Could IT be more professional in their marketing?
Have gemics seen the end of their useful life?
Post Date Sep 21, 2018 3:45:00
A few week ago Safepark was invited to an event by a moderately sized Danish IT company, which after 1½ hour long sales pitch about features of two to of the companies newest product and their useful for both large and small companies using IT, was followed by a 2 hour long showing of the new Danish movie "Journal64" based on Jussi Adler-Olsens book with the same title. We made the decision to accept the invitation, spend about a little more than half a day on this event.
Did it pay off? Well, the movie was good, the popcorns properly also.
The Sales Pitch
But the sales pitch about sophisticated software for scanning for so-called vulnerabilities and then record what actions you took on these vulnerabilities, was in our view unfocused because the presenter attempted to talk to everything from small business to enterprises to partners. The possible actions you could record ranged from ignore to escalate to the response team of the vendor supplying the software, which naturally had 24/7 teams - it appeared - sitting and waiting for your call. The scanning was based on a cloud based databased the vendor maintained. Except for the fact, that the information about vulnerability was cloud based and there were an help button you could press, this to us appear much like how antivirus software of the nineties worked - except the vulnerability information was not updated in real time, but maybe ones a day or towards the end of the century maybe a few times a day.
The presenter assumed the audience was familiar with the company's products, and did not take time to explain the layout of the user interface, but started clicking buttons right away in the demo. Clearly not a good strategy for the broad audience.
Over the past five years Safepark have attended a number of different vendor presentations about this type of vulnerability scanning software, and while the frequency of updates of the vulnerability database has increased, there appear little innovation in the way the response is handled. That still requries an IT person to look as the individual vulnerability and decide what to do about it.
At this last event less than 100 persons had found it worth their time to get a free movie after a sales pitch. 4-5 years ago Safepark would attend 3-4 events every month from breakfast meetings to whole day miniconferences, and without much consideration about the host. Today we attend less than one event every month, and are were selective with which ones we attend. Invitations without a full detailed program is automatically declined. Can anyone remember the 90's when painting young ladies were a regular feature of IT events? So IT marketing has become more professional, but there is still a long way before the mantra, that you need to know your audience is fully understood, and we get rid af the IT and the business talk.
Vulnerability Protection in the Linux World
At the event Safepark recently attended one attendee asked if the software was available for Linux and Android systems. The answer was that products for Mac were available. However, a quick search on the company web-site showed, that they also have a security product for linux. However, finding a description of this product was a bit more difficult. Furthermore the product was aimed at corporate customers.
It is no secret, that Safepark primarily use openSUSE Leap as there computing platform. openSUSE Leap and SUSE comes with AppArmor, which a kernel application, that allow you to restrict what a particular program can do. That requires some learning, but allows strict control of what is running on your system and what it can access. And the lastest version of openSUSE Leap installs AppArmor by default and activates 50 provifiles. Unfortunately equivalent software is not available in the Windows world.