Thursday, August 22, 2013

CyberEdge announces plans for first annual Cyberthreat Defense Report

These are exciting times at CyberEdge. We’ve compiled a stellar team of consultants and we’re doing some great work for an impressive (and steadily growing) set of clients. What more could we ask for? The answer: to do more cool things – especially ones that have tremendous potential to help our clients meet their marketing and sales objectives.
It’s with this answer in mind that we announce our plans to publish the first annual Cyberthreat Defense Report. With a release timeframe of early 2014 (pre-RSA), the “CDR” will be based on survey responses obtained from hundreds of IT security practitioners and decision makers in commercial and government enterprises across both North America and Europe. The goal for this research study is to obtain cold, hard data regarding which types of threats concern these organizations the most, the technologies they believe hold the greatest promise for cyberthreat mitigation, and the cyber-defense investments they plan to make going forward.
Beyond merely consuming the report’s data to shape their marketing strategies, there is the not-to-be-missed opportunity for security solution providers to also sponsor the report. Added benefits for sponsors include: being able to contribute survey questions, being able to more thoroughly leverage the CDR as part of your marketing campaigns, and being directly associated with what is certain to be a landmark report.   
For more details on the objectives for this research study, the methodology we intend to use, and – of course – the opportunities and entitlements associated with sponsorship, please see the corresponding prospectus, available here:

Tuesday, July 23, 2013

Cisco to Acquire Sourcefire: A Perfect Match (On Paper)

Early this morning, Cisco (Nasdaq: CSCO)
announced its intention to acquire Sourcefire (Nasdaq: FIRE) for $2.7 billion. Cisco will pay $76 a share, which equates to a 29% premium to yesterday's close at $59.08. From Sourcefire's point of view, this is not too shabby given their 2012 revenue of $223.1 million, an increase of 35% from the prior year.

On paper, this is a perfect match. In fact, I discussed potential Sourcefire acquirers with Gartner analyst, Greg Young, during last month's Gartner Security & Risk Management Summit in DC. We agreed that, realistically, Cisco was the only vendor that could acquire Sourcefire, as Juniper is rumored to be looking to exit the threat-protection space and Dell had already acquired SonicWALL.

From Sourcefire's point of view, they are the dominant player in a gradually declining IPS (intrusion prevention system) market. All signs point to enterprises transitioning from stand-alone firewalls and IPS appliances to consolidated NGFW (next-generation firewall) solutions. Although Sourcefire is slowly increasing its firewall capabilities, it's many years behind competing firewalls from Check Point, Palo Alto Networks, and Cisco. Plus, even if Sourcefire closed the firewall gap in a year or two, the company is just not perceived as a trusted firewall brand. In my view, Cisco is the life boat Sourcefire would need anyway in the next year or two. And it's much better to hop on the life boat now before their ship actually starts stinking.

From Cisco's point of view, there are two vendors that are dominating the firewall conversation today--Check Point and Palo Alto Networks. That's because each vendor has launched best-of-breed NGFW solutions featuring top-tier firewall capabilities, strong IPS detection, and robust application control, along with other features, such as URL filtering and advanced malware detection. Although Cisco offers a solid ASA firewall, its IPS component leaves much to be desired. If the company can integrate Sourcefire's best-in-class IPS and strong application control capabilities with Cisco ASA firewall software, then Cisco will be in a much better position to compete for NGFW dollars.

Although I strongly believe this is a perfect match for both companies, there are a few obstacles that both must contend with:

1. Cisco should not screw with Sourcefire's open source model. Snort is still the de-facto standard for IPS. Removing Snort from open source will result in a ton of bad press and many unhappy Snort and Sourcefire users.

2. Sourcefire's IPS and NGFW software is closely integrated with purpose-built network acceleration hardware from Netronome (assembled within Intel appliances). A proper NGFW uses a single-pass architecture for inspecting traffic by its firewall, IPS, and app control engines. I have no idea how long it will take to port Sourcefire software to Cisco hardware or Cisco software to Sourcefire hardware. Or, for that matter, how long it will take to create a unified management interface. But it's not going to be easy and it's not going to happen overnight.

3. Like most acquisitions of this kind (such as IBM's acquisition of ISS, HP's acquisition of TippingPoint, and Intel's acquisition of McAfee), the talent that caused the success of the acquired company will soon be marching out the door looking for the next big thing. Sourcefire is widely viewed as an innovative network security provider. Whether Cisco can carry that torch definitely remains to be seen. I think the best thing Cisco can do is offer Sourcefire's founder and CTO (and Snort creator), Marty Roesch (pictured above), an insane amount of money and an impressive title (Chief Security Strategist would do) to keep him around as long as possible.

If Cisco plays its cards right, its little orange dot on the Gartner Firewall Magic Quadrant may one day move from the Challengers box on the top left to the Leaders box on the top right, joining Check Point and Palo Alto Networks. But it's not going to happen overnight and it's certainly not going to be easy. But I wish Cisco and my former Sourcefire colleagues all the best.

Friday, June 21, 2013

Celebrating the life of Citrix founder, Ed Iacobucci

Earlier today, Citrix founder, Ed Iacobucci, passed away after a 16-month battle with pancreatic cancer. He was 59. <learn more>

Ed had a profound influence on my life. On so many lives. Prior to founding Citrix (then "Citrus Systems") in 1989, Ed was known as the "Father of OS/2," heading up the OS/2 development team at IBM in Boca Raton, Florida. His success attracted the likes of Bill Gates and Steve Ballmer, who offered Ed the position of CTO at Microsoft. Ed turned it down in favor of starting his own company. (Years later, Ed confessed that, at the time, he felt at $95 per share, Microsoft was way overvalued. Even Steve Ballmer agreed.)

I began my 6-year Citrix tenure in October 1996 among the first 100 employees. This was back when the company was headquartered in a small, unimpressive office in Coral Springs, Florida doing $15 million per year. Back then, Citrix had a tradition of recognizing every new employee at the quarterly company meeting. Ed would throw out a Citrix polo shirt to each new person after their name was called. I was sitting in the back of the room when it was my turn, but Ed had no trouble reaching me.

Ed instilled a 'work hard, play hard' mentality in Citrix's corporate culture. Each summer, every employee worldwide--and their immediate family members--were invited to an all-expense-paid company weekend. My wife, Carrie, and I enjoyed company weekends in Naples, Marco Island, and Orlando, Florida. We 'Citrites' also enjoyed a 'cold one' after 5 o'clock each day from the in-house keg tucked away back in Engineering--at least until we implemented a formal human resources department!

I'll never forget having dinner with Ed and his (then) future wife, Nancy Lee, in Las Vegas the night after he won the 1998 Ernst & Young Entrepreneur of the Year Award. I sat next to Ed as he told stories of growing up in Buenos Aires, Argentina, and what it was like for Citrix in the early days. The next day, I had the pleasure of meeting Bill Gates during a cocktail reception before the SC Magazine Awards ceremony (in which Citrix was honored). The only thing Bill wanted to know was when was his friend, Ed, going to arrive!

Ed was the textbook definition of a visionary. His vision spawned the multi-billion dollar virtualization industry. Throughout his career, Ed had the courage to follow the path less traveled. And we are all the better for it.

Thursday, June 13, 2013

Top Five Insights from the 2013 Gartner Security & Risk Management Summit

This year's Gartner Security & Risk Management Summit--held in National Harbor, Maryland, just
outside of Washington, DC--was noticeably bigger... and in some ways, even better. (I got to get my photo taken with America's favorite zookeeper, 'Jungle' Jack Hanna, for one thing.) I guess this isn't too surprising since it followed the largest RSA Conference on record last February.

This year, there were over 2,200 attendees, including delegates and exhibitors. I don't remember how many attended last year, but my guess is that attendance is up 10-20% this year. Everyone agreed the exhibit hall was definitely bigger!

The following is a recap of the top five insights I took away from this year's Gartner conference:

#1 - The "Explosion" of Advanced Threat Protection

The era of Advanced Threat Protection is well underway. This was undoubtedly the most notable theme of this year's conference. If I had a nickel for every time I heard "FireEye" mentioned in a keynote or break-out session, I could pack up and retire.

The exhibit hall was chock full of vendors touting their abilities to detect advanced threats--in addition to FireEye, of course--including Palo Alto Networks, Damballa, Sourcefire, Trend Micro, AhnLab, Blue Coat, Zscaler, Proofpoint, and many more.

#2 - BYOD / Mobile Device Security Remains Hot

Clearly, the second-biggest theme this year was around BYOD (Bring Your Own Device) and securing mobile devices. Mobile Device Management (MDM) vendors got a lot of (deserved) attention this year, including AirWatch, Citrix, and MobileIron. In a recent Gartner survey on 2012-2014 security spending priorities, MDM came in first place! I can assure you that plenty of CISOs left the conference this week with a new-found respect for MDM. I know I did.

#3 - "Big Data" Is Alive and Well

Although not nearly as hot as it was at the RSA Conference in San Francisco last February, the concept of "Big Data" worked its way into virtually every session that talked about SIEM technology and tactics for uncovering advanced threats. Solera Networks--recently acquired by Blue Coat--definitely benefited from this theme. So did NBA (Network Behavior Analysis) vendors, like Lancope and Arbor Networks, who were almost forgotten three years ago.

#4 - Vulnerability Management Gets Much-Needed Love

Although the Vulnerability Management industry--or "Vulnerability Assessment," as Gartner calls it (don't get me started)--is a very mature market, it is still experiencing healthy growth. And I attribute much of this growth to the advanced threat landscape that has been snowballing over the last five years. The reason I say this can be summed up in one graphic in Mark Nicolett's presentation on "Operationally Effective Vulnerability Management." Mark had a slide that depicted the insignificant number of cyberattacks that typically occur within the first month following a public vulnerability disclosure and then the massive number of exploits that follow 2-3 months later. Further, Mark displayed the following strategic planning assumption (SPA) that I think makes a lot of sense: "Through 2015, 80% of successful attacks will exploit well-known vulnerabilities and will be detectable via security monitoring."

Our industry is so hot and heavy for Advanced Threat Protection products (and rightfully so) that it seems to have forgotten about the critical importance of good old-fashioned vulnerability management and patch management solutions. Vulnerability management and patch management should be the foundation of an effective advanced threat mitigation strategy--beyond the "meets minimum" activities for satisfying regulatory compliance.

#5 - It's No Longer a Matter of 'If'

It was so refreshing to hear everyone--analysts, attendees, and even vendors--all agree on one thing: It's no longer a matter of 'if' your network will be compromised. It's a matter of 'when.' There was so much attention given to threat 'detection' technologies that I almost wanted to install a Snort IDS when I got home!

In a related note, I heard the most remarkable strategic planning assumption (in Ray Wagner's keynote) that I've heard in quite some time--perhaps ever! "By 2020, 75% of enterprises' information security budgets will be allocated for rapid detection and response approaches, up from less than 10% in 2012." Although I'm not convinced this prediction is even half true, I'm sure it made a lot of security vendors smile.

Thursday, May 23, 2013

The King of Content

The King of Content

Content is king. But what about the king of content? For my money, the white paper takes the crown, far and away. Sure, a good webinar is worth its weight in gold. But webinars aren’t nearly as consumable or leverageable as white papers. Case studies are cool (i.e., important), too. In my experience, though, they’re typically too high-level. Not to mention that you need a fleet of them to cover all the angles (i.e., business issues solved and vertical markets of interest). Presentations? Rarely are they sufficient as a standalone resource.
In comparison, white papers have a number of key strengths:

1. They force crystallization of a topic. In my experience, there is no tool more powerful for forcing one to think through the issues surrounding a topic than trying to write about it. In theory, much of this should already be done, at least for high-level topics (think MRDs). But theory and reality don’t always align. And what about all of those secondary, more granular topics that still need to be fleshed out?

2. They establish credibility and thought leadership. A single, well-written paper can demonstrate applicability and value of your products for solving a specific set of business problems, while also conveying a number of important intangibles, such as attention to detail and professionalism. With a series of papers covering additional angles and providing further insight on a topic, credibility can quickly be transformed into thought leadership.

3. Decision makers prefer them. Simply put, white papers provide an opportunity for business and IT professionals to absorb a large amount of relevant information with a modest time investment.

4. They accelerate sales. A marketing campaign leveraging a solid white paper delivers qualified leads to the sales force and can make it easier to close a deal by simplifying the process that prospective clients use to gather information and begin to evaluate your solution.

5. They deliver unparalleled flexibility and value. White papers can be used to convey just about any type of information, from technical selection criteria, innovative capabilities, business cases and TCO models to product/vendor comparisons and best practices for implementation and ongoing operations. Moreover, the same content can often be leveraged over and over again – for web copy, articles, blog posts, newsletters, presentations, solution briefs and so forth.

Of course, the effectiveness of a given white paper will depend on the quality of both the content and the writing. But that’s a topic for another day. In the meanwhile, if your organization needs help developing one or more white papers, let us know. It’s one of our specialties! 

Thursday, May 2, 2013

CyberEdge Wins 2013 Hermes Creative Award for Best Book

Yesterday, the Association of Marketing and Communications Professionals (AMCP) announced winners of 2013 Hermes Creative Awards. I am thrilled to announce that CyberEdge Group won the Platinum Award (highest honor) for Best Book! This is CyberEdge's second 'Best Book' award in as many years!

The Hermes Creative Awards ( is an international competition for creative marketing professionals involved in the concept, writing, and design of marketing materials and programs. Entries come from corporate marketing departments, advertising agencies, PR firms, graphic design shops, production companies, and more.

This Hermes Creative Award is for a custom book that CyberEdge authored and published earlier this year titled Definitive Guide to Next-Generation Threat Protection, sponsored by FireEye ( Like For Dummies books that CyberEdge has authored for its clients (in partnership with Wiley Publishing), Definitive Guide books and eBooks are excellent resources for both generating high volumes of qualified leads and for building thought leadership among your customers and partners.

I would like to thank FireEye for sponsoring this Definitive Guide book, and I share this award with the extremely talented folks in their marketing department that contributed to this book's success.

To download a free copy of FireEye's Definitive Guide to Next-Generation Threat Protection eBook, connect to their website at

Tuesday, April 23, 2013

Insights from the 2013 Verizon Data Breach Investigations Report

The annual Verizon Data Breach Investigations Report (DBIR) is arguably the most comprehensive, highly respected published research on the subject of corporate data breaches. From where I sit, it's certainly the most-quoted third-party source in cybersecurity white papers, books, and eBooks. I've personally quoted stats hundreds of times from these reports since their inception in 2008.

Verizon's latest report covers data breaches investigated during 2012 by the company's RISK Team and 18 other organizations from around the globe, including various law enforcement agencies (including the U.S. Secret Service) and national computer emergency response teams (CERTs).

The report compiles information from more than 47,000 security incidents and 621 confirmed data breaches resulting in over 44 million compromised records across 27 countries. But what's particularly notable is that this is the first time Verizon has incorporated information on breaches resulting from state-sponsored cyberespionage attacks. In fact, such attacks accounted for 19% of the data breaches covered in the report, with more than 95% of the associated cases originating from China.

The full Verizon report is 63 pages long. Here are a few of the most-notable highlights:
  • 37% of breaches affected financial institutions; 24% retail
  • 92% of breaches were perpetrated by outsiders
  • 19% of breaches attributed to state-affiliated actors
  • 52% of breaches used some form of hacking
  • 40% of breaches incorporated malware
  • 29% of breaches leveraged social tactics
  • 78% of initial intrusions rated as low difficulty
  • 69% of breaches discovered by external parties
  • 66% took months or more to discover
My hat goes off to Verizon for publishing such a comprehensive report each year. To download your free copy of the 2013 Verizon DBIR, click here:

Wednesday, March 13, 2013

The "Tchotchke" Debate: A Reflection from RSA Conference 2013

After more than two decades in high-tech marketing, I've discovered one universal truth (okay, several universal truths, but this is a big one)--there are never enough marketing resources to go around. Marketing budget is a precious commodity. When invested wisely, every dollar spent should pay a return. This is especially true when investing in large trade shows, which often consume the largest portion of a marketing programs budget.

Take RSA, for example, the largest information security conference in the world. A 10'x20' booth like the one depicted above costs $16,500. When you add in all of your overhead expenses--booth graphics and furniture, product collateral, shipping fees, electricity, carpet and pad rental, travel expenses, and booth staff wages--the expense comes to well over $25,000. As the RSA expo is open for 18 hours over three days, that comes to about $1,389/hour.

Now, as a CMO, your goal is to maximize the "quantity" and "quality" of your leads. One approach is to hand out "tchotchkes" (small gifts, such as USB drives, t-shirts, squeeze balls) in exchange for badge scans. That will certainly increase lead quantity, but has no bearing on lead quality. The other approach is to offer nothing, or perhaps put out a dish of Halloween-sized (or as the manufacturers these days call it, "fun-sized") treats, as depicted in the empty booth above, in hopes that attendees will at least slow down long enough so you can engage them as they pass by your booth.

So, what's the better approach? That's easy. Go for the tchotchkes. And here's why. Let's say you're accustomed to registering 30 leads per hour (if you're lucky) with just a dish of candy. Considering all of the costs above, that comes to about $80/lead. Now, let's say you gave away a $5 tchotchke to any person that walks by. You'll easily triple your lead count without blinking an eye, to at least 90 leads per hour. When you add $450 (cost of 90 tchotchkes) to $1,389 (hourly cost to exhibit), that comes to $1,839 per hour. But when you divide that cost by 90 leads, your new cost per lead is now $20! Suddenly, by investing another $8,100 (90 leads x 18 hours x $5 per tchotchke), you've reduced your cost per lead by 75% and tripled your lead count! And your CEO thinks you're a genius!

Okay, but what about lead "quality"?  Isn't that important, too? Of course, it is. But, unfortunately, conference attendees don't wear stickers on their shirts to distinguish qualified buyers from college kids looking for jobs. But my experience has shown time and time again that when you triple your number of "raw" leads, you also triple your number of "qualified" leads. Plus, as an added bonus, you'll increase your brand recognition for when those college kids actually land jobs!

Monday, March 4, 2013

'Big Data' a Big Hit at RSA Conference 2013

Each year, I look forward to attending the RSA Conference in San Francisco--hands down the largest information security conference the world has to offer.  I look forward to RSA for many reasons--reconnecting with old friends, meeting new people, previewing the latest innovations in cyber defenses, and observing the latest trends.

This year's RSA Conference was... well... 'BIG'... for a couple of reasons.  First, attendance was up.  Way up.  A typical RSA Conference in the U.S. attracts around 15,000-18,000 attendees.  Last week's conference was reportedly a record-breaker with 24,000-25,000 registered attendees!  And let me tell you that the show floor was jam-packed!  It is abundantly clearly that businesses and government agencies are investing more in security than ever before--which makes sense given that a week doesn't go by without hearing about a major cyber attack on the evening news.

The second reason this year's RSA Conference was 'big' relates to the 'Big Data' theme frequently depicted in vendor booths around the show floor.  Vendors like RSA, Solera Networks, Splunk, and dozens more adopted Big Data messaging in their booth graphics and product collateral.  RSA offered a Big Data Security Challenge game show in their booth, giving away a remote-controlled helicopter to one lucky attendee each hour. Solera Networks gave away Big Data Security t-shirts, depicted below, along with Big Data Security for Dummies books, authored by yours truly.

The great thing about 'Big Data' is that it doesn't belong to any single category of security products.  And it doesn't apply to just one type of data.  It's a broad concept that relates to finding hidden, actionable meaning within large data sets.  Big Data can help you uncover hidden threats, determine the scope and impact of successful attacks, and even prevent data breaches in the first place.

Want to learn more about Big Data and the benefits it brings to information security? A great place to start is to download Big Data Security for Dummies, courtesy of Solera Networks.

Tuesday, January 29, 2013

You strive to keep your customers satisfied – but are you keeping them loyal?

Smart companies know the importance of striving to keep their customers happy.  After all, studies have found that the cost of acquiring a new customer is five to 10 times more than the cost of retaining an existing one.  And so the measurement of customer satisfaction and loyalty becomes an important part of a marketing strategy – for example, an annual survey to customers to gauge how they feel about the business.

But, you may ask, why measure both satisfaction and loyalty – aren’t they the same thing?  A satisfied customer is a loyal customer, right?  Not necessarily.

Customer satisfaction is fairly straightforward.  At a basic level, a measurement of satisfaction tells us how pleased (or unhappy) a customer is overall or with a specific aspect of a company.  Surveys ask customers to indicate their level of satisfaction directly, typically using a multi-point scale (such as very satisfied, somewhat satisfied, neutral, somewhat unsatisfied, and very unsatisfied).

Customer loyalty measures the security of a customer base – that is, how likely they are to remain customers.  Satisfaction certainly plays a part in customer loyalty.  But loyalty is more complex than simply how happy a customer is with a company or product.  Many factors affect how likely a customer is to purchase from the same company again versus going to a competitor.  For example, considerations such as price, the availability of viable alternatives, the difficulty or cost of switching, and even a feeling of connection or relationship with the company, all play a role.  Because customer loyalty is multi-dimensional, it can be difficult to accurately assess through a single survey question.   Therefore, companies often employ a loyalty index – a series of questions addressing loyalty through different angles, the answers to which are later compiled into a single metric that can be tracked over time.

Conducting a formal customer satisfaction and loyalty survey can give you a full picture of how your customer base sees your company, which aspects shine and which are falling short, and – perhaps most importantly – where to focus in order to best solidify your customers’ loyalty.

Sunday, January 20, 2013

A Bit of Cloudiness for Cloud Computing?

A long-time networking/security colleague recently asked me an interesting question. Apparently he’s been getting some pushback from enterprises on cloud computing topics and wanted to know if I had been seeing the same thing. To summarize my original, somewhat rambling response: (a) now that you mention it, yes, I’ve been hearing some of this too, and (b) when you think about it, this reaction is not particularly surprising.

Let’s be clear, everything I’m talking about here is anecdotal. I don’t have any meaningful statistics I can share (at least not yet); I haven’t been actively inquiring about this topic (until now). But that doesn’t change the fact that, in passing, more than a handful of people have signaled their disillusionment (to borrow from Gartner) with most things cloud.

As for this making sense, I think there’s more to it than the cloud market simply being at a certain point in the hype cycle. In all its full-blown glory, cloud computing is astoundingly complex. Moreover, cloud technologies and services are still very much in flux. Consequently, I think the issue is that people understand that the transformation to a highly dynamic computing environment featuring everything cloud is going to take a long time – and they just don’t want to hear about it for that bloody long!

Does this mean you should pull your cloud-themed marketing campaign for next quarter? No way. But you may want to temper it a bit – or at least do or say something different than everyone else. Perhaps focus more on practically achievable near-term results instead of pie-in-the-sky vision. Good advice in any case. In the meanwhile, let me know what you’re hearing when it comes to cloud computing. Are enterprises tired of hearing about it already?

Thursday, January 3, 2013

When and When Not to Capture Website Leads

There is still much debate among high-tech marketing professionals about when and when not to capture website leads. Some feel the best approach is to place all downloadable resources (datasheets, white papers, recorded webinars, flash demos) behind a web form so you effectively capture contact info for everyone that accesses them. The downside, of course, is that you'll turn away valid prospects that are early in their evaluation process or simply wish to remain anonymous. Another school of thought is to make all of your downloadable resources available without capturing any leads. Of course, you know the downside there.

I suggest a more mainstream, hybrid approach that makes "some" of your content available for download without registration while requiring registration for more technically focused content. This approach "whets the user's appetite" by giving them just enough information to get them hooked and leaves them wanting more.

Upon reviewing practices by dozens of enterprise software companies, here is what I suggest:

Registration-free (less technical) resources:
  • Product brochures (product briefs, datasheets)
  • Solution brochures (horizontal and vertical solutions)
  • Customer case studies (in PDF format and videos)
  • Technology animations
  • Infographics
Registration-required (more technical) resources:
  • White papers
  • eBooks
  • Automated product demos
  • Recorded webinars
  • Analyst reports
Of course, when you require registration, the best approach is to leverage a system that places a cookie within the user's browser that either negates the need for the user to ever register again when using that browser (but notifies Marketo, Eloqua, or other marketing automation system when content is accessed) or pre-populates the web form so the user simply needs to click "submit." We want to capture the lead, but we also want to make it as seamless as possible for the user.