logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

Incite Redux: Day 3 - Best of Breed DOA

By Mike Rothman
Created 2008-07-07 11:23

Good Morning:
Is it Wednesday already? Maybe for you. I'm writing this from the past, and that's one of the amazing things about technology. I can stack up 10 posts before I leave and like a clock, you'll get your daily dose of babbling. So let's all do a prayer of thanks to the Technology Gods. But the reality is that I am in fact writing this post, so at some point I had to get out of my normal schedule to get ahead of my publishing schedule.

My business still needs me to run, and that is an inherent limitation. It's also something that I'm planning on addressing in the very near term. No, I can't talk about it yet - but I've got some super-secret projects underway and hopefully it will contribute to being able to really take time off, as opposed to just paying my work forward.

So that brings up the inevitable question: when you are out of the office, who is holding down the fort? Can they do your job? If not, what do you have to do to get them there? No one is indispensable, and you don't want to be. So think about it. And have a great day.

Incite #3: Best of Breed DOA

As security matures as an industry, the concept of “best of breed” goes the way of the dodo bird. Mature technologies such as firewalls, IPS, and anti-virus get subsumed and integrated into bigger “suites” making the individual performance and feature set of a specific function less important. Emerging functions still stand-alone, but not for long as the innovation/consolidation cycle accelerates. Security management offerings also consolidate, driven by the fact that most customers don’t have time to deal with one management hierarchy, certainly not 2 or 10. This continues to reinforce the “big is the new small” trend that has predominated security buying for the past 2 years.

Read the original Days of Incite post [1] on this topic.

6-month grade: A

I got a great question from one of my channel contacts a few weeks ago. They asked if they could still get a stand-alone firewall anymore. They'd been looking a bit, but it seemed that every device that was out there was "more" than just a firewall. Some went the UTM route, others have focused on applications, but you actually have to look hard for just a firewall. Clearly this kind of consolidation of functionality is happening and it's what "big is the new small" is all about. But is this good or bad?

French Army KnifeBasically, it's neither. I answered the question to my contact by reminding her that UTM devices are still firewalls. You just turn off all that other stuff and run it as a firewall. Yes, kind of like using a Swiss Army Knife as a cork screw. And given the cost economics of the technology business, that's not a bad thing to do as you are migrating from one perimeter platform to another. You incrementally get there and then when you are ready, you turn on more functionality in the UTM box and turn off the stand-alone device.

The same thing is happening in the endpoint security game. Everyone has an AV engine nowadays, if only to take that objection off the table. You know, why go with just an anti-spyware agent when I also need AV? You don't. You  buy a suite that includes all this stuff. And it seems there is no end to the bundling. Symantec is adding backup features (as you'd expect) and Microsoft is bundling Office with OneCare as a subscription. Yep, security is something we all need and something that will be a checkmark or free add-on to something else you are buying.

I kind of laughed 5 years ago when my new PC (yes, when I still bought and used PCs) came with a full license of CA anti-virus. I used it diligently until that machine croaked. Why would I pay for something else? And that's exactly the point. You'll see the endpoint security folks continue to focus on bundling as their main path to market.

Security management is also playing out as I projected. Pretty much all the SIM players have a log management offering and vice-versa. You are now seeing integration with the identity management folks, which makes sense because you want to get down to managing a user's activity - not just a nameless, faceless IP address.

Those companies that still have stand-alone solutions have some strategic decisions to make. It's increasingly clear that having just an IPS or just a secure switch, or just a set of security utilities is not a way to find long term sustainability. But with the macro-economic environment being pretty crappy, you won't see a lot of deals over the next 12 months, unless they are deals done under duress (yes, fire sales). The privately-held category leaders will likely wait for better valuations, which they figure will come back when the stock market strength returns.

This Incite is rather obvious, but still pretty accurate - so I'll bestow an A on it at this half-way point.

Photo credit: "French Army Knife" originally uploaded by Simon Davison [2]

Source URL:
http://securityincite.com/blog/mike-rothman/incite-redux-day-3-best-of-breed-doa

Links:
[1] http://securityincite.com/blog/mike-rothman/2008-doi-day-3-best-of-breed-doa
[2] http://www.flickr.com/photos/suzanneandsimon/438779901/