tag:blogger.com,1999:blog-4088979.post115642751947672465..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: All Network Security Functions in the SwitchRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4088979.post-90543157358480693682009-02-10T03:39:00.000-05:002009-02-10T03:39:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1156555770612288402006-08-25T21:29:00.000-04:002006-08-25T21:29:00.000-04:00Seems like similiar thoughts were being thrown aro...Seems like similiar thoughts were being thrown around in '98: "Today's security specialty companies cannot all survive; they can be eclipsed by the platform vendors too easily. Only platform vendors can deliver security that is integrated enough to scale and invisible enought to ignore" (Risk Management is Where the Money is At by Geer)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1156487477530580062006-08-25T02:31:00.000-04:002006-08-25T02:31:00.000-04:00I agree with you on this Richard. Protecting syste...I agree with you on this Richard. Protecting systems at a chokepoint (aka perimeter firewall) is not enough...for me at least. I want to monitor and firewall every host in some form.<BR/><BR/>I'm still waiting for someone to build a new switch from the ground up, with security features built-in and done right the first time, not as clunky add-ons that don't scale well.<BR/><BR/>A Juniper/NetScreen core switch would be neat. Firewalling and nsm on all ports!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1156487456083706622006-08-25T02:30:00.000-04:002006-08-25T02:30:00.000-04:00I would like to think that, in the end, the best t...I would like to think that, in the end, the best technology would win out. However, my observation is that decisions regarding consolidation are driven from a management perspective, not a security one. In the end, it really doesn't matter if Cisco can do the job well at all.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1156458363434812022006-08-24T18:26:00.000-04:002006-08-24T18:26:00.000-04:00Ah -- thanks RS. I thought someone had a term for...Ah -- thanks RS. I thought someone had a term for that. Cool.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1156455174856052572006-08-24T17:32:00.000-04:002006-08-24T17:32:00.000-04:00I agree with you completely Richard that network s...I agree with you completely Richard that network security functions belong in the switch. I even dubbed the idea: "Secure Network Fabric". <BR/><BR/>If you believe in consolidation than you expect the Symantecs of the world to acquire a lot of companies and become one-stop-shops for security. Yet, that has not worked at all. <BR/><BR/>What Cisco did to the switch network is consolidation. They bought everybody until they had 80% market share. That is not happening in security. The largest player has about 5% of the market. ISS is so small the acquisition by IBM does not impact the market at all. EMC buying RSA is not consolidation either. It is a storage player responding to market demands that it perceives. <BR/><BR/>(Of course I have a vested interest in claiming the industry is not consolidting. I have quit my job and started an independant research firm to study the security space. If it is consolidating I should be moving on to SOA, or Web 2.0 or something new)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1156454874564713902006-08-24T17:27:00.000-04:002006-08-24T17:27:00.000-04:00All of this discussion is actually 'assuming' that...All of this discussion is actually 'assuming' that these network companies don't engineer their security products in a vacuum; most just engineer products inline with their networking products without real insight into how security products should be designed. When looking at most 'security' prodcuts offered by networking companies, it is still obvious that they look at security from an 'enclave' perspective. IPS...works 'ok' when it is deployed in a single ingress/egress point. Move it outside of that scenario (to include multi-vendor solutions)...you're asking for trouble. I'll be concerned about Cisco (and similar companies) owning the security product space when they actually start to make 'innovative security products' and not 'security enabled networking products'.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1156445034667209482006-08-24T14:43:00.000-04:002006-08-24T14:43:00.000-04:00Right now, though, Cisco has the same issues as So...Right now, though, Cisco has the same issues as Sony does in the mp3 market. It seems like they should be logically pulling this off - they have Sony music, they have a brand that traditionally is associated with portable music, and they even have form factor killers in Sony/Ericsson phones. But for whatever reason, their audio products just aren't gaining critical mass. It's in the execution...<BR/><BR/>Cisco has firewall penetration, to be sure. But for whatever reason, their infosec initiative is somewhat stuck outside of firewall/VPN. From what i understand reception to NAC, MARS, and their IDS solutions has been tepid.<BR/><BR/>That's not to say that neither company can or will get their act together w/regards to hardware...<BR/><BR/>However, Steinnon's perspective on the health of the market given the number of vendors aside, I think we should consider another point - that ISS was as much a Services provider as it was a hardware vendor, and maybe even moreso. For Cisco to *truly* take advantage of their market share at the switch - they'll want to develop an entire services branch, and not just monitoring. All the "hard" and "soft" skills will need to be represented.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1156428786315436852006-08-24T10:13:00.000-04:002006-08-24T10:13:00.000-04:00Consolidation can only occur when the technology i...Consolidation can only occur when the technology is at a point that it is known and containable. Security is a quite uncontainable in terms of techniques and solutions. Every day the technology required to provide security is beaten. I do think consolidation into a switch is "okay" idea - I just don't think it's realistic.<BR/><BR/>I'm one of the few folks that think firewall + ips = bad idea. Consolidation also brings on challenges of securing all the necessary technologies in one system. A group of engineers are going to make the switch component, another group the ACL component, another group the SSL component, another group the IPS component and so on. A flaw in one component leads to a flaw in all components. Instead of having to get past three or four security devices - I only have to get past one now.<BR/><BR/>As for the market consolidating in terms of companies - that is a benefit to startups. Startups can then move onto new technologies in regards to solving security problems. Gorillas on the other hand have to deal with integrating the two products. I'll have done both in my career (multiple times) and I can say that I'll bet on the startup versus the integration any day.<BR/><BR/>Look at the market to see the result of that.Anonymousnoreply@blogger.com