3Com

It's on folks. The battle for the campus infrastructure begins anew. Network Access Control will become the catalyst for a generational upgrade of the LAN switching infrastructure. I'm sure John Chambers is doing his best Dr. Evil impersonation saying, "just as we expected."

Today, ConSentry announced a new line of LAN switches that integrate a lot of their stand-alone NAC functionality in a low cost switch form factor. Release here. This is the first, but it won't be the last. I've already spoken to two other vendors that have updated LAN switching products with lots of security mojo almost ready to go, and there will be more. There always is.

Why is this interesting to customers? First, many of the existing switches are getting tired. Well not really, they move bits just fine. But a lot of the new functionality that integrates security into the core of the network fabric cannot be run on the older switches.

The interesting aspect of this is that some start-ups are going into one of Cisco's strongholds, which are switches in the closet. Is Cisco really exposed here? The answer is no. Cisco has a very good story about why the switches should be upgraded, and upgraded to Cisco hardware at that.

Cisco's only blind spot is price, but I still expect them to get a bulk of that business. But there are lots of other tired LAN switches that are vulnerable and a lower cost alternative will be pretty interesting to them.

I can definitely see how an Extreme and/or Foundry (or even 3Com of the walking dead) add new security capabilities to their switches, selling into their existing base of "anyone but Cisco" customers. But what chance does a start-up have to even move the needle against Cisco?

Basically not much. But that's not the goal. Remember, "big is the new small" and we know that Juniper, probably Symantec and even some smaller public companies like F5, Sonicwall and ISS need to be in the closet. They cannot maintain any kind of enterprise security presence without having equipment in all the enterprise domains, which includes the wiring closets.

So basically, folks like ConSentry are teeing up the exit strategy. Sooner or later Juniper is going to realize their strategy does not get them where they need to be. So their choice is to buy a Foundry or Extreme (and bring the checkbook because that's a multi-billion dollar deal) or take out a start-up with some interesting technology.

Customers should be excited by this. Not because they need to upgrade their switches, though that does tickle the fancy of more than a few network/security admins. But we are going to see serious price competition on these "secure ports" and further commoditization of standard ports.

So thanks to ConSentry for getting the ball rolling. We are going to see a lot of this in the near term, and my early prediction is that the most over-hyped product of RSA 2007 is going to be the "security switch."

Coming across a product review of NFR's latest intrusion prevention device started the gears turning in my head. That's always dangerous. If you read the review (here) and believe the reviewer, NFR has strong technology. Not sure how the reviewer thinks a $13k sensor is going to appeal to SMB customers, but I digress.

As I read the review, I kept thinking "who cares?" It's not like anyone is really going to buy something from NFR at this point in the game. Yes, that is being unfair, but life is not fair. Get over it.

In all seriousness, IPS is a very mature technology. Some products work marginally better than others, but all of the leaders tend to do the same stuff with relatively similar performance. So, at this stage of a market's evolution, how can company viability NOT be at the TOP of critical selection criteria?

Did we not learn anything during the deflation of the Internet bubble? To refresh your memory, countless numbers of organizations had a ton of fancy looking and expensive doorstops when scads of vendors went belly-up. So why take a chance on a company that may not be around 3 months from now? The answer is you don't unless there is something truly innovative and category breaking.

In IPS, I'm hard pressed to get a feel for what that would be. It's true that Sourcefire did bring significant innovation to the table (3 years ago), but that was by consolidating a number of functions roughly associated with IPS. And we know how that story will end with CheckPoint taking the viability issue out of play. That is as long as the US Commerce Department doesn't decide to make an idiotic stand because they are pissed off about that UAE ports deal.

Not to just pick on NFR, but TippingPoint runs the real risk of ending up in the same boat. They were a pioneer in the IPS space, but their parent company (3Com) is as sick as a Stage 3 cancer patient. How long before customers start worrying that 3Com is going to take TippingPoint down with the ship? I say 2 more quarters unless the new guy at 3Com can turn it around pronto.

It's just easier to go with Cisco or Juniper or McAfee or CheckPoint/Sourcefire or ISS. Big is the new small.

To be clear, I AM NOT a start-up hater. I love the innovation that comes out of start-ups. As long as a new category solves a real problem in an innovative way, then end users will take the risk. But once a category matures, there is no place for risky start-ups. The downside is not worth it. In mature markets, viability MUST be at the top of your selection criteria list.

 

I've been a bit under the weather today, so I've been building up some venom and now it's time to rant. Still digging out from RSA, I came across a press release from 3Com, "3Com Chief Technology Officer Unveils Bi-Planar Network Vision." It just got me going. What the hell is a bi-planar? It sounds like something Bob Villa would use to build a bench, not a new vision for networking.

This brings me to one of the most important lessons I learned in 8 years on the marketing side. It has very little to do with what you say, it's how you say it.

Now 3Com has lots of challenges, and clearly they have to figure out how to differentiate in a world dominated by Cisco, and candidly, a "Bi-Planar" network vision is not the answer. It's indecipherable and once they start talking about control planes and connectivity planes, my head explodes. I'm pretty sure it's not the head cold I'm trying to beat down either.

Here are some more great sound bites from the release:

In a Bi-Planar Network, purpose-built network control nodes provide the full access, attack, and application control that switches and routers cannot fulfill. These intelligent network control nodes are capable of fine-grain IP flow classification and policy enforcement, and are deployed seamlessly, cost-effectively, and with no change to existing routers, switches, or applications. 

Huh? Now compare that to Cisco's "Self-Defending Network" architecture. See what I mean? You can understand what they are talking about. It's easy to grasp. Bi-Planar Network, not so much.

As evidenced by 3Com's lame attempt at pushing their new vision, it's easy to snipe at Cisco, but much harder to bring forward a compelling and understandable vision. All of you vendors out there, if you want to win the title, you need to knock the champ out.