Juniper

One of my most treasured memories from college was the time my buddy Alex and I went to a fraternity rush event where they were serving Tom Collins. Lots of Tom Collins. Neither one of us could make it back to the dorm on our own, so we basically leaned on each other, took one ginger step at a time, and made it back in one piece. We were literally two drunks holding each other up and remain very close friends 20 years later. To this day I cannot drink Gin.

I get the same feeling looking at the Symantec/Juniper announcement this morning (here). I can imagine Scott Kriens of Juniper and John Thompson of Symantec meeting at one of those cocktail parties where your personal net worth needs to be in the 9 figure range to get in, and one goes to the other: "Hey, you're not Cisco! We should do something together."

I'm not sure how much wine they each had at that fateful party, but this is clearly two vendors who are not Cisco trying to prop each other up.

On the surface, I'm not as negative as Stiennon on this deal (here), but I think the impact will be largely at the product level and transparent to customers. Juniper gets to build in some of Symantec's "intelligence" into their perimeter network security gear. Symantec gets to reference sell a legitimate perimeter platform.

I do agree with Richard that this is clearly a reactive deal driven by the fact that Cisco has a better story, bigger channels, and more momentum in the security space. Neither could do an outright acquisition, so this is what they are left with. I concur that the channel stuff is going to be hard to navigate, especially for the Juniper folks - that don't really understand the enterprise and don't really understand security either (many of their Netscreen folks have left).

But adding Symantec's anti-spam, IPS signatures, and vulnerability research to Juniper's products will make them better and I think it will actually happen. Why wouldn't Juniper do this, given they are pretty much irrelevant in the IPS space and don't really have a compelling UTM platform? They've got nothing to lose.

And Symantec gets access to a legitimate perimeter security platform. After killing their own platform a few months back, this is the other piece of the puzzle they couldn't answer back then. Clearly they couldn't abandon the market, but they also didn't want to continue investing in a non-competitive platform. This solves those problems IF (and that is a huge IF) they can execute, which certainly hasn't been Symantec's forte of late.

So I would be positive on this deal if it involved money changing hands. Or an asset transfer (like SYMC bought the Netscreen business). Or anything besides a press release in a purple suit. But it doesn't, so I'm negative and skeptical.

But clearly both Kriens and Thompson now can proudly display their ABC (anyone but Cisco) membership cards. That's what this is all about.

 

As we resume the NAC series, let's take a look at how the BigCo's (Cisco, Juniper, Microsoft, Trusted Computing Group) are collaborating in the NAC market to magnify their impact. For this post and the architectural discussions as well, I'll be referring heavily to a series of posts that John Gallant of NetworkWorld has done on the topic.

In his first post (http://www.networkworld.com/weblogs/vortex/2006/011732.html), John sizes up the NAC opportunity and scopes out the players. John's observation about the amount of collaboration in this early market is spot on. NAC is different than most other markets that we've seen and he sums it up very nicely in this quote:

"...in this fight there is not only the customary clawing for high ground and accumulation of weapons (technology, marketing hype, etc), there is also an extraordinary alliance-building effort underway - one that involves virtually every major player in the IT eco-system as well as dozens of smaller companies."

NAC really touches all aspects of the network, so many of the big vendors realized pretty early on that homogeneity is not reality (despite Cisco's best efforts) - so some level of cooperation is required. Even if these are clearly collaborations of convenience (alliteration alert :-), they are important. Any vendor that comes to market with an architecture that requires wholesale upgrade and cannot provide a customer-controlled migration will have a limited chance for success.

Also interesting about this intro is that John jumps to Phase 2 as I described in NAC Attack, Part 1 almost immediately. He pays very little attention to the endpoint admission part of NAC that is really driving the market. I think this is a little misdirected only because Phase 2 (flow control) is hard, much harder than endpoint admission. So I think we'll see folks opt for the path of least resistance initially and build towards the holy grail of real-time automated policy (my Phase 3).

Finally, if I'm looking for areas to build on what John has written, he doesn't include Symantec or McAfee in his series, only assessing the big networkers and Microsoft. Last time I checked, both of the big security players had strategies here. Symantec bought Sygate mostly for the NAC technology and McAfee has been building on its EPO (enterprise policy orchestrator) functionality to add NAC-like capabilities. I won't dive deep into these two until later, but they do exist and they do plan to play in the NAC space.

John wraps up his piece assessing the level of Barney partnerships that each group (or vendor) has announced. Again, these are clearly partnerships of convenience and if you read between the lines you should get a feel for how the battle is shaping up. But, don't be confused about Microsoft and Cisco collaborating closely on paper. Let's be very clear about the fact that both are fighting for control of the enterprise infrastructure and this collaboration is not long lived. Microsoft is not going to have a product widely deployed enough to matter until 2008, so they need Cisco to legitimize their plans. Cisco has a product now and knows that Microsoft doesn't - so there is no benefit to them of telling Microsoft to pound sand yet. But they will, it's just a matter of time.

Next up, I'll assess how John sizes up Cisco's strategy.

It's on folks. The battle for the campus infrastructure begins anew. Network Access Control will become the catalyst for a generational upgrade of the LAN switching infrastructure. I'm sure John Chambers is doing his best Dr. Evil impersonation saying, "just as we expected."

Today, ConSentry announced a new line of LAN switches that integrate a lot of their stand-alone NAC functionality in a low cost switch form factor. Release here. This is the first, but it won't be the last. I've already spoken to two other vendors that have updated LAN switching products with lots of security mojo almost ready to go, and there will be more. There always is.

Why is this interesting to customers? First, many of the existing switches are getting tired. Well not really, they move bits just fine. But a lot of the new functionality that integrates security into the core of the network fabric cannot be run on the older switches.

The interesting aspect of this is that some start-ups are going into one of Cisco's strongholds, which are switches in the closet. Is Cisco really exposed here? The answer is no. Cisco has a very good story about why the switches should be upgraded, and upgraded to Cisco hardware at that.

Cisco's only blind spot is price, but I still expect them to get a bulk of that business. But there are lots of other tired LAN switches that are vulnerable and a lower cost alternative will be pretty interesting to them.

I can definitely see how an Extreme and/or Foundry (or even 3Com of the walking dead) add new security capabilities to their switches, selling into their existing base of "anyone but Cisco" customers. But what chance does a start-up have to even move the needle against Cisco?

Basically not much. But that's not the goal. Remember, "big is the new small" and we know that Juniper, probably Symantec and even some smaller public companies like F5, Sonicwall and ISS need to be in the closet. They cannot maintain any kind of enterprise security presence without having equipment in all the enterprise domains, which includes the wiring closets.

So basically, folks like ConSentry are teeing up the exit strategy. Sooner or later Juniper is going to realize their strategy does not get them where they need to be. So their choice is to buy a Foundry or Extreme (and bring the checkbook because that's a multi-billion dollar deal) or take out a start-up with some interesting technology.

Customers should be excited by this. Not because they need to upgrade their switches, though that does tickle the fancy of more than a few network/security admins. But we are going to see serious price competition on these "secure ports" and further commoditization of standard ports.

So thanks to ConSentry for getting the ball rolling. We are going to see a lot of this in the near term, and my early prediction is that the most over-hyped product of RSA 2007 is going to be the "security switch."

Coming across a product review of NFR's latest intrusion prevention device started the gears turning in my head. That's always dangerous. If you read the review (here) and believe the reviewer, NFR has strong technology. Not sure how the reviewer thinks a $13k sensor is going to appeal to SMB customers, but I digress.

As I read the review, I kept thinking "who cares?" It's not like anyone is really going to buy something from NFR at this point in the game. Yes, that is being unfair, but life is not fair. Get over it.

In all seriousness, IPS is a very mature technology. Some products work marginally better than others, but all of the leaders tend to do the same stuff with relatively similar performance. So, at this stage of a market's evolution, how can company viability NOT be at the TOP of critical selection criteria?

Did we not learn anything during the deflation of the Internet bubble? To refresh your memory, countless numbers of organizations had a ton of fancy looking and expensive doorstops when scads of vendors went belly-up. So why take a chance on a company that may not be around 3 months from now? The answer is you don't unless there is something truly innovative and category breaking.

In IPS, I'm hard pressed to get a feel for what that would be. It's true that Sourcefire did bring significant innovation to the table (3 years ago), but that was by consolidating a number of functions roughly associated with IPS. And we know how that story will end with CheckPoint taking the viability issue out of play. That is as long as the US Commerce Department doesn't decide to make an idiotic stand because they are pissed off about that UAE ports deal.

Not to just pick on NFR, but TippingPoint runs the real risk of ending up in the same boat. They were a pioneer in the IPS space, but their parent company (3Com) is as sick as a Stage 3 cancer patient. How long before customers start worrying that 3Com is going to take TippingPoint down with the ship? I say 2 more quarters unless the new guy at 3Com can turn it around pronto.

It's just easier to go with Cisco or Juniper or McAfee or CheckPoint/Sourcefire or ISS. Big is the new small.

To be clear, I AM NOT a start-up hater. I love the innovation that comes out of start-ups. As long as a new category solves a real problem in an innovative way, then end users will take the risk. But once a category matures, there is no place for risky start-ups. The downside is not worth it. In mature markets, viability MUST be at the top of your selection criteria list.