Thursday, March 15, 2007

Cisco's Secure Routers Are Winning

Infonetics Research published a synopsis of a recent report they authored. I'd like to highlight a few points.

Growth in the network security appliance and software market is expected to slow to the single-digits after 2007 as content security gateways and NAC products begin to infringe on network security product budgets.

“The most important appliance category to watch over the next year is secure routers. Sales were up 25% in 2006 and this year will pass $1 billion in worldwide sales, representing a significant portion of the overall network security market..."

Secure routers account for 29% of the total integrated security appliance market in 2006 and will continue to increase their share of the market through at least 2010...

Cisco continues to lead the overall network security market, with 38% worldwide revenue share in 2006, posting growth in all network security market segments tracked by Infonetics

Juniper and Check Point are tied for second, each with 9% worldwide revenue in 2006...

Infonetics’ network security report provides worldwide and regional market size and forecasts and worldwide market share for integrated security appliances in 6 price categories, secure routers, SSL VPN gateways, VPN and firewall software, and host- and network-based IDS/IPS products. Companies tracked include 3Com/TippingPoint, AEP, Alcatel-Lucent, Array, Aventail, Check Point, Cisco, Citrix, CA, D-Link, Enterasys, F5, Fortinet, Juniper, McAfee, NETASQ, Nokia, Nortel, Secure Computing, SonicWALL, Symantec, WatchGuard, ZyXEL, and others.

I wrote last year that all network security functions will end up in the switch. This Infonetics story is talking about "secure routers," which I assume are devices like Cisco's Integrated Services Routers. That idea is consistent with my vision for the "security switch."

The revenue share numbers are interesting; Cisco dominates, and when you add in Juniper (where the wheels are apparently coming off) you've got 56% of the market accounted for.

It's important for technical folks to understand that the people with budgets who ultimately procure equipment are not looking for the best technical solution. They are looking for something that is good enough. This is called satisficing. Decision-makers want to spend the least amount of money necessary to get them to a level they believe is as good as their peer group. Given these conditions, buying a Cisco ISR that advertises "Routing, Security and VPN, Voice, Wireless [and] Optimization of network bandwidth and applications" makes perfect sense.

If you're a vendor that makes a network traffic inspection and/or manipulation product, you're going to either end up on someone's switch or be a niche player. I see two functions that will not end up on the switch:

  1. Network forensic appliances: ISRs are not going to incorporate a multi-TB storage array and the associated analysis software required for network forensics.

  2. SIM/SEM/SIEM/Network Security Management suites: Just because all of your gear will end up belonging to Cisco doesn't mean you'll want to use something like Cisco MARS to make sense of it. It's likely you'll buy into the Self-Defeating Network but I see room for vendors like Q1 Labs to survive and maybe thrive.

Please note I am not talking about all security here. I am talking about devices that inspect and act upon network traffic.

No comments: