The cuts are part of a company-wide reorganization first announced in January as part of a turnaround plan instituted by Steve Bennett, Symantec’s new CEO, who joined the company 11 months ago.

Bennett, a former CEO at Intuit and a veteran of General Electric, told Reuters in a January interview that the company has too many management layers and would be streamlined into 10 business units.

Ellen Hayes, a Symantech spokeswoman, sent the following statement:

“Symantec is in the midst of a company-wide transformation. As part of this effort, we are engaged in a company-wide reorganization. As a result, some positions are being eliminated. This action is a reflection of our new strategy and organizational simplification initiative announced by Symantec’s executives on Jan. 23rd, 2013. One of the goals of Symantec’s reorganizational effort is to make the company’s employee reporting structure more efficient and support the company strategy moving forward. There are several stages to the reorganization process, as we define executive and management layers down to all levels of employees. Some notifications are happening this month, as part of this the process. We are communicating with employees directly and do not have more information to share at this time.”

The company said in its 10-K annual report, filed with the U.S. Securities and Exchange Commission on May 17, that it plans to take charges related to its reorganization plans amounting to between $220 million and $250 million. Those cuts are to be completed by the end of the company’s 2014 fiscal year, which began March 30. But, as of the end of March, it had taken only $10 million worth of those charges, meaning the biggest reduction in force is yet to come.

People familiar with the company’s operations say job cuts have been under way for several months, but only a relatively small number of people have have been let go so far. One source close to the company said the next round of cuts was to be “the biggest yet.” Some employees had already been told their positions were being eliminated this week.

The cuts are to be carried out in two phases. About 1,000 positions would be eliminated this month, and some affected employees had already been notified as early as Wednesday. Another 700 positions are to be eliminated in July. The combined cuts would amount to about eight percent of Symantec’s 21,500 employees worldwide.

Earlier this year, Bennett complained that most Symantec managers had on average only five people reporting to them. As such, the job cuts are expected to hit the company’s middle-management ranks especially hard. Bennett said in a May 7 conference call with analysts that Symantec would eliminate between 30 percent and 40 percent of its management positions. “We will have fewer, bigger jobs for our best and brightest,” he said at the time. He also said those cuts would be completed by the end of July.

Symantec reported $6.9 billion in sales for the fiscal year ended in March. Its biggest line of business is its storage and server management segment, which accounted for $2.5 billion, or about 36 percent of sales. It is best known for its consumer-facing security software business, which accounted for $2.1 billion in sales. Sales for fiscal 2013 rose by less than three percent year on year while net income rose four percent. Its shares have risen by more than 18 percent this year.

Update: Shareholders are reacting to the news of the layoffs with a nod of approval. As of 12:05 PM Pacific Time, Symantec shares are up by 27 cents or more than one percent to $22.44.

Zatko joined DARPA, the research arm of the U.S. Department of Defense in 2010 and was a program manager in its Strategic Technologies Office, where he oversaw research intended to help government agencies fend off cyber attacks.

Here’s the original tweet:

Given what we all pulled off within the USG, let’s see if it can be done even better from outside.Goodbye DARPA, hello Google!

April 12, 2013 8:28 pm via Twitter for iPadReplyRetweetFavorite

@dotMudge

.mudge

Zatko first came to fame as a member of the Cambridge, Mass.-based hacking group The L0pht, a sort of unofficial think tank for hackers whose members at the time included people who went on to distinguished careers in computer security, like Chris Wysopal, Joe Grand, and Christien Rioux. He was also a member of The Cult of the Dead Cow, another hacker collective known for mixing hacking prowess with an ability to get media attention.

In the mid-1990s he did some of the early fundamental research on a type of computer security vulnerability known as a buffer overflow, and published some of the first papers on the topic. He later was the principal creator of some important security tools, including L0phtcrack . In 1998 he and other members of L0pht testified before the U.S. Senate, a session in which the group famously proclaimed that with its combined expertise, it could “bring down the Internet in about 30 minutes.”

After that, he and other L0pht members were occasionally summoned to Washington whenever senior officials, including President Clinton (he’s the long-haired guy in the picture), wanted to be seen discussing computer security issues.

In 1999, L0pht went legit and joined with the Cambridge-based computer security firm @Stake, which in 2004 became part of Symantec. In 2005 Zatko joined BBN Technologies as a research scientist.

Inside DARPA, an agency known more for its secrecy and occasionally for the cool things it does, Zatko created a Cyber Fast Track Program, through which hackers working outside government with good security ideas could get funding to work on projects that could help secure Defense Department systems.

Zatko didn’t specify what he’ll be doing at Google, and he didn’t immediately answer an email from me asking for a little more detail, though its a pretty sure bet it will involve doing some kind of research on security. I’ll add more if I hear back from him.

He’ll be the second high-profile DARPA manager to join Google in recent memory. Last year the agency’s former director, and D9 speaker Regina Dugan, joined the search giant.

As expected, the order creates a government working group that will reach out to the private sector to put in place some voluntary standards for companies deemed to be running critical infrastructure — banks, utilities, transportation companies and the like.

The president also addressed some of the concerns in his State of the Union address last night, saying, “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

Industry generally opposes the creation of standards, even voluntary ones, arguing that they tend to become de facto requirements. And there’s almost no point in following them if you can’t get any protection from civil liability if you do. That’s something that can only come from Congress, and the last time it passed legislation on this subject, Obama vetoed it. That bill did contain liability protection provision, but the Administration argued that it didn’t go far enough to protect things like personal data that might be shared between companies fending off an attack.

What the order really amounts to is a starting gun on the renewed push by the White House to get a new cybersecurity bill (I’m already really sick of that word) through Congress this year. Over the summer, the president outlined his concerns in a Wall Street Journal op-ed.

One thing that is happening: Companies in the information security space are seeing their share prices rise today, in part on assumptions that digital securities concerns topping the national agenda could mean new business in the coming year. Shares of Symantec opened higher in early trading, as did shares of Intel, which owns software security company McAfee. Checkpoint Software also rose.

Shares of a few companies are falling: Palo Alto Networks fell by more than 1.5 percent, while Sourcefire, which rose by more than 7 percent yesterday going into Obama’s speech and in anticipation of the order, settled down by more than 1 percent.

Here’s Obama’s executive order in full, as posted to Scribd:

President Obama's Cybersecurity Executive Order, Feb. 12 2013 by Arik Hesseldahl

Yahoo’s Chief Information Security Officer Justin Somaini (pictured here) has left the company, according to sources.

It’s not clear why the top security risk exec has departed the Silicon Valley Internet giant. But, said sources, it could be partially related to the recent hacking issues around the newly refreshed Yahoo Mail, including its vulnerabilities to cross-site scripting, or XSS, attacks. This has been blamed for a surge in spam emanating from compromised email accounts, a problem that some security experts outside the company said Yahoo has been slow to fix.

Along with a number of execs, including Connections SVP Shashi Seth, addressing such issues were within Somaini’s purview. It’s not clear if Seth — who has also been the subject of persistent departures rumors internally over the last few months — will also be getting some of the blame for the embarrassing security problem in a key Yahoo product.

But sources noted that Somaini’s leaving is also part of a wider look at a range of higher-level execs at Yahoo — top staff status is based on Levels, such as L3, L4, L5 — that is now taking place across the company by CEO Marissa Mayer.

Sources noted that Mayer is moving to replace a number of them as she seeks to remake the top ranks of the company, even as some are contemplating departure in the March time frame when their various and sundry stock options and other payouts are realized.

That said, sources said Somaini has been looking to leave too, unhappy with the new regime, as are some others at his level.

His quest for a new job should not be too hard, since Somaini has a strong resume, coming to Yahoo in April of 2011 from Symantec, where he was also CISO. Before that, he worked as a director of information security at VeriSign. He has a very lively cybersecurity blog, too, which you can look at here.

I reached out to Yahoo for comment, but have not heard back as yet.

Dubbed Backupify Winter Release 2012, the revision brings a bunch of new administrative features that large companies running Google Apps might need. Its the first update to the Enterprise Edition of Backupify since it was first launched in August.

The headline features the ability to give administrative control to more than one person across multiple lines of business in an organization. Heads of IT in different departments can, say, rescue a Gmail message deleted by mistake, for those employees with fat fingers.

There’s also a new audit log feature, that lets admins track everything that happens within the Backupify account. So if someone deletes something they shouldn’t have, there a record that includes who did it, the IP address of the machine they were using and a timestamp saying precisely when it happened.

The new version also adds support for accounts within Google Apps subdomains.

Backupify has come a long way since it started up primarily as way for people to back up their Twitter and Facebook feeds, which it still does. The company has 5,000 paying customers and is now backing up more than 1 million individual accounts. It recently boosted its total storage capacity to 400 Terabytes. It now backs up 700 million individual items, and 2.7 billion GMail messages.

In August it announce it had raised $9 million in a Series C round of venture capital funding from Symantec. That followed a Series B last September in a round led by Avalon Ventures with General Catalyst Partners and Lowercase Capital also participating.
 

Greylock will today name Joseph Ansanelli (pictured) as its newest general partner. Ansanelli has a solid history running small independent companies that have a habit of getting acquired by bigger companies. He’s best known for his stint as the CEO of Vontu, a security company that focused on data-loss protection; in 2007, he sold Vontu to Symantec for $350 million. Before that, he ran a company called Connectify that was acquired by an outfit called Kana that had its IPO in 1999. And before that, he sold a company called Trio Development, which he ran as a college student at the University of Pennsylvania, to Apple.

He’s been busy in the start-up scene: He’s been the chairman at mobile security firm Lookout for a few years, and is also involved on the board of Pipewise, and chairman of Smartling.

I talked with Ansanelli for a few minutes yesterday, and I asked him what he looks for in companies. “There’s a difference between invention and innovation,” he told me. “It’s about figuring out where you can find disruptive technology that’s 10 times better than what’s out there; finding that, combined with the right team of people.”

And he’s a big believer in what’s going on in the enterprise, or as I like to call it, the new hotness in tech. “There’s going to be a lot of disruption in that space in the next 10 to 20 years, and a lot of great companies are going to get built.”

“While progress has been made over the last three years in many areas, it was the board’s judgment that it was in the best interests of Symantec to make a change in the CEO,” Mr. Bennett said. He added he believes Symantec’s assets are strong and the company is underperforming. The company said the CEO change isn’t based on any particular event.

Read the rest of this post on the original site »

It has been a long time since anyone thought seriously about the encryption debate that hung over the discussion around privacy rights in the 1990s. It has also been a long time since Phil Zimmermann — creator of the Pretty Good Privacy software that so many people adopted to encrypt their email — was the target of a federal criminal investigation that derived from his making it widely available for download. The government dropped its case in 1996. Today, PGP is the most widely used encryption program in the world. PGP, the company, is part of Symantec, and encrypting your email is now super easy, though most people don’t go to the trouble of doing it.

PGP is the reason Zimmermann is going to be inducted into the Internet Hall of Fame today, at a dinner in Geneva. Which, of course, raises the question: What is he doing these days?

The answer: Launching a new venture. It’s called Silent Circle, for which Zimmermann has teamed up with two former Navy SEALs and one of his PGP Corp. co-founders. The plan is to offer encrypted email, encrypted mobile calls, encrypted VOIP teleconferencing and encrypted instant messaging, all in one place.

Joining Zimmermann in Silent Circle are Mike Janke, a former Navy SEAL sniper, special operations communications expert and privacy advocate; Vic Hyder, another former Navy SEAL and founder of Maritime Security; and Jon Callas, a cryptographer and Zimmermann’s co-founder of PGP Corp., whose current day job is CTO at Entrust.

Silent Circle will offer services both to consumers and corporations, but also to human-rights groups, dissidents and nongovernmental organizations working in dangerous or sketchy places where governments tend to monitor communications. There’s also a promise of no backdoors offered for any individual, organization or government.

Though Silent Circle is now running a private beta, the plan, as I understand it, is to launch a public beta on July 15. We’ll hear more about it then.

Update: I initially spelled Zimmermann’s name with only one N. Sorry about that.

Those fears were theoretical for a while. If you could attack the industrial computers controlling nuclear centrifuges and make them explode, as happened in the case of Stuxnet, you could, in theory, use the same approach to attack industrial computers controlling critical infrastructure in the U.S. The only thing needed is knowledge about vulnerabilities lurking in those systems.

The bad news is that, as of yesterday, those vulnerabilities are no longer a theory. The good news is that the good guys found them first.

Yesterday, researchers for a volunteer program called Project Basecamp have discovered three vulnerabilities inside a common model of industrial computer known as a programmable logic controller (PLC). These PLCs basically sit between a regular computer running Windows and a big piece of industrial equipment — say, a pump or a generator or a nuclear centrifuge.

PLCs are part of a larger set of industrial computers known as Supervisory Control And Data Acquisition (SCADA) systems. Security research into SCADA systems has increased dramatically since the revelation of the Stuxnet worm in 2010.

The work was done by researchers at Digital Bond, a security research firm specializing in work on SCADA systems. What they built was a software module called “modiconstux,” which carries out a Stuxnet-like attack on a PLC device called a Modicon Quantum, made by Schneider Electric.

Borrowing techniques learned from the Stuxnet worm, modiconstux does two things: It downloads the current set of instructions the PLC is using — a set of programming commands known as “ladder logic” — giving the attacker the ability to understand what the PLC is doing day in and day out. This is key: If you’re going to hijack a PLC to make the machine it’s controlling explode, you have to first understand the process you’re going to sabotage.

The second thing that modiconstux does is upload new ladder logic. The classic example I think of in explaining this comes from the first public demonstrations of Stuxnet carried out by researchers at Symantec. In that case, a Siemens PLC had been programmed to blow up a balloon by instructing a pump to send a certain amount of air to the balloon and then stop. After being hijacked by Stuxnet, the logic was changed in such a way that the pump didn’t stop, and the balloon popped. Not very menacing, but if you use your imagination, you can see that popping balloon as a metaphor for a lot of very dangerous outcomes.

What’s even scarier than the outcome is the fact that the exploit works without any actual computer hacking having to take place beforehand. Dale Peterson, Digital Bond’s CEO, said the attack works because the PLC is insecure in the first place. There isn’t so much as a password required to download the existing ladder logic, nor to upload the altered ladder logic. And if that PLC is connected to the Internet in any way, it is wide open to attack.

The team also released two other vulnerabilities. One tells the same Scheider Electric PLC to stop, essentially freezing it in place until it can be reset. The third is a vulnerability for a type of PLC device made by General Electric.

The vulnerabilities have been released to the wider world through Metasploit, an open source vulnerability monitoring service that’s owned by Rapid7, a Cambridge, Mass-based company that specializes in helping companies stay ahead of new computer security vulnerabilities. Metasploit subscribers can download the exploit code and test it on their own systems, and demonstrate simulated attacks that in all likelihood will scare the heck out of their bosses.

It should also scare the heck out of legislators and policymakers who have talked incessantly about the need to prepare for a “cyberattack.” Chances are, the next time there’s a serious conflict, attacks carried out by way of a computer will be used to sabotage infrastructure, sow confusion, interfere with logistics and so on. Stuxnet proved what could be done, and what to that point had generally been considered only a theory.

Created by parties unknown — though the smart money says it was Israel, with some help from the U.S. — the Stuxnet worm burrowed its way into PLCs at an Iranian nuclear installation, made the centrifuges spin too fast, and caused some of them to explode. The Iranian nuclear enrichment program was thought to be set back by anywhere from one to two years.

Since then, researchers have been on the lookout for the next Stuxnet, assuming that a second worm would be easier to construct. They’ve also been studying the inherent weaknesses in SCADA systems like PLCs. What they’re finding should give us all pause.

Motive

As the saying goes, people are motivated by either greed or fear. I think for many big companies, it’s more the latter. And Microsoft has a lot to be scared about.

If you poke behind its $71 billion in revenue and 39 percent operating margins, 30 percent of the goldmine comes from multiyear volume licensing agreements, which Microsoft calls Enterprise Agreements (EAs). According to industry analyst firm Forrester Research, “these profitable agreements bring in the kind of regular revenue preferred by financial-market analysts that monitor Microsoft’s performance.”

What motivates a customer to sign up for an Enterprise Agreement instead of simply buying Microsoft products, like Office, off the shelf? Well, historically, Microsoft pitched EAs as a way to ensure you can cover your workforce with Microsoft products at a discounted price level.

With companies investing in post-PC devices like smartphones and tablets, and evaluating alternatives to Microsoft productivity solutions, such as Google Apps or Salesforce.com, CIOs are starting to wonder whether renewing their EA is still a top priority.

In response to this threat, Microsoft is now pushing its Software Assurance (SA) licensing model, which allows customers to upgrade to newer products and also use its cloud services. The reason for the possible shift, Forrester says, is that “the twin revolutions of client mobility and cloud servers will kill device-based licensing, which is Microsoft’s existing model.”

So if Microsoft doesn’t embrace the cloud in a big way, the EA gravy train could come to an end.

Means

Apple is cool. Facebook is friendly. And Google isn’t evil. Yet look across a sea of computers in a typical company, and you’ll still see Microsoft everywhere.

And I’m not just talking about Windows. Microsoft has two key assets that will help it win the enterprise cloud:

• Office: While the Web and Web-based apps are fabulous for consuming content and even collaborating around it, Microsoft Office is still the standard in productivity to create corporate content. Love or hate those PowerPoint presentations, but they are still how most companies run. And for flexible analysis, Excel is unmatched. Heck, the Macintosh Business Unit at Microsoft (which is primarily Office for Mac) is a $350 million business on its own.
• Outlook/Exchange: For many workers, Microsoft Outlook (with Microsoft Exchange Server on the backend) is the first thing they boot up to start their workday, and the program they remain in all day long. According to industry analyst firm Radicati, 301 million corporate mailboxes used Outlook in 2010. Indeed, some companies have switched from Microsoft Outlook/Exchange to Google Apps and back, because users are too addicted to the interface and functionality of Microsoft Outlook.

So Microsoft still owns two of the key ways “knowledge workers” work with knowledge.

Opportunity

Microsoft isn’t working from a standing start. It actually jumped into the cloud relatively early in 2008 with its Business Productivity Online Suite (BPOS), a hosted platform for collaboration. While BPOS suffered from many challenges, mainly because it was based on a platform that wasn’t designed for the cloud, Microsoft made it clear several years ago that they are “all in” as a company in the cloud.

This year, after many delays and much anticipation, Microsoft finally announced its first platform built for the cloud, Office 365. The new version of Exchange is finally on par with its on-premise alternative. Microsoft SharePoint Online is now flexible enough to meet many enterprise use cases. And Microsoft Lync Online, a real-time chat and videoconferencing system, could be a game changer for company productivity.

In parallel, Microsoft is working away on Windows 8, its big bet on the tablet revolution. With all of Microsoft’s failed past attempts at mobility and tablets, some level of cynicism is expected. But some believe Microsoft’s conviction is real. If Microsoft even gets it 80 percent right on tablets, they will likely win in enterprises that are used to the manageability of Windows, and will be attracted to the inevitably deeper Office integration.

Conclusion

Don’t get me wrong: The innovation in the cloud is coming from all over, mainly from start-ups. For many of these start-ups and other non-enterprise organizations, a non-Microsoft approach will likely be the winner. But for the millions of you working in corporate America, Microsoft is probably the one bringing the cloud to a desktop near you.

Nick Mehta is CEO of LiveOffice and has served in senior operating roles in the enterprise and consumer technology markets for much of his career. He spent more than five years at Symantec Corporation and Veritas Software Corporation (now Symantec), where he served as vice president and general manager of the Enterprise Vault information archiving and discovery software business.

Many industry pundits have talked about the Consumerization of the Enterprise — the idea that enterprise users expect the mobility, integration and ease of consumer technologies in their work lives. People often cite the move to user-purchased mobile devices like the iPhone or user-provisioned collaboration services like Box, DropBox and Yammer as evidence of this phenomenon. And because many of these services have freemium models, IT departments are finding that huge numbers of their employees are already using these services for business purposes in addition to personal ones. So in many ways, consumer expectations are driving the ways enterprise CIOs think.

But what about the other side of the phenomenon? Eddie Murphy’s character Billy Ray Valentine influenced Dan Aykroyd’s character, Louis Winthorphe, III, as much as the reverse. What’s less discussed — but equally fascinating — is the impact of enterprise requirements on the consumerization trend.

Many of the aforementioned start-ups initially focused entirely on end-user needs, providing simple user interfaces and sign-ups, and building multi-million user customer bases in the process. But as these vendors switched focus from user acquisition to monetization, they realized some IT department requirements are legitimate, and more importantly, are barriers to sale.

The most recent example: Box. Box founder Aaron Levie probably never imagined his company would be working with enterprise IT directors in designing his product roadmap when he started his file sharing company, but nonetheless it recently announced partnerships and integrations around identity federation, mobile security, e-discovery, and other IT-centric areas.

In contrast, DropBox has continued to focus heavily on end-user adoption with limited IT focus. Indeed, their total reported user counts dwarf those of Box or any other service. Yet the CIOs I’ve spoken with had a proliferation of users on DropBox and Box when they decided to standardize on a collaboration service. Despite the fact that their companies may have had more DropBox users, Box’s enterprise functionality tipped the scale in its favor. So while user adoption gets you in the door, without some enterprization you don’t get the sale.

Similarly, for Google’s Enterprise team, bringing Gmail to companies involved a lot more than just learning how to charge for the service. Google has spent the past several years trading places with Microsoft, investing in policy management, security, compliance and other IT-centric functionality to address early inhibitors to adoption. And it has worked. Analyst firm Gartner now sees Google as a viable alternative to Exchange for enterprise collaboration.

Indeed, even in the truly consumerized world of mobile devices, iPhones and Androids don’t roam free in most large companies. Many security-sensitive organizations are investing in Mobile Device Management (MDM) solutions like those from Good, MobileIron, Zenprise and Symantec, to bring enterprise manageability to smartphones.

The Enterprization of these traditionally consumer apps is going to center around three legitimate enterprise requirements:

1. Data ownership: While enterprises are excited to leverage the flexibility and fluidity of cloud apps, the idea of an enterprise’s intellectual property spread across hundreds of cloud services, many times in user-provisioned accounts where the enterprise has no access, is scary. What if the company is involved in a lawsuit and has to put a user’s data on legal hold? How can the company recover data if the cloud service loses it? And most importantly, how can the company get its data back if it wants to change services? Tough questions if the data is trapped behind a user’s personal cloud account.
2. Data security: Similarly, the thought of sensitive customer information living in cloud accounts where users choose passwords like “password” or, for the more secure, “password1,” is nerve-wracking to a security officer. How can the company ensure that its data is protected with strong passwords? When an employee leaves, how can the company revoke access to all cloud apps at once? Without company administrative rights, the enterprise is dependent on the judgment of the user.
3. Data compliance: Whether data is stored on your G:\ drive or in Gmail, if it’s work-related, for the most part the same compliance rules apply. While SOX, FRCP and GLBA are not as sexy as FourSquare, Angry Birds and AirBnB, they are still critical for most companies. How can companies meet regulatory requirements around searchability, records retention, logging and other areas?

The real challenge as start-ups address the needs of enterprises is to maintain the core value that earned users in the first place. If they add every feature IT asks for, will the products lose their usability? If they make it easier to lock down access to the systems with two-factor logins when you can’t remember one factor, will users revolt? If these tools were used to get around IT, will the fact that they can now be monitored scare users away?

Time will tell. But this grand experiment would make the “Trading Places” brothers proud. And a lot more than $1 is at stake.

Nick Mehta is CEO of LiveOffice and has served in senior operating roles in the enterprise and consumer technology markets for much of his career. He spent more than five years at Symantec Corporation and Veritas Software Corporation (now Symantec), where he served as vice president and general manager of the Enterprise Vault information archiving and discovery software business.

As happened last week to its centralized marketing division, Yahoo has broken up its Customer Advocacy organization, with its staff distributed to the various regions and the product unit of the Silicon Valley Internet giant.

Customer Advocacy has been led by EVP Jeff Russakow, whose fate is now similarly unclear as it is for CMO Elisa Steele, whose division was diced up to the regions last week.

Both execs — who were hired by fired CEO Carol Bartz — plan to remain at the company until at least January, sources said.

Russakow, according to his Yahoo bio, has had “global responsibility for all of Yahoo!’s customer support functions, including audience, small business, ad operations, and search network quality.” He came to Yahoo from previous jobs at Symantec and Adobe.

Interim CEO Tim Morse sent a memo to employees about the change, noting Russakow is looking for his next opportunity, using much the same language as Steele used in her internal email.

The moves are interesting, given Yahoo’s current effort to find a new strategy, which includes a possible sale of all or parts of the company. But there is also a strong sentiment within the company to reorganize around strengthening its advertising platform and products.

I have a call into Yahoo PR for comment (but let’s assume I am accurate about this, shall we?).

More, obviously, to come.

Next we saw Violin Memory — which makes flash-based storage arrays that are intended to make enterprise applications run faster — land $40 million in venture capital funding.

Now we see a third player entering the “flash madness” narrative. Pure Storage is coming out of stealth today, announcing its plans to sell flash-based storage arrays. It is also announcing that it has landed a $30 million C-round led by Redpoint Ventures, with Samsung Venture Investment joining. (Yes, that would be the venture capital arm of the South Korean electronics giant that happens to be the world’s biggest manufacturer of flash memory.) Greylock Partners and Sutter Hill Ventures also participated. The latest round brings Pure’s total funding raised to date to $55 million.

So what is Pure Storage all about? I met up with CEO Scott Dietzen last week and got the download.

The fundamental problem with enterprise storage is that hard drives just can’t keep up with everything else that’s gotten faster in the data center. Flash memory is fundamentally faster, it uses less energy and it takes up less space. We all know this.

The problem with flash is that it has always tended to be more expensive than hard drives. Today, you can buy a one terabyte hard drive for $100 or less. But just try getting that same amount in flash memory and see if the price isn’t, well, a lot higher.

The same principles apply in the data center. CIOs would love to convert to flash-based systems, as long as they’re reliable and affordable and work with the applications and other hardware they already have.

Pure Storage is essentially promising to deliver just that, Dietzen says. The company’s first product is an all-flash storage array that is 10 times faster and 10 times smaller than hard-disk-based systems. It’s called the Pure Storage FlashArray, and it is being aimed at mainstream enterprises in a manner that’s easy to deploy.

Pure’s founders are John Colgrove — one of the founding engineers at Veritas, now part of Symantec — and John Hayes, a founding engineer at Bix, which was ultimately swallowed up by Yahoo. Dietzen hails from Yahoo as well, by way of its acquisition of Zimbra, where he was CTO.

An early key hire was Michael Cornwell, who was lead technologist for flash at Sun Microsystems (now part of Oracle). Cornwell also worked at Apple, where he was Manager of Storage Engineering for the iPod division, and oversaw that product’s transition to — you guessed it — flash memory. Remember the first iPod nano? That was his baby.

Another key name: Greylock venture partner Frank Slootman, the former CEO of Data Domain, is on Pure’s board.

So what’s so special about a storage array built on flash memory? “Disks get slower every year,” Dietzen says. “Intel says processors have gotten 175 times faster over the last 15 years.” Disks just keep getting more data packed onto them, which doesn’t really make them any faster. The mechanical arm inside the disk that grabs data from the platter really can’t go much faster. “Disks today are comparably slower than tape was 15 years ago,” he says.

This creates a problem. Storage needs are going up, but hard drives are slowing data centers down, preventing them from reaching their full potential. It’s only because of cost — about $5 per gigabyte — that hard drives are still appealing. Enterprise-grade flash, on the other hand, tends to cost $40 to $100 per gigabyte, and because flash is historically less reliable, you have to buy double what you really need.

Pure’s play is to get over the cost hurdle. Dietzen says the company can get the cost down to $5 per gigabyte and less.

How does it do that? By reducing the amount of data you actually store. What happens in enterprise environments is that various bits of data get copied and recopied, over and over. Imagine a big filing cabinet with 50 copies of each document scattered around in different folders, when you really only need one. Suddenly the size of that file cabinet need not be so big. The same applies in data storage: Why bother having 10 copies of the same block of data, when one or two will do?

Using a technique known as deduplication, a system can eliminate all those unneeded copies and thus streamline the whole operation. Deduplication, combined with compression, was the primary principle behind Slootman’s Data Domain, which is now part of EMC.

But deduplication is expensive on hard drives, and really doesn’t make sense. Because the mechanical arm in a hard drive is always searching around for where its next needed block of data is to be found, if you employ deduplication, you end up with a bunch of reference signs telling the arm where to go, Dietzen says. The end result is that the disk has to spin more, not less. Flash memory chips don’t have that problem. “We make that process fast, because there’s no performance hit to the deduping process,” he says.

On top of that, Pure has created some algorithms that make the process a lot more granular than on hard-disk-based systems, by working with smaller disk-sector sizes. How small? He wouldn’t say exactly.

Unlike other storage companies — like, say, EMC — Pure’s array, Dietzen says, is built from the ground up for running flash. “The disk-centric companies are slotting flash into places where disks used to be, but they’re not changing the software to take advantage of the flash, to protect the flash from uneven wear and other things.”

A few early companies have tried the hardware, among them the law firm of Fenwick & West, whose CIO Matt Kesner is quoted in Pure’s press release as saying that the data used for various workloads was reduced from 50 to 90 percent.

One key thing that’s going on in the data center these days is virtualization — running several virtual computers within one single physical computer. When you run a lot of virtual machines, you have a lot of data that, like the paper in that big file cabinet, is essentially the same. Dietzen says that Pure’s flash array is able to eliminate a lot of that data. “Even if those virtual machines are a mix of Windows and Linux, there are a lot of commonalities between them,” he says. It’s not uncommon to see the data footprint for virtual machines reduced by a factor of 15 or 20 to one.

And that has caused some interesting reactions among early customers trying out the array. “Some people try it and are shocked when they put 15 terabytes on it and see there’s only one terabyte and think we’ve lost a lot of their data,” Dietzen says. “It’s a little scary at first, but then they run all their workloads and see all the data is there.”

Facebook referenced Symantec’s assistance Tuesday in a blog post announcing it would require all developers to use a more secure combination of HTTPS and OAuth 2.0 (which allows users to connect various Web apps to each other without resupplying their passwords) by October 1 of this year.

Following hacking attempts attributed to Tunisian government censors a few months ago, Facebook had started giving users the option to route its site through more secure HTTPS servers. But many third-party app developers have yet to revise their Facebook apps to support HTTPS, too.

Facebook downplayed the significance of Symantec’s discovery, issuing various comments saying it has found no evidence that the loophole enabled users’ private information to be shared with unauthorized third parties.

“Over the past few weeks, we determined that OAuth is now a mature standard with broad participation across the industry,” said the Facebook developer blog post, authored by Facebook’s Naitik Shah.

Please see the disclosure about Facebook in my ethics statement.

The company’s 16th report still sees attacks in which specific industries or even individuals, are targeted as one of the main threats, but highlights the developing vulnerabilities that social media and mobile devices open up.

The report identified more than 286 million unique variants of malware, which together were responsible for 3.1 billion attacks on computer users in 2010. The number of attacks delivered via the internet almost doubled, Symantec reported a 93 percent increase in the volume of Web-based attacks in 2010 over the volume observed in 2009. Shortened URLs appear to be playing a role here too. During a three-month observation period in 2010, 65 percent of the malicious URLs observed on social networks were shortened URLs.

Read the rest of this post on the original site

The story comes only days before Apotheker, whom Bloomberg’s Aaron Ricadela describes in one passage as a “peripatetic polyglot,” is to have his formal public debut next Monday before an assembled mass of reporters and analysts at HP headquarters in Palo Alto. (I’ll be there.) The story drops a lot of the same hints that have been making the rounds for some time. HP is going to be shopping for software companies. We heard that hint last year from key HP execs like Marius Haas.

So whom might HP buy? An analyst trots out the usual list of targets: Informatica, BMC Software, SAS, Symantec are among them. Apotheker himself rules out two: SAP and Salesforce.com. HP has “no interest” in SAP’s business and financial software–and being a former SAP CEO, he would know whether its a worthy target or not–or in Salesforce’s cloud-based CRM product. His eschewing of Salesforce probably has more to do with its lofty $17 billion valuation than with its actual line of business. HP has about $11 billion in cash plus another $14 billion or so in borrowing resources, according to its 10K.

A fund manager that holds HP stock argues in the story, as so many others have, that the company is missing out on the cloud computing trends. Apotheker doesn’t seem to express any interest in it whatsoever. He goes on to talk about how HP will put webOS, the smart phone/tablet operating system it acquired when it bought Palm last year, on all its PCs. The idea is to get software developers interested in writing applications for webOS. Well, that’s kinda cloudy, maybe.

Apotheker also says the Mark Hurd era of zealous cost-cutting is over. Product quality is in. Those quality-assurance experts that Hurd fired? Those jobs are coming back. Machines that work right when they’re first turned on, incur lower service costs over time, he says: “We have cut enough costs.”

The attack, which cropped up Tuesday evening, was attached to multiple applications posted to both the Google-run store and various third-party app markets.

Although Google managed to expunge the 50 or so affected apps within minutes of learning of their presence in the store, the fact they made it that far indicates the game is changing. In the latest attack, the malicious code was attached to legitimate applications, but also was collecting identifying data from the phone and sending that information to a remote server.

Experts have warned for a while now that as smartphones gain traction, there will be an increasing number of attacks. Anti-virus firm Symantec says that threats have been increasing significantly in recent months after being quite rare, often limited to more proof-of-concept type exploits.

Not only are today’s smartphones the equivalent of a desktop computer, each one has a connection to not only personal information and the Internet, but also to a carrier billing system–putting would-be attackers one step closer to where the money is.

“For first time in history, a malicious attacker can send a packet of data and money goes flying,” said John Hering, CEO of phone security software maker Lookout Mobile Security. “Think about that.”

Already there have been attacks that cause an infected phone to send a premium text message, generating instant revenue for the attackers. Those attacks, against both Symbian and Android, have been confined largely to Europe and Asia–areas where premium SMS is more common and where carriers are sometimes less vigilant about monitoring traffic, Hering said. An attack in December, centered in China, took a significant amount of data from Android phones and sent it to remote servers.

That the phone has been seen as less vulnerable than the PC is largely an artifact of the fact that the devices have only recently gained powerful operating systems and fast Web connections.

“It’s not like phones are inherently safer than computers,” Hering said. “It’s just been more attractive in the past to attack computers.”

In general, Android malware has been attached to applications–often to legitimate applications–and posted to various third-party stores, rather than to the Google-run Android market. Indeed, sticking to the official stores has been one of two major recommendations from security experts (the other is to pay careful attention to what permissions an app is requesting).

Keeping up to date on a phone’s operating system can also help. Droid Dream, for example, exploited a security flaw that was closed with the Gingerbread release of Android. However, unlike on the PC side, users don’t always get to choose which updates they install, as carriers and device makers often get a say in which apps are provided to customers.

The Android attack is also sure to raise the question of whether an open platform is less secure than a more closed one and also whether it is better to have a curated market or one that is community-managed. Hering said it is not fair to say that Droid Dream suggests Android is more vulnerable, noting that both open and closed systems have their benefits. Open-source code does mean everyone can look at things, but it also gives the community a chance to report flaws before the bad guys do.

Naturally, there is also a market that has emerged for security software that can be installed on a device. Lookout and Symantec both offer phone products, and Hering said that Lookout’s software was updated within hours to protect against infected applications from both official and non-official sources.

Given how quickly Google removed the infected apps, it still makes sense for the cautious to stick to the Android market. However, it is clearly not a failsafe.

The other big recommendation is to not just blindly click OK to all those warnings that pop up when installing an app. On Android and many other platforms, users have to explicitly give an application permission to do certain things, such as access location data or make phone calls.

“If someone is downloading a scientific calculator and it wants to send text messages, it should raise some eyebrows,” said Vikram Thakur, a principal security response manager at Symantec.

Lookout raised $11 million in Series B funding back in May.

The company was launched in 2007, with its founders taking 18 months to develop a new core technology focused on mobile devices. While some of the big-name security firms are in the mobile arena, their approaches are brought over from desktop and PDA security efforts, CEO and co-founder John Hering told Mobilized.

“I think there’s a very reasonable opportunity to create the next Symantec but built around the mobile platform,” Hering said, noting that over the next three to seven years mobile devices will become the primary computing device for millions of people.

Although threats to mobile devices are still comparatively rare, their highly mobile and always connected nature makes them an increasingly attractive target for those seeking to do harm. A year ago, Hering said that most attacks were proof-of-concept or attacks for notoriety. This year, though, has seen the rise of financially motivated malware, including an attack on Android where an app posing as a movie player sent premium SMS messages costing infected users $5 a pop. A separate attack in China infected more than one million phones, Hering said.

Lookout aims to stop those kinds of attacks and also allow capabilities like device tracking and remote wipe capabilities. Its software currently works on Android, BlackBerry and Windows Mobile (but not the new Windows Phone 7) operating systems. Hering said the company plans to expand to other popular operating systems and said some of the new funding will be used to expand to new platforms.

Ping Li, a partner at Accel and a board member at Lookout said the company’s approach of splitting work between the device and the cloud to more efficiently work on a mobile device is part of what attracted him to the company. He also pointed out that Hering and his co-founders are in their twenties and just have a different awareness of the devices than their older competitors.

“They grew up hacking mobile phones,” Li told Mobilized. “They never grew up hacking PCs.”

Part of growing as a security company is having the right product in place when a new threat emerges, Li said, pointing to Webroot, which came out of nowhere to become a significant business when spyware emerged as a major security issue.

The company has more than four million users of its software, although the vast majority are getting the software for free. The company recently launched a $3 per month premium service, but Hering won’t say how many customers it has.

Hering said Lookout’s model aims to follow that of desktop antivirus firm AVG, which has a popular and well-known free product but makes money by selling a premium service.

As for whether the company could make an attractive acquisition target for another security company looking to jump-start its mobile efforts, Hering was noncommittal.

“We’re just trying to keep up with the growth,” he said.

The closely held firm was co-founded by former Microsoft Corp. chief technology officer Nathan Myhrvold, who had avoided litigation for years but never ruled it out.

Intellectual Venture’s lawsuits focus on patents in the fields of computer security and semiconductor technology. One suit names Symantec Corp., McAfee Inc., Trend Micro Inc. and Check Point Software Technologies Ltd.

Read the rest of this post on the original site »

Dubbed “Hack is Wack,” the competition invites aspiring law-loving lyricists to bust some malware rhymes on video for a chance to win an all-expenses-paid trip to L.A. to see a Snoop concert and “meet with select members of Snoop Dogg’s management team,” plus every gangsta’s dream: A Toshiba laptop with full Norton security suite (word to your sysadmin, yo).

“We’re trying to get people to raise awareness by making a rap song about cybercrime,” Snoop Dogg told Security Week, noting that his brand will inevitably bring mass attention to this important issue. “Come on man, you know when my team come after you, we gonna get you.”

My God, what an unfortunate alliance this is. I had no idea street cred was so important to the antivirus software industry.

What the hell is Symantec’s PR team smoking, you ask?

Evidently some of the same stuff Snoop is so fond of.

With a flick of the switch today at 5 pm PT, a critical chapter in Silicon Valley will finally go dark.

That’s when AOL (AOL) officially moves out of the legendary HQ buildings of Netscape Communications in Mountain View, Calif.–along Ellis Street and East Middlefield Road–to new, snappier digs it is subleasing from Google (GOOG) in Palo Alto on Page Mill Road.

AOL will occupy one floor in the new space, while the first floor will be dedicated to start-ups and entrepreneurs.

AOL bought Netscape in late 1998 for $4.2 billion and located its office where the iconic but doomed browser company had made Internet history.

It was the spectacular August 9, 1995, IPO of Netscape that heralded in the dot-com boom for the Web, showering down wealth and fame on its employees, such as co-founder Marc Andreessen.

BoomTown came out to visit Netscape then, right in the middle of those glory days, and I will always recall its vibrant campus as a hubbub of activity and games that were the template for all other digital companies to follow.

No longer–AOL’s new location, said the company’s man-in-Silicon-Valley Brad Garlinghouse, is better for the future as it seeks to reinvent itself.

Netscape, as most know, is no longer used by AOL as a brand or supported technology.

“Fundamental to change at AOL is a cultural change,” Garlinghouse said in an interview yesterday. “For good or bad, those buildings are full of ghosts and we need a new space to start a new chapter.”

Plus the new space is closer to the train and a lively street life (you can see a rendering here).

“AOL is trying to reestablish its tech presence as we grow,” said Garlinghouse of the more than 200 employees in the area. “This is part of that.”

AOL’s new HQ is the former headquarters of Agilent Technologies (A), and Garlinghouse said Symantec (SYMC) will take over the old Netscape space.

The beat, as they say, goes on.

Accel Partners has been pretty busy handing over giant wads of dough to start-ups this week–and today is focusing its largess on San Francisco-based Lookout, a smartphone security provider.

The Palo Alto, Calif.-based venture firm will be the lead investor in an $11 million Series B funding round for Lookout, which offers solutions to protect phones from malware and viruses, back up and restore valuable data and help users find their phones in the event they are lost or stolen.

Accel Partner Ping Li will join the start-up’s board.

Lookout currently works only on phones using Google (GOOG) Android, Research in Motion (RIMM) BlackBerry and Microsoft (MSFT) Windows Mobile operating systems.

Previous venture investors Khosla Ventures and Trilogy Partnership are also participating. The pair, along with angel investors such as Chris Sacca, had already put $5.5 million into Lookout late last year. The company was founded as Flexilis in 2007.

Lookout said the former CEO of Vontu and executive at Symantec (SYMC), Joseph Ansanelli, would become chairman of Lookout and that it had brought in other execs, including a former Yahoo (YHOO) staffer. Ansanelli has been an angel investor in Lookout.

Here’s the official press release:

Lookout Closes $11 Million in Series B Funding Led by Accel Partners

Explosive Growth in Smartphone Market Underscores Need for Mobile Security

SAN FRANCISCO–May 18, 2010–Lookout, the leader in smartphone security, today announced an $11 Million Series B round of funding led by Accel Partners with Khosla Ventures and Trilogy Partnership also participating. The company also announced that it has added several new executives to its leadership team, including former CEO of Vontu and executive at Symantec, Joseph Ansanelli, as Chairman of the Board.

“The smartphone market is exploding, and consumers are downloading third-party apps by the hundreds, making security an increasingly vital component of the mobile market,” said Ping Li, Partner at Accel Partners, who will join the board. “Consumers need to know that their applications, their data, and their phone itself are protected. We are excited to work with Lookout as they continue to extend their lead in this dynamic market.”

The global smartphone market grew more than 50% during the past year and as a result, consumers have been introduced to thousands of third-party applications across leading mobile platforms through app stores and downloaded sites. The Android Marketplace alone gives consumers access to more than 50,000 applications. While they enjoy the benefits of these applications, consumers are often unaware of the risks that accompany their increased data and application usage. Similar to the PC market, as consumers do more with their phones, they need protection from threats such as mobile viruses and malware, data loss and theft of the phone itself.

Lookout has developed cross-platform, cloud-connected applications that immediately identify and block threats before they compromise a consumer’s mobile phone, backup and restore mobile content, find a lost or stolen phone and wipe data from a phone if necessary. Available now on more than 400 mobile networks in 170 countries, Lookout prevents thousands of malicious applications, finds countless lost phones and restores important information for users every month.

“We are thrilled to receive such enthusiastic support from Accel Partners,” said John Hering, CEO and founder of Lookout. “Their backing is recognition of Lookout’s accomplishments to date and a testament to the importance of this market. With this additional financing, we’ll continue to invest in new technology and infrastructure so that we can provide the most comprehensive smartphone protection available to millions of consumers worldwide.”

Lookout Executive Additions

Joseph Ansanelli brings his extensive knowledge of security to Lookout as Chairman of the Board. Prior to Lookout, he served as CEO and co-founder of Vontu, turning the company into the leading provider of data loss prevention solutions before being acquired by Symantec in 2007.

In addition to Ansanelli, Lookout has also added several key members to the company’s executive team including Eric Bothwell as vice president of engineering, who formerly held engineering leadership positions at Vontu and Symantec; Chris Jones as vice president of product management, formerly senior director of portfolio product management at Symantec; and Julie Herendeen as vice president of marketing, formerly vice president of network products and advertising solutions for Yahoo! Inc.

Symantec Corp. (SYMC), the security software company behind such programs as Norton, every month cleans out its industrial-sized spam filters and issues a monthly State of Spam & Phishing report based on the result. In its April 2010 report, the company found the tea leaves suggest economic prospects are picking up, at least according to spam email using economic terms.

“While the United States consumer sentiment remained unchanged in March 2010, top ten subject lines containing economic keywords show that spammers have an optimistic view of the economy with job offer spam among their top spam subject lines,” Symantec said in its report.

Read the rest of this post on the original site