UTM smackdown - Hoff is in the (Nei)haus

If you haven't been following the pissing match between Crossbeam's Chris Hoff and Astaro's Alex Niehaus Neihaus, you've missed a good one. It was all started by this post (link here), which Hoff basically calls bunk on Astaro's announcement of their software on a virtualized platform. He had big issues with some of the claims made in the release, and he was right. Astaro did stretch credibility in the release, so I think Chris was well within reason in calling them out.

Then it got personal. Alex posted a bush-league retort that was pretty much a personal attack (link here). Hoff responded with his own brand of venom (link here). Then Alex had the nerve to try to take the high road this AM by calling out Chris for making personal attacks (link here). That's ridiculous, since he actually brought it to a personal level and it was clear that at this point he was out of his league.

But I digress. Enough of the soap opera. First, you should read Chris Hoff's blog. He's the CSO of Crossbeam and the real deal (even if he works for a vendor). He's been through the wars on the end user side and was also as a VAR. He knows how security works in the large enterprise and has probably forgotten more security than most of us ever knew. The reason I like Chris is that he is no BS and he's funny. A guy you look forward to drinking beers with. You'll get that pretty quickly by reading his first couple of posts.

Next, let's deal with the crux of the issue that caused this mildly entertaining flare-up. Fact is, there are merits to both Chris' and Alex's positions, but unfortunately that was clouded by the vitriol between the parties. Another smart guy, Alan Shimel provides his perspectives on the battle and makes some good points in this post (link here). So there are lots of opinions and without further ado - let me share mine.

1. UTM is more than one market - The crux of the disagreement here can be explained largely due to segmentation. Astaro focuses on mid-market companies. Crossbeam on the high end. I do think that virtualization is a real option for mid-market companies and high end customers will continue to need boxes.  Chris tends to get a bit frustrated that folks tend to only think of UTM as a "mid-market, perimeter solution where good enough is good enough", but too bad. You don't get to tell the market anything. You can just hope that at some point the market comes around to your way of thinking.
   
   
2. Specialized hardware is the answer for some customers - Alex makes the point that hardware is not the answer, but if we look at the history of enterprise networking, it is still dominated by hardware companies. Enterprise security is no different. Netscreen kicked the crap out of Check Point and it was only Nokia that pull their ass out of the fire with an appliance platform that allowed them to compete. Cisco doesn't sell software on commodity platforms for security. I don't see large enterprises and carriers moving away from appliances anytime soon for security gear. They want better management and more integration, BUT they are not willing to mess with throughput and if there is one thing that boxes bring to the table - it's predictable throughput. Back to point #1, which is there are (at least) two UTM markets, and the lower end one will be less hardware aware.
   
   
3. Virtual machines need to be locked down - Chris makes a great point in that the underlying OS that hosts the virtual machines needs to be just as secure. A clean answer to that would be having some type of locked down stack (like a SpikeSource bundle) packaged with the virtualized UTM software is pretty much a must. Customers can't and shouldn't have to go back to the time when they were responsible for hardening the OS. That's why appliances happened in the first place and that customer requirement has not changed. But if a customer is just trying to kick the tires, getting something up and running quickly on a standard VM is not a bad thing.
   
   
4. Integration is really what UTM is about - One of the issues that Astaro has with pretty much all of big security (and now clearly Crossbeam) is that best of breed means separate management and for lots of folks (especially in the mid-market) that is a huge problem. It's becoming somewhat accepted (even Gartner agrees) that good enough security is going to prevail, but it needs to be integrated. So I get the best of breed argument that Crossbeam puts forth, especially into their enterprise customer base - but the time is coming where separate management consoles for each function is going to be unacceptable. Crossbeam gets that, but I can't really say much more.
   
   
5. It's hard to go both up and down - One of Chris' contentions is that it's much harder to add functionality to go after the enterprise rather than taking a high-end product down market. I can tell you from the school of hard knocks that is NOT the case. First, the technology needs to be dumbed down and that is very very hard for most enterprise security players. So they end up with complicated boxes that are just not interesting to the mid-market. Second, there is a business model issue. How do you spin a totally separate offering for smaller customers and still maintain your premium enterprise price points? And do that without having to build something from whole cloth. It's ain't easy. I will say that historically the folks coming from below tend to prevail (that's the Innovators Dilemma), but that is more about the customers figuring out that they don't need all of the bells and whistles.
   
   
6. Steinnon is a big boy, let him defend himself - If Richard says something stupid in a press release, then he should be taken to task like everyone else. No one is infallible in this business. He is referring to the idea of a multi-tenant situation running on a virtualized platform in his quote. I don't have the foggiest idea of whether that would work or not. Theoretically it should, but we all know that theory and reality tend to diverge pretty frequently. If he's spoken to an MSSP that's doing this, bully for him. I haven't because I don't think there are any. Chris knows a bit about that market because lots of his customers are using Checkpoint's Provider-1 for multi-tenancy on the Crossbeam platform. Most disappointing is that quote wreaks of Astaro's marketing folks putting a quote together and Richard just signed off on it. What analyst is going to say "air-tight security services" and "superior security and manageability?" Maybe I'm not giving Richard's marketing prowess enough credit, but the quote sounds like marketing, not analysis.
   

So as with everything else, the truth is somewhere in the middle between these two clearly passionate individuals. Overall, I have to give Chris the nod in this battle because he actually took the time to lay out a reasoned technical argument and Alex should have brought his technical folks into the mix. But to be clear, your version of the truth will heavily depend on how big your company is.

Alex should be put in the blogging penalty box for a few days to think about why he took this to a personal level, it was uncalled for. Of course when baited, Chris got personal as well, which was just as disappointing to see. I think they both need a time out.

We all need to get some perspective here. It's not personal, it's business. I'll admit that there are folks in this business that I personally don't like. And I have no doubt there are many that can't stand me. But if I'm critical of them in what I write, it's because they said or did something stupid, not who they are. Folks need to be called out for idiocy and most importantly, they need to realize these are not PERSONAL attacks.