For a long time I have heard rumors that the companies in the wireless IDS/IPS space were having a tough time getting a lot of traction.  There were battles around who had what patent and so forth, lots of partnerships and OEMs, but at the end of the day I don't think it led to a lot of revenue.  Confirmation for me on this came last night at the SANS 2008 conference In Orlando.  The booth next to ours is AirTight Networks. 

Two StillSecure employees went to AirTight some time back and have since moved on from there.  However, I was very familiar with their positioning and products. So I was very surprised to see the tag line next to the AirTight logo saying, "The global leader in wireless vulnerability management".  OK, so they have moved from wireless IPS to wireless VM?  What could be next, wireless DLP?  A look at their web site shows that they have lost the wireless IPS entirely and are all about compliance these days.  I think becoming a compliance only solution is a mistake, but it really comes down to me thinking it is a technology in search of a solution.

Bigger picture, the question is, do we really need a wireless only security solution at all or should security cross over wireless and wired?  Also shouldn't wireless security be built into the wireless gear itself?  For that matter shouldn't security be built into all networking gear?  All good questions with obvious answers.  In the meantime I think we see another group of companies caught by Shimmy's theory of security industry relativity.

Reply from Mike Baglietto, Director of Product Marketing, AirTight Networks - Mike was not able to post a comment to my post and asked that I post his response.  Here it is:

Interesting observations and points well taken in that AirTight may not have expressed our position as well as we should have. About the only quarrel we have with your statements is that we did this because WIPS was not working (for us or anyone else). AirTight actually views wireless IPS (WIPS) as an important technology but also as part of a larger wireless vulnerability management market. While our new website may have swung the pendulum too far towards our new positioning, WIPS is still the core part of our business. AirTight has not given up on our WIPS heritage, WIPS products or WIPS customers who come from diverse vertical markets including financial services, federal, and retail. But even in the even the most security sensitive markets, many organizations don???t always have the budget to procure, maintain and support an overlay wireless security system. AirTight???s objective with our recent SaaS announcement was to deliver a wireless security solution for them as well as the underserved market of smaller enterprises who have no wireless expertise, constrained resources, and limited budget to address wireless vulnerabilities/threats. In fact, many organizations that we speak with have little or no visibility into their wireless security posture, so implementing a full wireless IPS system before they understand their wireless posture may be a bit overkill to begin with. What AirTight is trying to do is offer both WIPS and a modular SaaS approach so customers have a choice in how much wireless security they purchase and how they choose to manage it. Yes, wireless security should be built into the infrastructure, but in reality its not. It still falls well short of the purpose built capabilities that the wireless IPS companies can provide.

My only follow on, is I don't understand equating a SaaS wireless service with a wireless vulnerability management message.  They are not synonymous in my mind anyway.