One of the cool features of Citrix's Advanced Access Control is the end-point client scanning feature, called "end-point analytics" (EPA). This is the feature that performs a security scan of a client device before establishes a VPN tunnel to determine how secure the device is. While these EPA scans held a lot of promise, many people were disappointed that Citrix's "out-of-the-box" scans didn't have enough functionality. Fortunately Citrix released an EPA SDK which allowed people to write their own scans.
A few of these people got together and formed a company for this purpose called EPAFactory. Over the past few years they've really established themselves as Advanced Access Control experts, and they've presented on this topic at BriForum in the past. EPAFactory didn't really have any competition in the end-point analytics space until a few months ago when a company called Ententrix sort of appeared out of nowhere.
Ententrix has a few different products, but only recently did I take the time to download their EPA scanning package. I unzipped the download to find the following file structure:
The documentation was available in an external PDF. But clicking into the license.doc file I found something interesting... Hmmm... This file.. It seems that I've seen it somewhere before. Just for kicks I figured I'd take a peek at the properties of the Word document. Here's what I found:
Whoops! The Ententrix documentation lists a company name of "epafactory.com." Worse yet, it lists the author as "Brian DaBinett," a friend of mine and one of the founders of EPAFactory. I talked to Brian recently and he most certainly is not working for Extentrix. So if Extentrix is cutting-and-pasting the documentation from EPAFactory, what else are they copying from them?
And a note to vendors: Stuff like this has happened before. If you're gonna blatently rip off a competitor, please have someone else proofread what you've stolen before you do it! (Oh, and be sure to blame the hired help.)