Firewall Wizards mailing list archives
Re: OT: Av and Gartner...
From: Fritz Ames <fritzames () earthlink net>
Date: Thu, 31 Jul 2003 08:09:03 -0400
John (and Marcus),I wasn't going to reply directly to the list because I felt that I might be doing what I feel Gartner does: Talk, without *really* knowing. ('Doesn't "rise to the level of a Presidential speech," if you know what I mean.) I am not working with corporate firewalls right now so I have to write in generalities. (See what I mean.) I love "Defense in Depth." What else can you use to filter the Web and FTP traffic that concerns you--before something inside your perimeter tries to render or process it? I don't know what all the options are, but I do know that desktop AV is far from perfect. Your AV can only do so much--and it's usually at the file level--so your browser may be lost to the dark side before your AV knows what's going on--if you are not scanning that traffic. I think that your paranoia is very much warranted. I can't vouch for your approach, having never done it, but it seems very sane to me. (Were I Gartner, however,... How much cash do you have?) My impression is that Gartner doesn't run anything, they just look at stuff, talk to people (most of whom actually pay to talk to them), and then the write up their opinions as fact. I worked for a "dot-com" that paid Gartner for advice and we kept getting glowing reports back from Gartner about how we were doing. I felt that we were getting fluffy advice from them (thinking, "How do they know our *very* niche market better than we do?"). They tooted our horn to others, which made our top execs feel that we were doing great and that Gartner knew a whole lot. In retrospect I feel that Gartner was a strange PR company, not some analysis gurus--and certainly no high-end integrator. I think of it this way: You know those antiques shows on TV, where they tell you something is worth some fabulous amount of money? Don't you wish that they actually made transactions, to really show what something is worth? I feel the same way about Gartner. Wouldn't it be different if they did real work based on the advice they sell, like if they could say, "We installed all authentication systems, authorization systems, firewalls and load balancing gear for Company X and, based on the similarities between your needs, we can do A, B, and C for you at this price." THAT is when I start to believe anything from Gartner (or anyone else). I have a disclaimer: I don't *know* that Gartner sells garbage, but I would love to have the time to look at all of their reports from the last four years and see A) What they said that was in conflict in different reports. B) What they said that was consisten across their reports. C) What predictions were right. D) What predictions were wrong. and E) What predictions remind me of reading a horoscope.
Thank you, Fritz Marcus J. Ranum wrote:
John Keeton wrote:Also, anyone have any experiance with Garner regarding security items?Yes. I am amazed that anyone listens to Gartner about anything. Their "research" is based almost entirely on hearsay, vendor marketing literature, and vendor briefings (aka "consulting") - while they try very hard to dodge the question of whether their "research" is influenced by the amount of money they get from a vendor, it's pretty obvious what's going on if you line up who pays them and who gets covered. You virtually never see anyone on thier stupid magic quadrant who is not a Gartner research customer or a consulting customer. Of course they're very cagy about the relationship between how much you pay and where you wind up, there have been some extraordinary anomalies. Perhaps the most significant recently was Gartner's hyping of "Intrusion Prevention" technology - in particular they widely hyped Intruvert's IPS. Yet no customers, according to a Gartner analyst I discussed Intruvert with, used Intruvert in its in-line "prevention" mode. So what did Gartner base their "research" on? Intruvert's marketing literature? There's a serious credibility gap - indeed I'd go so far as to say there's a serious integrity gap. Does Gartner test technology? No. What do they actually base their "recommendations" on? They base them on what the vendors who pay them the most - their real customers - want them to recommend. If you want recommendations that have some kind of integrity, you need to look to people who have actually gotten some hands-on time with products and who actually understand a technology. When I talk to "C-level" senior management I rate their clue level based on whether they believe Gartner reports or not. I figure if I run into a CIO who takes Gartner reports seriously, that I've run into someone who worked up the management chain through political skills and organizational skills, not through technical skills, or technological vision. Taking Gartner reports seriously is a dead-on tipoff that you're dealing with an incompetent empty suit - after all, to take Gartner seriously, you'd have to be more ignorant about technology than they are. Which is hard to imagine.mjr._______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OT: Av and Gartner... John Keeton (Jul 30)
- Re: OT: Av and Gartner... Paul Robertson (Jul 30)
- RE: OT: Av and Gartner... Bob Wanamaker - Avant Systems, Inc. (Jul 30)
- Re: OT: Av and Gartner... Jim McAtee (Jul 30)
- Re: OT: Av and Gartner... Paul Robertson (Jul 30)
- Re: OT: Av and Gartner... R. DuFresne (Jul 30)
- Re: OT: Av and Gartner... Luca Berra (Jul 31)
- Re: OT: Av and Gartner... Paul A. Henry (Jul 30)
- Re: OT: Av and Gartner... Marcus J. Ranum (Jul 31)
- Re: OT: Av and Gartner... Fritz Ames (Jul 31)
- Re: OT: Av and Gartner... Marcus J. Ranum (Jul 31)
- Re: OT: Av and Gartner... Dave Piscitello (Jul 31)
- Re: OT: Av and Gartner... Fritz Ames (Jul 31)
- Re: OT: Av and Gartner... Luca Berra (Jul 31)
- Re: OT: Av and Gartner... Gary Flynn (Jul 31)
- Re: OT: Av and Gartner... John Keeton (Jul 31)
- <Possible follow-ups>
- RE: OT: Av and Gartner... Yinal Ozkan (Jul 31)
- RE: OT: Av and Gartner... Behm, Jeffrey L. (Jul 31)