A Point Of View

Bear has gone through a number of marketing efforts over the past few months while we tried to figure out a message that would resonate with enterprise customers.  We made a number of assumptions about the sophistication and capabilities of products already in the market.  One concept, in particular, was that we assumed that the enterprise today was fully visible to admins.

Man were we off base.

As it turns out, most admins are forced to restrict their definition of an enterprise to servers, laptops, desktops and, perhaps, phones.  That definition by itself misses the 80% of the enterprise that is under the most attack these days – namely printers, routers, cameras, HVAC, lighting, and so forth.

The problem turns out to be even more basic in that even the term “visibility” does not match with expectations.  We had thought that admins would have the ability to see all of their devices, the connections between each and then use that interface to manage their systems.  That is so far from reality as to be laughable.  Instead, at best, an admin can get a partial picture of their enterprise with some level of insights about possible exploits (forget actual security/configuration state) and that is it.  Any actions have to be done either through some piecemeal collection of one-off vendor software distros or through a manual process – oftentimes both.

While admins work hard and are covering their limited enterprise to some extent today, those enterprises are thousands of devices in size.

How will they ever be able to handle the billions of devices they currently do not manage (but need to) much less the billions being added in the next few years?

Defining A VDM

One of the core tenants of Bear has always been to visualize the systems we are protecting for how can you possibly protect what you cannot see.  This was originally a side effect of our security approach – something we thought everybody was doing.  Instead, it is the ability to see devices and the security, configuration and connection state of these devices that people want the most.

We call this product Visual Device Management or VDM.  The definition is straightforward – show every device in a logical system that represents the device and the connections that device has to other devices.  For each device, show the configuration and security state and, importantly, enable integration of other types of data for that device – such as abnormal activity detected by, for example, a SIEM.

The kicker?  It all needs to be actionable.

In other words, do not show something unless it is useful to an admin and is something that can be controlled directly from that visual interface.  For Bear, that means showing the complete security profile (Device identity; How Devices Authenticate; Communications Control; and Session Initiation/Protection) and as well as the modifiable configuration for each type of device.  Bear is working towards an Active Directory-style system that will enable rules to be applied to groups of devices, or individual devices, but the premise will remain the same.

When we look around, we cannot find anybody that is focusing on providing, what we think, is a basic need in the enterprise – central, visual control over systems at scale.

It boggles our minds that these VDM solutions are not everywhere – do you have any ideas why?