Subscribe in a reader
RIP Perimeter BOB
I can always count on my pal Chris Hoff to tell me when he thinks I'm full of it. Though evidently a Pink Floyd fan, the ever verbose Mr. Hoff weighed in on my frivolous use of their lyrics in the Security is just another bring in the wall post (here).
Since responding to a comment that no one would read wouldn't allow me to debate, let me post Chris' comment and my response.
(Keeping in spirit with your Pink Floyd theme...)
How appropriate that the next song after "Is There Anybody Out There" is "Nobody Home" because, sadly, you aren't and yet you left your lights on ;)
I take issue (for obvious reason) that people who choose best-in-breed are doing so merely because they are "...gluttons for punishment." That's as asinine a statement as saying that everyone who drives a Ferrari is an A-hole with a compensation problem...OK, bad example. Umm....
But seriously...
Perhaps they choose best-in-breed because in terms of managing risk, the value they get from using BIB productsis is greater than the cost of stringing together less capable or robust products/solutions - however "integrated" they may be.
Sometimes you want the best coverage for your dollar spent -- and when absolutes count, people aren't necessarily willing to gamble on "relative" security.
It's all scales of economy -- comparing the Fortune 2000 with Joe's Ice Cream and Taxidermy is a stupid exercise. Different strokes for different folks, but BIB is NOT an inappropriate solution for those who can afford it.
Equating BIB as "overpriced" or bloated is simply unfair. You don't have to be a commodity (or even integrate a bunch of commoditized functions) to show value and innovation isn't only derived from non BIB players.
As you know, Crossbeam provides UTM solutions -- but we don't offer $500 perimeter widgets that are "good enough." We are the ONLY Enterprise and Provider class UTM solutions vendor that combines the integration of BIB security functions for large enterprises and service providers. We don't sell one vendor's version of the truth and that flexibility combined with performance and high-availability means that BIB and UTM are not mutually exclusive.
That's a brick in very strong wall.
-Chris
The religion of best of breed (BOB) vs. "good enough" is no longer interesting to me. I believe that a SMALL subset of the buying commmunity will buy best of breed because of the things you mention. That may be a big enough market for someone like Crossbeam to thrive, but then again maybe not. But I know that your positioning is about more than just best of breed, right?
But why should customers have to settle? Isn't your point that it's possible to take best of breed functionality and provide a more effective level of integration and flexibililty with your hardware? Or am I missing what Crossbeam says their positioning is?
I don't think you are telling me (or the readers) that providing hardware to host best of breed software is the endgame. What customers want is the reduction of complexity. That may mean integration. Or it may mean abstraction (so the best of breed is basically hidden and dramatically simplified). But to have to settle for best of breed that is not integrated over time seems like we are giving up. Admiting failure is not one of my strong suits.
My point is that integration/abstraction and as a result, the "another brick in the wall" innovation strategy has passed the tipping point. The perimeter defense aspect of security is a mature market and no amount of wishing is going to change that fact. I know you guys do more than perimeter defense (see I have been listening a bit), but that is still the highest profile part of the market.
It is my belief (and remember I get paid to have opinions) that perimeter best of breed is a dying architecture. Crossbeam even calls what you do UTM. So maybe we are just disagreeing about semantics and words. Ultimately isn't this abstracted "security services" layer that you evangelize more of what customers are interested in.
To get back to my another brick analogy, you could say that every new best of breed application you add to your box is another brick that makes your box more interesting to customers. No?
If we are being honest, what you and Nokia have done is pulled the asses of security software vendors out of the fire. Without Nokia and Crossbeam, CheckPoint would have been marginalized a LONG TIME AGO.
Like everything else, it takes a long time to replace the old boss with the new boss (may as well throw some of The Who in there, while I'm at it). So this will play out over the next few years. But to be clear, I have no doubt as to how the movie ends.
To be honest, if I posted my response in its entirety here, it would cause a buffer overflow. Come to think of it, that would be one swell DoS. Here you go.
You can find it @ my blog here: http://rationalsecurity.typepad.com/blog/2006/08/best_of_breed_s.html
Best of Breed Says: "Rumors of my death have been greatly exaggerated..."
By the way, in case you didn't figure it out, that's Mark Twain to the right, who, in his own right was once Best In Breed, is credited for the (butchered) quote above.
I think Mike missed my point -- or more realistically, I didn't do a good enough job of making it before he turned/titled the discussion into another rambling argument about the dying "perimeter."
This really is the first time I've had trouble following Senor Rothman's logic. I think Stiennon planted a trojan via our IM chat the other night and is typing in his stead ;)
This is also probably my first really Crossbeam-centric post, but I've been prodded by Mike into 'splaining/defending what we do (and how we do it) via BoB/BiB, so here goes:
Here's my clarification:
Mike says:
Your definition of the "perimeter" no longer interests me ;)
If you're talking about the SMB market and their adoption of Perimeter UTM to consolidate seperate appliances, then this argument is done.
However, these customers that suffer from box stacking recognize that they bought the best product they could (perhaps it was more than they could afford) at the time, but what they're looking for now is "good enough" and "reduced cost." When you purhase a $500 box that does 8 things for $500, you get a "reduction of (device) complexity" as a side effect. But it's silly to suggest that these folks were really BoB/BiB targets in the first place. That's why BoB/BiB companies such as Check Point have small UTM boxes in this range. Please see below.
This abstracted "security services" layer is exactly what I evangelize, however it's comprised of BoB/BiB solutions and functionality at it's foundation. As players commoditize, they move into core technology as a table stakes play, but then we have distinguished BoB/BiB technology that is truly differentiated for some period of time. Sometimes this technology becomes a market, sometimes it becomes a feature, but either way, it's an organic process that is still based upon BoB/BiB.
You bet that Crossbeam is a UTM player. In fact, despite what Fortinet lies (yes, lies) about in their press releases, Crossbeam continues to be the leader in the high-end ($50K+) UTM market. However, as I've said eleventy-billion times, there is an enormous difference between the small SMB $500 Perimeter UTM solutions and our Enterprise and Provider-Class UTM solutions.
I'm not going to re-hash this here again. You'll need to reference this post to get the big picture. Suffice it to say, we've been in business for 6 years with revenue doubling YoY doing the thing that is now called UTM -- and we do it in a way that nobody else can because it's damned hard to do right.
I admit/concede/agree that Single-function BoB/BiB solutions that are intended by their creators to be deployed in a singular fashion on their own appliance stacked next to or on top of another BoB/BiB solution is a dying proposition. This is why you see vendors -- even Cisco -- combining functionality into a consolidated solution to reduce security sprawl. That won't stop them from building BoB/BiB compartmentalized solutions, however. This is what vendors do.
Typically integrators get to make money from cobbling it all together. Savvy resellers and integrators don't have to cobble if they use an architecture that aligns all of these solutions into and onto a platform architecture that is as much a competent networking component as it is a BoB/BiB security layer. That would be Crossbeam.
That does NOT, however, mean that BoB/BiB itself is dead (at the perimeter or otherwise) because just like IBM buying ISS (the market leader in BoB/BiB IPS,) this will result in the inevitable integration via service of ISS' components into a more robust suite of security services complemented by infrastructure.
However, when a single vendor does this, you only get that single vendor's version of the truth and so I assume this is what Mike means when he says a customer has to "settle" for BoB/BiB.
The dirty little secret is that customers are forcing BoB/BiB vendors to work together -- or more specifically work together on a platform using an architecture that provides for this integration in an amazingly scaleable, highly-available, and high performance way.
Here are some pertinent examples:
In this model, the plumbing is made up of the BoB/BiB networking components and the intelligence layer is comprised of BoB/BiB service delivery components.
NGN's are driving the re-architecture of some of the biggest networks on the planet -- in fact THE largest IT project in the world, BT's 21CN, calls for this architecture where BoB/BiB components have been selected to be consolidated in a single platform in order to deliver BoB/BiB security as a service layer across the entire network -- end to end. They don't expect switches or routers to be able to deliver this security -- they trust in the fact that BoB/BiB players will -- in one platform.
By the way, that includes that little thing called "the perimeter." I've said it once and I'll say it again:
Since many companies are utilizing VLANs to being their virtualization efforts and beginning to abstract the network in VRF terms @ Layer 2/Layer 3, they have two choices: use the still immature security technology present in clumps in their routers/switches (and hold your breath for SNF -- which is really just a product like ours connected to a switch -- don't believe me? I'll post one of Richard Stiennon's slides describing SNF) or choose an architecture that delivers EXACTLY the level of security you need at its most potent level as a combined virtualized service layer across the network using BoB/BiB.
While many of them utilize things like FWSM modules in their 6500 series Cisco switches for firewall or even combine Juniper's ISG2000 IPS devices with the 6500's to provide FW and IPS together (and both of those are still considered BoB/BiB solutions by the way,) they tell the BoB/BiB purveyors of Web Services/SOA/XML security, gateway A/V, Content Filtering, Web Application and Database security solutions that while they will most definitely want their products, they won't deploy them unless they run on the big, white, box. That would be these.
To wrap up, Mike ends with:
Yes, but how does that mean BoB/BiB is dead again?
In the spirit of the Who, here's an appropriate selection from the Quadrophenia song "I've had enough":
Yours wordily, Mr. Dimples...
Chris
Great discussion, but one point I would like to see discussed is where commoditization fits in. Does BIB still apply to legacy security categories such as antivirus, network-level firewalls, spam etc. (I’m sure the maturing of these segments are up to debate, but hopefully you get my point)? My take is that these technologies make good candidates for consolidated solutions, but that customers are likely to see more value in going after a BIB solution when it comes to newer technologies such as webappsec and endpoint solutions.
Chris, I would love to slog through your entire comment and respond point by point, but who has time for that!? Just a couple of items. I think the reason you spend so much time defending UTM and your space is that you feel prey to a big analyst firm's labeling of security appliances as UTM. Crossbeam just does not fit in to the same pigeon hole as Fortinet and Astaro. This is a time when Crossbeam should have swung for the fence and carved out their own sector to dominate.
*AND* I do not subscribe to the idea that point solutions are doomed. Stand alone point solutions will always be with us. Not that they cannot be subsumed into monster appliances but because there is always a new threat that needs a new approach and the market has to sample that new approach without coupling it to their existing infrastructure. I have talked to about a dozen startups in the last 6 months that are successfully selling their products as stand alone systems. Imagine if they came to you with their solution before they had any customers and said "we want to deliver our framajam blocker on Crossbeam's solution. You would tell them to come back when they had demonstrated customer demand.
And, to wrap up, if there were a truly universal platform then the startups would be using it. But they are not Universal, they are all proprietary. PTM.
So Richard, I think we're actually close to agreeing on a couple of points:
1) You're right about UTM and pigeon-holing. UTM had the potential of elevating the solution set to offer a customer value for the dollar at a level of security that wasn't just a big mish-mash of stuff. Unfortunately it has de-generated into this and folks like Cisco and Juniper are smart inasmuch as while their products (such as Cisco's ASA) *do* perimeter-class UTM, they don't use the term.
2) I think you're right about the woulda-coulda-shoulda in terms of carving out our own catagory, but you know as well as I that until the G-Men call a market, it doesn't really exist ;) That, and that costs a hell of a lot of money that we chose to invest in our products instead. So here I sit, feverishly trying to distinguish what we do from the rest of the UTM fray.
3) To your last point regarding getting solutions on our platform, your assertion is inaccurate. Best-of-Breed is defined by our customers and our ability to read the tea-leaves on an emerging solution. The last 3 highly-differentiated solutions were put in play on our platform well before they were "established" and were as much of an evangelical sale for us that drove customer demand in a nascent market:
4) To the most important part regarding the "universal platform" -- that's an odd statement because the virtualized appliance model represents the foundation of this movement -- generic PC with a compartmentalized OS/Application pairing. But most importantly, you need to re-read what I wrote about BT. They biggest security project on the PLANET is requiring the winning vendor(s) to integrate around 28 applications/security solutions (including hardware) on a common platform. It doesn't exist today, but it's under development as we speak.
But again, this isn't some $500 box at the SMB perimeter...
Chris