Would you buy a security product from a vendor who couldn’t write English properly, didn’t understand fundamentals of data security and pushed the envelope on claims for product functionality?
A prospect recently told us that he was using Lumension end point security software – we’re trying to upsell him to a data security solution that will prevent loss of data by his outsourcing partners and customer service call center.
I took a look at the web site and was dutifully impressed with the amount of grammatical and semantic mistakes. Here’s a quote from the web site landing page:
Complete Endpoint Security is Achieved with Lumension’s Sanctuary by:
- Enforcing endpoint security policies that prevent known and unknown threats from executing, such as malware, viruses, spyware and zero-day threats
- Controlling and monitoring the flow of inbound and outbound data
- Safeguarding the confidentiality, integrity and availability of sensitive data on desktops
- Protecting against network and desktop security breaches where confidential data could be exposed to fraud
- Providing a detailed audit trail of all device and application execution attempts, by tracking data that is copied to and from removable devices and by controlling what data is allowed to be copied to a device at the file leve
“Enforcing endpoint security policies that prevent known and unknown threats from executing..”
Good example of a dangling participle. Enforcing … policies…from executing?
Also poor understanding of security basics – how do they mitigate unknown threats exactly if they don’t even know what vulnerabilities are being exploited? I don’t think so.
How about controlling inbound and outbound data flows when the software – “enables only authorized applications to run and only authorized devices to connect to a server, terminal services server, thin client, laptop or desktop”.
I’m curious how they prevent employees from sending confidential marketing documents to private gmail accounts if they only inspect removable device and application authorizations. Can they prevent an employee from jacking in an iPhone or notebook running Ubuntu into the network, getting a DHCP address and running untethered?
or how about Safeguarding the confidentiality, integrity and availability of sensitive data on desktops – when they cannot classify the documents as confidential (since they don’t do content inspection)
Is Lumension doing some kind of check-sum or water marking on files in order to ensure data integrity? Are they providing backup and restore of data that enables them to ensure availability.
or how about Protecting against network and desktop security breaches where confidential data could be exposed to fraud
Is Lumension aware that fraud is orthogonal to data security breaches? Fraud is caused by an insider (or insider in collusion with an outsider) that has motive, opportunity and means to manipulate a business process to their personal and usually financial advantage. Hello ! This is not data breach – this is FRAUD!
If the Lumension marcom person needs some help with creative writing – she can surf on over to Fresh Marketing Bullshit and get some marketing bullshit fresh off the press like “innovate world-class communities” or “incentivize user-centric e-markets” 🙂