Multifunction appliances a market gamble
There has been a lot of noise recently as various vendors release their all-in-one or multifunction security appliances. It seems that everyone from Cisco to Juniper and McAfee are on the bandwaggon. As a result this subject has become quite topical.
Multifunctional security devices are a market gamble. As to why there is not a lot of traction in the market currently for some of these appliances, this is due to a lot of complex, interelated, technical, marketing, practical and psychological factors that I can summarise as I see them in the field in my company.
First, the concept of all-in-one security appliances is not new. I cover the concept in a previous entry titled Dangers of all-in-one Security appliances. We have the benefit of some history - we can learn from both from the old Network Associates days (when the concept of being everything to everybody bombed totally) and Symantec who have been peddling their all-in-one gateway security appliances for some time now but with "limited" success in the SMB space.
Second, despite all the analyst comments over the last three years as to the benefits of all-in-one security appliances from a cost ownership and management complexity point of view, and predicitions of this market booming, the clock has been sitting on 5-minutes-to-twelve and refused to budge as customers defied this logic and opted for best-of-breed multivendor investments and multilayer defence strategies instead. From a security-purist point of view, multifunction security appliances are still being positioned by security practioners as "not good practice" in a multi-layered security approach. As technology and the market matures I am sure this will change over time however.
Third, I believe the all-in-one appliance approach is currently only accepted in the market for "mature" technologies such as AV, Anti-spam, Anti-spyware and content/URL filtering - ie the traditional "content security/proxy" market. Mixing any "emerging" or "immature" technologies such as deep-packet, IPS etc. into the appliance immediately nullifies its attractiveness to clients. From their point of view, this is new, unfamiliar , untested/unproven technology and if things go wrong they want to be able to isolate one box. Also mixing this with other traditional Firewall/VPN functionaly has been met with a mixed response
Fourth, as for Firewall and VPN, well, apart from the SMB/SME market, people either already have a best-of-breed FW/VPN they dont want to mess with (customers dont want to mess with their existing firewall setup and would prefer to buy a seperate device they can pull the plug on or blame if connections suddenly get dropped) or they still believe that the FW is the front line of defence and they prefer a robust enterprise-class purpose-built best-of-breed technology in a seperate box for this. As for VPN appliances, see Why VPN vendors are not including additional functionality in their appliances
Fifth, we need to learn from the Cisco Integrated Services Router (ISR) success. In one quarter, Cisco shipped over $1Bn of these appliances. To my mind, this is the most successful execution and market penetration ever yet achieved by any security vendor attempting to sell "multifunction" security appliances. Take two very mature technologies where Cisco is known to excel and command significant market share, namely routers and FW/VPN and stick them in one box at the branch level. Combined with the reality of de-perimiterisation and a upcoming router tech-refresh cycle and you hit the magic trifecta and ...boom...the rest is history.
So real world adoption is showing that the multifunction devices are taking off at the branch level and not the HQ/Internet perimiter level, and I believe this trend will continue as customers realise they need to "push their perimiter" deep into their branch networks and re-perimiterisation takes hold.
Multifunctional security devices are a market gamble. As to why there is not a lot of traction in the market currently for some of these appliances, this is due to a lot of complex, interelated, technical, marketing, practical and psychological factors that I can summarise as I see them in the field in my company.
First, the concept of all-in-one security appliances is not new. I cover the concept in a previous entry titled Dangers of all-in-one Security appliances. We have the benefit of some history - we can learn from both from the old Network Associates days (when the concept of being everything to everybody bombed totally) and Symantec who have been peddling their all-in-one gateway security appliances for some time now but with "limited" success in the SMB space.
Second, despite all the analyst comments over the last three years as to the benefits of all-in-one security appliances from a cost ownership and management complexity point of view, and predicitions of this market booming, the clock has been sitting on 5-minutes-to-twelve and refused to budge as customers defied this logic and opted for best-of-breed multivendor investments and multilayer defence strategies instead. From a security-purist point of view, multifunction security appliances are still being positioned by security practioners as "not good practice" in a multi-layered security approach. As technology and the market matures I am sure this will change over time however.
Third, I believe the all-in-one appliance approach is currently only accepted in the market for "mature" technologies such as AV, Anti-spam, Anti-spyware and content/URL filtering - ie the traditional "content security/proxy" market. Mixing any "emerging" or "immature" technologies such as deep-packet, IPS etc. into the appliance immediately nullifies its attractiveness to clients. From their point of view, this is new, unfamiliar , untested/unproven technology and if things go wrong they want to be able to isolate one box. Also mixing this with other traditional Firewall/VPN functionaly has been met with a mixed response
Fourth, as for Firewall and VPN, well, apart from the SMB/SME market, people either already have a best-of-breed FW/VPN they dont want to mess with (customers dont want to mess with their existing firewall setup and would prefer to buy a seperate device they can pull the plug on or blame if connections suddenly get dropped) or they still believe that the FW is the front line of defence and they prefer a robust enterprise-class purpose-built best-of-breed technology in a seperate box for this. As for VPN appliances, see Why VPN vendors are not including additional functionality in their appliances
Fifth, we need to learn from the Cisco Integrated Services Router (ISR) success. In one quarter, Cisco shipped over $1Bn of these appliances. To my mind, this is the most successful execution and market penetration ever yet achieved by any security vendor attempting to sell "multifunction" security appliances. Take two very mature technologies where Cisco is known to excel and command significant market share, namely routers and FW/VPN and stick them in one box at the branch level. Combined with the reality of de-perimiterisation and a upcoming router tech-refresh cycle and you hit the magic trifecta and ...boom...the rest is history.
So real world adoption is showing that the multifunction devices are taking off at the branch level and not the HQ/Internet perimiter level, and I believe this trend will continue as customers realise they need to "push their perimiter" deep into their branch networks and re-perimiterisation takes hold.
posted by Dwaine at 9/13/2005
0 Comments:
Post a Comment
<< Home