StillSecure, After All These Years

The folks over at Cisco Subnet (not sure if this is still my friend Brad Reese writing this over there) had an interesting blog yesterday about an announcement we made here at Interop. We announced that we will throw our support behind Cisco's AXP. That is the blade extension to turn a Cisco ISR into a Linux app server. You may remember that I blogged on this earlier here and here in relation to an article by Don Marti on LinuxWorld. Well this announcement, as the Cisco subnet article points out, put our money where our mouth is on this one.

As the subnet article points out as well, I think the real question is not whether we in IT are going to run more apps on our router boxes, but whether or not these "God boxes" will be expensive, proprietary black boxes like Cisco routers or low-cost standards based off the shelf hardware. With this announcement, we are covering all of our bases and saying you pick the platform of your choice, we will support it. That is the StillSecure way.

In response to my article yesterday about network convergence, Don Marti over at LinuxWorld responds that he is all for convergence.  But he argues, why not converge on a 2 to 4k box, rather than a 10k Cisco box.  Amen to that Don! On the Network Cisco Subnet blog, after rehashing Don's and my positions, the point made is that:

The point of convergence is to save money, as well as to ease administration. At the point where it costs more money or requires more admin than the "old way" of doing things, network pros will have a hard time swallowing it.

I guess they are referring to converging more functionality on one box, you could make administration more complex thereby negating the potential cost savings. I agree.  That is one of the biggest things we have been working on the Cobia platform. How to make managing these diverse applications easier and more efficient.

Back to Don Marti's comments on cheaper boxes though.  There are actually a few rising tides that are floating the convergence boat.  The vastly increased power of off the shelf hardware at those prices is the true enabling technology. Having a cheap box does no good if it doesn't have the horsepower to get the job done.  At the end of the day, that is what kills the 10k Cisco box.  There is no need to pay 10k for the power that the box has when more powerful boxes are cheaper.  The caveat though is, how long do you think it is going to take Cisco to realize that too?

We have contemplated all of these factors in our strategy around Cobia.  We think virtualization is another key driver in this convergence revolution.  Also, by distributing source code with the product, allowing for 3rd party innovation and collaboration, we can leverage a wider community to speed development.

Linux as the common OS underlying much of the convergence trend is a key driver, but there are other forces at play that ensure that we will continue to see consolidation and convergence in the months and years ahead.

Dmarti's blog over on LinuxWorld has an article up titled "Dumbest networking vendor idea since Network Access Control", which talks about what a dumb idea it is for Cisco to allow Linux apps to run on their ISR routers. Besides the fact that the title of the article alone is enough to make me want to tear this one apart, the underlying logic of the authors argument is just weak.

On one hand he talks about why would someone want to run Linux apps on a router, it is potentially bad design. On the other hand he says it is better to run them on a cheaper router alternative like Vyatta and than spouts some PR by Vyatta about their price/performance advantage over Cisco.  They back up this advantage with "3rd party testing".  Turns out the testing is by Tolly Group.  Oh, now that changes everything.  Have any of you ever had a Tolly evaluation done? Anytime you submit a form that contains what you would like to see the testing show in the final report and the final report shows it, well you know what I am saying. But seriously if it is good for Vyatta, why would it not be also good for Cisco?

Here is the real issue though that the author misses.  We live in an age of convergence!  The idea of having a stand alone box that only does routing is history and when Cisco themselves acknowledge it, you know it is fact.  People want more functionality out of their hardware.  Now that is not to say that your router should be your database server or mail server.  But there are certainly network functions that make sense to put on a router. Security is a no brainer to start. IPS, VPN, firewall, gateway AV- easy.  What about network functionality like DHCP, DNS, Radius, etc.  How about some next gen network stuff like WAP and VOIP?  That would make sense. By embracing Linux on the router all of these things and more are possible.  By the way you can do all of this now with our own Cobia platform.

That's right, we had this idea 2 years ago and have been working on it since.  With the convergence of networking, security, VOIP and wireless technologies, why wouldn't you want a multi-use box that can deliver all of this.

Michael Farnum has a great post up today wondering if we in the security industry have been stifling our creativity by designing all of our management interfaces in one of two paradigms. The GUI kind of look and feel pioneered by Checkpoint or the command line standard that Cisco has made their own. It struck a chord with me because it was actually the second time I have heard the same comment this week alone. In speaking with one of the big analyst firms our own VP of product strategy, Andrew Grealy made the same comment.

This actually goes to the heart of what we are trying to do, especially with our Cobia product. We think there has got to be a better way. Why can't products just work, the way Apple does it for instance. So many things in the Mac interface are binary. You plug a mouse in, you don't get a message that the system has detected a new pointing device and goes through the install and you may have to pick a driver. You plug it in and the mouse works. If it doesn't work, something is wrong. Andrew has some great ideas on this around security. Instead of plugging in your IPs and stuff, wouldn't it be great to just tell your security product to protect your web servers? Is there a better way to let you manage a firewall? We think there is.

At StillSecure we have a history of creating easy to use GUI that are powerful yet intuitive. Andrew and his team are working on a rework of our Cobia GUI and some of our other products that we think are going to break out of the Checkpoint/Cisco mold for good once and for all. We hope the market will reward the innovation and the easier way to do business.

TippingPoint announced their Core Controller appliance today. It is a 10GBPS in line IPS. Actually what it sounds like it is, is a network controller that load balances traffic among several conventional Tipping Point boxes and than puts the flow back together and passes it on.  Sounds cool, but I would like to see the latency involved in doing this.   Sounds like a lot of moving parts.  It also sounds a lot like the way Hoff used to do things over at Crossbeam Systems.

The real question for me though is not whether or not this new appliance does line speed IPS or not.  The question is do we still want our IPS as stand alone IPS or do we want it as part of UTM. Mike Rothman in his 2008 Days of Incite talks about "best of breed DOA". In it Mike talks about 2007 being a year where customers clearly voted for integrated solutions over individual best-of-breed.  He also says 2007 was the year the first open source perimeter platforms hit.  I like to think he is talking about Cobia. But 2008 will be an even bigger year for Cobia functionality! The bottom line though is except for the Ferrari crowd does anyone want to buy a stand alone IPS? Mike says it best when he says. "Market maturity kills product innovation".

Yes people buy UTM for one application at first. It could be firewall, it could be IPS or gateway AV, URL filtering or anti-spam. But they like the idea of getting more than what they just needed and paid for.  They figure they are going to turn on the other stuff soon enough anyway.  Plus they get it all from one vender.  So on this one, I have to agree with Mike.  I think people will buy UTM over single purpose security solutions in increasingly greater numbers in the months to come.  Agree?  Disagree?  Leave a comment with your opinion.

I actually read this earlier this week but did not have a chance to comment. ComputerWorld had this article today that details that Cisco will stop selling its line of PIX firewalls on July 28th of this year.  I don't think this announcement came as a shock to anyone.  They had discontinued their VPN 3000 concentrators a year ago and it was only a matter of time that the PIX boxes went the same way. For me personally the PIX firewalls just seemed to always be there. Yes Checkpoint was the "cool" firewall when I first got into security, but PIX was from Cisco and it seemed like the cornerstone of their security business.  Their IDS was not so good for a long time.  Cisco's other security products were never considered back then (or now for that matter) to be best-of-breed, but PIX was a product that was not a bad product in its class.

What is more important though is what is taking the PIX place. It is the ASA line of UTMs.  This presents living proof that the market is moving away from stand alone appliances like firewalls and IPS and towards UTM type of devices that also offer anti-virus, antispam, etc.  I personally had perplexing experience this week on this very subject. One large analyst firm claims that by 2011, 50% of all network security will be spent on UTM.  Then in speaking to an analyst from an even larger analyst firm, he said their position is that UTM will never catch on in the enterprise.  Even if they buy a UTM box, they will not turn on the other features.  So ASA boxes will just be used for firewall and VPN and perhaps IPS. 

Here is the Shimel analysis for what it is worth. I think the larger analyst firm is wrong. I think they have only thought this half way through. I think what the facts are is that people buy the UTM for just one or two functions.  I think that is true for both the mid-market and the enterprise market.  What happens is after they buy the UTM and set up either the firewall or IPS or what have you, geek nature takes over.  They can't help themselves but to experiment and tinker and see what the other functions can do and how they work.  If these other functions work reasonably well without choking the box, they will slowly but surely use the other functions as well.  So before you know it, that UTM that you bought as a firewall is doing UTM duty.

Anyway, any of you PIX owners out there don't throw out the old boxes just yet, Cisco will support them until 2013.  In the meantime I am sure there will be no shortage of vendors looking to give you a deal to upgrade to the latest box. In the meantime if all you are interested in is a good firewall, don't pay anything.  Go to http://cobia.stillsecure.com and use our community sourced firewall for free and upgrade to UTM down the road.

Eric Ogren has a good article up on his ComputerWorld blog about recent advances by Intel/AMD that make it "increasingly harder to justify large engineering investments in custom-built ASICs or hardware that is not built on a standard platform."  Amen brother!  This is exactly what we have been saying with Cobia from the beginning.  Todays multi-core processors with virtualization technologies offer exponentially greater computing power than have ever been available before from off the shelf products.  To the point that justifying custom silicon hardware in most cases does not make sense.  The good news is that following Moore's Law, this advantage is only going to continue to grow.  Yesterdays dual core lead to todays quad core, who knows what tomorrow.

A couple of points of fact bring home the reality of this for me.  First is the results I have seen with deep packet inspection on these new systems with optimized software.  Though up to this point (as a comment points on Erics article points out) we have only seen sub-Gbps speeds, I have good reason to beleive that this barrier will be passed like the sound barrier in airplanes long ago.  Supersonic deep packet inspection on off the shelf hardware will be a reality in the market within a few months!  The second point of fact is a conversation I had with a security director at a large media company in NY.  He told me that just 2 months he visited a data center his company has over in NJ. The place was cavernous and mostly empty.  He returned just two months later and the center was filled to the brim with Dell servers and they are looking to build another data center.  But they are also mandating to move any and every application possible onto virtual servers.

I am not the first blogger to say that virtualization will revolutionize the data center.  But between virtualization and these powerful new processors, there is a revolution going on.  Check out Cobia and see the performance that these trends are putting in your hands without expensive silicon.  We are just at the dawn of the brave new world, but it promises to continue the computer revolution to empower us to do more for less!

Developing the Coba platform has been a learning experience for us here at StillSecure. From the very beginning we wanted other software developers and ISV's to develop and/or port their applications to Cobia.  Early on in speaking to these developers it was obvious that Cobia needed an easy way for them to develop to the platform and develop a Cobia-like UI for their applications.  We wanted to develop something that would make it really easy to develop to, giving developers a lot of flexibility.  We also wanted to allow UI development beyond just a simple web GUI. We wanted a widget like development environment which would really put the power in the developers hands. 

Yesterday, we announced the release of the Cobia SDK.  Developed in close collaboration with the development community already working on Cobia, we think this SDK represents a game changing event in the Cobia community evolution.  If you get a chance have a look at the SDK documentation. If you work at an ISV who would like to use the power of Cobia to expand the distribution of your product, this SDK could be just the ticket for you.

I am interested in what others think of the concept of the SDK and what you think of the Cobia SDK.  Drop us a line with your thoughts.

Hands down the biggest security show of the year is RSA (most fun though is probably Black Hat, but thats Vegas).  One of the highlights of the RSA show for me is going to the SC Magazine Awards show.  It is a nice night, you get dressed up in a tuxedo, drink free and mingle with the industry.  The guys from HayMarket and SC Magazine always do a great job.  On top of this, unlike many other awards for sale, the SC Awards seem to be on the up and up.  Over the years we have won once (Safe Access, best endpoint solution) and made the finals a bunch of times, but either way it is always a good time.

Well though the awards (and the RSA show) have been pushed back to April (they usually are in February) this year, it is that time of year again.  Voting for the SC Magazine Awards has begun!  It seems like they have expanded the categories of Reader Trust Awards this year.  These are the awards you can vote for.  They have another set of awards that are selected by the judges.  Here are the categories for the Readers Trust Awards:

Reader Trust Awards

Best Anti-malware Solution
Best Email Security Solution
Best Instant Messaging Security Solution
Best Web Filtering Solution
Best Intellectual Property Protection
Best Endpoint Security Solution
Best Mobile Device Security Solution
Best Enterprise Firewall
Best Intrusion Detection/Prevention Solution
Best Wireless Security Solution
Best IPsec/SSL VPN
Best Identity Management Solution
Best Multi- and Second-factor solution
Best Integrated Security Solution
Best Managed Security Service
Best Computer Forensics Solution
Best Event Management Solution
Best Policy Management Solution
Best Audit/Vulnerability Assessment Solution
Best Security Software Development Solution
Best Security Company
Rookie Security Company of the Year
Best SME Security Solution
Best Enterprise Security Solution
Best Regulatory Compliance Solution
Best Professional Certification Program
CSO of the Year
Best Security Team
Best Professional Training Program
Editor's Choice Award

All four StillSecure products are nominated.  Safe Access in the endpoint category, Strata Guard in the IDS/IPS, VAM in the vulnerability management and making its debut, Coba in best integrated security solution.  I would love to see all of my readers vote for the StillSecure products, but since many of you work for other vendors nominated, that probably won't be the case.  In any event, if you get a moment go vote for your own choices, but at least vote!

My friend and fellow StillSecure exec, Jayson Ayers recently returned from a salmon fishing trip to Alaska where he hooked some big fish.  It always fascinated me how salmon make their way "uphill" against the current to spawn.  Having to get by the fishermen, the Bears and everything else, it is a wonder of nature that so many of them make it.  I felt the same way reading Peter Stephenson's article today ranting against the trend towards all in one boxes.

Peter is a heck of a nice guy and runs the test labs over at SC Magazine.  He is also pretty smart.  That is why I was surprised to see him take such a contrarian view on this one. I frankly thought this was a battle that had already been fought and to the victors belong the spoils.  Peter thinks that putting multiple security apps on one box at the perimeter into a "SuperUTM" defeats the layered security model.  Peter makes two points that stand out to him:

1. The boxes represent single point of failures.  I don't think this one holds water.  Think about it, having separate boxes for firewall, IPS, etc. just represents multiple single points of failure.  If any of them fail, it could bring your network down.  At least in the UTM model you just have to worry about one box, not several.

2. A single box is not a layered, security in depth defense.  I disagree with this one as well. Just because they are on one box, does not mean that you are not deploying layered security defenses.  Yes if you can bypass the box, you bypass multiple layers, but that is easier said then done.  Also, you might bypass the IPS, but not the firewall.  Or you could bypass the content filter and not the AV. The fact that they are are on one box is not really the issue.

Lastly, Peter says having all of these apps on one box does not mean they are easier to manage.  That may have been true, but even Peter admits that is getting better.  It is certainly cheaper.  The question in my mind is do they all function on one box.  With virtualization and powerful off the shelf hardware, the age of multi-function boxes has arrived for sure!

Now Peter, once you get your head around a multi-function security box, let me introduce you to the next evolutionary step, a unified network platform, Cobia.

Rich Stiennon is someone that I have blogged a lot about.  Of course Rich is perhaps best known for his "IDS is dead" prediction while at Gartner.  Over the last few years, Rich and I have gone back and forth on NAC and his secure network fabric concept. But I think history may record another Stiennon prediction as perhaps his most insightful.  But if they do, let them also record, StillSecure was there first!

Rich writes in SC Magazine today about his vision of the 4th generation of UTM. Now I am not going to say that Rich took his idea from us (I was on a UTM panel with him at RSA), but this article reads like a Cobia PR piece.  Let me give you some quotes here:

We are rapidly approaching the advent of the fourth generation security platform. This is a device that can do all of the security functions that are lumped in to UTM but are also excellent network devices at layers two and three. They act as a switch and a router. They supplant traditional network devices while providing security at all levels. Their inherent architectural flexibility makes them easy to fit into existing environments and even make some things possible that were never possible before. For instance a large enterprise with several business units could deploy these advanced networking/security devices at the core and assign virtual security domains to each business unit while performing content filtering and firewalling between each virtual domain, thus segmenting the business units and maximizing the investment in core security devices.

One geologic shift that will occur thanks to the advent of these fourth generation security platforms is that networking vendors will be playing catch up, trying to patch more and more security functions into their under-powered devices or complicating their go to market message with a plethora of boxes while the security platform vendors will quickly and easily add networking functionality to their devices.

Fourth generation network security platforms will evolve beyond stand alone security appliances to encompass routing and switching as well. This new generation of devices will impact the networking industry it scrambles to acquire the expertise in security and shift their business model from commodity switching and routing to value add networking and protection capabilities.

I swear. if Rich would have mentioned open source and Moore's Law providing the horsepower to make this happen, I would have sent him a check from the Cobia marketing budget!

But lets not be naive.  If Rich is writing this, you can bet his employer, Fortinet will be coming out with a network/security convergence box shortly.  We already have almost 2 years into Cobia development and welcome the company.  It will be interesting to see if Fortinet tries to do everything themselves or opens up the platform for 3rd parties.  In any event, another prescient prediction from Stiennon. Maybe this will go down as the beginning of the secure networking revolution.

Carl Weinschenk posted an article today on ITBusiness Edge in the Network Sentry blog about how the security industry is benefiting from the multi-core architectures now available.  Carl highlights what Check Point is doing with VPN-1 and what American Portwell Technology is doing with security appliances based on dual core technology. Finally, Mindspeed Technologies recent announcement too.  The bottom line here is that with multiple cores available many processor intensive applications are able to run on off the shelf components at a fraction of what customized silicon cost.

This has application beyond security.  I know our own lab stuff has shown how Cobia can take off with multi-core technology.  When you start thinking of virtualization, multi-function and the like, multi-core processors really take it to the next level.  Our security R&D team has some amazing stuff they are playing with that takes advantage of this and I hope to be able to share that with you soon.

The question in my mind is, what does this mean for the custom silicon crowd? With this kind of horsepower available and the onward and upward march of Moore's Law, why invest in custom silicon except for the absolutely most demanding and rewarding applications.  Any appliance vendors who are not looking at running off the shelf hardware, have to be taking a long hard look and wondering why not.  Any customers who are still paying premiums for custom burned silicon that is not even upgradeable have to look at this as well.

Its been about a month or so since we publicly announced Cobia over at StillSecure. An interesting but puzzling fact that we have observed is that just because a device can perform more than one function, people think that somehow limits you from using it as a single function device.  Case in point is Cobia's firewall and router functions.  We have received more then one question asking if you can just use the firewall function in Cobia, without the router and other modules.  Similarly, we have been asked by people who want to just use Cobia as a router (sometimes just temporarily) but not any of the security functions.

This got me to thinking about UTM's and other multi-function devices.  Do people think just because they have a UTM, they must use more then one function.  I happened to come across a blog ad for Fortinet (they offer ads for the Security Bloggers Network), the only thing they mention in the ad is a fourth generation firewall.  Could it be that most people are just using UTM's for firewall. I know Chris Hoff reads my blog.  I wonder if Chris has any numbers on how many Crossbeam customers are just loading firewalls on their X-series boxes.  Does having all of these choices confuse people from using just one of them? I think this is a common problem in technology.  We tend to load so much functionality into our machines that they can be overwhelming and bloated.  Do you really want your toaster to be hooked into the net?

Of course if you're interested, the answer is even at this early stage, Cobia is a great choice for a free firewall or router or both.  The GUI allows for easy management and configuration.  If you need to drop a router in while performing some network redesign or just want to put an easy to use firewall in, even at home, give it a try. I promise you don't have to run everything else Cobia can do, unless you really, really want to ;-)

Episode 36 of the podcast has me interviewing Mitchell about Cobia.  For those who have not heard, Cobia is our Unified Network Platform (UNP), that we released this week in beta. Mitchell, who is the general manager for Cobia, tells us all about it.

If you like the content of these shows or have any other comments or questions, please drop us a line at podcast@stillsecure.com

Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at  http://www.jonschmidt.com.  Music transitions between segments are by our own Mitchell Ashley!

http://clickcaster.com/resource/audio/stillsecure--after-all-these-years--podcast--36---cobia.mp3

I spoke with Jaikumar Vijayan of ComputerWorld today about the Cisco NAC "hack" by the researchers from ERNW GmbH.  By now, I assume most of you have heard about the tool they have built that exploits two holes in the Cisco NAC technology.  As a competitor I did not want to pile on Cisco about this unfortunate revelation.  In fact though one of the two holes is very specific to Cisco's NAC implementation and I don't think will effect other NAC products, the other could be a problem for other NAC products as well.  Anyway, I always enjoy speaking with Jai and hope to have him on as a guest on our podcast soon.

The other article by Eric Ogren talks about open source NAC and logging.  He mentions Sourcefire's new Daemonlogger logging tool and then Cobia.  I am not sure if Eric is confusing different briefings we did with him, but he seems to think Cobia is somehow a NAC play.  Shame on Mitchell ;-),  for not making sure Eric was better informed about what Cobia is.  I guess we are going to have to go back and re-brief him.  In any event, though some NAC functionality will be able to run on Cobia eventually, it is not a NAC play at all.

Well it seems my friend Thomas certainly stirred things up.  The whole open source, is it or isn't it thing has attracted a lot of action.  Probably not much from the people who matter most to me though, that is the people who are going to use Cobia.  But still you live and learn, and that I am doing.  I won't be able to respond any more until later tonight but, if you stop by here you may want to bring your own umbrella to make sure you are not hit with any of the stuff flying.

Many thanks to Thomas over at Matasano for getting the "open source" issue around Cobia right out from the get go.  I just wish he didn't do it on the first night of Passover, as I had to wait until all of our guests left and I helped clean up, but hey it is only 1am, the night is still young. 

So easy stuff first.  Thomas, as to Martins blog post, you know how I feel about this stupid list already.  I don't honestly think that I am the 2nd most influential person in IT security.  But I am not responsible for the IT Security.com list nor am I responsible for what Martin writes. One of the things when we hired Martin was that explicitly we do not control what he writes, within reason. Obviously we don't want him exposing us to any liabilities. So, Thomas take that up with Martin.  Thomas I know this is a push your button issue for you, but try to separate that from the rest of your article which makes some great points I want to respond to.  You ask two fundamental questions.  Let me answer them:

1. Is Cobia open source?  The not so short answer Thomas, is that if you are a strict constructionist and believe all open source must have an OSI approved license, than I guess you can say it is not open source.  Me personally, I don't like strict constructionists in my Supreme Court judges and I don't deem software open source or not by a strict construction of whether or not an OSI approved license is in place.  Thomas, I  don't say this flippantly either. We thought long and hard about licensing and this issue around Cobia.  Here is the story.  We believe and our research proves it, most people consider software open source if the product is free to use and it includes the source code.  I think only purists will get hung up about the OSI stuff.  Only people looking to make money off of it will get hung up about the dual license.  Go ask Ron Gula about it, he will tell you. Most people when they download software that is "open" look for it to be free.  In a minority of cases they may even look at the source code.  The only time they look closely at the license is if they are going to do something with the product such as distribution.

Thomas, todays commercial open source business model isn't the open source model you grew up with.  I am glad you brought up both Snort and Nessus.  Go ask Ron and Marty if they were starting today if they would do it under GPL from the beginning again. If they are being truthful, they would tell you no way. The idea we are trying to get across here is that if you are using Cobia for your own use in your network and not reselling it or packaging it for profit, it is free and open.  If you are going to use it for profit, why should we not share in this?  Someone has to pay the bills here.  We are not releasing it under GPL, only to pull out key parts later on.  We think that is much less respectful of the people who may contribute than telling them upfront what our intentions are.  For the 8% of people who do something with the code (that is how many people do in the average open source project), we do have provisions for them to share in Cobia.  We also will be seeking more ISV's who develop to the Cobia platform.  We already have some lined up. Stay tuned for announcements around this. The incentive Thomas is that as more people use Cobia in their network, wouldn't it be good for their product to run on top of it.  We will also be contributing non-open modules for Cobia in the future. 

Bottom line on this issue Thomas, is I believe it is open source. It is free and you get the source code. You want to make money on it, we want to make money too. Take a look outside of security and you will see lots of similar business models out there. That is open source to the overwhelming majority of the market.  To those that do not consider this open source and get wrapped around the axle on it, so be it. It is, what it is.

2. Is Cobia a pretty face on some open source with a Java web-app wrapper.  Another great question and again I am afraid, not a short answer. First off, please don't judge Cobia by what is currently available in the beta. It is the first beta, there is a lot more planned for it. Secondly, yes we used some of the Xorp stuff, but it needed a lot of work.  Xorp is under BSD license I believe BTW. 

Thomas, we have been working with open source at StillSecure for years.  We are very well versed on open source. One thing I can tell you is that we will comply to the letter of the licenses involved.  I am glad you brought up Astaro as an example of a company that does not contribute in your opinion.  Go have a look at which companies contributed the most new code in the latest Linux kernel.  You will find Astaro pretty high on the list.  By the same token Thomas because we have not yet blown our own horn about what we have done in open source, don't mistake that for us not doing anything.  We have quietly contributed a lot of code back to open source projects for a long time.  Have a look at http://www.stillsecure.com/opensource if you would like to see what we use and what our SAT has done.  Many times we will improve code and contribute it back to the community or make it available under GPL without putting out a press release or something like that. We are a sponsor and help out with Bleeding Ege and have in the past had engineers on the SANS Storm Center.

So maybe Thomas our marketing team has been too busy playing up that Martin, Mitchell and I were on that list, instead of playing up our contributions to open source projects.  But, we are very sure in our beliefs about what the market wants and that Cobia is going to fill a very critical need out there. We welcome people giving it a try and hope that it solves an issue in your network.  We welcome feedback on what you would like to see in it and want people to be active Cobia community members.

I know we must be on to something if Hoff is relying on the force to make you not pay attention to Cobia.  Now he wants to wave his hands and tell us to move on, nothing to see here. Of course he was watching Bill Maher when he wrote this, so I will give him some credit. The comedian on the panel was really funny and right on.  Anyway, Chris lets put this one to rest once and for all.

First as to what I mean by markets, technology, products, stand alone products, etc., let me be explicit as it seems you are pretty wrapped around the axle on this one.  When you say NAC and other products are moving from markets to features I disagree with your use of the word markets, not that I disagree that it is moving to a feature.  Maybe it is another kiwi thing or maybe it is my Long Island vernacular. What I think you mean when you say market, is what I call a stand alone product.  Another words, will people buy NAC as a single, stand alone product or as something integrated into the network (I know that makes you cringe or maybe even in a high end UTM).  If that is what you are saying Chris, I agree with you.  I think NAC will be integrated.  In fact we have several OEM and partnership deals that do just that.  That does not mean that NAC does not have a market in my mind though.  A market to me is, will someone pay for it. I think whether sold stand alone or integrated with other products, the value of NAC will still be important. It will be a factor when people pick one switch or product over another. NAC to me is a technology, whether it is a stand alone product or not, has again nothing to do with it is a market. By the same token, UTM perhaps is not a technology, but instead an amalgamation of technologies.  However, that does not mean that it could not be subsumed into something like UNP. 

The fundamental problem I have with what you are writing Chris, is you have negative connotations around the feature word and I do not.  We anticipated this happening to NAC when we originally designed Safe Access.  BTW, we thought the same thing would happen to IDS/IPS.  I think only someone who thinks that the network should be inherently dumb and that security ride as a layer above it, would find the product moving from stand alone to integration into the network such a negative. Does that sum it up Chris?

Now my young padawan, why don't you come over to the darkside and acknowledge that a Unified Networking Platform can turn UTM into a feature as well.  The truth will set you free Chris!

For some time now Mitchell and I have been hinting and beating around the edges about the next "big thing" that we have been working on at StillSecure.  Today we finally make public the worst kept secret on the Internet and give you: COBIA!.  You can read more about it here

As Mitchell has written COBIA is a Unified Network Platform (UNP).  It is a modular, open platform that will combine networking functionality with security built into a single platform.  With todays announcement, Cobia is only in beta. The version you can download and play today with has only a limited amount of the functionality we will be building into the product.  The diagram below shows more of the vision of what Cobia will be.

COBIA represents a lot of hard work of many people here at StillSecure.  Originally, the brainchild of our CEO Rajat Bhargava, Mitchell has been the GM as the product went into development.  Martin McKeay will be the product evangelist for COBIA. We have assembled a great team of folks on this product and we are all very, very excited.  Please have a look at it and give us your feedback.

COBIA incorporates several trends that we think will allow it to find wide acceptance in the market.  They are:

1. Convergence of networking and security.  Cobia will allow a wide range of network functions and security applications to be run off of one box.  In fact we anticipate commercial networks placing multiple Cobia boxes throughout their network, each one with a different line up of applications running depending on where they are in the network.  All of these boxes can be managed centrally.  The Cobia GUI is designed to deliver one interface management for all of this functionality as well as allowing 3rd party applications to go out to their own GUIs.  The time of point security and network solutions is drawing to an end. UTM was fine beginning, but the let the era of true convergence begin!

2. Open Source - COBIA is released under a StillSecure community license.  It is a dual licensed open source model.  It is free to use and you get source code for use on your own networks.  The gist of the dual license is that if you are reselling COBIA, you should be under the commercial license. You can check out the license in full at the COBIA site at http://cobia.stillsecure.com.  If you have any questions please let me know.  We are looking forward to working with and supporting a wide community of Cobia users.  You don't have to buy anything to be part of the community.

One of the things I am excited by with the open source model, is the ability for ISVs, other software companies and individuals to develop and extend the platform.  There is no telling where this innovation may take the product. The StillSecure business development team is looking to work with others that would like to port their applications or develop for the Cobia platform.  Please contact me if you are interested.  We would love to see a Snort port to Cobia for instance.

3. Off the shelf hardware - Cobia does not require any special hardware.  Though we may enter agreements to sell Cobia pre-installed on hardware boxes and some of it may be optimized for the platform, Cobia should run on any hardware that supports Linux.  No paying a premium for a fancy bezel, download the software, put it on your box and have at it. 

Also, Cobia can run in a virtual machine, as well as a mobile management interface.  I will be writing more about Cobia over the coming days and weeks I am sure.  But just taking the wraps off of it, is exciting for us.  We hope you find it as exciting as we do.

Thanks to everyone (a cast of thousands) who have helped us with bringing Cobia to this point. We could not have done this without you!