Just a few months back you might have thought that Mandiant had etched the trend and term Advanced Persistent Threat (APT) in the top position on the cybersecurity wall of fame — that may not end up being the case. While APT will certainly live on and continue to be overused and reported on at every twist and turn, the NSA-Prism-Snowden debacle is destined to give birth to yet another trend, term and marketing battle cry in IT security — something along the lines of “Advanced Surveillance Attack” (ASA). ASA (or whatever the term ends up being) will be used by media and analysts to describe the kind of infiltration that the NSA and other nation-backed players have demonstrated they are capable of executing. Security vendors and their marketing teams will quickly look to capitalize on a term to describe how they can help organizations defend against such activities, touting their newly defined solutions that prevent seizure of data and eavesdropping on private communications.
Now that we know the NSA and every good and bad guy out there (you decide which the NSA is) are after every bit of information they can siphon from the Internet or grab through court order, all organizations, enterprises and others, are going to have to take steps to prove they have reduced the risk of falling victim to, well … an ASA.
This is especially true when you take into account that analyst firms and industry associations have reported that NSA-driven losses to US businesses could be in the multi-multi-billion dollar range, as reported by analyst James Staten on his Forrester blog: http://blogs.forrester.com/james_staten/13-08-14-the_cost_of_prism_will_be_larger_than_itif_projects.
Marketing Opportunity Knocks
NSA revelations present a unique marketing opportunity for security vendors. You might argue that John McAfee, although he hasn’t coined a term, has been the first to capitalize on the concept, having just announced Decentral, a pocket-sized gadget he says with thwart NSA surveillance attempts. McAfee, however, is messaging to the consumer, not the enterprise.
The first enterprise vendor to take advantage of the current situation by bringing a term to market is going to be perceived as a thought leader of sorts as well as a provider of the ultimate enterprise defense — one that can stand up to even the most advanced infiltration capabilities. idcloak Technologies, having just announced New Global Privacy Network Marks New Dawn For The Internet, is closest to making the enterprise connection, but it is going to be difficult for anyone to believe, and for the company to prove, that the product is anything more than a VPN. Moreover, technology alone can’t defeat the NSA, FBI, CIA or any other government entity.
What will the first real ASA protection provider look like and how will it market its goods? For certain, it will have to be more than just a technology company. It will need to offer everything from legal services that can repel Foreign Intelligence Surveillance Court (FISC) orders, protection for a global network of whistle blowers and an “ASA Resistant” seal of approval. A seal that lets customers know that steps have been taken to ensure their information is secure.
I can imagine what such a company’s launch press release headline and sub head might look like (fictional name added as a placeholder):
Advanced Defense Services is First to Provide Defense Against Nation-Backed Digital, Physical and Legal Actions Designed to Seize Private Data and Eavesdrop on Communications
Emergence of the Advanced Surveillance Attack (ASA) requires all organizations — enterprises and government agencies alike — to prove to stakeholders, customers, clients and prospects that they have the ability to defend data and communications from all forms of infiltration attempts
Without getting too deep into how the release copy might read, the product offering lineup is undoubtedly going to be along these lines:
1) Surveillance attack risk assessments
2) Guidance on how to reduce the risk of advanced surveillance attacks
3) Legal services that stop and eliminate surveillance attacks and data seizure activities
4) Surveillance intelligence services that includes a network or legally protected whistle blowers
5) A seal validating an organization has done all that is possible to reduce surveillance attack risks
To read the full article By Joe Franscella visit: www.securityheavy.com