All Network Security Functions in the Switch
The ISS acquisition has me thinking again about the security space. I noticed Richard Stiennon wrote the following:
Consolidation? Not even close. There are over 867 vendors in the IT-Harvest knowledge base this morning. When that number falls month to month we can start talking about consolidation.
I'm not sure that's the right way to look at the issue. How many of those companies are 1 year old or less? 2 years? 3 years? I'm guessing that many companies that were firewall development startups have either been bought or gone out of business. The same can be said for other product types. The vendor count may never decrease because new companies are always joining the market to address new problems (or so they claim). I think that process is consolidation.
The main reason I posted this entry, however, is the title above. I am not the only person to discuss collapsing all network security functions into switches, and I have probably said something similar already. Nevertheless, I believe that the future is not bright for companies that want to introduce network security products but remain independent.
Let me define a few terms. By "network security" I mean products that interact with network traffic, for inspection or access control decisions. I do not mean products which work on the host level. When I say "remain independent" I mean start as a small company and grow to become a billion dollar plus company.
It seems as though all network security functions are going to collapse into the devices which carry traffic -- switches. Consider a router to be a "layer 3 switch" for the sake of this argument. If you can't accept that, imagine I said "switches and routers" earlier.
I think the shelf life of point products is going to become increasingly short. In other words, I could see IBM eventually selling or abandoning its ISS network security product line. Why? IBM doesn't make switches or routers that compete with Cisco. The functions that ISS network security products provide, however, are going to end up in Cisco switches. Those features are going to be available as upgrades to sufficiently powerful switches, leaving managers with the choice of running Cisco plus other boxes, or just Cisco. They will choose "just Cisco."
Am I Cisco hack? No (but I do have my CCNA). Do I think this is the best of all possible worlds? No, since I prefer Cisco's routing and switching to its security products. Nevertheless, the drive to consolidate products is going to eventually collapse network security functionality down to the only boxes which absolutely must remain -- switches.
I expect to see network security point products continue to be developed. However, they will continue to be outsourced research, development, and viability testing factories for Cisco. When Cisco sees a product it likes, it will buy the company and then integrate the functionality into its own equipment.
Where does this leave the other security gorillas, and gorilla wanna-bes? Those that focus on host-centric products may continue to exist, but there is a good chance that they will be continue to be bought by Microsoft. Those that provide services to make all this work will grow. I think this is where IBM and other giant integrators can make a good living.
Consolidation? Not even close. There are over 867 vendors in the IT-Harvest knowledge base this morning. When that number falls month to month we can start talking about consolidation.
I'm not sure that's the right way to look at the issue. How many of those companies are 1 year old or less? 2 years? 3 years? I'm guessing that many companies that were firewall development startups have either been bought or gone out of business. The same can be said for other product types. The vendor count may never decrease because new companies are always joining the market to address new problems (or so they claim). I think that process is consolidation.
The main reason I posted this entry, however, is the title above. I am not the only person to discuss collapsing all network security functions into switches, and I have probably said something similar already. Nevertheless, I believe that the future is not bright for companies that want to introduce network security products but remain independent.
Let me define a few terms. By "network security" I mean products that interact with network traffic, for inspection or access control decisions. I do not mean products which work on the host level. When I say "remain independent" I mean start as a small company and grow to become a billion dollar plus company.
It seems as though all network security functions are going to collapse into the devices which carry traffic -- switches. Consider a router to be a "layer 3 switch" for the sake of this argument. If you can't accept that, imagine I said "switches and routers" earlier.
I think the shelf life of point products is going to become increasingly short. In other words, I could see IBM eventually selling or abandoning its ISS network security product line. Why? IBM doesn't make switches or routers that compete with Cisco. The functions that ISS network security products provide, however, are going to end up in Cisco switches. Those features are going to be available as upgrades to sufficiently powerful switches, leaving managers with the choice of running Cisco plus other boxes, or just Cisco. They will choose "just Cisco."
Am I Cisco hack? No (but I do have my CCNA). Do I think this is the best of all possible worlds? No, since I prefer Cisco's routing and switching to its security products. Nevertheless, the drive to consolidate products is going to eventually collapse network security functionality down to the only boxes which absolutely must remain -- switches.
I expect to see network security point products continue to be developed. However, they will continue to be outsourced research, development, and viability testing factories for Cisco. When Cisco sees a product it likes, it will buy the company and then integrate the functionality into its own equipment.
Where does this leave the other security gorillas, and gorilla wanna-bes? Those that focus on host-centric products may continue to exist, but there is a good chance that they will be continue to be bought by Microsoft. Those that provide services to make all this work will grow. I think this is where IBM and other giant integrators can make a good living.
Comments
I'm one of the few folks that think firewall + ips = bad idea. Consolidation also brings on challenges of securing all the necessary technologies in one system. A group of engineers are going to make the switch component, another group the ACL component, another group the SSL component, another group the IPS component and so on. A flaw in one component leads to a flaw in all components. Instead of having to get past three or four security devices - I only have to get past one now.
As for the market consolidating in terms of companies - that is a benefit to startups. Startups can then move onto new technologies in regards to solving security problems. Gorillas on the other hand have to deal with integrating the two products. I'll have done both in my career (multiple times) and I can say that I'll bet on the startup versus the integration any day.
Look at the market to see the result of that.
Cisco has firewall penetration, to be sure. But for whatever reason, their infosec initiative is somewhat stuck outside of firewall/VPN. From what i understand reception to NAC, MARS, and their IDS solutions has been tepid.
That's not to say that neither company can or will get their act together w/regards to hardware...
However, Steinnon's perspective on the health of the market given the number of vendors aside, I think we should consider another point - that ISS was as much a Services provider as it was a hardware vendor, and maybe even moreso. For Cisco to *truly* take advantage of their market share at the switch - they'll want to develop an entire services branch, and not just monitoring. All the "hard" and "soft" skills will need to be represented.
If you believe in consolidation than you expect the Symantecs of the world to acquire a lot of companies and become one-stop-shops for security. Yet, that has not worked at all.
What Cisco did to the switch network is consolidation. They bought everybody until they had 80% market share. That is not happening in security. The largest player has about 5% of the market. ISS is so small the acquisition by IBM does not impact the market at all. EMC buying RSA is not consolidation either. It is a storage player responding to market demands that it perceives.
(Of course I have a vested interest in claiming the industry is not consolidting. I have quit my job and started an independant research firm to study the security space. If it is consolidating I should be moving on to SOA, or Web 2.0 or something new)
I'm still waiting for someone to build a new switch from the ground up, with security features built-in and done right the first time, not as clunky add-ons that don't scale well.
A Juniper/NetScreen core switch would be neat. Firewalling and nsm on all ports!