In 2005, Microsoft acquired Frontbridge, one of the major providers of hosted email security services.

When it launched the Microsoft-branded version of the service, it was named Exchange Hosted Services (EHS). At the time, we said this was confusing, because:

1. It sounded as though it was a hosted Exchange service, rather than hosted services for your existing Exchange installation.
2. The services weren’t only for Exchange; they still worked with Notes/Domino and other email systems.
3. There was no recognition of Microsoft’s overarching security brand: Forefront.

Microsoft has now addressed these issues. The security components of EHS are now known as Forefront Online Security for Exchange.

It’s only taken four years. The typical perils of a large, siloed company.

… Richi Jennings

Since the early 1980s, Microsoft’s success has been predicated on a tripartite strategy:

1. Sell software, in volume, at about 20% of the incumbents’ prices.
2. Engage third-party developers.
3. Use industry-standard hardware.

These have clearly been the three keys to success for Microsoft — although we can argue the details of how revisionist this description of Bill Gates’ strategy is.

It’s also clear that Microsoft sees SaaS — if you insist, cloud computing — as an important part of its future business. For example:

• Exchange/SharePoint Online (Business Productivity Online Suite or BPOS)
• Exchange Hosted Services — including the Forefront Online Security for Exchange offering
• The Azure Services Platform

So this poses a problem for Microsoft. On the one hand, it’s important for it to sell its products for far less than its incumbent competition. On the other hand, the SaaS/cloud incumbents such as Google, Amazon, and Symantec use platforms that are less expensive to run at scale than Windows.

There’s no way that Microsoft can compete on price in these markets. Don’t expect Microsoft to repeat its previous successes by undercutting its rivals.

… Richi Jennings, with thanks to Microsoft’s Bob Muglia for the succinct description of Microsoft’s strategy

Singapore-based BoxSentry has been busy. While beefing up its technology base — in part to compensate for the loss of the challenge/response layer — the company has developed new techniques to better identify false positives.

BoxSentry has wrapped the new techniques in a product it’s calling LogiQ. The idea is that it can run alongside a traditional spam filter and automatically retrieve any false positives it finds.

As an illustration, BoxSentry offered a “typical” example: Over the test period, a deployed spam filter from one of the well-known vendors delivered 11,500 legitimate messages, but LogiQ found an additional 680 false positives in the filter’s quarantine. That’s a roughly average false positive rate, in our experience. Not exactly state-of-the-art, but pretty representative of deployed spam filters. It might equate to one false positive every week per user.

BoxSentry says that 100% of the false positives identified with these new techniques really are false positives — although they may not catch all of them.

A bold claim; we look forward to digging into the details of the techniques under NDA …

… Richi Jennings

AVG makes one of the last free AV products. At the RSA Conference, we talked about why the company is sticking with its “freemium” model …

According to AVG, it’s positively beneficial to have the majority of its “customers” who don’t pay for the product. It makes lead generation really easy. Not only are they able to up-sell consumer users who download the free version, but many of those consumers also recommend the use of AVG inside of the SMB in which they work.

Add to that the valuable stream of real-time feedback that their users’ installations provide about threats on the Web pages that they discover, and one starts to understand why the company is growing at a claimed 80% annually.

… Richi Jennings

Astaro sells a line of low-cost unified threat protection appliances.

In the past, the company gained a reputation for developing its products “for engineers, by engineers.” However, that way of planning the product roadmap has changed.

Astaro claims “600 new features” in three major releases over the past year — versions 7.2, 7.3, 7.4. The features were chosen based on win/loss analysis and other customer requests — no longer an R&D-led roadmap.

Astaro now uses Commtouch for spam control. For virus control, Astaro has dropped Kaspersky, which it says was too expensive and inaccurate.

Other notes from the meeting:

• Moved to Postgres from MySQL
• Added full https content inspection
  • Several options for deploying the proxy certificates to user PCs
• Network balancing across several connections
• Supports the proprietary Cisco IPsec client
  • So can have people move from obsolete Cisco PIX and ASA to Astaro
  • Supports iPhone VPN client (nice demo)

… Richi Jennings

What a nice man Florin Talpes is. We met the CEO of BitDefender at the RSA Conference and found him a pleasant, thoughtful personality.

He’s not going to allow BitDefender to make the same mistake as certain other Eastern-European AV companies, which got too big too quickly and rested on their laurels.

BitDefender is very proud of its successes in comparative testing. It’s touting a meta-analysis of several recent tests, which show the company tied with Symantec for the top spot, in terms of malware detection accuracy.

… Richi Jennings

At the RSA Conference, we sat down with Commtouch, a company best known for its OEM anti-spam engine that is licensed by a long list of well-known email security vendors.

In January, the company launched a Web security service, using a similar architecture and business model as its anti-spam technology. In other words, it’s a hybrid of a managed service — cloud-based, if you insist — that maintains a database of known Web pages, plus an OEM engine that queries the database and intelligently caches the results.

Why do it in the cloud? Commtouch argues that it’s hard to categorize the whole Internet, as the database gets huge and the changes are too big to push the updates in a timely manner.

The service categorizes the known threats so that OEMs can produce different types of products; for example, a product focused on anti-phishing, which will concentrate on the Web pages categorized as fake bank portals, etc.

Commtouch argues that being an OEM is a good place to be, as the industry continues to move to a “soup-to-nuts” UTP model. Commtouch’s vendor customers will often specialize in one or two areas and license the rest conventionally.

More controversially, Commtouch also argues that it’s risky to build a strategic relationship with a small, niche company that offers an OEM solution, because if they’re bought out, they may lose the OEM strategic focus.

Well, they would say that, wouldn’t they?

… Richi Jennings

Varonis produces a management tool to help IT do “unstructured data governance.” In other words, it helps people manage the random dumping grounds of opaque files sitting around on shared drives. Compliance and e-discovery are the watchwords here.

Varonis is very proud of its EMC partnership. EMC resells the product to its disk array customers. EMC is also a customer: with 40K users of 420 file servers storing almost a petabyte of data.

More notes:

• It integrates with ActiveDirectory and ensures that file system permissions adhere to policy.
• It offers a richer user interface for permissions than Windows itself.
• You can navigate and drill into Windows server access logs, which is useful for e-discovery.
• It also helps you ensure your super-users aren’t snooping on sensitive data.
• It helps you find the business owner of data, which is important for e-discovery.
• It can flag potential permission revocations (e.g., where a user hasn’t used that permission in a while, because the user has changed jobs).

… Richi Jennings

We sat down with Websense at the RSA Conference. The big announcement is that the company has finally come out with a prebuilt appliance.

It’s easy to be cynical. It wouldn’t be hard to see this as Websense being “late to the party.” Naturally, the company doesn’t view it that way.

Websense didn’t want to simply take its existing software platform and repurpose it onto a 19″ rackmounted server. It already has third parties that do that, which Websense says it’s happy with.

Websense saw the need for a complete platform refresh. We’re seeing the first fruits of this work in the new V10000 appliance.

• It’s based around a virtualized environment, based on Linux and the Xen hypervisor.
• The first version is simply a Web gateway/security proxy, but future add-ons will include DLP.
• Customers will be able to run multiple instances on one box.
• A new centralized management platform can control a mixture of appliances and the similar functionality provided by the Websense managed service (which is based on technology from the BlackSpider acquisition).

… Richi Jennings

At the RSA Conference, we were almost blinded by the huge grins on the faces of the Abaca reps.

As you may recall, Abaca has a really interesting spin on the spam filtering problem. Finely tuned mathematics and a big database of receiver statistics give back up some truly impressive claims. We said last year that we like Abaca’s approach; it’s very promising.

For over a year, Abaca has been working on a deal with Yahoo to add the technology — which it now calls CLX — to the spam filtering mix. A few months ago, we heard unofficially that Yahoo agreed to roll it out.

Now, Abaca is announcing that the rollout has been hugely successful, and that Yahoo is extremely satisfied with the result.

As an update, here’s the (claimed) highlights of the Abaca technology:

• Guaranteed accuracy of at least 99% catch rate (with money-back contract terms).
• Claimed false positive rate is infinitesimal (we calculate their claims equate to one in a million messages).
• After bootstrapping with recipient email statistics, no user training is required, but can be individualized by users clicking the Spam/Not-spam buttons.
• By its nature, it’s extremely scalable — a single small server can handle 90 million messages per hour.

Of course, we can’t verify these claims, but it would appear that Yahoo effectively has.

Equally, we don’t know how close to reality the false positive figures are — at best they’re based on user reports alone, which usually tend to significantly understate the reality. But, again, if the Yahoo user reports are anything close to 1:1,000,000, then Abaca has something really worth shouting about.

… Richi Jennings

Singapore-based BoxSentry has historically been known as a challenge/response spam filter vendor. Readers will probably be aware that we’re no fans of C/R.

Briefly, if a C/R recipient is sent email “from” a sender that it’s never heard of, it auto-replies with a challenge. Until the sender has satisfactorily responded to the challenge, the mail doesn’t get through to the recipient’s inbox. The technique is generally less accurate than those used by today’s state-of-the-art spam filters. A significant number of people just don’t respond to challenges, which means that the false-positive problem is worse than with conventional filtering. Users who employ C/R are also seen by some as spammers in their own right, because most spam has forged sender addresses — much of them the addresses of innocent third parties.

As time goes by, BoxSentry has gradually de-emphasized C/R, but until recently it was still sending challenges for a small but significant proportion of the spam it received — and hence was sending unsolicited “replies” to people who had never sent email to the BoxSentry user.

At the RSA Conference, BoxSentry confirmed that it no longer uses C/R. This is great news for Internet users. We heartily welcome this development.

… Richi Jennings

Every year or two, Ferris Research updates its estimates for the total cost of spam. Here are our 2009 estimates:

Worldwide, spam will cost us all $130 billion; in the U.S. alone, $42 billion. That’s a 30% increase over our 2007 estimates, which themselves were a 100% increase over our 2005 figures.

So the growth in the cost of spam is slowing down. Why do we think that? Here are the three main reasons (most important first):

1. Spam levels aren’t growing (some sources say they’ve declined, but this is as a percentage of total email, but total email volumes have grown, so the two facts roughly cancel out).
2. Spam filters are getting more accurate and more people are using better spam filters (so people need to delete less spam and search for fewer false positives).
3. Spam filters are less expensive than they were (albeit increasingly purchased in a higher-value bundle of other functionality, including archiving/compliance).

The contribution of each cost component to the total is roughly:

• User productivity cost (deleting spam, looking for false positives, etc.): 85%
• Help desk cost (IT helping end users deal with spam): 10%
• Spam control software/hardware/service (licensing fees, amortized capital costs, etc.): 5%

… Richi Jennings

Are you a Novell GroupWise, ZENworks, or Teaming customer? Are you disappointed that Novell canceled the BrainShare event?

Do you know about GWAVACon? Since 2005, this conference has been focused on the Novell collaboration community. GWAVACon has been held in Dallas, Sydney, San Diego, Munich, and Berlin. This year the U.S. event will be held in Las Vegas: January 25-27.

The events get strong support from Novell and other vendors in the Novell ecosystem. This year the keynote will be given by Juan Carlos Cerrutti, a Novell Vice President. RIM is a key sponsor.

Our own Richi Jennings will be speaking at the event (so it’s not all sunshine and roses).

The organizers have three attractive incentives for people to come along:

1. For those who were attending BrainShare in Salt Lake City, the early-bird deadline was extended to January 8th. This is a $200 discount (but only until January 8th, so move fast).
2. For those who had already booked flights to Salt Lake City, GWAVACon is offering a discount equal to the airline change fee for those switching flights from SLC to Las Vegas.
3. For $1695 all expenses are paid. This includes airfare, hotel, and food. This is great for those that have budget for “training” but not for “travel”. It includes everything for a single price that’s slightly less than a BrainShare pass. (Offer is for those coming from the U.S. only.)

Of course, you can’t combine these offers, so choose which one works for you best.

… Richi Jennings, with thanks to our old friend Richard Bliss