Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo Internet Security 2025 was obliterated by an exploit!
Message
<blockquote data-quote="bazang" data-source="post: 1111218" data-attributes="member: 114717"><p>Xcitium product earns very little revenue. Not enough to justify dedicating a development team to it.</p><p></p><p>The basic formula in software development is that a software must generate 750,000 Euros in revenue to support 3 employees with a salary of less than 60,000 Euros on the payroll.</p><p></p><p>Xcitium very likely generates less than 300,000 Euros per year in revenue. That is not nearly enough to even support 1 dedicated development employee. Unless Melih hires developers from poor 2nd and 3rd world nations. He can hire an army of programmers in Zimbabwe or Vietnam for only 100,000 Euros.</p><p></p><p></p><p></p><p>The marketing can say whatever it wants.</p><p></p><p>The EULA however states that the buyer/end user assumes all risk and the product is sold "AS IS" with no warranty of fitness of purpose. The product is not guaranteed to provide any protection and upon installation the end user agrees to these terms.</p><p></p><p>What that means is this: "You use this product and if it is bypassed then it is on you, and not on Xcitium or Comodo."</p><p></p><p></p><p></p><p>A true Zero Trust protection begins at the physical layer and goes all the way to the application layer in the network stack. Then on the operating system it is from the physical layer to the application layer. Then in the non-digital security realm, Zero Trust includes physical and personnel security. Next, Zero Trust includes very robust Governance, Risk Management and Compliance (GRC). All of these are combined.</p><p></p><p>I don't know how many times an enterprise has stated to me "We purchased Product XYZ marketed as Zero Trust and thereby implemented a Zero Trust Protection Model throughout our organization." They are extremely disappointed when I tell them they don't understand Zero Trust and that they need to spend another 5,000,000 Euros to get there.</p><p></p><p>Very, very few service providers know how to properly implement true Zero Trust and even fewer enterprises and governments can do it themselves. I don't know how many times a government has said to me "We air gap these high sensitivity machines. They are Zero Trust."</p><p></p><p>It takes a lot of time, resources, patience, knowledge, experience, and money to do Zero Trust the right way. It can be done - and done very well - using 100% Microsoft security. Why is this? Because Microsoft does adhere fully to the first principle of security: "Security is not software. It is a process." Plus it works so closely with the U.S. Government that it integrates many of the capabilities developed by NIST Special Publications that inform & guide virtually 100% of global enterprise security practices.</p><p></p><p>Lots of people and organizations think "Zero Trust implementation is purchase Zero Trust software and deploy it."</p><p></p><p>Meanwhile, for a small company, a correct Zero Trust security implementation is a 2 to 3 year process requiring an army of SMEs and implementers. And that usually only happens in very highly regulated industries where serious negative consequences can happen. It is not at all unusual for a financial transaction processor to take a couple of years fully implementing PCI DSS. And that is just the beginning of the security requirements and regulations that are applicable to their operations.</p><p></p><p>Most every Zero Trust product out there just exploits the words "Zero Trust." Why? Because people have no idea what Zero Trust really is.</p><p></p><p>Many organizations fail Zero Trust assessments and audits.</p></blockquote><p></p>
[QUOTE="bazang, post: 1111218, member: 114717"] Xcitium product earns very little revenue. Not enough to justify dedicating a development team to it. The basic formula in software development is that a software must generate 750,000 Euros in revenue to support 3 employees with a salary of less than 60,000 Euros on the payroll. Xcitium very likely generates less than 300,000 Euros per year in revenue. That is not nearly enough to even support 1 dedicated development employee. Unless Melih hires developers from poor 2nd and 3rd world nations. He can hire an army of programmers in Zimbabwe or Vietnam for only 100,000 Euros. The marketing can say whatever it wants. The EULA however states that the buyer/end user assumes all risk and the product is sold "AS IS" with no warranty of fitness of purpose. The product is not guaranteed to provide any protection and upon installation the end user agrees to these terms. What that means is this: "You use this product and if it is bypassed then it is on you, and not on Xcitium or Comodo." A true Zero Trust protection begins at the physical layer and goes all the way to the application layer in the network stack. Then on the operating system it is from the physical layer to the application layer. Then in the non-digital security realm, Zero Trust includes physical and personnel security. Next, Zero Trust includes very robust Governance, Risk Management and Compliance (GRC). All of these are combined. I don't know how many times an enterprise has stated to me "We purchased Product XYZ marketed as Zero Trust and thereby implemented a Zero Trust Protection Model throughout our organization." They are extremely disappointed when I tell them they don't understand Zero Trust and that they need to spend another 5,000,000 Euros to get there. Very, very few service providers know how to properly implement true Zero Trust and even fewer enterprises and governments can do it themselves. I don't know how many times a government has said to me "We air gap these high sensitivity machines. They are Zero Trust." It takes a lot of time, resources, patience, knowledge, experience, and money to do Zero Trust the right way. It can be done - and done very well - using 100% Microsoft security. Why is this? Because Microsoft does adhere fully to the first principle of security: "Security is not software. It is a process." Plus it works so closely with the U.S. Government that it integrates many of the capabilities developed by NIST Special Publications that inform & guide virtually 100% of global enterprise security practices. Lots of people and organizations think "Zero Trust implementation is purchase Zero Trust software and deploy it." Meanwhile, for a small company, a correct Zero Trust security implementation is a 2 to 3 year process requiring an army of SMEs and implementers. And that usually only happens in very highly regulated industries where serious negative consequences can happen. It is not at all unusual for a financial transaction processor to take a couple of years fully implementing PCI DSS. And that is just the beginning of the security requirements and regulations that are applicable to their operations. Most every Zero Trust product out there just exploits the words "Zero Trust." Why? Because people have no idea what Zero Trust really is. Many organizations fail Zero Trust assessments and audits. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
