IN THE BOARDROOM™ with...
Mr. James Van Bokkelen
President
Sandstorm Enterprises, Inc.
SecuritySolutionsWatch.com: Thanks for joining us today, James. Please
give our audience an overview of your background and your role at Sandstorm
Enterprises.
James Van Bokkelen: Sandstorm is the third startup I've been
involved with; the first was PTC, a touch-tone/voice response company,
the second was FTP Software, a pioneer in putting PCs on the Internet,
that went public on NASDAQ in 1993. FTP was a fun place - rapid growth,
good cash flow and a lot of high-energy interaction with customers and
other Internet software developers. I participated in several important
Internet standards efforts and learned a lot about protocols,
supportable software and interoperability.
Sandstorm was my introduction to the IT security arena. We founded the
company in 1998, with a focus on "Tools with Sharp Edges", new software
and technologies to cover some of the gaps in the then-state-of-the-art.
Now, in 2006, we've got two products with a pure security focus, and two
more general purpose tools with many security applications.
SecuritySolutionsWatch.com: Sandstorm's NetIntercept is a network
forensics and analysis appliance that inspects data entering and leaving the
organization via the Internet. Please give us an overview of NetIntercept, other offerings in Sandstorm's product line and the key
competitive advantages which are offered.
James Van Bokkelen: PhoneSweep was our first product. Before it came
out in 1998, people needing to secure their perimeters against rogue
modems had to use the same low-level wardialing tools as their
attackers. We excelled in ease of use, robustness, throughput, reporting
and tech support, and captured most of the market in a year or two.
Our telephone honeypot, Sandtrap, was an offshoot of the PhoneSweep
technology, and it was another first: There's no other commercial tool
for detecting and trapping wardialers.
NetIntercept is aimed at a broader audience: A second-generation network
analysis tool, it lets you work with connections and sessions between
machines on the network, rather than individual packets. It is a
superior choice for a security professional who needs to pursue illicit
activity or analyze the aftermath of an attack.
LANWatch has the longest history of any of our products, as it goes back
to NetWatch, the first graphical Ethernet packet monitor developed at
MIT in 1983. Sandstorm purchased it primarily to use as a packet viewer
for NetIntercept, but we offer it as an independent product as well.
SecuritySolutionsWatch.com: We understand you've had several impressive
winsin the U.S. Government sector. Without divulging any confidential
or sensitive information, can you tell us about 1 or 2 success stories?
James
Van Bokkelen: With PhoneSweep, it's more a question of which governments
and agencies aren't using it. We're the go-to people, and telephone scanning
is a recommended practice. Only a few groups have the "not invented
here" mentality that would keep them from coming to us. With NetIntercept,
it's not just the U.S. Government: we've sold NetIntercept in a number
of countries. Some sites are doing event analysis; others are doing routine
monitoring of traffic. International customers have a completely different
perspective on accidental leaks of confidential information than our commercial
customers: there are more leaks; many of their personnel know it, and
there's much more at stake.
SecuritySolutionsWatch.com: What about wins at the State and Local
level?
James Van Bokkelen: Below the national level, there isn't the same
focus on security. Our PhoneSweep sales are concentrated in money-handling
departments like taxation and pension management. NetIntercept sales to
states, cities and counties are mostly being used operationally, and to
detect and investigate abuse of resources and harassment.
SecuritySolutionsWatch.com: Sandstorm Enterprises also serves security
consulting firms. Can you provide some examples of these relationships?
James Van Bokkelen: Most consulting firms, big or small, offer
telephone scanning services. They don't advertise the details, but they
almost always deliver with PhoneSweep. The product's template driven report
system was designed for customization by consulting firms, and it's been
very successful in that regard.
NetIntercept isn't widely owned by consulting firms, because traffic archiving,
event analysis and routine monitoring are site-specific and done on an
ongoing basis, rather than engagement by engagement. But we have quite
a few sites where the security function has been outsourced to a contractor
who runs NetIntercept for their customers.
SecuritySolutionsWatch.com: Let's turn to the enterprise verticals
for a moment. Are there success stories in the finance, healthcare, and
other verticals you'd like to mention?
James Van Bokkelen: It's a rare financial firm that doesn't either
own PhoneSweep, or hire a consulting firm for periodic sweeps. We've also
sold a lot of NetIntercept there, primarily for event analysis; those
firms have enough at stake that they can't just trust a signature-driven
IDS to catch everything that matters. Healthcare, high-tech and manufacturing
firms in competitive markets have similar types of concerns.
SecuritySolutionsWatch.com: We noticed the following favorable
mention about NetIntercept in "Digital Evidence and Computer Crime" (2nd
Edition, 04), "NetIntercept's
graphical user interface allows the examiner to select criteria for
filtering such as source and destination IP addresses within a certain
time period. Also, NetIntercept interprets
protocols rather than simply making assumptions based on default ports."
That's a pretty impressive endorsement. Any comments? Are there any
nominations, awards or other press mentions you'd like to talk about?
James Van Bokkelen: We earned that: NetIntercept's competition
shows you a web page by passing captured HTML to a browser. We capture the connections that fetch the page contents and correlate them
to the HTML. We showed the author that we had the advertising images
from the original page view, while competitors fetched new ones.
PhoneSweep got a lot of press when it was first introduced, but since
it's become an industry standard, it hasn't been quite as newsworthy. Still,
we usually get a few mentions when we release new features.
For example, we have recently released new versions of
NetIntercept, PhoneSweep, and Sandtrap, with good results.
SecuritySolutionsWatch.com: Any projects in the International market?
James Van Boskkelen: We've marketed our products internationally
since the beginning. PhoneSweep has sold well outside the US because we
make it easy to use with different local or PBX dialing and signaling standards.
NetIntercept got several internationally-oriented features in version 3.1,
and was recently chosen over an established competitor at a large European
telecommunications firm.
SecuritySolutionsWatch.com: Government mandates and new legislation
are driving public and private sector enterprises to improve the security
of their networks. Some examples include: Sarbanes Oxley and HIPAA. What's
your perspective on these mandates? Are these mandates market drivers
for your business? What about other market drivers for Sandstorm?
James Van Bokkelen: I think the mandates and response to date have
been overly focused on paper and bureaucracy. They haven't achieved as
much real attention to security and understanding of information flows
as I'd like. Their only role as market drivers for us is to the extent
that they hold the upper echelons of organizations responsible for lapses.
And when management discovers they bear ultimate liability for information
leaks, resources get allocated to purchase tools like ours.
SecuritySolutionsWatch.com: "Phishing" and "pharming"
threats are becoming more prevalent and sophisticated but many end-users
still do not understand these terms and how these threats can lead directly
to identity theft or damage a company's brand. Please give our audience
an overview of "Phishing". What can enterprises do to prevent
these attacks from happening and what can individuals do to protect themselves?
James Van Bokkelen: Phishing is the use of email and web pages
for a broad range of social engineering attacks, usually on people as
private individuals rather than specifically as employees. Scaring or
tricking people into giving their credit card number to a phony web site
is a lot easier and less risky than putting on a bogus police uniform
and knocking on doors. But protection and prevention
is the same, whether you're in a home or business situation -- don't blindly
follow directions received from an email or web page, don't click links
sent via email, even if they claim to be from a company you have a business
relationship with. Be aware of the possibility of fraud, and pay attention
to the web sites you visit and the email you're reading. Enterprises should
certainly have intelligent policies in place, but social engineering works
on individuals, and it's the individual employees who need to be aware
of the possibility of being "phished".
SecuritySolutionsWatch.com: Please tell us about Sandstorm's key strategic
relationships such as with Resellers and Partners.
James Van Bokkelen:
We have a number of Resellers and VARs who offer our products in various
markets in the US and elsewhere. We also have relationships with two companies
who are in the process of repackaging and incorporating NetIntercept technology
in their own products. The portion of our revenue they contribute varies,
but in some quarters it has been substantial.
SecuritySolutionsWatch.com: What resources are available at www.sandstorm.net
for end-users?
James Van Bokkelen: For PhoneSweep customers, we provide an example
Modem Use Policy. Organizations ought to have a policy in place, regardless
of how aggressively they scan for violations, and our draft makes a good
starting point.
We have demo versions of our products that you can download and use. You
can also get copies of our NetIntercept White Paper.
SecuritySolutionsWatch.com: Thank you very much for your time today,
James. Is there any other subject you would like to talk about?
James Van Bokkelen: I'd like to say a few words on interoperability
and standards. The Internet is founded on systems from a company being
able to talk to other systems made by other companies that conform to
the same standards. I put a lot of work into interoperability and standards
at FTP Software, and without it the Internet would not be what it is today.
But if consumers and companies take the Internet's interoperability for
granted, it will inevitably be eroded: Every vendor (and I'm sure there's
at least one that comes to your mind) secretly hopes for a proprietary
monopoly. Our recent tolerance of foolish patents and broadened definitions
of intellectual property doesn't help. Awareness and understanding of
standards helps everyone, particularly in the security industry.
|