Blancco offers data erasure tools. This area will soon be seen as important for compliance and archiving purposes.

Capabilities

• As readers may be aware, deleting a file is unlikely to really delete the information. Chunks of the information remain. It’s hard to get rid of information.
• That’s what Blancco does. Cutely, it describes itself as a offering “tools of mass data destruction.” Typically every bit is flipped several times, randomly. Initially this was done at disk level, now it’s also done at the file level.

Customers

• Main customers are PC refurbishers who clean up hard disks and PCs.
• Blancco is starting to sell to storage systems vendors such as Sun, HP, and EMC, so they can provide deep data expunging.

Company Statistics

• Profitable.
• Calendar 2007 revenues 2.4M euros ($3.6M), with 240K euros ($360K) net profit.
• Calendar 2008 revenues projected at $7M.
• 40 staff.
• HQ in Joensuu, an obscure Finnish town near the Russian border. Joensuu is fondly remembered by your correspondent as a place where he once went into the local supermarket and was amazed by the quality of design of everyday objects.

Clearly, Blancco has good opportunities driven by compliance needs. Defunct storage systems need to be deep cleaned. Today, they often aren’t. This is a compliance disaster waiting to happen, millions of times over. Consider, for example, a bank’s PCs, many of which contain sensitive customer information.

… David Ferris

Dimension Data is a $3.7B systems integrator. It has a major international presence (40+ countries and 10,600 staff) and has built much of its success implementing and running Cisco-based IP telephony. In short, it knows a lot about modern telephony.

Over the last few years, it has been building expertise around Microsoft OCS. The company is now offering implementation and support services for organizations that want to build a rich set of Microsoft-centric presence-based services, principally telephony, instant messaging, and conferencing.

The timing’s good for such an offering, and Dimension Data’s background in IP telephony helps to make it an attractive player.

The primary competition is BT INS and HP’s Exchange integration practice. Dimension Data believes its main competitive strengths are:

• Depth in complex voice systems
• Skill in deploying Microsoft’s OCS-centric technology and its integration with IP and traditional telephony
• Successful project outcomes
• Agility and flexibility

Dimension Data is also a nice example of globalization, and how an organization outside the United States can be world class — its HQ is in South Africa.

… David Ferris

The Sarbanes-Oxley Act affects public companies in the United States. Now similar legislation is affecting listed companies in China.

On June 28, 2008, the Chinese Ministry of Finance, the China Securities Regulatory Commission, the National Audit Office, the China Banking Regulatory Commission, and the China Insurance Regulatory Commission jointly announced the Basic Standard for Enterprise Internal Control. This requires listed Chinese companies to comply from July 1, 2009 onward. Also described as “C-SOX,” the Basic Standard will require listed companies to make substantial changes to the way they control electronic information. It will drive demand for email archiving the same way SOX has in the United States.

India is also beginning to pay attention to email. In this recent article, it is reported that the Indian government is developing new legislation to manage email content for legal discovery.

Email archiving is getting to be more and more important in non-U.S. jurisdictions.

… Bob Spurzem

Early-stages archiving vendor Mimosa is successfully competing with the archiving market leader, Symantec Enterprise Vault. Ferris has been watching the battle over the last few months; illustrations can be seen here, here, and here.

It appears that Mimosa is gathering momentum and taking plenty of deals from Symantec. In 2008, Mimosa has been expanding its product line, adding new partners, and talking about new customers.

Vault’s Achilles’ heel is its aging architecture, which relies on Exchange journaling for data capture and AltaVista for indexing. Search for e-discovery purposes is often most unwieldy. Mimosa has a more modern architecture that leverages Exchange transaction log files and does not use journaling. Mimosa also captures more mailbox information, as compared with journaling, which provides a much richer environment for email discovery.

… David Ferris

Business Value of Proofpoint’s Offerings

• Suppresses spam and email-borne viruses, so users time isn’t wasted.
• Helps ensure sensitive information (e.g., customer bank account numbers, intellectual property) isn’t sent to people it shouldn’t be sent to.
• Archiving of emails, for easy search and access, to respond better to lawsuits, and to satisfy laws and regulations requiring such archiving.

Current Offering

• Email-based spam, phishing, and virus control; policy-based encryption.
• Filtering of outbound information to prevent data leaks. This covers many types of content, including email and attachments, webmail, files, FTP, instant messaging, and blog postings.
• Archiving (SaaS only, through recent Fortiva acquisition).
• Secure file transfer. This is a secondary offering, and not described on Proofpoint’s Web site.
• FTP, HTTP scanning, for data leak protection. This is a secondary offering, and not described on Proofpoint’s Web site.
• Majority of components can be purchased as customer-premises software (option to run as virtual device), customer-premises appliance, or SaaS.
• Majority of products have same code base across customer-premises software, customer-premises appliance, customer-premises virtual device, SaaS.

Customer Sweet Spot

• The majority of customers are medium-sized (250 employees+) and large organizations.

Company Statistics

• Founded 2002.
• Revenues: privately held, not disclosed. Ferris Research estimates current rate at $40M annually.
• Growth rate: GAAP revenues for calendar 2007 were up 50% on calendar 2006; calendar 2008 projected at 70% over calendar 2007. (Source: VP Marketing Sandra Vaughan, August 13, 2008.)
• Financing to date: $86M. Last round 1Q08 for $28M, for acquisitions and growth; sources indicate a $300M valuation.

Main Competition

• Customer-premises: Cisco/IronPort and Symantec.
• SaaS: Google/Postini, MessageLabs in EMEA.

Main Competitive Strengths, as Perceived by Company

• Strong spam control: good catch rates with low false positives.
• Focus on email security, so can provide effective and personalized pre- and post-sales support for larger organizations.
• Customers can have dedicated SaaS environment separate from other organizations, helping to provide for privacy.
• Breadth of functionality: spam/virus/malware control, DLP, and archiving. Many competitors are limited to spam/virus/malware control.
• Spam effectiveness — higher catch rate with few false positives.
• Not distracted by an overreliance on sender reputation for spam filtering, which usefully strengthens the emphasis on content filtering.
• Strong archiving (via the recent Fortiva acquisition) — SaaS only.
• Multiple servers are managed as a unified, integrated system, from a single place — on-premise only.

Challenges

• Proofpoint’s focus today is primarily on email. It needs to extend the core capabilities to other protocols (e.g., IM, HTTP, FTP, print streams, file server I/O) and data at rest. That’s tough to do.
• The archiving capabilities delivered by the acquisition of Fortiva are an attractive enhancement to the SaaS offering. It’s to be regretted that these capabilities aren’t provided by the customer-premises offerings.
• Proofpoint’s technology is mainly located at the Internet boundary. To build a strong content control offering, it needs to extend its technology to the interior of customers’ networks.
• An important strength is the integrated, single point of administration of the spam/virus/malware/DLP technology. However, Fortiva’s archiving and e-discovery code base is entirely separate, and will need to be integrated. That’s tough to do, and is likely to detract from the single-point-of-administration strength.

Other Comments

• Company is doing well. It’s a survivor among the myriad spam control firms that have appeared and disappeared over the last few years.
• Company hopes for an IPO in 2009; an acquisition is also an obvious exit route for investors.
• There are no immediate plans to integrate the Fortiva SaaS archiving service into the core Proofpoint offerings.
• SaaS offering was launched in 2008; it’s doing well and Proofpoint estimates it will constitute around 20% of revenues by the end of 2008.
• Proofpoint sells exclusively through channels for the SME market. These are typically systems integrators such as SBS Security and Fish.Net. This is a bold commitment to its partners.
• Proofpoint also has a strong direct sales and support organization aimed at larger organizations; but even here, all these sales are in collaboration with partners.

… David Ferris

Suddenly, things are getting interesting again in the Exchange alternatives market.

The quintessential growth-by-acquisition specialist, Cisco, has just announced that it’s acquiring PostPath.

Once again, Cisco makes a sound investment in an email technology vendor. Just like it did with IronPort. Great choice.

PostPath is the vendor who reverse-engineered the Exchange client protocol, MAPI/RPC, and the related on-the-wire details needed to make a vanilla install of Outlook talk to a non-Exchange mail server with full fidelity. It’s an impressive feat.

Of all the other Exchange alternatives, PostPath has the most interesting architecture. And I say that as one who has years emotionally invested in the OpenMail technology!

All the others rely on additional software on the desktop. In the case of OpenMail/SamsungContact/Scalix/Domino/etc., a MAPI service provider “plugin.” Or, like Bynari/OpenXchange/etc., a separate app that synchronized an IMAP store with an Outlook.PST (personal store file).

We think Cisco fell out of love with Microsoft a while back. Something to do with VoIP support in Exchange and how Cisco thought it was Microsoft’s partner but it turned out that Microsoft was competing with them.

Sounds like Cisco wants to offer SaaS collaboration, based on PostPath and WebEx. Whoever said the email world has become dull and uninteresting?

… Richi Jennings, with thanks to Jeff Brainard for the tip

Kaspersky is a successful second-tier anti-virus vendor. The company has flourished by producing anti-virus signatures faster than its competitors. Marketing so far has been informal, spread primarily by word of mouth and the electronic equivalent. Here’s an update:

• Main services: virus control, riskware/adware/pornware control, spyware control, spam and banner advertising control, phishing/dialers/network attack control.
• Major new version of technology coming out in late 2008. Will have:
  • Much faster scanning.
  • Ability to whitelist software that is recognized as good. Instead of just saying “Pass” or Bad,” the technology can now say “Good,” “Pass,” or “Bad,” helping to avoid false positives.
  • Sandbox environment in which suspect code can be tested to see if it’s behaved abnormally.
  • Improved automated exception handling for users (power users still have normal management capabilities).
• Main competitors: Symantec/Norton, Trend, McAfee.
• Kaspersky’s view of its competitive strengths:
  • The new whitelisting feature.
  • Higher performance.
  • Protection more transparent and less intrusive for users.
• Calendar 2007 bookings were $203M; profitable.
• Calendar 2008 bookings expect to be up 40% on 2007.
• All sales are through channels, supported by telemarketing and direct sales to large organizations.
• 10% to 15% of revenues were in the U.S.; company is investing to grow this, e.g., in a more professional marketing organization.

… David Ferris

On August 12, 2008, Return Path announced it will buy Habeas.

What Return Path and Habeas do:

• Return Path and Habeas offer technology and consulting to help:
  • Senders of email maximize the chance that their emails get through spam filters.
  • ISPs and other service providers improve their abilities to catch spam.
• The core of this business is the maintenance of a database of electronic addresses of senders that are very likely to be sending bona fide email--known as a “whitelist” or “safelist.”
• Both organizations also offer delivery monitoring (determining how much email actually gets through to inboxes and gets read), scoring (evaluating an email on its likelihood to get treated as spam), and rendering services (making sure emails appear to recipients the way the sender wants them to appear).

Price not disclosed. Cash deal, Ferris Research estimates at $1M

For a detailed analysis of this transaction, see our report, Return Path Buys Habeas: Transaction Assessment.

Got Additional Information?

Contact David Ferris at +1 (415) 367-3436, or david.ferris@ferris.com. Unless you indicate otherwise, we’ll assume all communications are confidential. In return, we will let you have a copy of our detailed analysis of this transaction.

… David Ferris

On June 24, 2008, Proofpoint announced it bought Fortiva.

Proofpoint background:

• Technology mainly provides:
  • Email-based spam, phishing, and virus control, and policy-based encryption.
  • Filtering of outbound information to prevent data leaks. This covers many types of content, including email and attachments, webmail, files, FTP, instant messaging, and blog postings.
• Embodied as customer-premises software, customer-premises appliance, SaaS.
• Majority of products have the same code base across customer-premises software, customer-premises appliance, customer-premises virtual device, SaaS.

Fortiva background:

• Main service offering is Fortiva Archiving Suite. Email archiving, lots of e-discovery services, storage management.
• Company also offers SmartStore. This is a subset of the Archiving Suite, with more limited e-discovery capabilities.

Terms not disclosed. Ferris Research estimates a $12M deal.

For a detailed analysis of this transaction, see our report, Proofpoint Buys Fortiva: Transaction Assessment.

Got Additional Information?

Contact David Ferris on +1 415 367 3436, or david.ferris@ferris.com. Unless you indicate otherwise, we’ll assume all communications are confidential. In return, we will give a copy of our detailed analysis of this transaction.

… David Ferris

Cast your mind back to the dark ages of 2005. It was three years ago that Microsoft acquired FrontBridge, a hosted — or managed — email security service provider in the same mold as Postini and MessageLabs. Since then, Postini was also acquired (by Google), BlackSpider is now part of Websence (via SurfControl), and MessageLabs is definitely not seeking to be acquired (ahem).

The FrontBridge technology was rather confusingly rebranded as Exchange Hosted Services (EHS) and offered to Exchange customers as a natural add-on — indeed, it comes bundled with the Exchange 2007 Enterprise CAL.

Microsoft IT has always been a key player in the Exchange team’s “dogfood” strategy (as in, “We eat our own dogfood”). So it was natural that it should use EHS. It’s taken three years, but in June the switch was finally thrown — EHS is now the first port of call for any Internet email destined for microsoft.com. This may sway some naysayers who argued against a Microsoft monoculture or believed that the company isn’t best-placed to decide what is spam and what isn’t.

Incidentally, EHS offers a penalty-backed service-level agreement of at least 95% effectiveness and no more than 0.0004% false positives. Using the industry-standard definitions, 0.0004% represents roughly one legitimate message filtered as spam per year for the average business user. We’d love to know if this is representative of EHS’ actual accuracy these days — we know it hasn’t been in the past. Please send us your comments in the usual way; if you’d like to remain anonymous, feel free to email me.

… Richi Jennings

GFI sells a variety of tools, one of which is MailArchiver for Exchange.

Summary of Capabilities

• Customer-installed archiving for MS Exchange.
• Available since December 2004.

Illustrative Pricing

• $324 for 25 seats; $1,296 for 200 seats; $4,320 for 500 seats; $3,780 for 1,000 seats.
• After first year, maintenance is 20% of purchase price.
• For details, go here.

Main Types of Prospective Customer

• U.S. and U.K.: Customers mainly driven by compliance and legal discovery.
• Rest of world: Storage management is the driver; mailbox size reduction and better performance.
• U.S. is getting a lot of interest from schools.
• Typical customer has 200 to 250 seats.
• H250 customers with over 1,000 seats; about 30 of them have 5,000+ seats.
• Also many small customers with 50 or so seats.

Competition

• At high end: Symantec Enterprise Vault.
• At SME end: Highly fragmented; perhaps the main one is Barracuda Message Archiver.

Competitive Strengths as Perceived by Company

• Reasonable functionality for extremely competitive price.
• Much easier to install and maintain than Symantec.
• Strong multilanguage support.

Finances

• Ferris Research estimates current revenues at about $10M annually for GFI’s archiving products.
• GFI as a whole did $60M in calendar 2007.

Challenges

• Hosted archiving: Very easy to install and cheap to operate.
• Product’s focus is on email; it will need to add support for other types of information, whether in motion or at rest.

Miscellaneous Comments

• V6, out in September 2008, will have Outlook support via a plug-in. Hitherto, archive access has been via a Web browser.

… David Ferris

It is easy to assume that deploying a myriad of electronic surveillance technologies (e.g., data leak protection, logging, archiving, firewalls, event data recorders, etc.) is sufficient on its own, providing organizations with a hundred sets of “electronic eyes” constantly watching for breaches of compliance, leaks of intellectual property, rogue employees, and the like.

Yet it is prudent to consider the vast delta that remains between mankind and machine. Even the most advanced computer technology lacks important elements of human judgment. For example, while technology can identify exceptions in logs or behavior, it takes a human to validate whether an anomalous event is due to a tired executive performing large downloads late in the evening, or a rogue employee attempting to circumvent the system to send confidential contract data to an unauthorized external contact.

The old adage, “people, process, and technology” should be integral to your philosophy of compliance. Notwithstanding the promise of expert systems, interpretation of the meaning of events discovered by technology will require human judgment for the foreseeable future.

… David Sengupta

Hitherto, mobile email for businesspeople has been provided via technologies such as those from RIM and Windows Mobile. Consumer email has been handled by other technologies. Longer term, the separation will probably erode:

• Users will want a very powerful handheld for their own purposes. Their personal needs will generally require hardware that’s a superset of what’s needed for their business applications.
• Bandwidth required for business applications will be less than or comparable to that needed for personal applications.
• Generally, handsets will belong to the user, rather than to the organization that employs the user.
• Handsets will be perceived as mainly devices used in peoples’ lives, rather than as things used primarily for work.
• Users will buy the handsets they want and the carriers they want; their organizations may pay a portion of the hardware and network fees.

Email and instant messaging are very important business applications on handhelds, and — especially email — have driven RIM’s success.

Now consider what’s happening at Oz, which specializes in email and instant messaging technology for mobile phones. It sells its software to handset carriers and mobile operators that embed the technology and sell it to end users. In short, it’s ultimately a consumer pitch.

Oz has just launched Oz SmartMail, designed for smartphones. This is moving closer to the needs of business:

• Dynamically synchronizing email with the device.
• Background transfers of emails.
• Foldering.
• Offline mail access.
• Attachments (ability to view/access depends on third-party support on the mobile device).

Oz is holding off pitching business for the moment, and probably wisely so. But it’s not hard to see a gradual convergence of business and consumer email and IM capabilities.

… David Ferris

If you process, store, or transmit credit card data for any reasons in your company, you must be Payment Card Industry (PCI) Data Security Standard (DSS) compliant or your company risks fines or even loss of the ability to process credit card information.

Yet, we regularly hear of companies that handle customer credit card numbers but don’t have data leak protection (DLP) solutions of any sort in place. Sometimes we even read about them in the evening news.

At a minimum, any company concerned with PCI DSS should consider DLP solutions to protect against credit card numbers being unintentionally leaked via email or instant messaging. The question is not if, but when, a leak happens it places your company, your reputation, and your customers at risk.

… David Sengupta

In our world, reality and virtual reality are coalescing at an alarming rate. On a simple level, we enter instant messaging (IM) conversations with those in the same office as ours, preferring a virtual conversation to a physical one. On the other end of the spectrum, we can invent characters in Second Life where we live entirely parallel lives unbeknownst to those around us.

Does compliance find meaning in virtual worlds? We believe it does.

If someone in your organization takes on a Second Life personality, and uses that to breach your corporate policies, the Second Life personality is simply another identity used by the employee. The compliance enforcement challenge, of course, is that many of the new virtual worlds are virtually invisible to the corporate world.

We predict that, over time, the concept of “identity” will extend to include a map of any aliases used by a given employee. So the “david.sengupta” corporate account could, for example, be associated with IM handles including anand@msn.com, pOstmaster@aol.com, and jibber@jabber.com. David’s Second Life persona could be Fritz Finkenstein, and his phone number could be 613.123.4567. The challenge, of course, is developing technologies that automatically discover all the identities associated with all the accounts in your organization.

As compliance breaches start to emerge in virtual worlds, it is only a matter of time until companies decide to either block them, or attempt to extend the long hand of compliance enforcement technologies from the physical world into the virtual one.

… David Sengupta