StillSecure, After All These Years

I was reading the news yesterday about IBM oem’ing Foundry/Brocade switches. Watching the machinations of companies vying for dominance in this space is like watching continental drift over geologic time periods. It seems the same old masses are in constant motion - combining, breaking up and recombining in infinite configurations. Cisco dominated the data center network infrastructure. HP had servers and storage. IBM competed with HP but dominated in services.  HP buys EDS competes with IBM in services. Cisco makes blade servers, competes with HP. HP heavily promotes its ProCurve line to compete with Cisco.  IBM oem’s Foundry/Brocade, competes with HP and Cisco.  Round and round she goes, where it stops nobody knows. Hey what is Microsoft going to do? As much as it goes around, it seems at the end of the day it is the same old big giants that dominate and are constantly trying to steal each others cheese.

I do know that there are billions of dollars at stake.  With stakes that high, it will be a fight to the finish.  However, sooner or later equilibrium will set in. Every side will find its niche. I don’t think any of these guys are going out of business or anything. In the meantime it could create opportunity too for smaller vendors to run between the legs of these giants and deliver solutions that customers need.  By the same token I am sure that this new jostling will lead to a new round of acquisitions as well.  Same old same old in the tech business!  The faces change, but the names stay the same!

Was happy to see this article in the NY Times Technology section today about HP ProCurve shedding its redheaded stepchild status, at least internally in HP. ProCurve for a long time was one of the best kept secrets in technology.  Operating as a company within a company at HP they very quietly went about their business of building the second leading switch business in the market. Now they are finally getting their due, being acknowledged as the second most profitable division in HP and getting some very high visibility within HP's executive team.

Believe it or not, before Mark Hurd took over, HP's service and sales team was comp'ed to sell Cisco products but not ProCurve!  According to the Times article this may have been due to the fact that Carly Fiorina was on Cisco's board at the same time she was CEO of HP.  In any event ProCurve had to make their own way in the world and may very well be stronger for it.

All of that has apparently been placed in the rear view mirror now.  HP's sales force is being compensated to sell ProCurve.  Hurd and legendary EVP Ann Livermore (in charge of the division ProCurve is now part of within HP) are very much involved and interested in seeing ProCurve grow.  They have thrown down the gauntlet, letting Cisco know that they want a bigger piece of the 20 billion dollar network gear market.

ProCurve has some great products, great warranty and great service.  They also have a good strategy around security in the network.  My friend Mauricio Sanchez drives a lot of the vision around security. I just hope that my friends at ProCurve don't find that having the spotlight turned on them somehow messes with their momentum and way of doing things. Otherwise they may just wish that they were that redheaded kid still.

Related articles by Zemanta

• H.P. Results Match Preliminary Numbers
• HP's outlook for next year unchanged despite tough economy
• HP's Ann Livermore keeps eye on 'team'
• HP rides EDS buy through Meltdown
• Deal may turn HP into networking leader

Its easy to dismiss Don Dodge's asking "Do you really want your data in the cloud" as a Microsoft guy defending their turf. Don uses some recent uptime problems at Amazon, Twitter, Disqus and Typepad to show that keeping your information in the cloud and relying on the net to deliver your applications gives you less control, less security, less scalability and less reliability.

Don has a point, even though net access and SaaS services are much more mature than they were in the past, there is always the times when it does not work. For that matter, cell phones, blackberries, and cable TV don't always work either. An indication of how vital something has become is how much we miss it if it is not available. But to the point, I remember when the personal computer first came into being. The idea of your data and the applications being "portable" to your device was revolutionary. The idea of keeping your data on those big floppy discs was so empowering. But even than, problems accessing data on a disk or an application not behaving or security problems could render you just as frustrated on your non-networked device as an Amazon or twitter being down does now.

Ultimately I think these things go in cycles and we are entering a centralized cycle now. However, I think this turn of the cycle could be different. Never before has net access been so ubiquitous. Never before have we seen the depth of optimized applications for the net. The infrastructure is finally in place to recognize the dreams of many of "thin clients" and net terminals. But I think the best model is a hybrid model. I like the Microsoft solution where I can work on stuff online and off line on my computer, than sync up later. Ultimately when it comes cloud versus local computing, I want my cake and eat it too.

In response to my article yesterday about network convergence, Don Marti over at LinuxWorld responds that he is all for convergence.  But he argues, why not converge on a 2 to 4k box, rather than a 10k Cisco box.  Amen to that Don! On the Network Cisco Subnet blog, after rehashing Don's and my positions, the point made is that:

The point of convergence is to save money, as well as to ease administration. At the point where it costs more money or requires more admin than the "old way" of doing things, network pros will have a hard time swallowing it.

I guess they are referring to converging more functionality on one box, you could make administration more complex thereby negating the potential cost savings. I agree.  That is one of the biggest things we have been working on the Cobia platform. How to make managing these diverse applications easier and more efficient.

Back to Don Marti's comments on cheaper boxes though.  There are actually a few rising tides that are floating the convergence boat.  The vastly increased power of off the shelf hardware at those prices is the true enabling technology. Having a cheap box does no good if it doesn't have the horsepower to get the job done.  At the end of the day, that is what kills the 10k Cisco box.  There is no need to pay 10k for the power that the box has when more powerful boxes are cheaper.  The caveat though is, how long do you think it is going to take Cisco to realize that too?

We have contemplated all of these factors in our strategy around Cobia.  We think virtualization is another key driver in this convergence revolution.  Also, by distributing source code with the product, allowing for 3rd party innovation and collaboration, we can leverage a wider community to speed development.

Linux as the common OS underlying much of the convergence trend is a key driver, but there are other forces at play that ensure that we will continue to see consolidation and convergence in the months and years ahead.

Well it should be a busy week in the news with Interop going on.  This morning has already seen a flood of announcements and articles.  Should be fun.  Will try to keep you all updated from out in Vegas. As well as talk about some cool news we will be announcing there as well.

One thing I read I did want to bring up though.  Jon Oltsik had a good article up in his C/Net blog on the fast/dumb pipes versus intelligent network debate. While I don't pretend to know as much as about this one as Chris Hoff or am nearly as passionate about it, I do find it interesting. I have to agree with Jon.  I think due to Moore's Law delivering ever increasing horsepower to off the shelf CPU's, we are seeing more and more intelligence on the network.  But I think Jon has it right, we need to have a "crack once, process many" model.  That is we inspect a packet once and use that for multiple purposes (IDS, AV, etc.).

HP ProCurve announced two products that will further networking and security convergence today.  According to this article by Matt Hamblen at ComputerWorld, ProCurve (which is 2nd in networking port shipments globally) will release ProCurve Network Immunity Manager. It sounds like some sort of IDS type of detection, maybe behavior and signature based that works with ProCurve switches to throttle or stop bad traffic from its origin.  The second product due out in the 3rd quarter, is called ProCurve Network Access Controller 800.  It sounds like a NAC device that works hand in hand with ProCurve's Indentity Driven Manager.  Very interesting.  ProCurve CTO Paul Congdon is this weeks guest on the podcast and he may have a thing or two to say about this.  If you get a chance listen in.

Interestingly, Rob Whiteley of Forrest-er and "network NAC is dead" infamy, says that this network based NAC seems to be a good thing.  Geez Rob, why didn't you say anything about PERM?  Isn't that the future and this network based access control stuff history?  I can't imagine what would make you seem to change position on this.

It has been a while since I disagreed with Mike Rothman publicly on the blog.  Fact is I usually find myself on the same side of the fence as him and frankly there are easier marks then him to pick on.  But with the long holiday weekend, the news is slow and we all need something to ponder, so let me dig in on Mike's recent searchsmb column in Techtarget.  Mike returns to his tired (not tried) but not necessarily true, "big is the new small" thing.  It is now called best of breed vs big security.  I know we have debated this in the past, but I still don't buy it all.  I think there is a difference between buying multiple security products from one vendor versus buying from the big boys. Using Mike's examples of McAfee and Symantec, even Mike says their suite products have been largely a failure. So what makes him or anyone think that is now changing.  Yes they have a lot of products, but they are not integrated.

Mike that is the key, integration.  SMBs want unified products, not lots of individual products from one vendor.  Until big security can show unified integration, they are no better than the little guy, who at least gives you best-of-breed.  This is exactly why we think a Unified Network Platform will be so appealing to this crowd.

For those who read my blog or Mitchell's, you probably have already surmised that we have been working on something new and exciting here at StillSecure.  We are almost ready to take the wraps off, but not quite yet.  We are also looking at adding a key member to the team which could be really exciting.  Mitchell has posted tonight his white paper/manifesto that explains a lot of what he has been thinking about and working on for a while now. He sums it up as a Unified Network Platform. There have been enough hints and clues dropped for those who want to know, I think to figure it out.  But if not, read the white paper and keep your eyes peeled.

You may have seen all the press a couple of days ago around the launch of 3Coms Open Services Networking (OSN) program accompanying 3Com On partner program. Phil Hochmuth over at Network World has a good article up on it.  Basically, 3Com is seeking to tackle Cisco and Juniper in the router market by making a Linux blade that will run inside their router.  Using VMware and such, they want to run a bunch of different apps that can benefit being near the router and network. Sounds like a good idea.  It would be good to see 3Com win back some market share, after some rough times over the past few years.  Maybe the Tipping Point folks would even be proud to say they are part of 3Com.   

The article talks about a few of the partners 3Com has lined up that will run in this environment.  One company absent was StillSecure.  However, a perusal of the 3Com On web site under security solutions shows StillSecure listed as a partner for our Safe Access NAC product. In fact clicking on the StillSecure link takes you to a page on the 3Com site that tells all about Safe Access. Including the fact that Safe Access was tested and certified on their 5500g model.

So why were we not mentioned in any of the press articles or press releases.  I think the answer lies more in Tipping Points own NAC plans (I am sure we will hear more about this soon, maybe even RSA which is shaping up as a NAC-fest) than anything else. 

Michael Farnum, my friend from down Texas way, gives us his take on the Tipping Point - Brian Smith remarks about pursuing a bump in the wire approach to network security. Long and short of it is Michael feels somewhat responsible for the way he answered a customer response survey about if he would buy a Tipping Point blade on a 3Com switch.  Basically, Michael makes no excuse that he thinks 3Com switches for the enterprise suck and that he is not alone.  He would consider a Tipping Point blade on another company switch, just not 3Com.

I suspect that this is actually the Tipping Point guys point of view.  The ones I have spoken to are almost ashamed to be affiliated with 3Com and begrudgingly accept the 3Com name on their business cards, but call themselves Tipping Point still.  I say they weren't so proud and arrogant when they were taking the 400+ million dollars from 3Com were they.  Hey as far as I am concerned, the Tipping Point made a bargain and got paid for it too.  Now they have to live with it.  How is it in the best interests of 3Com to tolerate this.  Yeah, it may be short term positive for Tipping Point to disassociate themselves from 3Com, but long term it kills 3Com to not have a coherent, unified company.  If they can't leverage switch business with the Tipping Point stuff, they should just spin Tipping Point off now (don't laugh, I have heard rumors to that effect, but I suspect it is just wishful thinking by Tipping Point guys) and take the money and run.  I wonder if the tail is wagging the dog over there.