Re: Risk Management Services

["Paul Melson" <pmelson () gmail com>]

On 4/3/07, Dave Aitel <dave.aitel () gmail com> wrote:
> According to Ryan Naraine[1], they're making 12 Million dollars a year
> selling that and Retina, so someone's using it. Oddly, it's the exact same
> amount of money that Sana just took in. Weird day in HIDS land.

Well, someone's using Retina at least.  Which makes sense,since Nessus
on pure Windows is still undoable and NVA/pentest work is a big-money
consulting niche to this day.  I've been off the road for 2 years, but
I never saw and as far as I am aware still haven't met anyone that
uses Blink.  I've seen a few SecureIIS installs, though even that's
probably a tough sell these days as it's no doubt getting harder to
find people still running IIS 5 on Win2K.  That may be the real reason
we're seeing Brown go - the $12M from 2006 doesn't seem sustainable
without a new product and/or new marketing that will drive sales.
Hell, I bet they'd sell better if Marc Maiffret just started posting
to full-disclosure again.

http://marc.info/?l=full-disclosure&m=117524796007054&w=2

Speak of the devil.  :-)

Anyway, I think the reason HIDS in general doesn't see a lot of
widespread adoption is that companies view their production networks -
especially where Windows is running, where HIDS gets the most traction
- as fragile.  They don't want "agents" or "clients" or anything that
could hurt performance or stability.  And while I haven't personally
ever touched Blink, I've seen it's competition implode when installed
in just the wrong environment.  That, and at still roughly 5-10x the
per-seat cost of AV products, it's hard to sell a product that
basically does what IT managers think AV does.

PaulM
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave