"Suffice it to say, our state-of-the-art HQ was not cheap. We are protecting many of the world's best known organizations, as well as government departments, so we wanted to do everything right," he added. Network Box is also currently working with a consultant, to ensure our state-of-the-art security operations center, meets all relevant ISO security standards," he said. The company is seeking to be certified for ISO 27001, the updated version of the BS 17799 security standard.
'State-of-the-art' may sound normal but here it is almost an understatement. The biggest problem was making the floor as secure as possible while obeying Hong Kong fire regulations at the same time. Gazeley spent months on the design and implementation and what his team has produced looks rather like Mission Control in Houston. This bold visual statement of intent is rare among Hong Kong companies. But then, Gazeley and his company are not typical.
Brainstorming
Towards the end of the last century, Gazeley and his head of IT, Mark Webb-Johnson, were sitting in a coffee shop in the early hours wondering how to protect their customers from various attacks originating over the Internet. At that time they sold IT services and products to local companies. After looking at what was out there, they came to the conclusion that most of the offerings being sold did not do enough. The solutions were so complex that most customers did not understand what was going on. Nor should they have to, they thought.
Out of this, the Network Box was born. It was certainly one of the first 'all-in-one' systems available anywhere. Today, that kind of solution is known as unified threat management (UTM). Gazeley is proud in his belief that they were the pioneers of this type of technology offering.
"The Network Box 'unified threat management' technology was developed in the year 2000. The Internet suddenly made everyone part of a world-wide network they had no control over and it was clear that traditional firewalls were no longer enough. Our system was developed in direct response to the escalating need to comprehensively secure networks at the gateway, using real-time 'push' update technology," he said.
This 'push' technology is the method Network Box uses to update all of its customers world-wide with the latest virus signatures. In many ways, this technology has made it a little difficult for some people to evaluate the product properly. Some companies that specialize in evaluating security solutions have no way of evaluating a 'managed service' which is what Network Box does. They want to test the box itself but that is only half of what is done. Gazeley has sometimes had to work hard at explaining that.
Active protection
Right from the beginning, they knew that it would be crucial to get updates sent to their customers. It may have been possible 10 years ago to ask customers to log onto a website every Wednesday afternoon and download all the latest virus signatures, but that has not been true for many years (if it ever was).
"We are seeing one attack on each customer IP every five seconds around the globe. On average, our customers receive a SPAM email about once a minute, an infected email about once every five minutes, and have to cope with their own staff wasting about 47 per cent of their Internet usage, on 'none-work' related activities," he said.
With attacks coming that quickly, the automatic push technology they use becomes extremely important.
"We update all customers worldwide in an average of less than 45 seconds. It is all about the underlying real-time push technology, as well as our managed security business model. We realized from day one that the only way to offer customers genuinely effective network security was to do so using a managed service model. Few businesses can dedicate network security staff to do the job, yet with the ever-growing importance of the Internet, businesses cannot afford not to take the risk of being connected to the worldwide web on a twenty-four hour basis," he said.
Gazeley sees his solution as helping IT managers save time. Why, he asks, should they spend a lot of time on security when there are so many other things they must worry about?
That is reasonable, of course, but human beings are not always reasonable, as a glance at news stories on any given day will amply prove.
Time to wise up
Gazeley and his sales team must deal every day with a number of issues, most stemming from ignorance, but, being a consummate salesman, he is reluctant to put it so crudely.
"The three issues we struggle with the most are complacency, a lack of appreciation for what is really required, and the illusion that everything can be done in house by just buying a 'box' from somewhere and 'plugging it in.' Many organizations install a firewall and some antivirus software and just hope for the best. This just does not work. You need intrusion detection and prevention technology, content filtering and company policy enforcement; you need multi-layered antivirus, antispyware and antispam. But most of all you need someone to make sure all this is updated in real-time and actually working. The first thing many viruses do these days is cripple your antivirus system. Hackers do not want you to realize you have been infiltrated; they want to use your computer systems to their own ends. Just because your computers boot it does not mean they are secure," he said.
Despite the fact that the product is also a 'box', it is the managed service and immediate updates to all customers world-wide that distinguishes the Network Box product, he said.
One of the problems he and the company faces is what he calls 'marketing noise'. Security is very much in the news and many people are actually beginning to take it seriously and even more importantly, they are beginning to budget for it. Sadly, according to Gazeley, there is rather a lot of misinformation out there.
"Thankfully, more and more people are beginning to understand the need for security. Unfortunately, however, there is a very high level of 'marketing noise' out there and that makes it quite hard for users to understand what they are buying," he said.
Too little too late
Gazeley's frustration is obvious when he talks about going to see a potential customer many times but is only contacted after they have been attacked. Had they bought his product early, he believes, they would not have had to suffer the attack. He compares it to locking the front door or visiting the doctor. "Few of us wait until after we are burgled before we put locks on our doors, so not installing network security until after its too late bothers me a great deal every time I see it. Some people joke that security companies like ours must love hackers, viruses and worms. The truth is that we are no different to doctors. It is much more satisfying all around to have healthy patients to maintain, instead of sick patients to cure," he said.
Network Box may have a wonderful solution but one thing the IT industry has proved better than any other is that the best technology does not always win. The biggest challenge for a Hong Kong company in this market is getting the word out.
"Word of mouth has been our greatest asset. But we have to go head to head with the giants of the network security world, in terms of public relations, advertising and marketing. It is not easy, and it is not cheap. In the end however, to quote the old Chinese proverb, 'Paper can't wrap up Fire.' Our systems work. If people use out-of-date technology, and out-of-date methodology, in the end they will get infected, hacked and compromised. At that point, they have no choice but to examine the 'status quo.' Our mission is to reach them first. If we can do a better job, for less money, why would they want to secure their networks any other way?", he said.
Network Box has won multiple technology awards Asia and is now winning gongs in Europe and the US. This should make local people quite proud, but for the company, the question is not just the technology; it is becoming a household name in the industry. The next two years will be critical in shaping that outcome.