Not sure if it is because of the slumping market and economy or in spite of it, but there pace of merger activity has been picking up lately and the security industry has not been immune to it.  Today saw two meaningful deals announced that could have an impact on the security landscape:

1. Sophos buys Utimaco - Saw this one when I woke up today, as it is a European deal.  UK based Sophos is buying German based Utimaco, makers of the SafeGuard line of data encryption/protection/DLP product line.  Sophos is paying cash $340 million US for in this deal.  This means they are substantially dipping into the credit market, as this is far more than they reported cash on hand. So like the Brocade/Foundry deal, the acquiring company feels strong enough about the acquisition to mortgage the house to get it.  In this case, I think Sophos is making a smart deal. They clearly say that to compete with Symantec, McAfee and Microsoft they are going to need a full endpoint security suite. AV alone is not just going to cut it. This gives Sophos a real play in DLP and data storage space. 

Yes they could have just done a partner deal for this type of technology, but I applaud them for going out and buying the technology.  I wondered if they would use this as a reverse merger entry to the public markets but it doesn't look like that.  In any event it looks like Sophos is making the play and spending the bucks to be a player in the endpoint security suite game.

2. Motorola buys AirDefense - Well one of the air brothers finally found a taker. I always thought that for all of the press AirDefense, AirTight and AirMagnet receive, the revenue just didn't match the hype. Stand alone wireless security was a tweener.  Would traditional security cover wireless or would traditional wireless cover wireless security.  In any event a stand along wireless security play is a tough road.  So with this answer Motorola says wireless handles wireless security. 

My question is what does the future hold for Motorola.  They are reportedly getting out of the cell phone business.  Is their wireless business, even a secure one enough to support this giant?  I don't know but there is a bit of "dead man walking" over there if you ask me. 

I think the play is clear though that wireless providers are going to snap up wireless security companies. The real issue is at what prices.  If anyone hears a price on this one, let me know.

Not sure if it is because of the slumping market and economy or in spite of it, but there pace of merger activity has been picking up lately and the security industry has not been immune to it.  Today saw two meaningful deals announced that could have an impact on the security landscape:

1. Sophos buys Utimaco - Saw this one when I woke up today, as it is a European deal.  UK based Sophos is buying German based Utimaco, makers of the SafeGuard line of data encryption/protection/DLP product line.  Sophos is paying cash $340 million US for in this deal.  This means they are substantially dipping into the credit market, as this is far more than they reported cash on hand. So like the Brocade/Foundry deal, the acquiring company feels strong enough about the acquisition to mortgage the house to get it.  In this case, I think Sophos is making a smart deal. They clearly say that to compete with Symantec, McAfee and Microsoft they are going to need a full endpoint security suite. AV alone is not just going to cut it. This gives Sophos a real play in DLP and data storage space. 

Yes they could have just done a partner deal for this type of technology, but I applaud them for going out and buying the technology.  I wondered if they would use this as a reverse merger entry to the public markets but it doesn't look like that.  In any event it looks like Sophos is making the play and spending the bucks to be a player in the endpoint security suite game.

2. Motorola buys AirDefense - Well one of the air brothers finally found a taker. I always thought that for all of the press AirDefense, AirTight and AirMagnet receive, the revenue just didn't match the hype. Stand alone wireless security was a tweener.  Would traditional security cover wireless or would traditional wireless cover wireless security.  In any event a stand along wireless security play is a tough road.  So with this answer Motorola says wireless handles wireless security. 

My question is what does the future hold for Motorola.  They are reportedly getting out of the cell phone business.  Is their wireless business, even a secure one enough to support this giant?  I don't know but there is a bit of "dead man walking" over there if you ask me. 

I think the play is clear though that wireless providers are going to snap up wireless security companies. The real issue is at what prices.  If anyone hears a price on this one, let me know.

By now you have probably heard that Brocade is making a big push from storage networking switches into Ethernet switches by buying Foundry Networks for almost 3 billion in cash.  Actually the deal is valued at about 2.8 billion.  However, Foundry has about 800 million or so in cash and liquid assets.  So taking that into account, the deal is for about 2 billion really, according to the San Jose Mercury News. Still that is quite a number when you consider that $18.50 of the $19.25 price per share is in cash.  That works out to about 2.7 billion.  Considering Brocade only had about 700 to 800 million in cash itself, that means someone is lending them about a billion and half.  Again according the Mercury News, it is Bank of America and Morgan Stanley. This is a 41% premium over Foundry's closing price.  Pretty sweet!

The real question is what does Brocade do with this.  With all of that debt, do they have what it takes to go on and take on Cisco now?  The highways and byways of Silicon Valley are littered with companies that have tried to take Cisco out of this market.  What about the 7 dwarfs who currently compete in this market.  Companies like HP ProCurve, Extreme Networks, Nortel, Enterasys, Alcatel-Lucent and Force 10 are not small little companies. These are companies with 100's of millions, if not billions of dollars of market cap themselves.  They are not going to roll over and die here. Will this set off a round of consolidation for these players to bulk up in order to compete in this brave new world of networking? I think so. What about next gen secure switches like ConSentry, Nevis and Napera? Or some of the other smaller switch vendors like D-link?  Do they view this a a good opportunity to get bought by one of the giants or do they think they can run through the legs of these giants?  I don't know but it is going to be a high barrier of entry into this market.

Ultimately though I don't think Cisco will lose its place of dominance very easily. Brocade will be another competitor among the other switch vendors fighting over 25% of the market. But it sure will be interesting in the switch market for a while.

By now you have probably heard that Brocade is making a big push from storage networking switches into Ethernet switches by buying Foundry Networks for almost 3 billion in cash.  Actually the deal is valued at about 2.8 billion.  However, Foundry has about 800 million or so in cash and liquid assets.  So taking that into account, the deal is for about 2 billion really, according to the San Jose Mercury News. Still that is quite a number when you consider that $18.50 of the $19.25 price per share is in cash.  That works out to about 2.7 billion.  Considering Brocade only had about 700 to 800 million in cash itself, that means someone is lending them about a billion and half.  Again according the Mercury News, it is Bank of America and Morgan Stanley. This is a 41% premium over Foundry's closing price.  Pretty sweet!

The real question is what does Brocade do with this.  With all of that debt, do they have what it takes to go on and take on Cisco now?  The highways and byways of Silicon Valley are littered with companies that have tried to take Cisco out of this market.  What about the 7 dwarfs who currently compete in this market.  Companies like HP ProCurve, Extreme Networks, Nortel, Enterasys, Alcatel-Lucent and Force 10 are not small little companies. These are companies with 100's of millions, if not billions of dollars of market cap themselves.  They are not going to roll over and die here. Will this set off a round of consolidation for these players to bulk up in order to compete in this brave new world of networking? I think so. What about next gen secure switches like ConSentry, Nevis and Napera? Or some of the other smaller switch vendors like D-link?  Do they view this a a good opportunity to get bought by one of the giants or do they think they can run through the legs of these giants?  I don't know but it is going to be a high barrier of entry into this market.

Ultimately though I don't think Cisco will lose its place of dominance very easily. Brocade will be another competitor among the other switch vendors fighting over 25% of the market. But it sure will be interesting in the switch market for a while.

If there was any doubt in your mind about how much the TippingPoint team wants to be part of 3Com, you should listen to this video of Brian Smith, chief architect of Tipping Point talking to SearchSecurity.com.  Brian comes right out and says that the original idea behind the 3Com acquisition was synergies of putting security into switches and routers.  After about a year of trying to do this, he says that he realized it was a "fools errand" because security is evolving so much quicker than networking.  I don't know, but that is probably not the opinion of Cisco, HP ProCurve, Foundry, Extreme, Enterasys and Juniper who all seem to be doing exactly that. Perhaps it had more to with a clash of personalities there than technology?

Later in the interview Brian states that after the expected synergies never materialized it was decided to spin TippingPoint off on its own IPO. Luckily they had retained their own identity which Brian says may not have been possible if they were acquired by Cisco or IBM. He basically says that the merger was a failure and they wanted to go their own separate ways.  Than the Bain deal put everything on hold and now post-Bain deal they are becoming more and more autonomous.  Though he doesn't come out and say it, his body language is screaming that he cannot wait to be spun out from 3Com.

My advice is to be careful what you wish for.  The security industry is not what it was before the acquisition and without someone's deep pockets behind you and the inability to move out successfully beyond anything besides IPS, TippingPoint may not find it as welcoming as they think.

If there was any doubt in your mind about how much the TippingPoint team wants to be part of 3Com, you should listen to this video of Brian Smith, chief architect of Tipping Point talking to SearchSecurity.com.  Brian comes right out and says that the original idea behind the 3Com acquisition was synergies of putting security into switches and routers.  After about a year of trying to do this, he says that he realized it was a "fools errand" because security is evolving so much quicker than networking.  I don't know, but that is probably not the opinion of Cisco, HP ProCurve, Foundry, Extreme, Enterasys and Juniper who all seem to be doing exactly that. Perhaps it had more to with a clash of personalities there than technology?

Later in the interview Brian states that after the expected synergies never materialized it was decided to spin TippingPoint off on its own IPO. Luckily they had retained their own identity which Brian says may not have been possible if they were acquired by Cisco or IBM. He basically says that the merger was a failure and they wanted to go their own separate ways.  Than the Bain deal put everything on hold and now post-Bain deal they are becoming more and more autonomous.  Though he doesn't come out and say it, his body language is screaming that he cannot wait to be spun out from 3Com.

My advice is to be careful what you wish for.  The security industry is not what it was before the acquisition and without someone's deep pockets behind you and the inability to move out successfully beyond anything besides IPS, TippingPoint may not find it as welcoming as they think.

The lofty goals: Vendors working together in a very abbreviated timetable to make sure that their solutions 1) worked 2) got fully deployed to support the show network goals and 3) talked to each other so that the sum of the parts added up to much more than the individual solutions.

It’s a heterogeneous world. We see it all the time, and it shows in our products. We talk about being vendor neutral – so whether you’re using Cisco (probably), Juniper, Foundry, Enterasys (and the list goes on), EM7 can provide fault and performance monitoring for all of it. Agents, no agents – we don’t care as long as there’s some way to communicate with each other (XML, SOAP, SNMP, SQL queries, logs, traps, emails…).

Louis will share a post later on a neat, real-world and real-time wireless security solution that took EM7, Enterasys and Aruba together to make happen. Using this, the InteropNet NOC team could literally find network/security offenders even if they were hiding under a desk somewhere on the show floor.

InteropNet – we loved it. We’re probably a bit biased because having everything connected and able to talk to each other is at the heart of what we do. But there was truly a sense of people wanting to help each other out – vendors, show organizers, and of course volunteers – that made InteropNet a great team experience and a lovely microcosm example of how networking should be.

And all this is not even going into Interop’s ILabs – which had some very cool, vendor-agnostic projects around NAC and UCM. Gerard from Cisco (who I met in the casino lounge – hey it’s Vegas) gave me a tour and showed off the Cisco wireless management software.

There’s just a couple of months off and then this process starts again for Interop NY. Will New York be different? Well, for one thing, we won’t be stranded in a desert with too much to drink.

ShareThis

Here in Atlanta waiting for the red eye connection home to Florida and wanted to quickly jot down some reflections on Interop.  The show seems to have settled in nicely at the Mandalay Bay venue.  It seems the right size and not too crowded.  In fact Vegas itself was not very crowded this year. I guess the economy is hurting the town. It used to be said that Vegas was rescission proof.  The worse the economy got, the more people gambled.  But with so much of Vegas not about gambling, I guess the economy has a big effect.  Anyway, back to Interop. 

At one time this show was called Networld+Interop.  The Interop portion was very much about how different networking technologies inter-operated with each other and how you could use products from disparate vendors to run and manage your network.  The labs and noc at Internet was full of engineers from different companies having their products working together.  I don't think that is what the show is about anymore.  It is all about network infrastructure for sure, but the vendors care less how their products work together and more about why you want to buy them.  Even the NAC vendors don't seem to be as focused on it anymore.  Yes, Joel Snyder and his Interop labs NAC team do a nice job of showing how the frameworks work well, but frankly that is a small percentage of the NAC vendors.  Juniper and Microsoft, Microsoft and Cisco and than a bunch of other vendors who try to show how their equipment can fit into the NAC equation.  Some like the switch vendors who are integral to the process and some like Arc Sight how are trying to move beyond SIM and think SSH'ing into switches is a scalable way to perform NAC enforcement, but really don't fit.  Most of the other NAC vendors frankly don't even give much lip service to interoperability.  The same is true for many of the networking vendors as well.  What is the shiny new box from Foundry or HP ProCurve.  Who has a bigger booth, whose booth is smaller than last year? How many people has this company laid off and how much run way do they have left? Who is giving away the best stuff and where is the cool party to go to tonight.  These are the questions of the show.  BTW, the Network World folks threw a great party at the Ghost Bar at the Palms Hotel.  Anyway, Interop has become a great show, but I seriously question how much of it is about interoperability anymore.  There is nothing a matter with it not being so interoperability focused by the way, I think it is just the evolution of this show taking on a life of its own.  Now if it were just not so close in time to RSA.

One thing about this show versus RSA, is that a lot of the attendees are buyers.  End users who come looking for solutions.  They have projects and budgets and want to find the best solutions for their needs.  This is in contrast to adult trick or treaters and business development meetings that have become standard at many other shows.  We saw a marked increase of people with NAC projects stopping by the booth this year, which is encouraging to say the least. 

Anyway, I have had my fill of Vegas, at least until Black Hat this summer.  Will be interesting to see if the casinos are more crowded then.

Montego Networks Prediction:

Virtual Environments will be more secure than their physical counter parts by 2010.

Neil McDonald of Gartner reported in 2007 that throughout 2009, 60% of virtual environment deployments would be less secure than their physical counter parts.

Although I tend to believe Neil’s prediction I’m a bit optimistic about the markets awareness of the security concerns within virtualized environments and feel companies will start to address those concerns by 2009. I also believe that by the end of 2009 the majority of companies virtualizing will have built virtualized environments that are more secure than their physical counter parts.

Now, you may be thinking I’m either crazy or that I’m just one of these guys that just states the opposite of what someone else says!

Well, not at all. I’ve been studying the virtual security market for some time now and after talking with many companies that are deploying virtualization I’m starting to get the sense that people get it (security). It’s pretty evident that when people are made aware of what seems to be the obvious (security), that something clicks and they get it right away. In fact, many times the light bulbs start turning on and people start thinking about more creative ways to secure severs by taking advantage of virtualization which enables them to do things they’ve never been able to do before. 

So, although I agree that there has been this issue of security being once again forgotten and that 60% of virtual environments will be less secure up until 2009, I’m not so sure I’m going to underestimate the market and think that this pattern will continue much longer after that.

Take a look at the following graphic and it depicts the various layers in a network. History has proven itself time and time again that a new network layer is built first and security always comes along afterwards.

Well, one of the challenges we’ve seen with these physical networks is that it’s pretty costly, time consuming and a burden to purchase, install and administer security. Then once it’s in place and being run, you have to fork lift upgrade certain parts of your security infrastructure due to bandwidth demands and changes in application security concerns.

What virtualization brings to the table is not only cost savings for server consolidation, power consumption and datacenter space but the ability to do all of those things for parts of your security infrastructure as well.

Imagine instead of having to deploy engineers to install 20 firewalls across your datacenter, you could sit from a single workstation with a couple of guys and install 20 firewalls in hours vs. days. The reason this is possible is because now firewalls have just went virtual! You can roll them out as software images or virtual appliances without leaving the comfort of your cubical. 

Imagine being able to “virtual-lift upgrade” vs. “fork-lift upgrade” a new firewall, UTM appliance, IPS or whatever by simply powering off a Firewall Virtual Machine and powering on a new one.  Imagine being able to improve your performance by taking advantage of the multi-core processing and blade server computing trends vs. waiting for the next super fast security ASIC chip.

In the past it’s been difficult to get security as close as possible to the servers and desktops without having to deploy host based solutions. The reason for this is because we have been constrained by the physical limitations of our hardware purchases from the likes of Cisco, Extreme and Foundry. Then for vendors that have thought about putting security in a switch there has always been the price per port debate. Also, many don't want to take the risk and replace Cisco for a new startup building a new switch (ie. Force 10's Switch + IPS product).  Typically switching ports are cheap and security is more expensive and when trying to combine the two, you end up with a switch that costs a lot of money. So imagine having a 200+ port switch with a Firewall built in for $300 bucks. How could this be so? Because its virtual, and because its 100% software.

Did he just elude to a firewall for every port?  Does each Server or Desktop have firewalling between every other Server & Desktop on the same switch?  Absolutely! all because of virtualization!

Software makes it easier to bring the price per port down. When things are in software you can deploy multiple copies of them to scale your network capacity without breaking the bank. Virtualization also allows you to do things like “Freeze” and “Thaw” servers and desktops automatically when vulnerability is detected. If a denial of service is occurring against a Virtual Server you can always VMotion that server to a network with more capacity without an administrator having to lift a finger. Imagine an attack happening on a machine and instead of it being quarantined it makes a snapshot image of the infected machine and freezes it in its current bad state so you can go back and analyze how someone broke in. As you can see, there are lots of new capabilities brought to the security round table.

Virtualization will make security solutions even more powerful and increase the adoption rate of security in general due to the massive cost savings that can be appreciated through virtualization. For these reasons I see the market quickly leveraging virtualization to make Virtual Environments more Secure than their counter parts. Virtualization will enable the innovations in security that has been since UTM and Reputation based Anti-Spam.

VMWare, Virtual Iron, Citrix and others, thanks from the security industry for the innovation!

John Peterson, Montego Networks, Co-Founder & CTO

Montego Networks Prediction:

Virtual Environments will be more secure than their physical counter parts by 2010.

Neil McDonald of Gartner reported in 2007 that throughout 2009, 60% of virtual environment deployments would be less secure than their physical counter parts.

Although I tend to believe Neil???s prediction I???m a bit optimistic about the markets awareness of the security concerns within virtualized environments and feel companies will start to address those concerns by 2009. I also believe that by the end of 2009 the majority of companies virtualizing will have built virtualized environments that are more secure than their physical counter parts.

Now, you may be thinking I???m either crazy or that I???m just one of these guys that just states the opposite of what someone else says!

Well, not at all. I???ve been studying the virtual security market for some time now and after talking with many companies that are deploying virtualization I???m starting to get the sense that people get it (security). It???s pretty evident that when people are made aware of what seems to be the obvious (security), that something clicks and they get it right away. In fact, many times the light bulbs start turning on and people start thinking about more creative ways to secure severs by taking advantage of virtualization which enables them to do things they???ve never been able to do before. 

So, although I agree that there has been this issue of security being once again forgotten and that 60% of virtual environments will be less secure up until 2009, I???m not so sure I???m going to underestimate the market and think that this pattern will continue much longer after that.

Take a look at the following graphic and it depicts the various layers in a network. History has proven itself time and time again that a new network layer is built first and security always comes along afterwards.

Well, one of the challenges we???ve seen with these physical networks is that it???s pretty costly, time consuming and a burden to purchase, install and administer security. Then once it???s in place and being run, you have to fork lift upgrade certain parts of your security infrastructure due to bandwidth demands and changes in application security concerns.

What virtualization brings to the table is not only cost savings for server consolidation, power consumption and datacenter space but the ability to do all of those things for parts of your security infrastructure as well.

Imagine instead of having to deploy engineers to install 20 firewalls across your datacenter, you could sit from a single workstation with a couple of guys and install 20 firewalls in hours vs. days. The reason this is possible is because now firewalls have just went virtual! You can roll them out as software images or virtual appliances without leaving the comfort of your cubical. 

Imagine being able to ???virtual-lift upgrade??? vs. ???fork-lift upgrade??? a new firewall, UTM appliance, IPS or whatever by simply powering off a Firewall Virtual Machine and powering on a new one.  Imagine being able to improve your performance by taking advantage of the multi-core processing and blade server computing trends vs. waiting for the next super fast security ASIC chip.

In the past it???s been difficult to get security as close as possible to the servers and desktops without having to deploy host based solutions. The reason for this is because we have been constrained by the physical limitations of our hardware purchases from the likes of Cisco, Extreme and Foundry. Then for vendors that have thought about putting security in a switch there has always been the price per port debate. Also, many don't want to take the risk and replace Cisco for a new startup building a new switch (ie. Force 10's Switch + IPS product).  Typically switching ports are cheap and security is more expensive and when trying to combine the two, you end up with a switch that costs a lot of money. So imagine having a 200+ port switch with a Firewall built in for $300 bucks. How could this be so? Because its virtual, and because its 100% software.

Did he just elude to a firewall for every port?  Does each Server or Desktop have firewalling between every other Server & Desktop on the same switch?  Absolutely! all because of virtualization!

Software makes it easier to bring the price per port down. When things are in software you can deploy multiple copies of them to scale your network capacity without breaking the bank. Virtualization also allows you to do things like ???Freeze??? and ???Thaw??? servers and desktops automatically when vulnerability is detected. If a denial of service is occurring against a Virtual Server you can always VMotion that server to a network with more capacity without an administrator having to lift a finger. Imagine an attack happening on a machine and instead of it being quarantined it makes a snapshot image of the infected machine and freezes it in its current bad state so you can go back and analyze how someone broke in. As you can see, there are lots of new capabilities brought to the security round table.

Virtualization will make security solutions even more powerful and increase the adoption rate of security in general due to the massive cost savings that can be appreciated through virtualization. For these reasons I see the market quickly leveraging virtualization to make Virtual Environments more Secure than their counter parts. Virtualization will enable the innovations in security that has been since UTM and Reputation based Anti-Spam.

VMWare, Virtual Iron, Citrix and others, thanks from the security industry for the innovation!

John Peterson, Montego Networks, Co-Founder & CTO