A bump in the wire is a .... bump in the dark
Was reading an article in SC Magazine tonight about some of the people speaking at this years RSA. It is a pretty impressive list with Colin Powell, Larry Ellison and Deborah Platt Majoras, the chairwoman of the FTC, all scheduled to speak. However, what caught my eye and got me thinking was news about what Brian Smith, co-founder of Tipping Point and chief architect of 3Com wants to talk about in his keynote speech. From the article, here are the relevant parts:
"Brian Smith, the chief architect of 3Com and a founder of TippingPoint, says his first-ever RSA keynote will focus on integrating solutions such as network access control, intrusion prevention and behavioral anomaly detection to create an intelligent network.
"I can do all of these sorts of synergies and when you trace it out, what ends up happening is you're able to debug network problems that you were never able to do before, get an unprecedented level of security, and also lower the total cost of ownership," Smith says. "They have to talk to each other. If we can pull all of these solutions together, I think that's going to be the trend over the next five to 10 years. It's a natural evolution in the technology cycle."
Smith says he also plans to emphasize the benefits of the bump-in-the-wire network approach to deploying security solutions. Rather than embedding solutions into switchers and routers, Smith plans to suggest overlaying solutions to allow for a more converged, cheaper way to add intelligence to the network."
This just doesn't sit well with me and I have to put my two cents in. First off, I perfectly get the first paragraph. The street is ripe with rumors of Tipping Point (funny how they don't say 3Com, you would almost confuse who bought whom over there) buying a NAC company (some customers our sales people have spoken to claim to have seen Powerpoint slides from Tipping Point to that effect). In addition to that, today they announced a partnership with Lancope, the behavior and anomaly based detection provider (I would say behavior based IPS, but they don't use that term anymore I think). So now that Tipping Point has the pieces, all of a sudden convergence and integration of security technologies instead of separate silos becomes the holy grail that they are on the verge of finding. OK, better late to the party than never.
Where I feel the need to upchuck is around Brian's comments around emphasizing the bump-in-the-wire network approach rather than integrating with routers and switches. Talk about missing the forest for the trees! If you get that integration of security is a good thing, how do you miss the convergence of network with security? Especially from a guy who last time I checked works for a large network vendor. Do the Tipping Point people resent and hate their 3Com overlords so much that they refuse to see the natural evolution of converging security and network gear? Has selling big-ass, honking ASIC boxes to do IPS for so long totally blinded them to virtualizing some of this stuff and putting it on blades and so forth inside the switch and network. A bump in the wire security approach is so 2003. Most of the guys who do the bump in the wire are trying like hell to move up the stack and the network to get away from the edge to the core. You may be able to do IPS as a bump in the wire at the core if you have the horsepower, but you are going to be forced to the edge for other security stuff if you insist on bump in the wire. Single point of failure, scalability and cost are just working against you. Eventually you have to turn to the switch. I just don't get where he is coming from here.
Hey, maybe it is a good thing. I am pretty sure what I will be telling our sales team on how to position against Tipping Point after this one. Unless of course sanity sets in and the 3Com folks give their Tipping Point children a little network religion.
Comments