2007 Incite: Perimeter (R)evolution
The consolidated perimeter platform continues to subsume additional security and networking functions, making top flight content security and application acceleration the next frontier – further squeezing pure-play security players. This accelerates consolidation in the sector, keeping perimeter architectures in flux. Customers increasingly embrace integrated solutions from larger players putting a “best of breed” mindset on life support and proving that “big is the new small.” The first open source perimeter platforms also hit in 2007, providing a legitimate alternative for technically savvy, mid-sized businesses.

2008 Incite: Best of Breed DOA
As security matures as an industry, the concept of “best of breed” goes the way of the dodo bird. Mature technologies such as firewalls, IPS, and anti-virus get subsumed and integrated into bigger “suites” making the individual performance and feature set of a specific function less important. Emerging functions still stand-alone, but not for long as the innovation/consolidation cycle accelerates. Security management offerings also consolidate, driven by the fact that most customers don’t have time to deal with one management hierarchy, certainly not 2 or 10. This continues to reinforce the “big is the new small” trend that has predominated security buying for the past 2 years.

I get a lot of questions about “best of breed.” It’s a manifestation of a couple of deeply seeded misconceptions regarding how security has evolved, and also a bit of an ego thing on the part of most security professionals. But before we jump into my amateur Freud act and conclude that it’s our parent’s fault, let’s dig into history a bit.

Most technology markets are driven by the innovation, integration, and consolidation cycle. That means a bunch of new companies start up to solve a specific customer problem. That’s the innovation thing. Then the big, stodgy, un-innovative companies figure out there may be something there, so they integrate the stuff into their existing offering. Finally, these same companies figure out how to sell the integrated innovation (say that 10 times fast), and by then it’s not really that innovative anymore – so they acquire pretty much all the players in the market.

The first stage – innovation – is really what the “best of breed” mindset is all about. In an early market, there usually are marked disparities between the products. Some work, others not so much. So buyers really have to be aware and careful to ensure they don’t buy a pile of steaming poop.

But in later markets, the technical capabilities normalize. Technical differentiation is largely a myth. All the products work “good enough.” At that point, you are buying not on technical capability, but softer issues – like integration with your existing stuff, management, and reporting. At that point, best of breed pretty much ceases to exist.

That’s where we are in a bunch of security markets. In 2007, the Perimeter Incite (referenced above) really reflected this fact, and it definitely came to a head. A lot of folks bought UTM, even though they were only looking at replacing their firewall. Why do this? The more applicable question is really why not? Even if they don’t turn on some of these other capabilities, they could. And over time, probably will.

Same goes with the “endpoint suite.” No companies offer just anti-spyware anymore. Why would they? That capability has been subsumed by what used to be called anti-virus. Rootkit detection? Ditto. Don’t forget about device and application control too. Yep, it’s in there.

But talking about UTM and endpoint suites isn’t particularly inciteful. I think that security management is next on the hit parade to hit this cycle. You have all of the SIM vendors saying they do log management. You also have all the log management vendors adding SIM-like capabilities. The NBA vendors are trying to feed algorithms and analysis (via partnership) to all of the above to stay relevant.

The cycle repeats itself once again. And it will continue to repeat itself. Remember, I’m not as smart as most of you – I’ve just been around longer and I’m good at recognizing the patterns that will repeat.

You don’t have to be a brain surgeon to see this writing on the wall. Market maturity kills product innovation. And that’s why I’ll be the first guy shoveling the dirt on security best of breed.

Photo credit: darleen2902 [1]