Random Observation from the RSA Conference

Protegrity? Counterstorm? Authentify?

I officially declare that the industry has run out of good names for security companies.

Posted on February 6, 2007 at 10:03 AM • 50 Comments

Comments

JayFebruary 6, 2007 10:33 AM

There should only be one company providing services and the services can be modular and belongs to different people. So instead of an actual company, only the service name is used. :)

Bruce SchneierFebruary 6, 2007 10:44 AM

"And are we gunna get some Crypto posts from the Conference?"

I haven't seen any Crypto yet.

(Bill Gates and Craig Mundie are on stage right now, and they've said absolutely nothing interesting so far.)

TravisFebruary 6, 2007 10:53 AM

@Jay:

Once they transition to CompanyNamev6 there will be plenty of names to go around.

AnonymousFebruary 6, 2007 11:02 AM

"Are you implying that 'CounterPane' is much better than any of these?"

Sure. They're the name in security blankets.

DaedalaFebruary 6, 2007 11:02 AM

"Are you implying that 'CounterPane' is much better than any of these?"

Sure. They're the name in security blankets.

dragonfrogFebruary 6, 2007 11:02 AM

Well, at least a counterpane is an actual word, not a made up one.

Although I'm not sure why you'd want to associate an embroidered quilt with managed security services - kind of a sly way of calling your services a security blanket, no?

Bruce SchneierFebruary 6, 2007 11:08 AM

"Although I'm not sure why you'd want to associate an embroidered quilt with managed security services - kind of a sly way of calling your services a security blanket, no?"

When I formed Counterpane, it was just me doing consulting. I chose the word because 1) "counter" and "pain" were vaguely security related, 2) it sounded cool, and 3) the Robert Louis Stevenson poem. And the domain name wasn't taken.

Counterpane Internet Security, Inc., and managed security services, came along later - in 1999. We kept the name because it was recognized and associated with me.

Erik NFebruary 6, 2007 11:21 AM

Maybe it just shows how borring or ill educated these folks are (sorry, no offense meant).

While working as administrator, the most fun was thinking up new servernames along some reasonably wide theme. We used Roman emperors as our servants - got a lot of Roman history that way.

So when your local language runs out, it's just time to pick up a new one, picking something from latin or greek. I found "acsi", latin and translates to "as if" (with some reference to a Herimann, whatever) - so here comes the new company: "Acsi Security", a good one that lists top in dictionary searches.

And any complaints can be responded by "did you actually expect anything?"

TravisFebruary 6, 2007 11:32 AM

This love conference blogging is distracting -- now I keep looking around to try and figure out where Bruce is sitting...

AnonymousFebruary 6, 2007 11:53 AM

They probably feel that more descriptive company names, like "Spackle Security", "Palliative Solutions Inc.", and "Computer Iatrogenetics" would depress shareholder value.

TanukiFebruary 6, 2007 11:55 AM

"...I officially declare that the industry has run out of good names for security companies...."

I concluded this some years back when the UK's DERA rebranded itself as 'Qinetiq'. Nothing good can come from anything which has two Qs in it, whatever James Bond may say to the contrary.

AnonymousFebruary 6, 2007 12:13 PM

I recommend the following names for security companies:

- Virginkeep
- Green Pea Safety Technologies
- Al'Qaida & Saddam's Datajailing

Petréa MitchellFebruary 6, 2007 12:24 PM

"They probably feel that more descriptive company names, like `Spackle Security', `Palliative Solutions Inc.', and `Computer Iatrogenetics' would depress shareholder value."

Now wait, "iatrogenetics" is a cool-sounding word. I bet you could get that one past some shareholders. ("It's got `genetics' in it! It must be really advanced!")

Clive RobinsonFebruary 6, 2007 12:45 PM

@Erik N

"While working as administrator, the most fun was thinking up new servernames "

Yup years ago I was incharge of three intel boxes one had NT, one had UnixWare and the other Novel...

So being from the UK where "Bill and Ben the Flower Pot Men" was indroctranated on me when I was young I named them

BILL = NT
KEN = Unix
LittleDweeb = Novel

For the obvious reasons...

Guess what we actually thought it amusing at the time ;)

P.S. if you are not from the U.K. or have not seen Bill-n-Ben then this will be totaly lost on you 8)

JimFebruary 6, 2007 1:03 PM

I have a few:

Bitzkrieg
Napalm Pilot (get it?)

Here's one for Bruce. Counterpane is good, but really it's time for him to do what Gwen Steffani did. How about Schneierossity or BruceFish?

ScooterFebruary 6, 2007 1:28 PM

"Are you implying that 'CounterPane' is much better than any of these?"

That's BT Counterpane to you.

I like all the imaginative corporate logos as well!

EvanFebruary 6, 2007 1:34 PM

The first couple comment got it exactly right. It's the goddamn domain name squatters. I'm trying to think of a name for a start-up I'm working on (nothing to do with security), and *everything* is taken. It's ridiculous. The only names I can think of that are available suck...

Jeremy HFebruary 6, 2007 1:35 PM

"Are you implying that 'CounterPane' is much better than any of these?"

I think that you need to follow in the footsteps of Xerox and call yourself:

"The security company CounterPane."

Jeremy HFebruary 6, 2007 1:37 PM

"The first couple comment got it exactly right. It's the goddamn domain name squatters. I'm trying to think of a name for a start-up I'm working on (nothing to do with security), and *everything* is taken. It's ridiculous. The only names I can think of that are available suck..."

AVAILABLESUCK.COM is available!

Clint LaskowskiFebruary 6, 2007 2:11 PM

I searched and searched for a domain name for my security consultancy, and came up with quite a few. I went with BlueHat Security, LLC, because it meant something to me (see http://www.bluehatsecurity.com/faq#one for details).

The domains I didn't use are for sale. I think some are pretty good. See the list at http://bluehatsecurity.com/2006/12/21/domains-for-sale/#more-38

Sorry if anyone considers this spam. I consider it to be on-topic for this off-topic thread.

-- Clint

---
. Clint Laskowski, CISSP
. BlueHat Security, LLC
. www.bluehatsecurity.com
. clint@bluehatsecurity.com

KeesFebruary 6, 2007 4:30 PM

@ Evan "I'm trying to think of a name for a start-up I'm working on (nothing to do with security)"

DepartmentOfHomelandSecurity.com?
And then you do a Rot13: QrcnegzragBsUbzrynaqFrphevgl.com

;-)

ThomasFebruary 6, 2007 4:46 PM

@Bruce,

"Random Observation from the RSA Conference"

How do you know they're really _REALLY_ random?

TedFebruary 6, 2007 8:45 PM

I have to agree with Bruce's original observation - I just spent the afternoon wandering the exhibit hall and the names are getting too weird.

The redundancy among many of these companies is staggering, too - I don't know how many there were hawking identity and access management solutions, but it was a lot more than there were unique solutions. Same with several other security areas, it's amazing how many players are jumping into the fray.

karencFebruary 6, 2007 11:26 PM

Oh, c'mon. "Authentify" is a top-notch security name. It has oodles of ... um... what's the infosec buzzword that equates with "truthiness"?

Has anyone got "identicate.com" yet?

Erik NFebruary 7, 2007 2:46 AM

@evan:

I made a small script that took in a long list of words that I liked, then combinede them in different ways and made a dns lookup. If no host existed it printed the name - so you come down to consider those unusual combinations that have not yet been taken.

Writing your list of words you should stay away from those that categorize your business segment, they are likely used far too much, especially in abreviated form.

SteveJFebruary 7, 2007 4:54 AM

"made a dns lookup"

Shouldn't you do a whois? Just because a domain doesn't have a DNS entry, doesn't necessarily mean it isn't registered.

JohnJFebruary 7, 2007 5:11 AM

To go along with the meaningless company names are the meaningless signs in the Expo. While most folks know what McAfee and CA offer, a fair portion of the smaller vendors have booth signs that don't tell you anything about what they do. "Securing the enterprise" tells me nothing. Pictures of serious people with vague tech-ish looking graphics in the background doesn't do much for me either other than that someone paid a graphic designer too much money.

To the wandering attendee at the Expo who doesn't want to engage every last vendor in conversation about their wares, this makes no sense. With over 300 vendors I don't have the time, desire, and for that matter leg endurance to stop at every booth so if I can't figure out what the product is at a glance I keep walking. Even if the swag or drawing looks interesting.

And if any vendors are reading this, drawings for iPods are no longer interesting. Neither are t-shirt giveaways. The vendor who will be drawing for a genuine Cartoon Network advertising sign has it right. (see http://www.schneier.com/blog/archives/2007/02/nonterrorist_em.html )

Erik NFebruary 7, 2007 5:38 AM

@SteveJ:

Yes, whois is more accurate, but a whois query reaches all registrars and some may use such a query to put the domain on hold so you can't get it unless you get it from that particular registar at their rates.

Wether this is actually done, I have not confirmed - there are claims that it is done. AFAIK the registrars can put the domain on hold for a short period at no cost, if there was even a minimal fee, it would be easy to DoS such practice out of use.

That's why a dns lookup is good, if the domain is not in use by any host (make an ns query), you go to your prefered registrar and try to register the domain.

CoreyFebruary 7, 2007 10:01 AM

Trademarkeability may have a role to play; made-up words are definitely trademarkeable, where purely descriptive terms are not.
It's not just the security industry. I worked for a while customer-facing at a networking hardware ODM, and networking-equipment company names all started to sound the same after a while.

IlyaFebruary 7, 2007 10:26 AM

These aren't bad names. After all they just has been featured to a big audience by Schneier himself. :)

Anyway, if anyone want a company name with an available com domain then there is a list of such names at http://web2q.com. It's free :)

Steve GeistFebruary 8, 2007 12:03 PM

One thing's for sure. If any of these guys decide to get out of security and switch to something else, they're not saddled with a name that pins them down.

Application Security Inc. really can't do anything else with that name, but Green Border? They could jump into home decorating without a problem.

I don't have a flipping clue what guys like Decru, Vontu or Tarari are up to. I'll bet you don't either.

The latest trend, though, is AOL-style glomming of numbers onto names: (eg: HotBabe23617587)

8e6 Technologies
A10 Networks
F5 Networks
Rapid7
Route1

Blame this on 3Com...

markmFebruary 8, 2007 3:13 PM

Steve: Long before 3Com there was 3M - although that was based on real words (Minnesota Mining & Milling), leading to an excessively repetitive acronym, which was cured by the use of a number. And it still meant something, if you knew the history.

But "A10 Networks"? What's that supposed to mean, unless they did mean to bring up the image of a flying 30mm Gatling gun?

RAlbertiFebruary 8, 2007 6:36 PM

I'm pleased with my security company's name, "Sanction." Not only does the word simultaneously mean "explicit permission" and "punishment for violation," but it was actually built off the phrase "Self-Appointed Net Cops."

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..