StillSecure, After All These Years

I was reading the news yesterday about IBM oem’ing Foundry/Brocade switches. Watching the machinations of companies vying for dominance in this space is like watching continental drift over geologic time periods. It seems the same old masses are in constant motion - combining, breaking up and recombining in infinite configurations. Cisco dominated the data center network infrastructure. HP had servers and storage. IBM competed with HP but dominated in services.  HP buys EDS competes with IBM in services. Cisco makes blade servers, competes with HP. HP heavily promotes its ProCurve line to compete with Cisco.  IBM oem’s Foundry/Brocade, competes with HP and Cisco.  Round and round she goes, where it stops nobody knows. Hey what is Microsoft going to do? As much as it goes around, it seems at the end of the day it is the same old big giants that dominate and are constantly trying to steal each others cheese.

I do know that there are billions of dollars at stake.  With stakes that high, it will be a fight to the finish.  However, sooner or later equilibrium will set in. Every side will find its niche. I don’t think any of these guys are going out of business or anything. In the meantime it could create opportunity too for smaller vendors to run between the legs of these giants and deliver solutions that customers need.  By the same token I am sure that this new jostling will lead to a new round of acquisitions as well.  Same old same old in the tech business!  The faces change, but the names stay the same!

Last week Cisco came out with news that put HP, Dell and IBM square in their sites. They announced that they were coming to market with a line of data center servers that would leverage virtualization technology.  The aim was to make Cisco a player in the large, lucrative server market.  Well HP wasted little time in firing back.  Today they announced a new line of data center switches and a full partner ecosystem to extend the HP data center functionality.

To be clear this announcement was powered by the folks at HP ProCurve which recently has started getting its fair share of attention from HP itself, as well as the rest of the world. But when even the Wall Street Journal picks it up, you have to say that HP is not making any bones about their desire to go after Cisco. There is no lack of companies that are willing to join up with HP to take a bite out of Cisco either.  They will introduce more partners I am sure very soon.

HP certainly has the muscle to take on Cisco, however I think how successful they will be remains to be seen.  This attack to be successful has to be one for the long haul.  There will be no quick victory to knock Cisco off the perch.  Also, ProCurve has built up a great channel over the years.  But can these channel partners sell to the data center market instead of the market they sell to today?  Can they sell the ancillary lines to pure switching and routing, like acceleration, security, etc.?  Good questions that need answers before anyone can talk about knocking Cisco down as king of the mountain.

Related articles by Zemanta

• With Servers, Now Cisco Fights Partners
• Report: Cisco to elbow into server fray
• HP readies for Cisco's datacenter assault
• Point (Cisco), counterpoint (HP)

SSAATY #61 has Mitchell and I joined by Steve Goodbarn, CEO of Secure64, developers of a DNSSec solution. Mitchell and I get a well grounded technical background on DNSSec and what Steve is trying to do.

We so inspired Steve that he started his how blog shortly thereafter. His blog is at http://www.stevegoodbarn.com.

Thanks to Pod0matic for hosting our podcast. Tonight's music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!

Enjoy the podcast!

BTW, in case you are wondering the * is for the number 61. I just can't write 61 with out an * next to it,  here is to Roger Maris and the Babe.

Related articles by Zemanta

• StillSecure, After all these years, Podcast 58 - Bill Brenner
• StillSecure, After all these years, Podcast 59 - Mike Murray
• StillSecure, After all these years, Podcast 60 - Sam Van Ryder
• SSAATY - Podcast #56 - Michael Montecillo of EMA
• StillSecure, After all these years, Podcast 57 - Thomas Noonan

Was happy to see this article in the NY Times Technology section today about HP ProCurve shedding its redheaded stepchild status, at least internally in HP. ProCurve for a long time was one of the best kept secrets in technology.  Operating as a company within a company at HP they very quietly went about their business of building the second leading switch business in the market. Now they are finally getting their due, being acknowledged as the second most profitable division in HP and getting some very high visibility within HP's executive team.

Believe it or not, before Mark Hurd took over, HP's service and sales team was comp'ed to sell Cisco products but not ProCurve!  According to the Times article this may have been due to the fact that Carly Fiorina was on Cisco's board at the same time she was CEO of HP.  In any event ProCurve had to make their own way in the world and may very well be stronger for it.

All of that has apparently been placed in the rear view mirror now.  HP's sales force is being compensated to sell ProCurve.  Hurd and legendary EVP Ann Livermore (in charge of the division ProCurve is now part of within HP) are very much involved and interested in seeing ProCurve grow.  They have thrown down the gauntlet, letting Cisco know that they want a bigger piece of the 20 billion dollar network gear market.

ProCurve has some great products, great warranty and great service.  They also have a good strategy around security in the network.  My friend Mauricio Sanchez drives a lot of the vision around security. I just hope that my friends at ProCurve don't find that having the spotlight turned on them somehow messes with their momentum and way of doing things. Otherwise they may just wish that they were that redheaded kid still.

Related articles by Zemanta

• H.P. Results Match Preliminary Numbers
• HP's outlook for next year unchanged despite tough economy
• HP's Ann Livermore keeps eye on 'team'
• HP rides EDS buy through Meltdown
• Deal may turn HP into networking leader

Came across a story today noting the Commonwealth of Virginia (and I bet you thought it was a state) was awarded top honors for information security by the National Association of State Chief Information Officers (NASCIO). It seems Virginia's "Interlocking Spheres of Collaborative Protection" program "strengthens the security of sensitive citizen information across all branches of government". I tried to find out a bit more about these interlocking spheres, but have not been able to find anything. I have dealt with some county governments in Virginia and will reach out to see if I can dig in a bit.

Overall though state and local government faces the same challenges that our Federal government has and many commercial entities.  Protecting confidential information is a challenge.  But Government also has to have some transparency and a duty to make certain information available.  Balancing those two requirements is a difficult task. 

State government IT departments have very much of a coop-a-tive relationship with each other.  Each one wants to be the best at IT in general and security in particular.  Yet, when one state is successful with a particular technology, many other states will seek to imitate that same technology or technique.  I am sure that we will see other states adopt the Interlocking spheres program soon.  No matter what it is exactly ;-)

Story over at C/Net highlights that long troubled networking and telecommunications gear maker Nortel is again suffering.  They are slashing their outlook and guidance and have announced that they will be looking to sell some business units.  Could this be the beginning of the end for Nortel?  Are they the next bailout candidate?  Maybe Canada can bail them out.

So, who will take on Cisco?  Juniper seems to be gearing up.  Sometimes I think if you took the next 3 or 4 network gear vendors and lumped them together, you might have a real Cisco killer.  Until than there is not much on the horizon that will change the status quo on the network gear market

Its easy to dismiss Don Dodge's asking "Do you really want your data in the cloud" as a Microsoft guy defending their turf. Don uses some recent uptime problems at Amazon, Twitter, Disqus and Typepad to show that keeping your information in the cloud and relying on the net to deliver your applications gives you less control, less security, less scalability and less reliability.

Don has a point, even though net access and SaaS services are much more mature than they were in the past, there is always the times when it does not work. For that matter, cell phones, blackberries, and cable TV don't always work either. An indication of how vital something has become is how much we miss it if it is not available. But to the point, I remember when the personal computer first came into being. The idea of your data and the applications being "portable" to your device was revolutionary. The idea of keeping your data on those big floppy discs was so empowering. But even than, problems accessing data on a disk or an application not behaving or security problems could render you just as frustrated on your non-networked device as an Amazon or twitter being down does now.

Ultimately I think these things go in cycles and we are entering a centralized cycle now. However, I think this turn of the cycle could be different. Never before has net access been so ubiquitous. Never before have we seen the depth of optimized applications for the net. The infrastructure is finally in place to recognize the dreams of many of "thin clients" and net terminals. But I think the best model is a hybrid model. I like the Microsoft solution where I can work on stuff online and off line on my computer, than sync up later. Ultimately when it comes cloud versus local computing, I want my cake and eat it too.

This one is not all security related, but is the ScienceLogic Blog. One of my favorite persons in the IT field Dave Link is the CEO and founder of ScienceLogic. Several other friends from Interliant including Louis Dimiglio (sorry if I messed up the spelling Lou!), Richard Chart and Chris Cordray are also part of the team. They have done a great job of creating a network management product and in a hyper-competitive industry carving out a place for themselves. I am running into them more and more at shows, conferences and in the field. Now they have joined the blogging ranks and it looks like there will be several contributers. They are all smart folks and I am sure will have good things to say, so be sure to check out the blog!

In one article responding to a post I did about where is the interoperational in interop, Dave says that he and the ScienceLogic team had a very different experience at Interop this year. Due to their participation in the InteropNet and ILabs project, ScienceLogic was very involved in making sure the network at Interop was up and running and showing off the many different products and vendors working together. Certainly the work of the many people at Interop Labs and Interop Net show how heterogeneous equipment and technology can work together, but where those labs and network used to be the center of the show, I am not so sure that is the case any more. Many folks walk by the NOC at Interop, peak inside at the folks at the stations, smile and move on. How many actually take the tour compared to how many walk the floor or sit in on presentations. I think in Dave's view it is a case of when you are a hammer, everything looks like a nail.

More importantly though Dave challenges me to answer his questions of what StillSecure has done to promote interoperability with other vendors that we can promote. Great question and it deserves an answer. So at the risk of giving StillSecure a shameless plug, let me give you the three foundations that we have built our products on that allow us to excel at interoperability:

1. Using open standard software and hardware - All StillSecure products run on off the shelf x86 hardware or in VMware virtual machines. Additionally, our products all run on top of the StillSecure OS which is a hardened and stripped version of Linux, but still provides that standard command line programs and interoperability that the Linux OS allows. Additionally, we use standard and open databases such as MySQL and PostgresSQL that are SQL and ODBC compliant. Additionally, we have open data base schema's. Also, we use Java webservers and similar types of open standard software that makes it easier for us to work with other products and for our customers to feel comfortable with what is under the hood.

2. Support of industry frameworks and standards - Whether it be TCG/TNC or NAP in the NAC world or CVE and FDCC in vulnerability management, we support industry wide standards and frameworks which allow products to work with each other. SNMP traps, SMTP email alerts are all standard in StillSecure products.

3. Enterprise Integration Frameworks- StillSecure products all ship with our enterprise integration frameworks. These are a complete set of fully documented and functional APIs in XML and Java that allow for the bi-directional exchange of data with many 3rd party products. This is perhaps our greatest means of interoperabitility and integration.

Dave, I hope that answered the question for you. Now that we know about the blog, we will be reading. Good Luck!

As I have written before, I always laugh when I remember speaking to a potential NAC customer who had recently met with a NAC competitor of ours.  We got around to discussing enforcement options and the customer was hell bent on using SNMP to have his switches enforce access policies.  I explained to him that since he had switches from at least 3 different vendors and different models of switches from each of those vendors, the idea of scripting each of those switches and than updating each of them every time there was a change was a lot of work. He understood that but was willing to put up with the extra work for the added security that SNMP afforded him over 802.1x.  Amazed, I informed him that SNMP is not usually thought of as very secure and that 802.1x while not perfect, had many advantages in terms of security over SNMP.  Than the kicker! The prospect told me I must be mistaken, after all SNMP stood for Secure Networking Management Protocol, didn't it?  When I stopped laughing I asked him where he heard that.  He told me that the NAC vendor he spoke to before me told him that and touted how by using SNMP he was getting the most secure method of NAC.  After all SNMP was designed for security!  Well after some quick Google searching, he quickly found out that the other NAC vendor was feeding him a line and it made me and StillSecure golden in his eyes.

I never forget that story and am reminded of it every time I read about a security hole around SNMP. This week came two reports of SNMP vulnerabilities in DarkReading.  One by Kelly Jackson Higgins details a report that researchers doing a simple SNMP scan over the Internet turned up over 5000 devices that reported back with names, models and even patch levels.  The devices were not off brands either, but Cisco, Apple and Microsoft devices.  This underscores how leaky SNMP can be if you don't lock it down right. 

This report came on the heels of an earlier report by Kelly that researchers had discovered a new attack vector of using SNMP in a persistent XSS attack.  Just another reason to lock down your SNMP capable equipment. By the way, for those of you wondering, SNMP stands for simple networking management protocol.

With Junipers long awaited release of their EX switch line, many have said that there is just nothing distinguishing about the line up.  Just speeds and feeds.  Others are saying that the real secret sauce is the JUNOS.  That very well may be.  However, Tim Greene in this article says that Junipers built in NAC may be Junipers not-so-secret weapon. He quotes two analysts, Phil Hochmuth of Yankee Group and Rob Whiteley of Forrest-er.  The article rightfully points out that Junipers competition in the switch market is Cisco and HP ProCurve. 

It then goes on from there to talk about Junipers new ability to perform access control at layer 4 with identity based access control with ACLs in addition to VLANs. You can perform QoS as part of a users access rights and they can mirror traffic and send it to a Juniper IDP for post-admission NAC. Juniper wants to evolve NetScreen Security Manager into a central policy-control platform.  This is all great stuff, however it ain't new.  My research shows that HP ProCurve (the 2nd leading switch vendor) actually does much if not all of this right now. Using the ProCurve IDM (identity driven management) application which is now bundled on ProCurve's NAC appliance  with their NAC application, they can do this already. They can do the QoS thing as well as sending the traffic to several IPS brands.  In fact a close reading of what ProCurve's security capabilities show that there is little if anything ground breaking in what Juniper is advocating and what these analysts seem to be eating up.

Yes, Junipers entry I think does spell C-O-M-P-E-T-I-T-I-O-N for the likes of Nevis and ConSentry (sorry Dan and Dom), but that is not what Juniper is in this game for.  They have to keep their eye on the prize. And the prize is taking market share from Cisco and HP ProCurve.  If this is all they got, I am going to have to agree with those folks who are asking Juniper "where's the beef?"