The rebranding comes at the end of CEO Pat Clawson’s acquisitive first year on the job, a year ahead of a planned IPO, and as the company gets to work integrating its recent acquisition of SecureWave, a maker of application and device control software.
We needed to rebrand because it was hard to to talk to people about device control with the name PatchLink, it was hard for them to find us, Clawson said.
Lumension Security is a unified protection and control software vendor, Clawson said. This new and lightly adopted category definition, which may or may not become known as UPC, was devised under consultation with the likes of Gartner and IDC, according to Clawson.
While the company obviously still offers software for deploying patches, that category is being de-emphasized in favor of a broader security message that combines vulnerability management and policy enforcement into a single platform.
The rebrand also draws a line in the sand between Lumension and its traditional competitors, such as BigFix, which, for its part, is also now selling itself as something above and beyond patch management. The two companies are certainly diverging in their strategies.
They’re going more the infrastructure route, we’re going security, said Clawson. We even put security in the name.
BigFix sees its suite as a service delivery platform, in which security functions are delivered as policies to a unified endpoint client. The company sees itself competing mainly against the likes of Symantec’s recently acquired Altiris.
Amrit Williams, chief technology officer at BigFix, was skeptical about Lumension’s ability to sell itself as a way for enterprises to consolidate the number of endpoint security agents they have to deploy and manage.
The press release has the company [Lumension] taking on CA or McAfee, but they don’t offer key endpoint technologies such as anti-virus, anti-spyware or firewall, said Williams. BigFix recently added these functions to its suite via an OEM deal with CA.
If all you’re bringing to the table is a subset of the functionality, you can’t call that unified endpoint security. You’re not offering the opportunity to combine disparate endpoint agents, Williams said.
Clawson said that the Lumension’s strategy does indeed see the company in competition with CA and McAfee, but added: We don’t give a sh*t about antivirus or antispyware. These technologies are passe – reactive and don’t work, he said.
Lumension’s proactive or positive security model approach is essentially about defining policies on the security status of endpoints and what users are allowed to do, and enforcing these policies, rather than blocking individual threats with malware signatures.
To over-simplify the difference, it’s a white list model versus a black list model.
Even companies that still rely on signature-based software for a big chuck of revenue, the likes of Symantec, are focusing more on behavior-based threat-blocking – an implicit, though definitely not explicit, acknowledgement of the deficiencies of old-school antivirus.
