Jan 23, 2008

Leaky Nuke Lab Is Poor Endorsement for a Security Product

Not exactly a glowing endorsement.

-Gus

_______________________________________________

From: http://www.informationweek.com/blog/main/archives/2008/01/leaky_nuke_lab.html

Posted by Andrew Conry-Murray, Jan 23, 2008 10:35 AM

A new startup has licensed technology from Los Alamos National Laboratory to help enterprises respond to security incidents. But does the company really want to be associated with a lab that routinely mishandles nuclear weapons secrets?

Founded in July 2007, Packet Analytics launched Net/FSE this Tuesday. Net/FSE is Linux-based software that performs real-time forensic analysis of NetFlow router data. NetFlow is a Cisco (NSDQ: CSCO) router protocol that provides key pieces of information about network traffic sessions.

The company claims its software can churn through terabytes of NetFlow sessions. The goal is to help IT security teams better respond to anomalous network behavior and security incidents by helping them understand which hosts are involved in an alert, how long the activity has been going on, and where it originated.

Packet Analytics makes a big deal of its association with Los Alamos National Laboratory (LANL). The technology behind Net/FSE has been used for five years on LANL networks. LANL is tasked by the Department of Energy (DOE) with maintaining the security and reliability of U.S. nuclear weapons, and its networks are a regular target of intrusion and espionage attempts.

The startup is hoping the association provides a measure of credibility that other startups have to earn over several product cycles and through customer trials.

Unfortunately, LANL has suffered a string of embarrassing security incidents in the past decade. For instance, employees sent top-secret nuclear weapons data through an unsecured e-mail network, the lab acknowledged in June 2007. In 2006, an employee whose spouse was involved in a meth lab bust was found to have sensitive information about nuclear weaponsin her home. A list of security breaches at Los Alamos and other DOE facilities is available here.

While the majority of security incidents at LANL involved mishandling of classified information by lab employees and contractors rather than network-related events, linking the new company closely to the lab isn’t the most clever marketing strategy. Luckily they aren’t trying to sell a data loss prevention product.

Packet Analysis is also late to the NetFlow party. A truckload of security products already consume and analyze NetFlow data. Competitors include Security Information and Event Management (SIEM) products such as Qradar from Q1 Labs; and Network Behavioral Analysis (NBA) products such as Lancope’s StealthWatch and Cisco’s own CS-MARS.

Many of these competing products add value because they analyze more than NetFlow sessions, including firewall and host OS logs and IDS alerts. Some products, such as CS MARS, can also help remediate events by closing firewall or switch ports to stop malicious traffic from spreading through a network.

However, these SIEM and NBA systems are expensive. Packet Analytics offers the software free for networks processing up to 1 million events per day. Perpetual licenses start at $1,495 for up to 3 million events. It’s a sensible strategy to attract organizations that may be daunted by the price tags for competing solutions.

Packet Analysis has launched with $200,000 in seed funding from Flywheel Ventures, the LANL Venture Acceleration Fund and private investors. The company expects to close a Series A round of investment by year-end 2008.


9 comments:

  1. Packet Analytics currently has only one commercial customer, Los Alamos National Bank (LANB). I'm not sure if LANB is even paying to license the product.

    I'm sure these guys are working hard and I wish them well. However, like the article states, hitching your network security product to the LANL logo is probably not a very wise marketing decision.

    ReplyDelete
  2. LANL's brand name has been throughly trashed in the public mind. I don't think it can be revived.

    If LANL was a commercial company, the name would have been changed to a catchy new phrase. But, then again, maybe it will. The name 'Pluto's Pit Factory' comes to mind. Perhaps we could even license the Disney puppy character.

    ReplyDelete
  3. I don't think that they are using it as a marketing endorsement. This article is about par for the course of LANL derogatory comments:

    1) Did the person use the software? No
    2) Did the person look to see what it did in comparison to other software? No
    3) Did he get a bunch of free hits by mentioning a bunch of things he doesn't know much about? Yes
    4) Would he have written an article saying "Company is clearly trying to hide from the shame of LANL" if Packet Analysis had not mentioned where the software was developed? Probably yes.

    To phrase it another way, I wonder if the author has quit beating his wife yet?

    ReplyDelete
  4. Actually, 11:08, I'm not convinced that "hitching your network security product to the LANL logo" is necessarily a bad idea. I mean, look at Nanos: his LANL affiliation is what got him that cushy new job at DTRA!

    -Gus

    ReplyDelete
  5. At least they didn't name the company Packet LANLytics.

    ReplyDelete
  6. You know the product is good, with LANL "red teaming" it so thoroughly.

    ;)

    ReplyDelete
  7. Yes, and continuing in the positive vein; you just know that LANL provides plenty of positive "signals" in their packet stream.

    Which, now that I think about it, is exactly what 2:05 was saying.

    ReplyDelete
  8. "Packet Analytics currently has only one commercial customer, Los Alamos National Bank (LANB)."

    Thanks for the heads up. I closed my LANB account today.

    ReplyDelete
  9. Gussie/Pinky - can you make this a top post?

    Hey folks - news flash. Big radiation exposure at the LANL hotcells facility yesterday. Operated by chemistry division/ADCLES. Division leader is out of town. Big cover up going on. Many people exposed to radioactive germanium. Lots of labs have bee shut down due to proximity to the hotcells ... it is that bad. Just like the Americium incident/coverup all over again...hush, hush.

    ReplyDelete

Note: Only a member of this blog may post a comment.