthogonal to data security breaches? Fraud is caused by an insider (or insider in collusion with an outsider) that has motive, opportunity and means to manipulate a business process to their personal and usually financial advantage.  Hello ! This is not data breach – this is FRAUD!

Yikes! Shocking!

If the Lumension marcom person needs some help with creative writing – she can surf on over to Fresh Marketing Bullshit and get some marketing bullshit fresh off the press like “innovate world-class communities” or “incentivize user-centric e-markets” :-)

Related Posts Plugin for WordPress, Blogger...
Tell your friends and colleagues about us. Thanks!
Share this

One thought on “Would you buy a used car from this company?

  1. Hi Danny:

    Many thanks for your recent blog post on Lumension Security. I agree that we have some work to do on improving our site and we have a new site update planned for late January. As always we encourage feedback so we can continuously improve.

    I also wanted to take some time to address a few of your comments:

    “Also poor understanding of security basics – how do they mitigate unknown threats exactly if they don’t even know what vulnerabilities are being exploited? I don’t think so.”

    =>Lumension device control and application control capabilities are based upon a whitelisting security model where anything not explicitly trusted is by default denied. By proactively defining a trusted ecosystem (as it pertains to executables and removable devices) unknown or previously unseen malware is denied execution even if it has not been explicitly identified as a known threat.=>

    “How about controlling inbound and outbound data flows when the software – “enables only authorized applications to run and only authorized devices to connect to a server, terminal services server, thin client, laptop or desktop”

    =>While not monitoring all channels of potential data flow, Lumension monitors the movement of data onto removable media and will control what types of data (by attributes) can be copied as well as enforce media encryption if designated by policy.=>

    “I’m curious how they prevent employees from sending confidential marketing documents to private gmail accounts if they only inspect removable device and application authorizations. Can they prevent an employee from jacking in an iPhone or notebook running Ubuntu into the network, getting a DHCP address and running untethered?”

    =>HTTP Posts are not monitored by Lumension Device control. Lumension does offer a NAC integrator that will quarantine non-compliant managed systems. We are not a NAC vendor and do not offer solutions for unmangeged systems requesting IPs inside a corporate network.=>

    Lumension offers a broad security solution portfolio that spans across several capabilities including vulnerability management, security configuration management, application whitelisting and device control with encryption enforcement specific to removable media. Our customers and industry analysts agree that the operational solutions that we offer serve to provide proactive risk management inherent to the protection of systems and the data. As you correctly note Lumension does not perform content inspection of data files.

    Our messaging is focused on providing market-level benefits which I believe are accurate and truthful. Thank you for your POV and feedback and please join the conversation on our Optimal Security Blog.

    Sincerely,

    ED

    C. Edward Brice
    SVP Marketing
    Lumension Security
    Ed.brice@lumension.com
    Twitter: http://twitter.com/_Lumension
    Optimal Security Blog: http://blog.lumension.com/

Leave a Reply

Your email address will not be published. Required fields are marked *