June 22, 2007

The 4th Generation of Security Devices = UTM + Routing & Switching or New Labels = Perfuming a Pig?

That's it.  I've had it.  Again.  There's no way I'd ever make it as a Marketeer.  <sigh> Pig_costume1_2

I almost wasn't going to write anything about this particular topic because my response can (and probably should) easily be perceived as and retorted against as a pissy little marketing match between competitors.  Chu don't like it, Chu don't gotta read it, capice?

Sue me for telling the truth. {strike that, as someone probably will}

However, this sort of blatant exhalation of so-called revolutionary security product and architectural advances disguised as prophecy is just so, well, recockulous, that I can't stand it.

I found it funny that the Anti-Hoff (Stiennon) managed to slip another patented advertising editorial Captain Obvious press piece in SC Magazine regarding what can only be described as the natural evolution of network security products that plug into -- but are not natively -- routing or switching architectures.

I don't really mind that, but to suggest that somehow this is an original concept is just disingenuous.

Besides trying to wean Fortinet away from the classification as UTM devices (which Richard clearly hates
to be associated with) by suggesting that UTM should be renamed as "Flexible Security Platform," he does a fine job of asserting that a "geologic shift" (I can only assume he means tectonic) is coming soon in the so-called fourth generation of security products.

Of course, he's completely ignoring the fact that the solution he describes is and has already been deployed for years...but since tectonic shifts usually take millions of years to culminate in something noticeably remarkable, I can understand his confusion.

As you'll see below, calling these products "Flexible Security Platforms" or "Unified Network Platforms" is merely an arbitrary and ill-conceived hand-waving exercise in an attempt to differentiate in a crowded market.  Open source or COTS, ASIC/FPGA or multi-core Intel...that's just the packaging and delivery mechanism.  You can tart it up all you want with fancy marketing...

It's not new, it's not revolutionary (because it's already been done) and it sure as hell ain't the second coming.  I'll say it again, it's been here for years.  I personally bought it and deployed it as a customer almost 4 years ago...if you haven't figured out what I'm talking about yet, read on.

Here's how C.O. describes what the company I work for has been doing for 6 years and that he intimates Fortinet will provide that nobody else can:

We are rapidly approaching the advent of the fourth generation security platform. This is a device that can do all of the security functions that are lumped in to UTM but are also excellent network devices at layers two and three. They act as a switch and a router. They supplant traditional network devices while providing security at all levels. Their inherent architectural flexibility makes them easy to fit into existing environments and even make some things possible that were never possible before. For instance a large enterprise with several business units could deploy these advanced networking/security devices at the core and assign virtual security domains to each business unit while performing content filtering and firewalling between each virtual domain, thus segmenting the business units and maximizing the investment in core security devices.

One geologic shift that will occur thanks to the advent of these fourth generation security platforms is that networking vendors will be playing catch up, trying to patch more and more security functions into their under-powered devices or complicating their go to market message with a plethora of boxes while the security platform vendors will quickly and easily add networking functionality to their devices.

Fourth generation network security platforms will evolve beyond stand alone security appliances to encompass routing and switching as well. This new generation of devices will impact the networking industry it scrambles to acquire the expertise in security and shift their business model from commodity switching and routing to value add networking and protection capabilities.

Let's see...combine high-speed network processing whose routing/switching architecture was designed by the same engineers that designed Bay/Welfleet's core routers, add in a multi-core Intel processing/compute layer which utilizes virtualized, load-balanced security applications as a  service layer that can be overlaid across a fast, reliable, resilient and highly-available network transport and what do you get?

X80angled_2This:

Up to 32 GigE or 64 10/100 switching ports and 40 Intel cores in a single chassis today...and in Q3'07 you'll also have the combination of our NextGen network processors which will provide up to 8x10GigE and 40xGigE with 64 MIPS Network Security cores combined with the same 40 Intel cores in the same chassis.

By the way, I consider that routing and switching are just table stakes, not market differentiators; in products like the one to the left, this is just basic expected functionality.

Furthermore, in this so-called next generation of "security switches," the customer should be able to run both open source as well as best-in-breed COTS security applications on the platform and not constrain the user to a single vendor's version of the truth running proprietary software.

-----

But wait, it only gets better...what I found equally as hysterical is the notion that Captain Obvious now has a sidekick!  It seems Alan Shimel has signed on as Richard's Boy Wonder.  Alan's suggesting that again, the magic bullet is Cobia and that because he can run a routing daemon and his appliance has more than a couple of ports, it's a router and a switch as well as a multi-function UTM UNP swiss army knife of security & networking goodness -- and he was the first to do it!  Holy marketing-schizzle Batman! 

I don't need to re-hash this.  I blogged about it here before.

You can dress Newt Gingrich up as a chick but it doesn't mean I want to make out with him...

This is cheap, cheap, cheap marketing on both your parts and don't believe for a minute that customers don't see right through it; perfuming pigs is not revolutionary, it's called product marketing.

/Hoff

03:51 AM in Alan Shimel, Appliances, Cobia, Embedded Security, Enterprise UTM, Punditry, Richard Stiennon, Secure Network Fabric, Unified Threat Management (UTM), Virtualization | | Comments (4) | TrackBack (1)

Technorati Tags: , , , , , , , , , , , , , , ,

April 03, 2007

I Think Cobia's a Great Idea...Despite Shimel's Rabid Frothing to the Contrary...

Chill

[Ed: I want to add something here...I think people should pay attention to Cobia for lots of reasons; some of them are apparent and others cause eyebrows and shoulders to shrug.  Just like when Astaro announced their "Virtual Security Appliance" that I barfed all over because of egregiously overarching claims to revolutionary impact in the security market, one must consider the audience and motivation for creating a "product" like this.

I think folks should pay attention to Cobia because it continues to provoke discussion and debate surrounding where, how and why security is positioned in the network not to mention stirring interesting discussions regarding the definition of Open Source...]

--

Look, I think Cobia is compelling, creative, valuable and very interesting and I think people should pay attention to it.  I think it's a great idea and I know that Mitchell, Alan and Martin (and the rest of the team) will make it successful.

Alan's statements to the contrary are just wrong and are overly controversial -- unfortunately at the expense of a reasonable debate on an issue central to security today.  I love him, but I suggest he needs Ritalin today!

The SME/SMB market is ripe for this sort of utility, but again, while the packaging and components are put together in new and interesting ways, the underlying framework is not.  That's not a bad thing, but again, forging yet another market classification in an already fractured industry is potentially difficult for everyone.

The WhistleJet from 1999 was a very similar model.  Sure, it wasn't open source and it didn't run on a VM, but it was a very similar model.

I really didn't want to bring up this point, because it seems contrived and snarky at this point, but it's interesting that much of what is being presented with Cobia is already done in our boxes.  I have no interest in starting a pissing match because there's no reason to as Cobia serves a different marketspace than we do and blending utility applications (even though we can) with dedicated security applications isn't in our interest or business model.

Mitchell even sees some value in running Cobia on Crossbeam. 

Again, I think Cobia is an interesting idea and well-timed for the SME/SMB.  I think it's very cool and if you're in the market for this solution you should definitely look at it.

I'm done arguing about something I wasn't arguing about in the first place.

/Hoff

11:07 AM in Alan Shimel, Cobia | | Comments (1) | TrackBack (0)

My Photo

Lijit Search

Disclaimer

  • The views and opinions expressed here are those of Christofer Hoff only and in no way represent the views, positions or opinions - expressed or implied - of my employer or anyone else.

About

Add me to your TypePad People list
Subscribe to this blog's feed

Recent Posts

Recent Comments

Archives

July 2008

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Categories

People You Should Know / Blogs You Should Read

Books I'm (Actually) Reading