Friends, welcome to the Yoggie CEO blog
Thursday, November 15th, 2007 by Shlomo TouboulIn this Blog I will make the maximum effort to be available to you.
You may be a Yoggie customer, fan or just interested in a new way to secure computers. I can’t guarantee to answer all your questions, but will try to respond quickly.
So, I’ll start today with two questions I am asked all the time, since I started Yoggie: (i) How did you come up with Yoggie idea? And (ii) Why did you name it Yoggie?
After being in the security industry for over 10 years, working for IT groups and making their corporate network more secured, I realized that the entire security landscape is dramatically and quietly changing. This is true for both corporate IT and the average PC user. I had the same vision during late 1995 when I decided to start Finjan Software. At that time, Java was introduced and it started a major technology shift which created new needs for security tools. I believed that Java is not only inventing a new programming language but introduced the concept of distributed computing for the ordinary user and ordinary system. Almost 10 years later, the trend of abandoning desktop computers in favor of laptops is creating a new era in computing security. During 2006 most companies purchased more laptops than desktops. During 2007 private consumers followed the trend. The reason is simple: Laptops cost at the same as desktops, and laptop are more reliable, come with a built in UPS, can easily be moved from one room to room and can easily be taken on vacation. In addition, the widespread availability of wireless connectivity makes the internet available at almost any location - Starbucks, Airports, Hotel Lobbies etc.
IT organizations invest huge portions of their precious budgets to make corporate network safe. The increasing trend of mobile computing allow corporate laptops to connect to many kinds of network infrastructures. The laptop is no longer just connected to the well protected and safe corporate network, protected by a rack full of security applications. Now you grab your laptop off your desk, leave the IT security rack behind and connect your laptop through public networks available almost anywhere.
These huge public network are definitely nowhere nearly as safe as the corporate network. They’re actually not safe at all. When a traveler connects a laptop to the hotel room network, the laptop shares the same physical infrastructure with everyone in the same hotel. Even if the hotel does invest the necessary money to secure the hotel network (which they usually don’t), how can one trust all the other hotel guest to share same network with him? The days where every hotel room will have its own firewall or other security means, are not in the near future.
How about sharing same IP cloud with all the other wireless network users under the cloud? Here it’s even worse as anyone who physically stays within your wireless network range, shares the same physical network with you. The bottom line: the mobility revolution we are all enjoying now, also presents the biggest security threat. The security used today to secure laptops is something that was never designed to meet these challenges. Current systems base their security on software tools. This means that we first allow the attack to reach the operating system on our computer, run side by side with our precious applications and data, and then try to fight it back. This leaves no room for a glitch or mistake. I will talk more about this, in my next Blog columns. Today I will only mention that Yoggie was created in order to properly address, for the first time, the challenge of increased mobility by using a distributed solution based on integrated hardware and software. This solution will be very integrated, stop the threat before it even reaches our computer, isolate our computer from the physical layers of the hosting network, will not consume CPU or memory from our computer and will not pop up confusing messages about weird security events happening on our computer. Nor a solution that keep our computer busy with long and heavy duty security updates. Enough patches on my computer : )
As for the name, well I cannot say I have a long story for the name, it’s very simple: I loved the name as soon as it popped up in my head. Later, I learned that Yoggie is a perfect match. It relates to a Yoga guide, someone that helps you stay calm regardless the difficulties life presents or how tense reality can be. This is the company mission and one of the values we would like to provide to our customers - Stay calm, focus on what your doing, Yoggie will take care for your security worries in a better way than ever and without any bother to you at all.
That’s all for today. I look forward to receiving your comments and questions.
Yours truly,
Shlomo.
November 15th, 2007 at 8:21 am
Dear Don,
Thank you for your proposals. We at Yoggie love to get market feedback and new product/ feature requests. Our mission is to serve your needs making your computers and devices safer. While I cannot unveil our development plans you can expect more products coming from Yoggie and additional operating systems support by the entire product line.
Cheers,
Shlomo
November 15th, 2007 at 12:43 pm
Product opportunities
I’ve communicated about one of these to your staff before:
1. A combination WAN gateway, router and Yoggie security. Uses plug in cellular access cards to access the internet, a small (4 port?) Ethernet router and a fully integrated Yoggie security device. Target markets: small offices (on the road, temporary locations & SOHO), corporations with mobile/remote workers who want a higher level of VPN security, and people without a hard wire broadband connection wanting both speed and security. Configuration: takes advantage of small size, an open card slot or Ethernet port on the laptop and very portable, like Yoggie’s current line.
2. Redirect driver for Mac OSX. Mac users want, for the same reasons Yoggie has already identified, hardware and off-board firewalls too. They also need the all-in one kind of solutions Yoggie offers. With Intel chipsets and ability to run Windows, Apple hardware has the same issues as Windows. Apple customers are early adopters of new technology like Yoggie. And Macs are becoming increasingly vulnerable as their #s increase, they’re used for serious business purposes and the iPhone matures into a Blackberry competitor for corporate communications. Yoggie’s line currently doesn’t provide all the same security options for the Mac as for the Windows market.
3. A Yoggie solution for the iPhone. This device is selling by the millions, has a card slot and desperately needs industrial strength internet access security. Apple will improve it, but not beyond what OSX already does on the desktop, i.e., at best the same vulnerability issues will remain. A Yoggie device is a key to opening the corporate market to the iPhone…..
Don Bain
USA
November 16th, 2007 at 8:26 am
Microsoft Security Driver required by your product
Dear Yoggie,
I just tried to install your item using USB, and found that the MS Security update for 926255 was needed. Going online before this is configured, to download a driver is not a great idea, when I’ve a hacker problem here.
Please, if you create software which needs Microsoft drivers to be installed, can you please include them in the driver disk? Otherwise, I wind up playing race-me with hackers, to see who can move first. They win always.
So Im downloading your driver, and then Im forced to wipe down the drive with DOD level erasure to get rid of whatever the hackers did while I was downloading a driver which your product requires. Not very efficient.
Thanks for next time including a CD with all necessary drivers. So people with security issues need not go online before things are set up.
Thanks in advance.
J
November 16th, 2007 at 8:31 am
Dear J,
The Microsoft critical update you are referring to was published by Microsoft on December 2006: http://www.microsoft.com/technet/security/Bulletin/MS06-075.mspx.
Unfortunately we have no rights from Microsoft to distribute the critical update nor to include it in our distribution disk. It is usually installed automatically by Microsoft, if you allow automatic Windows update.
Cheers,
Shlomo.
December 9th, 2007 at 10:02 am
I can’t imagine where Shlomo gets his information that laptops are outselling desktops - laptops PCs are more expensive than desptop PCs. Not to mention the fact that anyone can simply walk away with a laptop…how’s that for security?
I’d like to know if this technology works well in the home envirnment with several desktop PCs. Through a cable modem and a router to several PCs.
December 10th, 2007 at 8:04 pm
Dear reader,
The laptop and desktop sales statistics come from very respectable computer market analysts. According to these reports, by the end of 2006, Corporate America bought more laptops than desktops. There are many reasons and drivers for this trend, many relate to mobile workforce needs. As for protecting a few computers at home, please have a look on our Gatekeeper SOHO product. It can protect up to 5 computers at home or small office.
December 12th, 2007 at 1:39 pm
Is it possible to use Yoggie Soho with the Devolo Homs Plug System.
December 12th, 2007 at 2:41 pm
I referred your comment to our support group, this is the answer: the Yoggie Gatekeeper SOHO works with any network connections via RJ45. It has a DHCP server at one end and a DHCP client at the other end, so it works with every standard router. If you need to connect a few computers to the Devolo and want to be 100% sure, simply plug the Gatekeeper SOHO to the Devolo and a small switch to the Gatekeeper SOHO. Every computer that will be connected to the switch, will be secured.
December 27th, 2007 at 2:50 pm
I haven’t tried your product yet, but it seems like a great idea. One thought I had - have a PCMCIA / CardBus / PC Card / Express Card / “whatever the newest spec is” version of the Pico Pro - simply because it won’t protrude from the machine and the user won’t have to remove it / replace it when traveling.
Erik Carlseen
December 29th, 2007 at 1:36 pm
As an owner of an information technology company my 2006 year sales figures show 30% desktops and 70% laptops for the end user with desktop monitor add ons. Laptops are selling more than desktops in the corporate environment. At least in the market I service which is Northeast Florida.
Rick
OnSite Technology
January 7th, 2008 at 7:40 am
Websense acquired Surfcontrol and will discontinue sale of the Web Filter product tomorrow 01/08/08 (http://www.websense.com/acquisition/surfcontrolCustomers.html). While they will continue to support the product until 2011, they won’t be putting any development resources into it.
Is that the Surfcontrol product you use? Do you plan to switch to something else and how will that affect current users? What will happen in 2011?
Sincerely,
Rich…
January 10th, 2008 at 7:41 am
As a purchaser for a small non-profit organization, I am looking for ways to ease our older computer’s processing needs and ways to reduce our security costs while keeping our network safe and sound.
I recently read about your products, namely the Gatekeeper SOHO. If we only had five computers, this would be way cheaper than the annual cost of upgrading to the new anti-virus software; however, this is just not the case. Buying two SOHOs would be way more expensive, perhaps even in the long run.
I hope you’ll consider making a larger SOHO-type device with multiples of 10 ports for we smaller organizations.
I look forward to watching your progress!
Joseph
January 13th, 2008 at 7:33 am
Laptop card format.
I totally agree, I have finally suffered USB port death from plugging in and out devices on my laptop.
A laptop “card” would be absolutely brilliant.
It seems like the obvious form factor for these great products to evolve into and extend your range.
I think Erik points are spot on and think many others think that having a “seperate” mini computing securing their PC will be very welcome as it reduces the hit you get using security software on you actual pc.
I use a lot of vitualisation software on my laptop and every extra cpu cycle I can get really helps and also not having to constantly configure my AV and firewall software to find a balance of security with performance would really help.
Looking forward to developments from Yoggie
Regards
Yin
January 17th, 2008 at 7:45 am
Great products, I am very like these, I will choice your products someday. do you develop software, there be have one software, called Proxy - Pro Professional GateKeeper, it’s name include “GateKeeper”, do it be yours? Thanks
January 20th, 2008 at 7:45 am
Has you product been tested/certified by any independent test organizations? It would be quite easy for malware to be installed on your product and users would have no way of knowing or monitoring… an independent certification of the unit and its contents would help…
Thanks,
Art
January 24th, 2008 at 7:34 am
Dear Yin,
Our mission is to bring you and everyone else, better security, better performance and a seamless experience with our product. It’s a huge challenge that we take on ourselves, but we believe that today’s customers have a stronger need for security and they cannot spend much time managing these products. We can see many people starting to use the internet to manage their personal financial assets, pay online bills, transfer funds and do things that really require the highest security level; a level of security that only enterprises needed are now required by everyone. However, the average user doesn’t have a whole IT security team behind him, nor the required security knowledge or understanding. Therefore Yoggie’s mission is to bring enterprise level security in a very simple form factor that doesn’t require special security or administration knowledge . If you know how to use a USB Flash Drive, you know how to use Yoggie Gatekeeper Pico. Eventually Yoggie will bring additional form factors and packaging offering that will deliver: highest security, best performance and are hassle free to the users.
January 24th, 2008 at 7:40 am
Dear Rich,
Yes, this is the SurfControl we are using. We are aware of the current changes at SurfControl and we are in touch with Websense. In any case, Yoggie will provide its customers, at least the same level of service provided today. If changes happen in 2011 we will make sure that they are for the benefit of our customers.
January 24th, 2008 at 7:45 am
Hello,
Thank you for your kidg words. I am not familiar with Proxy-Pro software and it’s not related to Yoggie.
January 24th, 2008 at 7:48 am
Dear Art,
While many security experts and reviewers tested the product and published results on the Web, it has not yet been reviewed by an official lab. This is something we definitely plan to do. As for installing malware on the Gatekeeper, this is a very difficult task. Yes, any security can be broken however the Gatekeeper products are using firmware which is hardened and burned on local and secured memory. The firmware is also encrypted and signed. This is far more secure than running security applications on an open and general purpose OS such as windows XP or Vista.
January 30th, 2008 at 7:34 am
Dear Eric,
Thank you very much for your suggestion. As may be expected, we at Yoggie are constantly looking for additional form factors for our products. Our main goal is to make the Gatekeeper easy and simple to use by anyone. While I cannot disclose our exact plans, you should expect additional products and more form factors to come out during 2008.
Cheers,
Shlomo.
February 20th, 2008 at 8:16 am
Problem with Yoggie’s web filtering
(PLEASE ATTENTION this communication contains sensible data)
Dear Shlomo Touboul,
It’s a very important problem the one that drive me to write to you.
It’s some month that I’m writing to yoggie support asking why some adult web site are not blocked when I set the web filtering to block them.
I have 2 examples, the 2 web link write here are considered categorized like adult web site from SurfControl system (the one that yoggie use) I have tested these site here:
http://mtas.surfcontrol.com/mtas/MTAS.asp
Now with the web filtering activated and the adult category blocked on yoggie I can access these site anyway that’s a big bug or what?
you can try by yourself here:
http://www.proving-grounds.net/forum/
http://tour.brazzers.com/tour/
I consider important the situation of blocking adult website and hope that finally we could come at a solution.
Yoggie Pico works well in many areas but have really to be fixed on that problem.
Yoggie support have done I think his best in this month but the problem it’s again unsolved also with the last firmware upgrade 1.3.8…!
Thanks for your kind attention
Gaetano Crisci
g.crisci@gmail.com
March 2nd, 2008 at 8:22 am
802.1x endpoint security for corporate LAN’s
Submitted by Visitor on Sun, 03/02/2008 - 05:24.
Corporates are often faced with external contractors that require to use their own notebooks on the corporate lan i.e. external auditors, contracted IT services etc… This then becomes more difficult to manage since these contractors may not comply to the company’s endpoint protection policies, so controlling who can connect to the network is very critical. Solving this problem would be to make all users authenticate before being able to utilise lan resources
802.1X is available on certain network switches, and can be configured to authenticate hosts which are equipped with supplicant software, denying unauthorized access to the network at the data link layer.
One feature that I would love to see in yoggie endpoint products would be an 802.1x client, this would make this device a complete solution to corporates wanting to deploy tighter edge security on their LAN’s
Regards,
George
March 3rd, 2008 at 8:22 am
We do intend to support NAC protocol
Submitted by Shlomo Touboul on Mon, 03/03/2008 - 05:57.
Dear George,
We do intend to support NAC protocol. Meanwhile, we have customers that use the Gatekeeper Pico PRO. They provide their contractors a pre configured VPN client on it and restrict that client (inside Gatekeeper Pico PRO) to a specific area in their network. They set the policy using Yoggie Management Server. This allows them to control and restrict access of their contractors to their network.
Cheers,
Shlomo.
March 5th, 2008 at 8:16 am
Dear Gaetano,
Thank you for providing us with this valuable feedback. After checking with the SurfControl Web Filtering database servers, we’ve indeed discovered an issue which delayed the updates of the servers’ database. This has now been solved, and the sites you’ve mentioned, along with all the rest of the sites in the database are categorized properly.
March 25th, 2008 at 8:17 am
problem with web filtering…
I attach to this reply after seeing that is about web filtering.
I think that more than a bug on the web filter is a problem caused from some skilled web master to make the site insensible to categorization… you can take for example this (adult) website: http://www.tiavastube.com it is categorized from surf control but seams accessible also if in yoggie the adult cat is blocked… but if you use the direct ip:64.111.210.230 you found it blocked … so I think it’s a trick from the web site owner… maybe you can analyze the fact in this way … making yoggie impossible to trick…
my best compliments for your blog and for yoggie i was waiting it from many times!
best regards
March 27th, 2008 at 8:17 am
problem with web filtering…
Dear Yoggie user,
First of all thank you for the kind words. We are always very happy and proud to meet satisfied Yoggie customers.
Thank you also for providing us with this valuable feedback. After checking with the SurfControl Web Filtering database servers, we’ve discovered it’s simply a matter of a delay in the database update. This has now been solved, and the sites you’ve mentioned, along with all the rest of the sites in the database are categorized properly.
May 20th, 2008 at 7:50 am
Dear Shlomo, How do you differentiate the GK device from “personal firewalls” applications aka HIPS? And how do you deal with the h/w support issues?
Thanks Yuval
May 20th, 2008 at 7:51 am
Dear Yuval,
The Gatekeeper family of products implements a total of 13 security applications including: Firewall, Intrusion Detection and Intrusion Prevention systems. These applications run outside your computer on top of an external hardened Linux machine. The Personal Firewall and HIPS (Host based Intrusion Prevention Systems) you referred to, run on top of your Windows PC and therefore suffer from the following weaknesses:
In general Gatekeeper was designed to provide the end user with the highest level of security, usually found in enterprise networks. Gatekeeper comes with full SNORT implementation, a smart IDS/IPS system that usually is not found on end user desktop and dramatically improves overall security and performance with minimal user interference.
May 20th, 2008 at 8:27 am
Yoggie, and private sector
Submitted by Visitor (not verified) on Mon, 04/07/2008 - 09:48.
Dear mr. Shlomo, your idea regardless yoggie, are the first
serious effort, to protect the client side of peoples computer, and the idea of moving security out of the computer are just brilliant. I have here in Denmark contact
to CERT org. and spoken to the head leader, and ask him to
write an news flash about your product, and he was very interested in the yoggie product line. Looking into the future my own opinion are the your compagny will have as much success as microsoft had. People are just now discover
how it can be done in a very proffesional way..
THANK YOU FOR THIS PRODUCT.
Best and kind regards.
Per Ottosen.
May 24th, 2008 at 7:41 am
Dear Joseph,
As you mentioned, Yoggie Gatekeeper SOHO protects up to five computers and costs less than software yearly subscription for five users. We would love to accommodate your need for more than 5 supported clients and will take it into consideration in our future product planning.
May 28th, 2008 at 6:09 pm
I agree and support 100% of this posting. I’m the IT director at a Montréal based company providing telecommunications systems and services for the small and medium size business market. We need better security and I our client too. All that with effective costs of deployement. We have a cuple xServe and 24 workstations all OSX based. Our IT infrastructure is rock solid since we change from Windows and we’ve converted many of our clients promoting Mac systems. Unfortunately software based security has its limits.
Respectfully,
Jim