In response to my article yesterday about network convergence, Don Marti over at LinuxWorld responds that he is all for convergence.  But he argues, why not converge on a 2 to 4k box, rather than a 10k Cisco box.  Amen to that Don! On the Network Cisco Subnet blog, after rehashing Don's and my positions, the point made is that:

The point of convergence is to save money, as well as to ease administration. At the point where it costs more money or requires more admin than the "old way" of doing things, network pros will have a hard time swallowing it.

I guess they are referring to converging more functionality on one box, you could make administration more complex thereby negating the potential cost savings. I agree.  That is one of the biggest things we have been working on the Cobia platform. How to make managing these diverse applications easier and more efficient.

Back to Don Marti's comments on cheaper boxes though.  There are actually a few rising tides that are floating the convergence boat.  The vastly increased power of off the shelf hardware at those prices is the true enabling technology. Having a cheap box does no good if it doesn't have the horsepower to get the job done.  At the end of the day, that is what kills the 10k Cisco box.  There is no need to pay 10k for the power that the box has when more powerful boxes are cheaper.  The caveat though is, how long do you think it is going to take Cisco to realize that too?

We have contemplated all of these factors in our strategy around Cobia.  We think virtualization is another key driver in this convergence revolution.  Also, by distributing source code with the product, allowing for 3rd party innovation and collaboration, we can leverage a wider community to speed development.

Linux as the common OS underlying much of the convergence trend is a key driver, but there are other forces at play that ensure that we will continue to see consolidation and convergence in the months and years ahead.

In response to my article yesterday about network convergence, Don Marti over at LinuxWorld responds that he is all for convergence.  But he argues, why not converge on a 2 to 4k box, rather than a 10k Cisco box.  Amen to that Don! On the Network Cisco Subnet blog, after rehashing Don's and my positions, the point made is that:

The point of convergence is to save money, as well as to ease administration. At the point where it costs more money or requires more admin than the "old way" of doing things, network pros will have a hard time swallowing it.

I guess they are referring to converging more functionality on one box, you could make administration more complex thereby negating the potential cost savings. I agree.  That is one of the biggest things we have been working on the Cobia platform. How to make managing these diverse applications easier and more efficient.

Back to Don Marti's comments on cheaper boxes though.  There are actually a few rising tides that are floating the convergence boat.  The vastly increased power of off the shelf hardware at those prices is the true enabling technology. Having a cheap box does no good if it doesn't have the horsepower to get the job done.  At the end of the day, that is what kills the 10k Cisco box.  There is no need to pay 10k for the power that the box has when more powerful boxes are cheaper.  The caveat though is, how long do you think it is going to take Cisco to realize that too?

We have contemplated all of these factors in our strategy around Cobia.  We think virtualization is another key driver in this convergence revolution.  Also, by distributing source code with the product, allowing for 3rd party innovation and collaboration, we can leverage a wider community to speed development.

Linux as the common OS underlying much of the convergence trend is a key driver, but there are other forces at play that ensure that we will continue to see consolidation and convergence in the months and years ahead.

Dmarti's blog over on LinuxWorld has an article up titled "Dumbest networking vendor idea since Network Access Control", which talks about what a dumb idea it is for Cisco to allow Linux apps to run on their ISR routers. Besides the fact that the title of the article alone is enough to make me want to tear this one apart, the underlying logic of the authors argument is just weak.

On one hand he talks about why would someone want to run Linux apps on a router, it is potentially bad design. On the other hand he says it is better to run them on a cheaper router alternative like Vyatta and than spouts some PR by Vyatta about their price/performance advantage over Cisco.  They back up this advantage with "3rd party testing".  Turns out the testing is by Tolly Group.  Oh, now that changes everything.  Have any of you ever had a Tolly evaluation done? Anytime you submit a form that contains what you would like to see the testing show in the final report and the final report shows it, well you know what I am saying. But seriously if it is good for Vyatta, why would it not be also good for Cisco?

Here is the real issue though that the author misses.  We live in an age of convergence!  The idea of having a stand alone box that only does routing is history and when Cisco themselves acknowledge it, you know it is fact.  People want more functionality out of their hardware.  Now that is not to say that your router should be your database server or mail server.  But there are certainly network functions that make sense to put on a router. Security is a no brainer to start. IPS, VPN, firewall, gateway AV- easy.  What about network functionality like DHCP, DNS, Radius, etc.  How about some next gen network stuff like WAP and VOIP?  That would make sense. By embracing Linux on the router all of these things and more are possible.  By the way you can do all of this now with our own Cobia platform.

That's right, we had this idea 2 years ago and have been working on it since.  With the convergence of networking, security, VOIP and wireless technologies, why wouldn't you want a multi-use box that can deliver all of this.

Dmarti's blog over on LinuxWorld has an article up titled "Dumbest networking vendor idea since Network Access Control", which talks about what a dumb idea it is for Cisco to allow Linux apps to run on their ISR routers. Besides the fact that the title of the article alone is enough to make me want to tear this one apart, the underlying logic of the authors argument is just weak.

On one hand he talks about why would someone want to run Linux apps on a router, it is potentially bad design. On the other hand he says it is better to run them on a cheaper router alternative like Vyatta and than spouts some PR by Vyatta about their price/performance advantage over Cisco.  They back up this advantage with "3rd party testing".  Turns out the testing is by Tolly Group.  Oh, now that changes everything.  Have any of you ever had a Tolly evaluation done? Anytime you submit a form that contains what you would like to see the testing show in the final report and the final report shows it, well you know what I am saying. But seriously if it is good for Vyatta, why would it not be also good for Cisco?

Here is the real issue though that the author misses.  We live in an age of convergence!  The idea of having a stand alone box that only does routing is history and when Cisco themselves acknowledge it, you know it is fact.  People want more functionality out of their hardware.  Now that is not to say that your router should be your database server or mail server.  But there are certainly network functions that make sense to put on a router. Security is a no brainer to start. IPS, VPN, firewall, gateway AV- easy.  What about network functionality like DHCP, DNS, Radius, etc.  How about some next gen network stuff like WAP and VOIP?  That would make sense. By embracing Linux on the router all of these things and more are possible.  By the way you can do all of this now with our own Cobia platform.

That's right, we had this idea 2 years ago and have been working on it since.  With the convergence of networking, security, VOIP and wireless technologies, why wouldn't you want a multi-use box that can deliver all of this.

As we continue to develop Cobia here at StillSecure we keep peeling away layers of the onion in the UTM market.  It really is a fascinating market.  So many of the leading solutions have stressed taking open source security solutions and putting a pretty, easy-to-use face on them.  Not that I think there is anything wrong with using open source security solutions in UTM.  However, I wonder if there is not more to what people want.  Instinctually I think people would like more than a collection of solutions in a common GUI. I think they would like true integration between the applications.  Realizing a real 1+1=3 equation.  Of course, the question is how do you make this integration work?  What will people see value in?  Good questions for sure.

In order to answer this I think you have to move beyond the analyst papers and the marketing spin of the venders. I need to know what users really use in their UTMs.  What applications do you actually use?  Which ones look cool, but not critical enough to waste time with.  What have you tried but finds it adds no value?  How would you like to see the different modules work together.  I can see very obvious ways that IPS, AV and Firewall can work together.  What about content filtering and anti-spam?  This is your chance to help shape the future of this market.  Take a moment and leave me a comment on what you think a great UTM should have.

Oh by the way, what is the "+" for? It is for going beyond what most UTM is today. What else would you want on a gateway networking/security device?  I am interested in all of your opinions on this, so please let me know.  You can email me at podcast@stillsecure.com if you feel uncomfortable leaving a comment. 

As we continue to develop Cobia here at StillSecure we keep peeling away layers of the onion in the UTM market.  It really is a fascinating market.  So many of the leading solutions have stressed taking open source security solutions and putting a pretty, easy-to-use face on them.  Not that I think there is anything wrong with using open source security solutions in UTM.  However, I wonder if there is not more to what people want.  Instinctually I think people would like more than a collection of solutions in a common GUI. I think they would like true integration between the applications.  Realizing a real 1+1=3 equation.  Of course, the question is how do you make this integration work?  What will people see value in?  Good questions for sure.

In order to answer this I think you have to move beyond the analyst papers and the marketing spin of the venders. I need to know what users really use in their UTMs.  What applications do you actually use?  Which ones look cool, but not critical enough to waste time with.  What have you tried but finds it adds no value?  How would you like to see the different modules work together.  I can see very obvious ways that IPS, AV and Firewall can work together.  What about content filtering and anti-spam?  This is your chance to help shape the future of this market.  Take a moment and leave me a comment on what you think a great UTM should have.

Oh by the way, what is the "+" for? It is for going beyond what most UTM is today. What else would you want on a gateway networking/security device?  I am interested in all of your opinions on this, so please let me know.  You can email me at podcast@stillsecure.com if you feel uncomfortable leaving a comment. 

TippingPoint announced their Core Controller appliance today. It is a 10GBPS in line IPS. Actually what it sounds like it is, is a network controller that load balances traffic among several conventional Tipping Point boxes and than puts the flow back together and passes it on.  Sounds cool, but I would like to see the latency involved in doing this.   Sounds like a lot of moving parts.  It also sounds a lot like the way Hoff used to do things over at Crossbeam Systems.

The real question for me though is not whether or not this new appliance does line speed IPS or not.  The question is do we still want our IPS as stand alone IPS or do we want it as part of UTM. Mike Rothman in his 2008 Days of Incite talks about "best of breed DOA". In it Mike talks about 2007 being a year where customers clearly voted for integrated solutions over individual best-of-breed.  He also says 2007 was the year the first open source perimeter platforms hit.  I like to think he is talking about Cobia. But 2008 will be an even bigger year for Cobia functionality! The bottom line though is except for the Ferrari crowd does anyone want to buy a stand alone IPS? Mike says it best when he says. "Market maturity kills product innovation".

Yes people buy UTM for one application at first. It could be firewall, it could be IPS or gateway AV, URL filtering or anti-spam. But they like the idea of getting more than what they just needed and paid for.  They figure they are going to turn on the other stuff soon enough anyway.  Plus they get it all from one vender.  So on this one, I have to agree with Mike.  I think people will buy UTM over single purpose security solutions in increasingly greater numbers in the months to come.  Agree?  Disagree?  Leave a comment with your opinion.

I actually read this earlier this week but did not have a chance to comment. ComputerWorld had this article today that details that Cisco will stop selling its line of PIX firewalls on July 28th of this year.  I don't think this announcement came as a shock to anyone.  They had discontinued their VPN 3000 concentrators a year ago and it was only a matter of time that the PIX boxes went the same way. For me personally the PIX firewalls just seemed to always be there. Yes Checkpoint was the "cool" firewall when I first got into security, but PIX was from Cisco and it seemed like the cornerstone of their security business.  Their IDS was not so good for a long time.  Cisco's other security products were never considered back then (or now for that matter) to be best-of-breed, but PIX was a product that was not a bad product in its class.

What is more important though is what is taking the PIX place. It is the ASA line of UTMs.  This presents living proof that the market is moving away from stand alone appliances like firewalls and IPS and towards UTM type of devices that also offer anti-virus, antispam, etc.  I personally had perplexing experience this week on this very subject. One large analyst firm claims that by 2011, 50% of all network security will be spent on UTM.  Then in speaking to an analyst from an even larger analyst firm, he said their position is that UTM will never catch on in the enterprise.  Even if they buy a UTM box, they will not turn on the other features.  So ASA boxes will just be used for firewall and VPN and perhaps IPS. 

Here is the Shimel analysis for what it is worth. I think the larger analyst firm is wrong. I think they have only thought this half way through. I think what the facts are is that people buy the UTM for just one or two functions.  I think that is true for both the mid-market and the enterprise market.  What happens is after they buy the UTM and set up either the firewall or IPS or what have you, geek nature takes over.  They can't help themselves but to experiment and tinker and see what the other functions can do and how they work.  If these other functions work reasonably well without choking the box, they will slowly but surely use the other functions as well.  So before you know it, that UTM that you bought as a firewall is doing UTM duty.

Anyway, any of you PIX owners out there don't throw out the old boxes just yet, Cisco will support them until 2013.  In the meantime I am sure there will be no shortage of vendors looking to give you a deal to upgrade to the latest box. In the meantime if all you are interested in is a good firewall, don't pay anything.  Go to http://cobia.stillsecure.com and use our community sourced firewall for free and upgrade to UTM down the road.

I actually read this earlier this week but did not have a chance to comment. ComputerWorld had this article today that details that Cisco will stop selling its line of PIX firewalls on July 28th of this year.  I don't think this announcement came as a shock to anyone.  They had discontinued their VPN 3000 concentrators a year ago and it was only a matter of time that the PIX boxes went the same way. For me personally the PIX firewalls just seemed to always be there. Yes Checkpoint was the "cool" firewall when I first got into security, but PIX was from Cisco and it seemed like the cornerstone of their security business.  Their IDS was not so good for a long time.  Cisco's other security products were never considered back then (or now for that matter) to be best-of-breed, but PIX was a product that was not a bad product in its class.

What is more important though is what is taking the PIX place. It is the ASA line of UTMs.  This presents living proof that the market is moving away from stand alone appliances like firewalls and IPS and towards UTM type of devices that also offer anti-virus, antispam, etc.  I personally had perplexing experience this week on this very subject. One large analyst firm claims that by 2011, 50% of all network security will be spent on UTM.  Then in speaking to an analyst from an even larger analyst firm, he said their position is that UTM will never catch on in the enterprise.  Even if they buy a UTM box, they will not turn on the other features.  So ASA boxes will just be used for firewall and VPN and perhaps IPS. 

Here is the Shimel analysis for what it is worth. I think the larger analyst firm is wrong. I think they have only thought this half way through. I think what the facts are is that people buy the UTM for just one or two functions.  I think that is true for both the mid-market and the enterprise market.  What happens is after they buy the UTM and set up either the firewall or IPS or what have you, geek nature takes over.  They can't help themselves but to experiment and tinker and see what the other functions can do and how they work.  If these other functions work reasonably well without choking the box, they will slowly but surely use the other functions as well.  So before you know it, that UTM that you bought as a firewall is doing UTM duty.

Anyway, any of you PIX owners out there don't throw out the old boxes just yet, Cisco will support them until 2013.  In the meantime I am sure there will be no shortage of vendors looking to give you a deal to upgrade to the latest box. In the meantime if all you are interested in is a good firewall, don't pay anything.  Go to http://cobia.stillsecure.com and use our community sourced firewall for free and upgrade to UTM down the road.