- Vendors’ predictions are often worth what you pay for them.
- Take predictions with a grain of salt.
Does any other market lend itself to self-serving predictions quite as readily as the security market? Don’t get me wrong, I like predictions as much as the next guy; in fact, I have been working on some this week with partner in crime Paula Musich. That said, our predictions do not end with an outright recommendation that you buy our products. Security vendors benefit from often having very good threat research personnel on staff. These teams see more threats and see them sooner than almost anyone else. They are indeed very well positioned to look over the horizon at new attacks that might well go mainstream. However, some security vendors seem to cherry pick threats that align with product suites. (Of course, in a perfect world, vendor threat teams are informing product development decisions.) Tech Target’s Rob Westervelt called McAfee/Intel out on its predictions on Twitter this week. Two of McAfee/Intel’s predictions involved more rootkits and the need for more chip-based security. See what they did there?
This was a particularly egregious example (hence the hat tip to Rob), but Intel is hardly alone. In the 2012 prediction bucket, we see Trend Micro warning of threats to data centers, WatchGuard warning of APTs, Lookout warning of mobile threats (actually everyone will be issuing warnings about mobile threats), and Websense warning of Mayan calendar and apocalyptic predications. Okay, I am not sure that last one is there to sell products, and I am honestly not trying to pick on any one vendor in particular. Still, I am pretty sure security predictions were invented to sell more product. So, I will leave you with a word of advice rather than a prediction: Take all your security predictions with a grain of salt.