The Importance of Vendor Viability
Coming across a product review of NFR's latest intrusion prevention device started the gears turning in my head. That's always dangerous. If you read the review (here) and believe the reviewer, NFR has strong technology. Not sure how the reviewer thinks a $13k sensor is going to appeal to SMB customers, but I digress.
As I read the review, I kept thinking "who cares?" It's not like anyone is really going to buy something from NFR at this point in the game. Yes, that is being unfair, but life is not fair. Get over it.
In all seriousness, IPS is a very mature technology. Some products work marginally better than others, but all of the leaders tend to do the same stuff with relatively similar performance. So, at this stage of a market's evolution, how can company viability NOT be at the TOP of critical selection criteria?
Did we not learn anything during the deflation of the Internet bubble? To refresh your memory, countless numbers of organizations had a ton of fancy looking and expensive doorstops when scads of vendors went belly-up. So why take a chance on a company that may not be around 3 months from now? The answer is you don't unless there is something truly innovative and category breaking.
In IPS, I'm hard pressed to get a feel for what that would be. It's true that Sourcefire did bring significant innovation to the table (3 years ago), but that was by consolidating a number of functions roughly associated with IPS. And we know how that story will end with CheckPoint taking the viability issue out of play. That is as long as the US Commerce Department doesn't decide to make an idiotic stand because they are pissed off about that UAE ports deal.
Not to just pick on NFR, but TippingPoint runs the real risk of ending up in the same boat. They were a pioneer in the IPS space, but their parent company (3Com) is as sick as a Stage 3 cancer patient. How long before customers start worrying that 3Com is going to take TippingPoint down with the ship? I say 2 more quarters unless the new guy at 3Com can turn it around pronto.
It's just easier to go with Cisco or Juniper or McAfee or CheckPoint/Sourcefire or ISS. Big is the new small.
To be clear, I AM NOT a start-up hater. I love the innovation that comes out of start-ups. As long as a new category solves a real problem in an innovative way, then end users will take the risk. But once a category matures, there is no place for risky start-ups. The downside is not worth it. In mature markets, viability MUST be at the top of your selection criteria list.
That's the great thing about opinions, everybody has (at least) one. There certainly is always room for innovation, I agree with that. But not in "scan and block," which is the traditional definition of IPS, which I term as a mature market. As IPS and NAC start to overlap throwing in some vulnerability management goodness, there is clearly room for disruption and innovation. But that's not what NFR or TippingPoint is doing right now. They are making it faster and more "enterprise capable." That's not innovation.
Also don't confuse a category's maturity with commoditization. IPS is mature, but that doesn't mean it's a commodity. Dell and HP (not IBM since they are largely out of the security appliance business) are clearly box pushers and they don't have IPS. But folks like TippingPoint, ISS, and Cisco have had IPS technology for a long time and those solutions are mature.
I also disagree that a function being subsumed into networking equipment is a sign of maturity. It's a sign of EOL for a category, meaning there is no market left for standalone solutions. Clearly IPS is not there yet, but it can still be mature.
We should probably also differentiate between N-IPS (network-IPS) and H-IPS (host-IPS). There is still innovation happening on the H-IPS side. Not so much on N-IPS as the incumbents are moving to multi-function platforms that provide all of the applicable technology.
Happy to chat off line.