Shimel's in Der Himmel & Stiennon's A Mean-Un...NAC Dust-Up Part Deux.

Nothing to see here folks.  Move along...

This is like a bad episode of "Groundhog Day" meets "Back To the Future." 

You know, when you wake every day to the same daymare where one person's touting that features like NAC are the next flux capacitor while another compares its utility to that of sandpaper in the toilet roll dispensers in a truck stop restroom? 

I know Internet blog debates like this get me more excited than having my nipples connected to jumper cables and being waterboarded whilst simultaneously shocked with 1.21 Jigawatts...

Alan Shimel's post ("Stiennon says NAC is dead - I must be in heaven!") in response to Stiennon's entry ("Don't even bother investing in Network Admission Control") is hysterical.

Why?

Because it's the exact arguments (here and here) they had back in August 2007 when I refereed (see below) the squabble the first time around and demonstrated convincingly how they were both right and both wrong.  The silly little squabble -- like most things -- is all a matter of perspective.

I'd suggest that if you want a quick summary of the arguments without having to play blog pong, you can just read my summary from last year, as none of their arguments have changed.

/Hoff

P.S. The German word "himmel" translates to "heaven" (and sky) in English...funny given Shimmy's post title, methinks...

Speaking of Yesterday, Mr. Shimel, You Do Know It's Not 2001, Right?

In response to my post regarding the CapGemini/GoogleApps relationship, in which I espoused the benefits of the upcoming service offering, Alan Shimel obviously forgot to take his meds as he referenced some bizarre military campaign reference in his post titled "Yesterday's Argument, Tomorrow's Solution."

I really tried to keep up with Alan's logic in this post, but try as I might, I could not make heads or tails from Alan's arguments in which seemed to contradict himself and ultimately make the same argument I did in my post.


As far as I can tell, Alan is suggesting that I'm out of touch with the realities of market economics and that security, privacy and compliance have no impact on the adoption of SaaS:

One of the classic mistakes that armies on the losing side make is fighting the next war with the last wars weapons and tactics.  I am afraid Mr Hoff is guilty as charged in talkingGoogle/CapGemini deal.  In case you have not heard, CapGemini will offer Google Apps to the one million strong corporate desktops that it services. 

Firstly, this announcement is less than 12 hours old.  I hardly see how I'm on the "losing" side of anything? I've been suggesting that Google is in a position to encroach upon and own multiple markets currently monopolized by titans.  Alan's already disagreed with me on Microsoft vs. Google once before, but that's not what this is about.  I really don't understand what the heck he means by my supposed "guilt" in "taking the losing side."

Chris does a nice job of explaining how CG will make money on this and some of the advantages of Google Apps. However, Chris seems to side on the camp of those who think that SaaS based, centrally managed applications and the data that goes with it, will present compliance and security concerns that could slow adoption. 

Um, yeah!  Want some electricity for that cave you're living in!?  You're not seriously suggesting that privacy, security and compliance do not hinder the adoption of technology and services are you, and more specifically, centrally-hosted applications and data?

I say poppycock to that.

I guess you are.

I heard the same thing about Qualys storing vulnerability data 5 years ago and over the intervening time have seen that argument melt away except for maybe in the federal government space.  In fact Qualys has now become the tester of choice for PCI compliance in many cases.  But beyond that, the whole issue of outsourcing application hosting brings me back to my days at Interliant, an early entrant into the ASP market.  We hosted Lotus Notes, PeopleSoft and other enterprise level applications. As well as managed security (mostly checkpoint firewalls, which was sold to Akiva).

Just so I understand this, Alan is ignoring the history of my blog and then attempts to shore up his point by citing the poster child of Security SaaS for the last 6 years or so, Qualys.  For those of who who read my blog regularly, you already know that (1) I am a huge proponent of SaaS, and (2) I was a Qualys customer and advisory board member.  Alan obviously doesn't recognize either of those points.

To wit, storing scrubbed and encrypted vulnerability data (as Qualys does) is quite different than storing unparsed, unencrypted sensitive corporate data which is intended to be collaboratively shared. 

The issue has not melted away, Alan...in fact, it's the impetus of probably half of the security industry's income statements, including yours.

One thing that we learned the hard way at Interliant is that people will not outsource applications which they consider critical and core to the business.  So for instance, if they were an accounting firm, they would probably not outsource the hosting and management of their accounting software.  However, critical, non-core applications are good candidates for outsourcing.  I think for the most part, this is exactly where the Google Apps fall.  I think the success of hosted CRM like Salesforce.com also shows that people are willing to outsource critical, non-core applications.

So there's been no movement in the adoption of SaaS from your experience 6 years ago at Interliant?  Look, SaaS is certainly on the uptake and it's bringing new and interesting avenues to market for services that range from hosted apps to security, but it's far from ubiquitous and it's certainly got its fair share of scale, security and privacy concerns to deal with.

Poppycock away all you like, but riddle me this, how is it that you do not consider email, spreadsheets, presentations and documents "...critical and core to the business?"  I dare you to turn off your email fora week and tell me it's not critical.

Now the fact that it is Google after all, raises in my mind anyway, two other issues. One is the privacy of my data from Google.  Is Google going to use that to hone the ad words they serve up to me?  The other is that as Google continues to grow, will it suffer from Microsoft like "evil empire" syndrome, where people attach dark aspirations to everything they do. I guess we will have to see how this plays out.

You just contradicted yourself and reinforced the exact point I made!  So now you're concerned about privacy and hosted data?  That's what my post was about entirely.

SaaS does and will absolutely continue to drive privacy concerns, especially for the very reasons at the end of your argument you make such a big point about highlighting.  I even talked about this in this post here titled "On-Demand SaaS Vendors Able to Secure Assets Better than Customers?"

I can't figure out what point Alan's making here; he seems to agree and disagree with my posting in the same post.

/Hoff

More on GoogleTini...(Google/Postini Acquisition) by Way of Shimel's Post

Y esterday's post regarding my prognostication of the Google/Postini M&A activity yielded a ton of off-line feedback/opinion/queries.  I had three press/analyst calls yesterday on my opinion, so either I'm tickling somebody's interest funny bone or I'm horribly wrong ;)

Either way, Alan Shimel piped up today with his perspective.  It's not often I disagree with Alan, but the root of his comment leaves me puzzled.  Alan said:

I do not think that Google's acquisition of Postini is a shot across the bow of Microsoft.  I think Google goes about its business of delivering on its vision.  I think its vision is rather simple really. Google believes that the future belongs to Software as a Service (SaaS).  As part of their SaaS strategy, they need to secure their web based apps, as well as offer security as a service.  This is not really much different than Microsofts "Live" program, also a Software as a Service play.  That is where the competition is.

It appears that Alan's really re-stating what I said yesterday regarding SaaS and especially as I highlighted the security aspects thereof, but his statements are strangely contradictory in the scope of this single paragraph.

To wit, if Google is indeed focused on SSaaS (Secure Software as a Service) and they're looking to displace at least for certain markets traditional "Office" applications which are Microsoft's cash cow ($12B business?) how is this not a "shot across the bow of Microsoft?"

Further, if Microsoft is engaging in SaaS with Live, then it further underscores the direct competitive model that demonstrates that Microsoft (et al.) are firmly in the target hairs.

What am I missing here?

/Hoff

(EDIT: Added a link to an interview I did with TheStreet.com here.)

BrokeNAC Mountain - "I wish I knew how to quit you."

An entire day and forum dedicated to NAC in the NYC?  Huh.  I thought we did that at InterOp and RSA already!?  I suppose it's necessary to wade through all the, uh, information surrounding the second coming of network security.

If someone builds one for UTM, I will kill myself.   

Oh NAC...I wish I knew how to quit you!

(I was going to photoshop the poster to the left including Alan Shimel and changing the title to BrokeNAC Mountain, but I can't find my Photoshop CD and I've got a plane to catch to Milan...)

I've made it clear that I think NAC (Network Admission Control and Network Access Control) is valuable and worth investing in as part of a layered defense.  It ain't the silver bullet of security, however.  Maybe Stiennon can come up with a new name for it and it will be?

I've also made it clear that despite the biggest amount of hype since the Furby, NAC will become a feature as part of a conglomeration of solutions in the short term (24 months); it already is a replacement blanket marketing term for companies that used to be SSL VPN's that then became IPS's that are now NAC.  Look at the companies that now claim they're NAC-focused.  That's usually because the "market" they were in previously collapsed -- just like NAC will.

It seems that NAC's relationship with the world plays out just like a scene from Brokeback Mountain where the two main characters discuss whether the public sees through the thin facade of the uneasy relationship they project to the world -- just like the front NAC puts on:

Ennis Del Mar: You ever get the feelin'... I don't know, er... when you're in town and someone looks at you all suspicious, like he knows? And then you go out on the pavement and everyone looks like they know too?
Jack Twist: [Casually] Well... maybe you oughta get out of there, you know? Find yourself someplace different. Maybe Texas.
Ennis Del Mar: [Sarcastically] Texas? Sure, maybe you can convince Alma to let you and Lureen to adopt the girls. And we can just live together herding sheep. And it'll rain money from LD Newsome and whiskey'll flow in the streams - Jack, that's real smart.
Jack Twist: Go to hell, Ennis. If you wanna live your miserable fuckin' life, then go right ahead.
Ennis Del Mar: Fine.
Jack Twist: I was just thinkin' out loud.
Ennis Del Mar: Yep, you're a real thinker there. Goddamn. Jack fuckin' Twist; got it all figured out, ain't ya?

If the next NAC Forum is held in Texas, you'll know the end of the world is near...'course there ain't nuthin' wrong with the heavens rainin' money and streams full-a whiskey...

At any rate, I was catching up on my back-dated blog entries and just read Dom Wilde's (Nevis Networks  Illuminiations Blog) summary of the Network Computing NAC 2007 Forum and couldn't help but chuckle.  Shimel's review seemed a little more upbeat compared to Dom's, but since Alan got stalked by a blogger paparazzi in a three-wheeled, pedal-powered rickshaw, I can see why.

Snippet Summary from Dom's Post:

It's little wonder that people are confused about NAC.  Too many times during the day I found myself with a furrowed brow trying delineate between reality and fiction...Disappointing moment of the day - 7 panelists on the OOB panel frying the audience's collective brain, by taking 10 minutes each to say "me too".  Result: half the audience didn't return after lunch for more lively and concise discussions on in-line and framework based solutions, and more critically, to hear narratives and lessons learned from people who have deployed NAC.

Snippet Summary from Alan's Post:

Anyway, it was a great way for people looking at deploying NAC to come up and touch and feed a real live NAC vendor. Ultimately, you still have to install the product and play with it yourself to see if it works.  There were lots of claims and NAC crap flying today.  I also would like to see more of a panel of answering questions then just giving our elevator pitch powerpoints to the crowd.  Still a worthwhile day and a good job by Network Computing. I think all of the elevator pitches will be posted on NC site soon.

Sounds great.

Both Dom and Alan's companies provide NAC solutions.  Both were at the show.  Both seem to convey the sense that this was more circus than it was scholarly.  I'm not sure that's because it was focused on NAC or because in general most conferences/forums are completely useless, but I'm interested in anyone else's opinion from those what where there.

/Hoff

The 4th Generation of Security Devices = UTM + Routing & Switching or New Labels = Perfuming a Pig?

That's it.  I've had it.  Again.  There's no way I'd ever make it as a Marketeer.  <sigh>

I almost wasn't going to write anything about this particular topic because my response can (and probably should) easily be perceived as and retorted against as a pissy little marketing match between competitors.  Chu don't like it, Chu don't gotta read it, capice?

Sue me for telling the truth. {strike that, as someone probably will}

However, this sort of blatant exhalation of so-called revolutionary security product and architectural advances disguised as prophecy is just so, well, recockulous, that I can't stand it.

I found it funny that the Anti-Hoff (Stiennon) managed to slip another patented advertising editorial Captain Obvious press piece in SC Magazine regarding what can only be described as the natural evolution of network security products that plug into -- but are not natively -- routing or switching architectures.

I don't really mind that, but to suggest that somehow this is an original concept is just disingenuous.

Besides trying to wean Fortinet away from the classification as UTM devices (which Richard clearly hates
to be associated with) by suggesting that UTM should be renamed as "Flexible Security Platform," he does a fine job of asserting that a "geologic shift" (I can only assume he means tectonic) is coming soon in the so-called fourth generation of security products.

Of course, he's completely ignoring the fact that the solution he describes is and has already been deployed for years...but since tectonic shifts usually take millions of years to culminate in something noticeably remarkable, I can understand his confusion.

As you'll see below, calling these products "Flexible Security Platforms" or "Unified Network Platforms" is merely an arbitrary and ill-conceived hand-waving exercise in an attempt to differentiate in a crowded market.  Open source or COTS, ASIC/FPGA or multi-core Intel...that's just the packaging and delivery mechanism.  You can tart it up all you want with fancy marketing...

It's not new, it's not revolutionary (because it's already been done) and it sure as hell ain't the second coming.  I'll say it again, it's been here for years.  I personally bought it and deployed it as a customer almost 4 years ago...if you haven't figured out what I'm talking about yet, read on.

Here's how C.O. describes what the company I work for has been doing for 6 years and that he intimates Fortinet will provide that nobody else can:

We are rapidly approaching the advent of the fourth generation security platform. This is a device that can do all of the security functions that are lumped in to UTM but are also excellent network devices at layers two and three. They act as a switch and a router. They supplant traditional network devices while providing security at all levels. Their inherent architectural flexibility makes them easy to fit into existing environments and even make some things possible that were never possible before. For instance a large enterprise with several business units could deploy these advanced networking/security devices at the core and assign virtual security domains to each business unit while performing content filtering and firewalling between each virtual domain, thus segmenting the business units and maximizing the investment in core security devices.

One geologic shift that will occur thanks to the advent of these fourth generation security platforms is that networking vendors will be playing catch up, trying to patch more and more security functions into their under-powered devices or complicating their go to market message with a plethora of boxes while the security platform vendors will quickly and easily add networking functionality to their devices.

Fourth generation network security platforms will evolve beyond stand alone security appliances to encompass routing and switching as well. This new generation of devices will impact the networking industry it scrambles to acquire the expertise in security and shift their business model from commodity switching and routing to value add networking and protection capabilities.

Let's see...combine high-speed network processing whose routing/switching architecture was designed by the same engineers that designed Bay/Welfleet's core routers, add in a multi-core Intel processing/compute layer which utilizes virtualized, load-balanced security applications as a  service layer that can be overlaid across a fast, reliable, resilient and highly-available network transport and what do you get?

This:

Up to 32 GigE or 64 10/100 switching ports and 40 Intel cores in a single chassis today...and in Q3'07 you'll also have the combination of our NextGen network processors which will provide up to 8x10GigE and 40xGigE with 64 MIPS Network Security cores combined with the same 40 Intel cores in the same chassis.

By the way, I consider that routing and switching are just table stakes, not market differentiators; in products like the one to the left, this is just basic expected functionality.

Furthermore, in this so-called next generation of "security switches," the customer should be able to run both open source as well as best-in-breed COTS security applications on the platform and not constrain the user to a single vendor's version of the truth running proprietary software.

-----

But wait, it only gets better...what I found equally as hysterical is the notion that Captain Obvious now has a sidekick!  It seems Alan Shimel has signed on as Richard's Boy Wonder.  Alan's suggesting that again, the magic bullet is Cobia and that because he can run a routing daemon and his appliance has more than a couple of ports, it's a router and a switch as well as a multi-function UTM UNP swiss army knife of security & networking goodness -- and he was the first to do it!  Holy marketing-schizzle Batman! 

I don't need to re-hash this.  I blogged about it here before.

You can dress Newt Gingrich up as a chick but it doesn't mean I want to make out with him...

This is cheap, cheap, cheap marketing on both your parts and don't believe for a minute that customers don't see right through it; perfuming pigs is not revolutionary, it's called product marketing.

/Hoff

Gartner Solutions Expo a Good Gauge of the Security Industry?

Mark Wood from nCircle blogged about his recent experience at the Gartner IT Security Summit in D.C.  Alan Shimel commented on Mark's summary and both of them make an interesting argument about how Gartner operates as the overall gauge of the security industry.  Given that I was  also there, I thought I'd add some color to Mark's commentary:

In 2006, there were two types of solutions that seemed to dominate the floor: network admission control and data leakage (with the old reliable identity and access management coming in a strong third). This year, the NAC vendors were almost all gone and there were many fewer data leakage vendors than I had expected. Nor was there any one type of solution that really seemed to dominate.

...that's probably because both of those "markets" are becoming "features" (see here and here) and given how Gartner proselytizes to their clients, features and those who sell them need to spend their hype-budgets wisely and depending upon where one is on the hype cycle (and what I say below,) you'll see less vendors participating when the $ per lead isn't stellar.  Lots and lots of vendors in a single quadrant makes it difficult to differentiate.

 

The question is: What does this mean? On the one hand, I continue to be staggered by the number of new vendors in the security space. They seem to be like ants in the kitchen -- acquire one and two more crawl out of the cracks in the window sill. It's madness, I tell you! There were a good half a dozen names I had never seen before and I wonder if the number of companies that continue to pop up is good or bad for our industry. It's certainly good that technological innovation continues, but I wonder about the financial status of these companies as funding for security startups continues to be more difficult to get. There sure is a lot of money that's been poured into security and I'm not sure how investors are going to get it back.

Without waxing on philosophically on the subconscious of the security market, let me offer a far more simple and unfortunate explanation:

Booth space at the Gartner show is one of, if not the most, expensive shows on the planet when you consider how absolutely miserable the scheduling of the expo hours are for the vendors.  They open the vendor expo at lunch time and during track sessions when everyone is usually eating, checking email, or attending the conference sessions!  It's a purely economic issue, not some great temperature taking of the industry.

I suppose one could argue that if the industry were flush with cash, everyone showing up here would indicate overall "health," but I really do think it's not such a complex interdependency.  Gartner is a great place for a booth if you're one of those giant, hamster wheel confab "We Do Everything" vendors like Verisign, IBM or BT.

I spoke to about 5 vendors who had people at the show but no booth.  Why?  Because they would get sucked dry on booth costs and given the exposure (unless you're a major sponsor with speaking opportunities or a party sponsor) it's just not worth it.  I spoke with Ted Julian prior to his guest Matasano blog summary, and we looked at each other shaking our heads.

While the quality of the folks visiting are usually decision makers, the foot traffic is limited in the highly-compressed windows of availability.  The thing you really want to do is get some face time with the analysts and key customers and stick and move. 

The best bang for the exposure buck @ Gartner is the party at the end of the second day.  Crossbeam was a platinum sponsor this year; we had a booth (facing a wall in the back,) had two speaking sessions and sponsored a party.  The booth position and visibility sucked for us (and others) while the party had folks lined out the door for food, booze and (believe it or not) temporary tattoos with grown men and women stripping off clothing to get inked.  Even Stiennon showed up to our party! ;)

On the other hand, it seemed that there was much less hysteria than in years past. No "we-can-make-every-one-of-your-compliance-problems-vanish-overnight" or "confidential-data-is-seeping-through-the-cracks-in-your-network-while-you-sleep-Run!-Run!" pitches this year. There seems to be more maturity in how the industry is addressing its buying audience and I find this fairly encouraging. Despite the number of companies, maybe the industry is slowing growing up after all. It'll be interesting to see how this plays out.

Well, given the "Security 3.0 theme" which apparently overall trends toward mitigating and managing "risk", a bunch of technology box sprinkling hype doesn't work well in that arena.  I would also ask whether or not this really does represent maturity or the "natural" byproduct of survival of the fittest -- or those with the biggest marketing budgets?  Maybe it's the same thing?

/Hoff

Network Intelligence is an Oxymoron & The Myth of Security Packet Cracking

[Live from Interop's Data Center Summit]

Jon Oltsik crafted an interesting post today regarding the bifurcation of opinion on where the “intelligence” ought to sit in a networked world: baked into the routers and switches or overlaid using general-purpose compute engines that ride Moore’s curve.

I think that I’ve made it pretty clear where I stand.   I submit that you should keep the network dumb, fast, reliable and resilient and add intelligence (such as security) via flexible and extensible service layers that scale both in terms of speed but also choice.

You should get to define and pick what best of breed means to you and add/remove services at the speed of your business, not the speed of an ASIC spin or an acquisition of technology that is neither in line with the pace and evolution of classes of threats and vulnerabilities or the speed of an agile business. 

The focal point of his post, however, was to suggest that the real issue is the fact that all of this intelligence requires exposure to the data streams which means that each component that comprises it needs to crack the packet before processing.   Jon suggests that you ought to crack the packet once and then do interesting things to the flows.  He calls this COPM (crack once, process many) and suggests that it yields efficiencies -- of what, he did not say, but I will assume he means latency and efficacy.

So, here’s my contentious point that I explain below:

Cracking the packet really doesn’t contribute much to the overall latency equation anymore thanks to high-speed hardware, but the processing sure as heck does!  So whether you crack once or many times, it doesn’t really matter, what you do with the packet does.

Now, on to the explanation…

I think that it’s fair to say that many of the underlying mechanics of security are commoditizing so things like anti-virus, IDS, firewalling, etc. can be done without a lot of specialization – leveraging prior art is quick and easy and thus companies can broaden their product portfolios by just adding a feature to an existing product.

Companies can do this because of the agility that software provides, not hardware.  Hardware can give you scales of economy as it relates to overall speed (for certain things) but generally not flexibility. 

However, software has it’s own Moore’s curve or sorts and I maintain that unfortunately its lifecycle, much like what we’re hearing @ Interop regarding CPU’s, does actually have a shelf life and point of diminishing return for reasons that you're probably not thinking about...more on this from Interop later.

John describes the stew of security componenty and what he expects to see @ Interop this week:

I expect network intelligence to be the dominant theme at this week's Interop show in Las Vegas. It may be subtle but its definitely there. Security companies will talk about cracking packets to identify threats, encrypt bits, or block data leakage. The WAN optimization crowd will discuss manipulating protocols and caching files, Application layer guys crow about XML parsing, XSLT transformation, and business logic. It's all about stuffing networking gear with fat microprocessors to perform one task or another.

That’s a lot of stuff tied to a lot of competing religious beliefs about how to do it all as Jon rightly demonstrates and ultimately highlights a nasty issue:

The problem now is that we are cracking packets all over the place. You can't send an e-mail, IM, or ping a router without some type of intelligent manipulation along the way.

<nod>  Whether it’s in the network, bolted on via an appliance or done on the hosts, this is and will always be true.  Here’s the really interesting next step:

I predict that the next bit wave in this evolution will be known as COPM for "Crack once, process many." In this model, IP packets are stopped and inspected and then all kinds of security, acceleration, and application logic actions occur. Seems like a more efficient model to me.

To do this, it basically means that this sort of solution requires Proxy (transparent or terminating) functionality.  Now, the challenge is that whilst “cracking the packets” is relatively easy and cheap even at 10G line rates due to hardware, the processing is really, really hard to do well across the spectrum of processing requirements if you care about things such as quality, efficacy, and latency and is “expensive” in all of those categories.

The intelligence of deciding what to process and how once you’ve cracked the packets is critical. 

This is where embedding this stuff into the network is a lousy idea. 

How can a single vendor possibly provide anything more than “good enough” security in a platform never designed to solve this sort of problem whilst simultaneously trying to balance delivery and security at line rate? 

This will require a paradigm shift for the networking folks that will either mean starting from scratch and integrating high-speed networking with general-purpose compute blades, re-purposing a chassis (like, say, a Cat65K) and stuffing it with nothing but security cards and grafting it onto the switches or stack appliances (big or small – single form factor or in blades) and graft them onto the switches once again.   And by the way, simply adding networking cards to a blade server isn't an effective solution, either.  "Regular" applications (and esp. SOA/Web 2.0 apps) aren't particularly topology sensitive.  Security "applications" on the other hand, are wholly dependent and integrated with the topologies into which they are plumbed.

It’s the hamster wheel of pain.

Or, you can get one of these which offers all the competency, agility, performance, resilience and availability of a specialized networking component combined with an open, agile and flexible operating and virtualized compute architecture that scales with parity based on Intel chipsets and Moore’s law.

What this gives you is an ecosystem of loosely-coupled BoB security services that can be intelligently combined in any order once cracked and ruthlessly manipulated as it passes through them governed by policy – and ultimately dependent upon making decisions on how and what to do to a packet/flow based upon content in context.

The consolidation of best of breed security functionality delivered in a converged architecture yields efficiencies that is spread across the domains of scale, performance, availability and security but also on the traditional economic scopes of CapEx and OpEx.

Cracking packets, bah!  That’s so last Tuesday.

/Hoff

I Think Cobia's a Great Idea...Despite Shimel's Rabid Frothing to the Contrary...

[Ed: I want to add something here...I think people should pay attention to Cobia for lots of reasons; some of them are apparent and others cause eyebrows and shoulders to shrug.  Just like when Astaro announced their "Virtual Security Appliance" that I barfed all over because of egregiously overarching claims to revolutionary impact in the security market, one must consider the audience and motivation for creating a "product" like this.

I think folks should pay attention to Cobia because it continues to provoke discussion and debate surrounding where, how and why security is positioned in the network not to mention stirring interesting discussions regarding the definition of Open Source...]

--

Look, I think Cobia is compelling, creative, valuable and very interesting and I think people should pay attention to it.  I think it's a great idea and I know that Mitchell, Alan and Martin (and the rest of the team) will make it successful.

Alan's statements to the contrary are just wrong and are overly controversial -- unfortunately at the expense of a reasonable debate on an issue central to security today.  I love him, but I suggest he needs Ritalin today!

The SME/SMB market is ripe for this sort of utility, but again, while the packaging and components are put together in new and interesting ways, the underlying framework is not.  That's not a bad thing, but again, forging yet another market classification in an already fractured industry is potentially difficult for everyone.

The WhistleJet from 1999 was a very similar model.  Sure, it wasn't open source and it didn't run on a VM, but it was a very similar model.

I really didn't want to bring up this point, because it seems contrived and snarky at this point, but it's interesting that much of what is being presented with Cobia is already done in our boxes.  I have no interest in starting a pissing match because there's no reason to as Cobia serves a different marketspace than we do and blending utility applications (even though we can) with dedicated security applications isn't in our interest or business model.

Mitchell even sees some value in running Cobia on Crossbeam. 

Again, I think Cobia is an interesting idea and well-timed for the SME/SMB.  I think it's very cool and if you're in the market for this solution you should definitely look at it.

I'm done arguing about something I wasn't arguing about in the first place.

/Hoff