Re: [fw-wiz] OT: Av and Gartner...

• Previous message: Gary Flynn: "Re: [fw-wiz] HTML Emails and Firewall Security"
• In reply to: Marcus J. Ranum: "Re: [fw-wiz] OT: Av and Gartner..."
• Next in thread: Dave Piscitello: "Re: [fw-wiz] OT: Av and Gartner..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Marcus J. Ranum" <mjr@ranum.com>
Date: Thu, 31 Jul 2003 08:09:03 -0400

John (and Marcus),
        I wasn't going to reply directly to the list because I felt that I
might be doing what I feel Gartner does: Talk, without *really*
knowing. ('Doesn't "rise to the level of a Presidential speech," if you
know what I mean.)
        I am not working with corporate firewalls right now so I have to write
in generalities. (See what I mean.) I love "Defense in Depth." What
else can you use to filter the Web and FTP traffic that concerns
you--before something inside your perimeter tries to render or process
it? I don't know what all the options are, but I do know that desktop
AV is far from perfect. Your AV can only do so much--and it's usually at
the file level--so your browser may be lost to the dark side before your
AV knows what's going on--if you are not scanning that traffic. I think
that your paranoia is very much warranted. I can't vouch for your
approach, having never done it, but it seems very sane to me. (Were I
Gartner, however,... How much cash do you have?)
        My impression is that Gartner doesn't run anything, they just look at
stuff, talk to people (most of whom actually pay to talk to them), and
then the write up their opinions as fact. I worked for a "dot-com" that
paid Gartner for advice and we kept getting glowing reports back from
Gartner about how we were doing. I felt that we were getting fluffy
advice from them (thinking, "How do they know our *very* niche market
better than we do?"). They tooted our horn to others, which made our
top execs feel that we were doing great and that Gartner knew a whole
lot. In retrospect I feel that Gartner was a strange PR company, not
some analysis gurus--and certainly no high-end integrator.
        I think of it this way: You know those antiques shows on TV, where
they tell you something is worth some fabulous amount of money? Don't
you wish that they actually made transactions, to really show what
something is worth? I feel the same way about Gartner. Wouldn't it be
different if they did real work based on the advice they sell, like if
they could say, "We installed all authentication systems, authorization
systems, firewalls and load balancing gear for Company X and, based on
the similarities between your needs, we can do A, B, and C for you at
this price." THAT is when I start to believe anything from Gartner (or
anyone else).
        I have a disclaimer: I don't *know* that Gartner sells garbage, but I
would love to have the time to look at all of their reports from the
last four years and see A) What they said that was in conflict in
different reports. B) What they said that was consisten across their
reports. C) What predictions were right. D) What predictions were
wrong. and E) What predictions remind me of reading a horoscope.

Thank you,

Fritz

Marcus J. Ranum wrote:
> John Keeton wrote:
>
>>Also, anyone have any experiance with Garner regarding security items?
>
>
> Yes.
>
> I am amazed that anyone listens to Gartner about anything. Their
> "research" is based almost entirely on hearsay, vendor marketing
> literature, and vendor briefings (aka "consulting") - while they
> try very hard to dodge the question of whether their "research"
> is influenced by the amount of money they get from a vendor, it's
> pretty obvious what's going on if you line up who pays them and
> who gets covered. You virtually never see anyone on thier stupid
> magic quadrant who is not a Gartner research customer or a
> consulting customer. Of course they're very cagy about the
> relationship between how much you pay and where you wind up,
> there have been some extraordinary anomalies. Perhaps the
> most significant recently was Gartner's hyping of "Intrusion
> Prevention" technology - in particular they widely hyped Intruvert's
> IPS. Yet no customers, according to a Gartner analyst I discussed
> Intruvert with, used Intruvert in its in-line "prevention" mode. So
> what did Gartner base their "research" on? Intruvert's marketing
> literature? There's a serious credibility gap - indeed I'd go so far
> as to say there's a serious integrity gap.
>
> Does Gartner test technology? No. What do they actually
> base their "recommendations" on? They base them on what
> the vendors who pay them the most - their real customers -
> want them to recommend. If you want recommendations that
> have some kind of integrity, you need to look to people who
> have actually gotten some hands-on time with products
> and who actually understand a technology.
>
> When I talk to "C-level" senior management I rate their
> clue level based on whether they believe Gartner reports
> or not. I figure if I run into a CIO who takes Gartner
> reports seriously, that I've run into someone who worked
> up the management chain through political skills and
> organizational skills, not through technical skills, or
> technological vision. Taking Gartner reports seriously
> is a dead-on tipoff that you're dealing with an incompetent
> empty suit - after all, to take Gartner seriously, you'd
> have to be more ignorant about technology than they
> are. Which is hard to imagine.
>
> mjr.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Gary Flynn: "Re: [fw-wiz] HTML Emails and Firewall Security"
• In reply to: Marcus J. Ranum: "Re: [fw-wiz] OT: Av and Gartner..."
• Next in thread: Dave Piscitello: "Re: [fw-wiz] OT: Av and Gartner..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]