The security clusters of the future

Discussion in 'other anti-malware software' started by Kees1958, Jan 7, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Dear all,

    2008 has just begon and I would like to make some predictions on security.

    In terms of risk control there are some basic strategies:

    1. Stay out of risky situations, you won't need a defense when you are not attacked (e.g. site advisor)

    2. Reduce the vulnarable spot/attack surface (e.g. UAC and Policy sandbox)
    This is why a lot of old fortresses are build in the loop of a river/hill top with only one or two access roads.

    3. Control the attack vectors (traditional HIPS monitoring hooks/SDT), so you won't get hit. Normally a talkative and more user intervention required solution. Prevention is better than to cure will all software FireWall fans and classic HIPS fans argue.

    4. Limit the damage/damage containment. In this category are Antivirus (although AV's providing Network and HTTP scanning are really ahead of things), Policy Sandboxes (because they remember the untrusted status of a downloaded file), virtualisation and yes Behavior Blockers.

    Based on these four principles I think security will develop into three main streams:

    1 (the easy prediction) Firewalls and HIPS will integrate: Main reason is because they both focus on the attack vectors, they need each other for synergy and want to know whether an application is trustworthy or not. examples are the leaders in there class as Comodo, Online Armor. Agnitum Outpost Pro and look and stop (early innovator, now losing ground).

    2 Threat gate mitigation
    I think browser specific policy management/virtualisation (reducing the attack surface) will be combined with staying out of trouble (site advisor), Vista's already offfers Phising and Protected mode, other early innovators are Linkscanner Pro and Haute Secure. Google has bought Greenborder, may be this search engine will provide all (search engine, site advisor like site security rating and visualisation). Who will tell? There are enough good solutions available. I do not think the Haute Secure guys would have stepped out of MicorSoft when MS had plans to develop it for itself. AVG has bought Linkscanner, so things are moving. Zone Alarm the friendly FW is also experimenting with this direction ZA Forrcefield.

    3 Anti virus will extend non intrusive heuristics to behavior blocking
    Blacklisting is a low user knowledge security option. Heuristics and behavior Blocking are different techniques to trap a malware. Behavior blocking and Antivirus both have the deal with the same challenge "deal with false positives". It is therefore logical these two simular security models (heuristics and behavior) will align and join forces.

    A way of improving heuristics and behavior blocking is by applying virtualisation. Example: A programs violates a heuristics/behavior trigger, next the AV would go into virtual mode for that single process. When this suspect is breaking some more laws it starts to get more and more suspisciuous. The virtualisation would make it easy to extend the STOP decision. A later (based on more facts STOP decision) will reduce the amount of False Positives. While virtualisation will still make it possible to roll back (clear) the virtual data pocket. When the potential malware did not do anything wrong the virtual data could be committed to the real world data.
     
    Last edited: Jan 8, 2008
  2. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Kees,

    Interesting post with some thoughtful comments. I enjoyed reading it.


    Mike
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Mike,

    Thx. Since there are so few reactions lets try to spice up discussion. Let's discuss who will lead this innovation. What are the candidates?

    Market Pull: User acceptance issue, the non technological point of view
    From an innovation point of view, early innovators often will be stuck in the middle, due to lacking user acceptation. To check whether the general public will adopt new technology a few questions have to be answered (all this talk is just knowledge from other people, e.g the questions below are based on Everet M. Rogers - diffusion of innovation, because this is just a personal brain fart, combining fact with fiction, I am not using any references to authors).

    Questions which help to get the early majority moving (you know innovators, early adopters, early majority, late majority, laggards, blah blah):

    1. Are the benefits clear or is the threat clear to which it protects?
    2. Can these usage advantages be communicated in an elevator ride (in 10 to 20 seconds)?
    3. Is it simple to use/install (complexity of use, needed knowledge involved)
    4. Is it there a new consumption/usage behavior involved (yes means a big usage threshold)
    5. What is the try out consequences/risk in terms of money and social acceptance (a low try out risk is a medicine against the fears of a new consumption pattern/behavior when the other questions are answered clearly).

    When looking at Online Armor, Mike did some amazing smart things (problably by intuition). Online Armor also offered a FireWall (V1 was called a HIPS, V2 now is called a FW). He got picked up by Matousec. Scoring well in an older market (FW is older than HIPS) which did not involve new behaviour threshold of HIPS, he started to focus on scoring high on leak tests. Now people were picking up Online Armor as a FW instead of a HIPS. Next he reduced the try out risk by offering a freeby besides a trial program. Also the black and whitelist made this program easier to use. So Mike managed to pull OA out of the difficult to understand HIPS segment and immediately become a leader in the FW arena. Well done!

    Now have a look at the above questions and then have a look at this page: http://www.threatfire.com/ Great how they communcated it (ThreaFire Antivirus protects where others can't). Pitty is has no connection to other PC Tools business. From a communication point of view it is great, from a marketing point of view it really sucks (no stimuli/incentives to use other PCtools products).

    The try out risk is not always related to money. Acceptance also is related to the trust/reputation of the company offering the service. This is called social acceptance (when MS is offering it will be okay) Who can remember the days of when Netscape had a market share of over 75%. When Microsoft arrived it was soon over (FireFox is renamed Mozzila is reincarnation of Netscape).

    So from the existing players I am inclined to select Microsoft, because they have deep pockets, are a trustworthy company, focus on family protection (what is your kid downloading, who is he/she talking to) in stead of technology.

    Other existing players with a clear benefit are search engines, like Google. Offering web site rating, content protection and virus protection would create a complete locked in user environment. This lock will also be a great problem to Google. Being an American company it always has to deal with 'anti trust law'.

    So anti trust restriction (reducing freedom of movement to Google) could open the way for COMODO and its certficates or 'trust selling'. Comodo's bigger scheme on providing free software is the selling of its certificates. To do so it has to build up a reputation of trust and a company which helps users for free (the free Melih hype).

    Although those three companies all represent dogma's I personally would not subscribe, I am happy they all three exist. It is like the days of the cold War when USA, USSR and China were three super powers, preventing the other to dominate the world.

    Push: The technology push from the security indistry players
    For ease of discussion, lets devide the possible sources in the existing technology roots.

    Technology players

    1. new guys on the block with HIPS like technology
    - Virtualisation/sandboxing/policy based HIPS (e.g. Returnil/sandboxie/DefenseWall) and Soft sandboxing/bad source identification (Linkscanner/HauteSecure)
    - Behavioral HIPS (ThreatFire, Mamuto, PrevX, Primary Response Safe Connect)
    - Classical HIPS

    2 - FireWall's background

    3- AS/AT/AV background companies


    Show me the money
    It is always important to determin who is actually earning money or has a clear earning money scheme (so investors will provide the money to finance research and development). Because The AV industry is the oldest industry and the one making most money. At a fair distance the FW companies arrive. While all the latest innovations are fighting to earn a decent living.

    For the new guys on the block lack of growth (earning money) really is a time bomb under product innovation, lets have a look at the different players.

    1A. Sandboxies/virtualisation/softsandboxing
    Although BufferZone/Sandboxie are great in surviving time, new comers like SafeSpace and Returnil show how easy it is to establish more or less equivalent technology. This means that a bright guy (single band operation like DefenseWall) can earn a living. In general they lack the money and marketing knowledge to break through to the large audience. Also their often non-US base, makes it harder to find venture capital. So these are companies who are candidates to be taken over (e.g Greenborder, Linkscanner) by other parties. Kapersky are you reaqding this (why not?), give Ilya a call and acquire this technology fast.

    1B. Behavioral Blockers
    It is difficult to develop a good behavior blocker. CyberHawk is now ThreatFire (baught by an AS company). PrevX uses to many technology to be the champion of its category (using many technologies, means many competitors, which makes it hard to describe your relative advantage). Examplary is how they advertise PrevX2 " If anyone else in the community has ever seen a malicious file, which is about to attack your machine, then it will automatically be blocked from harming you. If you're the first person ever to see a particular malicious file, then all Prevx2.0's defences will be deployed to understand and intercept the file, before it causes you any harm" So I am protected either way? What is the use of community protection then, when all PREVX defences are sufficient by itself? Next we have Mamuto, It is the IDS of A2, so that is an AT/AS-based company. Next we have PRSC. They have lisenced their technology to Norton (Norton Antibot), they exist for quite a while and were one of the first to be able to provide Vista64 bit behavior blocking. Sana Security is privately owned, but has got money from venture capitalists. The Norton Antibot deal can be a good sign or just making marketing noise to satisfy the venture capatalist and organise an initial public offering. So PRSC is a big question mark, the others (TF and Mamuto) fall into the AV/AS/AT category. PrevX is to much a mixed bag to raise funds for a multi AV engine or develop their own engine. The last Behavioral competitor is MicroPoint ProActive Defense. Being also an Antivirus company and having experimented with their software, I dare say they are a serious contender for being a leading innovator.

    1C. Classical HIPS
    When they have not made it to become a FW player they will not acquire enough funds to finance this. OA already crossed the border, Pro Security and SSM might follow. I think they are to late to identify the user skills required as a succes threshold. Anti Executable and Online Armor started to used black and white list much earlier, reducing th euser intervention required. So SSm and PS will stay problably techies tools with PS having the best papers to survive, because it is a one man band operation. The other chinese question in this context is EQSecure. EQSecure has announced to also provide some form of virtualisation. It is still a techies product (but it is improving). Having tested the first english version (3.3), I can only admire their (his/her how many developers are there at EQS) innovation. The language barrier and technical complexity raises my doubt, therefore also question mark.

    FireWall background
    This is an easy one: off course Comodo. Although when looking at their line of intrest it would not surprise me when they would provide something like Zone Alarm forcefield with a safe site rating based on their own certificates. The second one is Zone Alarm. Zone Alarm is always mentioned as user friendly FW. There recent development (Zone Alarm Forcefield) is just a strategical correct move (instead of trying to outrun Comodo, Outpost and Online Armor, they are learning to roller skate). So these two are the obivious contenders with Outpost as category leader being able to react as a early adopter. Online Armor has some hurdless to overcome, called Vista32 bit (should be released before this summer) and Vista64bit. Time is money Mike! (think of all the new PC's with Vista 32 and you can not service them)

    AV/AS/AT players
    On this area Kapersky is the quality leader who seemed to be able to develop its own technology, The proactive defense module was okay. Being a quality leader and having resources makes Kapersky a candidate. Norton is offering NA and Norton 360, I think they are playing with it as a seperate module to decide whether or not to go ahead.
    PCtools is also a mixed bag. They have the technical ability, but I am questioning their marketing ability to implement it. Technology wise they do the things like it should (all interface have the PC tools look and feel, which is great).
    AVG is also a strange duck. They are able to make money with a freeware version. They have a history of buying the right knowledge (e.g. Ewido), but their own development (as an example their FW) is not very strong. Still they acquired linkscanner, so they are moving in the right direction. A2 surprised me with their IDS, they are around a long time, like Webroot and many other of the AV market (Nod32/Norman) have options.

    Please throw in your suggestions
     
    Last edited: Jan 8, 2008
  4. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Hi Kees,

    Some very interesting points. I see you've only discussed Prevx from the behavioural blocking (Prevx 2.0) standpoint. What's your view on the Prevx CSI standpoint? Surely this falls into the AV/AS/AT players segment at the bottom? It's all about remedial detection and cleanup (usually after the resident AV has failed).

    Regards,

    Darren
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Darren,

    PrevX started with a innovative payment concept: on a need basis. PrevCSI (short for Computer Security Investigation, but sounds like Crime Scene Investigation which is great marketing name).

    PrevCSI is good, but what is different to this than a free scanner like Bitdefener (AS) of A2 Free (AT) or SAS free (AS)? What magic has it got? Can you tell from the web page? I can not tell?

    Regards Kees
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    What I do not understand is why AV companies are not more creative in finding solutions.

    Suppose AVG would use Linkscanner Pro to:
    - provide attack vector/soft sandboxing security to the browser (existing functionality of the Pro version)
    - have a bad website list (existing functionality of the free version)
    - add a tiny/miny HTTP scanner (existing functionality at an Average AV company I would presume)

    What would this have for effect on the play time of zero day malware

    Zero day malware Play time is:
    - implant to break out time (sleeping the virus is inactive=incubation time)
    - break out (virus becomes active) to vaccin time (a blacklist fingerprint is available at the AV supplier)
    - vaccin time to protection time = time it needs to distribute the cure/vaccin to all customers having a yearly lisence of the AV (also the update frequency of AV's).

    This AVG-LinkScanner would have the following benefits:
    a) Softsandbox would provide protection during the incubation time
    b) As soon as a virus would break out, IP adress sources could be published on the web advisor
    c) Every 5 minutes the tiny/miny Web scanner would poll for updates (fingerprints of the last 24 hours), to reduce this distribution time as much as possible.

    Would this trigger you to pay for AVG yes or no?

    During the incubation the
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello, Kees,

    Nice summary.

    In taking this into the workplace, I predict more companies will clamp down on how company computers are used by employees. There are already a few mavericks out there, to wit:

    http://www.faronics.com/whitepapers/CaseStudy_LAPD.pdf
    While this approach might seem overly restrictive to employees used to treating their workplace computer as if it were their own personal computer, by and large they take note that company-wide downtime caused by infections is reduced to zero.

    This is also the case in several community colleges I'm familiar with. In one instance, six years ago Deep Freeze was installed in all classroom computers across three campuses, and support calls averaging 150+ per month to clean infections dropped to zero. Paid Support Staff was cut from six to two.

    In the above cases, installed software is checked/approved at the System Administrator level. In the colleges this has not been a problem, once faculty understand the policy.

    As one writer noted more than three years ago about restricting software installation,

    An Ounce of Prevention
    www.infosec.co.uk/ExhibitorLibrary/123/An_Ounce_of_Prevention.pdf
    He also notes,
    Is this "controlling the environment" approach applicable to home situations?

    The most obvious example is a home with one family computer. In the above cases, note that there are no user decisions to make. No prompts. In this type of home environment parents can set up separate user accounts for their children, in effect restricting what they install. I see this increasingly, where parents are realizing that this type of control is no different than that they apply to deciding what movies their children watch, or who their friends are. Parents I've spoken with have not had problems with this, when started at the children's early age: it's just the way we do things in our family. Family rules. Family policies.

    The above approach pretty much restricts the attack vector to what is knowingly installed. One parent with whom I spoke recently said she tells her little daughter, "these are the two sites where we can get screensavers." Parents who are actively involved with their kid's computing activities have a wealth of information and suggestions from educational sources, including in my community, the local children's library.

    As several parents told me, our aim is that as the children eventually get their own computer, these habits we are instilling will continue, that they won't click on everything they see. Recently I showed the Facebook exploit to a parent, who instantly replied, "that couldn't have happened here. They know not to install anything directly from that site."

    I will extend my prediction about companies to include more home environments, as I'm finding more and more people who realize that it doesn't take a lot of sophisticated technology to set up a safe computing environment. I notice here at Wilders, for example, more people's "security clusters" contain fewer products.

    The approach of "controlling your computing environment" can extend to other areas, for example, knowing how your financial institutions communicate with its users. One states clearly,

    To apply this approach into the other browser and email activities reduces the social engineering threat, which, as many writers are saying, accounts for the largest percentage of computer infections.

    regards,

    ----
    rich
     
    Last edited: Jan 8, 2008
  8. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I have previously posted that behavior blockers will make it into widespread use in AV's, so #3 is old news to me.

    #1 may be an emerging trend, but there is also a counter trend with Symantec using the Sygate based firewall technology. Of the new HIPS based firewalls only OA has any sort of usability. Testing outbound communication by comparing with signatures or some kind of deep packet inspection that looks for particular protocols or encryption will not stop any POC leak tests, but has the potential to block a lot of undesired outbound communication from minor variants of malware that were created to avoid flat file scanning, without requiring the user to have any technical knowledge.

    IMO it is very important that solutions be developed that are usable by those that are not particularly literate. Like it or not, only those who hang around here are able to respond to a HIPS message that program XYZ, that happens to be a windows component wants to run. After a few of those they give up and either uninstall the thing, or press yes all the time until they get infected.

    The traditional intrusive HIPS approach adopted by Comodo or found in SSM or DSA, is not going anywhere.

    It might be fun to experiment with securing ones own PC, but until major improvements come to the masses, writing malware will remain profitable enough continue the present assault on out online safety and sanity.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Rich,

    In the Netherlands, most companies have there employees logged in as a Limited User. Even my company laptop is sealed and encrypted. I agree there is a lot of money found in standardsation and policy rights management. Microsofts One Care family strongly anticipates on the family values you outlined.

    Regards Kees
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Diver,

    I am not claiming a visionairy scoop, so most of what I have posted is old news, its the bigger picture I would like to discuss with you all.

    In terms of user friendliness: Threat gate mitigation (No 2) and Antivirus with Active heuristics/behavioral analyses (in a virtualised environment) (No 3) are the easiest to apply.

    I think attack vector control programs will become more and more user friendly, due to whitelists, communicty sharing (7 members of our community valued this program to be safe, is already implemented with DriveSentry) and the assumptions that all existing programs are secure (Comodo's Clean PC mode).

    With Vista coming up and the benefits UAC/64bits kernel, those vector control programs can be made smarter:
    - give the user an option to warn only at severe (Comodo red alerts) intrusion of NEW programs, existing programs are okayed as long as their image hash is the same
    - seeking an out bound connection of a white listed program can be set to automatically okay
    - seeking an outbound connection of an unknown program result in a yellow alert, when this program has performed some intrusions (the current Yellow alerts of D+) give it a red alert and provide a clear explanation based on these multiple intrusions. PRSC provides such an overview when popping-up and rating the risk.
    - Another possibility is to give the yellow intrusions a risk value, provide an option to proceed as long a program does not pass the accumulated risk level (currently implemented in NeovaGuard). The value of these yellow alerts could be based on the users behavior/preference (reduce warnings, because I am a consious PC user, average user and risky user). Every Alert gets an internal number, these numbers are used to retrieve a warning message to show th euser, this internal table could also have three risk values based on a profile (easy as that)

    Off course users wanting to see every alert would just select the paranoid option.

    Bottom line: attack vector contol programs will also emerge to (even) more user friendly way of dealing with alerts.


    Regards Kees
     
  11. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    This was always going to be a tricky thread for me to participate in being a vendor, and also trying to maintain a policy of not commenting on other vendor products too much.

    So, lets start with a disclaimer: I'm Mike Nash, and for the those people that don't know: Online Armor is my product.

    Now - to the question:

    At the moment people are upset with their computers "not working" or getting infected with Spyware. My mum got most angry with me when I suggested that due to her browsing activities she might have to reinstall windows. She took that to mean that her computer was broken, and they'd only recently bought it. It works fine! Hmmph..

    This is the market - we're talking about market pull for products people don't realise they need, from people who don't want to buy them, don't know how to use them and nor understand them (enthuisiasts or early adopters aside).

    (My emphasis). Most people I talk with would agree. There is the small "Microsoft is teh d3v1l!! " crowd, and the tech press treat MS Security Initiatives with disdain - but outside of tech circles, MS are a trusted brand and this sort of discussion doesn't occur. I for one am not silly enough to disregard what a company with a few billion kicking around is able to accomplish. Xbox 360? Zune? I wish I could afford to lose the sort of money those things do. MS can play for a long term strategy, but they are between a rock and a hard place ("Your security sucks, but if you bundle AV with windows then people are gonna scream antitrust").

    I don't think we will see much innovation coming from MS - but if they decide to play a bit of catch up, as they have done many times before - they could drop a spare $100M that fell behind the sofa into one or more purchases, teams to do it. My prediction here is that if someone comes up with a good idea here, MS could copy or buy it... if they weren't so fixated on trying to out-google Google.


    Google works heavily with Firefox and other open source projects. Despite what I just said, from a business persepctive I'd be much more afraid of Google coming up with an innovation than MS. Again, the Google guys have got plenty of Money. If they wanted to hire a team of guys to go and put google stickers on every PC in the world, they could probably afford it. They also have a culture of innovation.

    However, Google's an advertising company. You're the product that they sell to advertisers, so it's lucky they have such a good search engine otherwise we'd all go back to Altavista. They might put a dog in this race as soon as they stop the Symantec advertising. They have to be fairly careful.


    This sort of thing precludes investment. I've been through the VC route in my prior business. "How hard is this?" "What are the barriers to entry?" "How long would it take your competitors to catch up?" are key questions.

    If the answer to the questions are: "Easy", "Few barriers, and "Not long" - then don't expect investment unless the VC has a hidden strategy, a serious hangover, or you already have a large customer base or something else that they are buying.

    Just to say - we are funding Online Armor out of IT Support - so sales for us don't matter as much as a driver to provide support, or add new features.

    Online Armor started out as a product called Bank Safe. Myself, Scott and Darryl were sitting around the office and I received yet another bank scam telling me in terrible English to reset a bank account I didn't have.

    We started a discussion over lunch (we're all techs) about other ways of doing it... just a bit of banter, trying to outdo each other. A few days later there was yet another story in the press and I called Scott and said "You know those ideas? Well, I reckon there's a product we could develop that could be used to protect against them...." and Banksafe was born.


    Innovation can come from anywhere, and any company and at any time.
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Mike,

    Thanks for joining in. Reading my post again, I can understand why you reacted with

    I did not intend to project this on OA (funds limitation), since you already managed to become a FW category leader.

    As long as you imagine the average customer to be you mother or aunt, you will manage. User acceptation is the real threshold to overcome.

    Regards Kees
     
  13. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Kees,

    No worries I just wanted it to be clear on our funding of the product in case anyone got the wrong idea. I knew what you meant - was just making sure that in general others were too.

    Mike
     
  14. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I'd like to note here that innovations is a small-companies job. For the big corporations its price is too high.
     
  15. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    I have been following this thread with great interest and have some comments:

    Manditory disclaimer: I am a vendor rep for Returnil just so the reader is aware

    Ilya said:
    No argument except to note that that "price" here is one of risk rather than actual monetary outlay. A successful (hence large) company is large because they have a product line that people want and their business model is appropriate. Small comapnies have much to prove in the eyes of potential customers so have a strong incentive to experiment and innovate...

    Mike said:
    The enthusiats and early adopters are a key to later growth. They are both reviewers and heralds to a wider public who look to them for advice and recommendations. If you have built a "better mousetrap", the word is better spread by those your potential users and customers trust. If the product or service has merit then this is enough to get the ball rolling downhill...

    As for adoption by those resistant to change, some innovations do not need to be deployed as stand-alone solutions. Some are valid upgrades for existing product lines from larger vendors with a more substantial user/customer base. Whether this means aquisition or partnership depends on the complexity of the deal and expected benefits. This means that these same resistant users could ultimately be using the solution without knowing they are or even needing to know...

    I see this eventual reality as validation of the idea, service, or product that got the giant to flinch. If MS is going to drop money on a product it is because they see a benefit for doing so that is in their favor. Though problematic, immitation IS strong proof of innovation...

    Even if the answer is "not long" you have to look closely at the cost/benefit analysis. It may still make more sense to the large company to aquire or license the technology because of competitive advantage if time to market becomes an issue. Creating the technology in-house might seem straight forward to the observer, but it can be a very deceptive indicator of future actions on the part of the VC or other investors...

    Mike
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ilya, Coldmoon

    Managing innovation has more or less three sucesfull approaches

    1. Skunk works
    First initiated by Lockheed Martin. It was called skunk works because they tried everything on the spot, so the engineers smelled oily, even the designers could not be white collar suite cases, the interaction between science and applied technology gives the best boost. Most startups and succesfull second phase companies are able to nourrish this cult like environment.
    A stmuli was that the next years target were not defined as this years plus 10 (evolutionary), but were defined as this years plus 200%, how would you do that? One aspect of the skunkworks approach was that they tore the problem down into different elements and started to come up with altyernatives on the element level. In this way a team can come up with roller skates in stead of running shoes to move faster (shoes just being one of the elements)

    2. Garage Box principle
    This is invented by (I thought HP), Just give every employee with a good plan some days off to set up a business plan. When the plan is okayed, th e large company gives him some budget to setup a company. The mother company takes a share of 30% with a right to buy back parts of the remaining shares (a staged plan until eventually 100% is owned by the mother company and the entrepeneurs are millionairs). This 30% is the initial burning capital. The employees now entrepeneurs can have access to the large companies resources, but is also allowed to buy/acquire form outside.

    3. Game theory
    Besides the official R&D plans the company ask other innovative departments to enter plans for new ideas. Every year the company starts with 10 ideas. The game theory lays in the fact that the employees get money and hours (like in the garagebox approach) to obtain predefined succes targets (e.g. setting up a business plan, a devlopment outline, defining potential market, realising a Proof of Concept, getting 3 customer interested with a demo, finding a launching customer, etc). Compare it with a kid playing a game and he or she has to find new energy to continue the quest. The company assigns a fixed amount. In the first month there are say 10 initiatives, so every body gets 1/10. The next month three initiatives have died, so the remaining seven get relatively more, after six months only three survived and they get so much resources that the can work dedicately on their idea. This rat race stimulates survival while rewarding the rats who stay leving with extra resources and means. The idea behind the game theory approach is that at least 1 idea comes through every two years.



    Examples
    While Intel put millions of Research in improving the Pentiun Architecture in the USA by finding higher clock cycles, they also asked the Isrealic R%D team of their mobile CPU unit to do some research, this because their largest competitor (AMD) walked the path of more instruction per cycle in stead of increasing the CPU cycle. The Israelis applied a trimmed down form of the Game theory and managed to develop the dual core architecture out of the Pentium mobile. So innovation is not always up to smaler companies. The game theory is also applied a larger companies

    IBM applied the skunkworks approach (with only of the shelf prodocts) to the team which was given the order to develop a Personal Computer.

    So not all innovation comes from smaller companies.

    But it is definitely true that
    a) limited resources
    b) rat race principle
    c) creating time to look at things differently (spending time with feet on th etable, dream time = not inefficient)
    d) guts/dare to change th erules of the game (the maverick invents skates when he can not out run the true loyal corporate soldier)

    In general this is seen more at smaller companies than the bigger ones.
     
    Last edited: Jan 9, 2008
  17. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Absolutely. Our v2 mousetrap was a lot better than our v1 mousetrap and the word of mouth does a lot more for it than anything I might write or say about it.

    Precisely! Online Armor contains HIPS, Keylogger detection - but most people think of it (now) as a firewall. Adding in (tongue firmly in cheek here) virtualisation features could get people using that too - because they look in general at what the program does for them than what the underlying technology is.

    Again, agree with you. I've had some interactions with MS in this regard, and it wasn't exactly pleasant.

    From the outside in, lots of things look easy - and as I said - if you have time to market, customer base or other things (patents, for example) then "easyness" of the task is less of an issue. Definitely it's not always about the pure technology - lots of things play into it. There are many reasons to make investments and aquisisitions - my response was a bit of a generalisation tempered with one counter- example.
     
  18. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Managing innovation is hard. When I was trying to think of a business at one time in my life I was sitting there (I kid you not) flipping through the yellow pages... (Hey! I was young!) - but the best business/product/program ideas I have had invariably solved a problem in an interesting way.

    Ultimately, innovation comes with a guy with an idea. The idea might be based on work already done (by themself, or someone else) - but sitting people in a room (unless it has a bar) is a hard way to generate real innovation but a good way to generate application.

    An example:

    Innovation: I saw an awesome video on youtube where a guy did a hack of a WII controller onto a PC system to implement head tracking.

    head tracking

    If you are a gamer, I guarantee you will salivate when you think of the games that could be produced with this.

    Application:
    I can also see how this would be cool for all sorts of activities - flight sims, virtual tours of property, and get a room of people together and I am sure some cool uses of this will come up. But the innovation - "change the view depending on where the guys head is in order to get a 3d immersive effect".

    Even if you don't read this ramble - do look at the video. It's fantastic.

    I agree with Ilya - innovation comes from small companies (or individuals)
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Mike, Ilya, Coldmoon


    First it is a brilliant movie. Secondly what you are saying is true: innovation comes from a person with an idea and the dedication to bring this idea to life

    Most large organsations will kill such 'mutations' from the corporate standard (because employees are not getting an extra bonus from doing something different, for managers it is an extra hassle).

    The three approaches really are not managing in that sense that you can predict and control the results. The appraches are based on creating a stimulating environment to facilitate the guy/girl with an idea.

    Because I am used to selling things to the corporate guys, I use the word manage to much (makes them think they can control bisiness, then they start feeling good and are inclined to buy). So I should have said: three ways of creating a stimulating environment for innovation (= room to move and resources for the guy/girl with an idea plus asking for a realistic path against which succes can be measured). This can be done even in big companies.


    Regards Kees
     
  20. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Well, there are two things here:
    1. The price of a wrong innovation. You have mentioned a Pentium4 issue previously. The price for this mistake innovation is at least 10% of processors market share for Intel.
    2. It is impossible to simulate an entrepreneur environment in big company because they all are sharped up for an average motivation, average productivity and efficiency of your work. If you are far above it- you will NEVER work for big company.

    So, my point here is: the price of wrong innovation (dogs doesn't eat your dogfood) is very high for a big company from one side. From other side, there is no really brilliant productive people working for a big company for a long time to make it more innovative- much simpler to leave it and get a venture money for your great idea. Even if it will fail, the price won't be so high- couple of years of new life experience. A single person can't broke, company can!

    That is why we have what we have- small companies generates innovations, big ones pick them up in case they are successful and bring them to a global market for a masses. This world is quite simple thing if you understand how exactly it works- this is hacker's work.
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    AD 1: Is true, but that is because Intel used the game theory as a backup plan and not as their prime R&D plan

    AD 2: How do you explain this then

    My wife is an HR for an innovative energy firm (seeking investors, projects, constructors, lobbying at governments, ect). They have currently 1500 people employed (last year it was 800). When some of the researches have an idea, they can get money and become an entrepeneur. Also guys with ideas from universities are picked up. In the garagebox division they have at the moment 82 little companies facilitated.
    Their company structure is:
    a) Project spotting division
    b) Research & Development (is the collection of 82 garagebox start ups with in total 132 people working in it)
    c) Project and site construction management
    d) Products (needed for the projects)

    I think we agree on the fact that you can not organise it by behaving like a true loyal corporate soldier. But smart big companies can think of ways to employ mavericks, by nourishing them partly outside the company. Her company uses the game theory for the idea to action phase and the garagebox for the action to proof of concept/pilot phase
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I some times speak to venture Capitalists. They say that the world is quite simple: You have capitalist, sheep and system hackers (in wider context = people disputing the rules of our society), when system hackers are able to change the system (our consumptive society, making the sheep follow), we simple reverse 'hack' the system hackers to capitalist. ;)

    Regards Kees
     
  23. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    This case, it is not quite "big company", it's looks like a techno-park in the field of energy.
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Okay, I surrender
     
  25. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Great, now it is the right time to get back to the topic's theme :)
     
Loading...
Thread Status:
Not open for further replies.