DISQUS

Matasano Chargen: Checkpoint Buys Their Way Into Last Place

  • Dan Weber · 2 years ago
    Arbor's competitors are now called "niche startups"?

    Sweet sweet spin.
  • Thomas Ptacek · 2 years ago
    Sure. Two answers and a statement.

    1. Arbor likely does a full order of magnitude more revenue than either Mazu or Lancope.

    2. Arbor's Lancope/Mazu-facing product is also a niche product.

    Finally: I have no financial interest in Arbor Networks whatsoever.
  • PaulM · 2 years ago
    I like my headline better: "Check Point buys NFR. I laugh. Marty Roesch cries into a big pile of money."

    Re: Richard Bejtlich predicts Cisco will buy Sourcefire.

    Of the network security megavendors, Cisco is the only one without an established IPS product that can afford to by Sourcefire. Since the Sourcefire IPO, this seems unlikely any time soon.

    Personally, I think the biggest mistake that Cisco made was reusing the 4200 model numbering scheme for its IPS product, invoking the spirit of their previous IDS appliance. People naturally turn away in disgust, expecting a Solaris/x86 NetRanger box that now sends ICMP host-unreachable packets out "inline." Cisco marketing forgot to flush that turd, IMNSHO.
  • Thomas Ptacek · 2 years ago
    The only gap I see in Cisco's product line is a hardware accelerated version of the IPS.

    They can't get that from SourceFire anyways.
  • dre · 2 years ago
    ...Arbor likely does a full order of magnitude more revenue than either Mazu or Lancope ... The only gap I see in Cisco’s product line is a hardware accelerated version of the IPS

    Wanwall -> Riverhead -> http://cisco.com/go/ddos = ( Revenue > Arbor + Mazu + Lancope + Radware + Captus ) ?

    Also you got it all wrong. Symantec, Nortel, or Lucent will acquire TopLayer in 2007 therefore buying their way into last place.
  • Thomas Ptacek · 2 years ago
    I doubt Riverhead does more DDoS revenue than Arbor, and that's not all Arbor does.

    Captus is dead, by the way.
  • Chris · 2 years ago
    There's a good possibility that riverhead (now cisco) sells more than arbor, they have more (I believe) guard XT's in the field than arbor does SP appliances. Cisco would have to deploy about 3x the appliances and that doesnt' seem too out of the realm of possibility.

    There are scaling reasons both vendors in question have issues, atleast Arbor addressed managebility to some extent with their product. Also note, they fill 2 distinct and very different market slots (detection vs mitigation).

    (I also don't have any financial stake in either, though I have used both products at one point or another...)
  • alan shimel · 2 years ago
    Thomas- you are right, I don't know if I would call this consolidation, maybe more of a mercy killing. However, what NFR does on their Bivio boxes (same ones Sourcefire OEMs) is not a form of NAC. It is good old fashioned IDS/IPS and I am not sure how good it is at that. I agree that they must have had little revenue to justify a 20m price. That being said, I dont think any of the NABD type of guys have anywhere near the revenue of the larger IPS guys (sourcefire, tipping point, McAfee, Cisco).
  • Thomas Ptacek · 2 years ago
    I led development on the DoS product, so I guess I have an emotional stake.

    Someone from Arbor is going to chide me for getting this wrong, but, Riverhead boxes are little inline things. Arbor boxes soak up NetFlow from multiple core routers. The Riverhead boxes cost substantially less, and a single deployment involves more boxes.

    A fair, if tangential, point is that Riverhead sells to enterprises, and Arbor SP sells almost exclusively to service providers.

    Certainly reasonable people could have different guesses as to whether Cisco or Arbor does more revenue on DDoS; I don't think dre's argument that Cisco's DDoS revenue dwarfs Arbor's will withstand scrutiny though.
  • Thomas Ptacek · 2 years ago
    I think it's naive to pretend like "old fashioned IDS/IPS" is something drastically different from NAC. In the real world, NAC-in-a-box products are just IPS boxes with more 100bT ports, a Tenable license, and (maybe) some authentication and captive proxy code.

    Checkpoint was first to this market with Interspect.
  • Kyle C. Quest · 2 years ago
    SourceFire and NFR both use the same hardware for their high end systems. It all comes from Bivio (bivio.net). At one of my previous companies I got a chance to take a look at it :-) It's not too bad, but I didn't like the architecture. It looks like several boxes in one case... and the idea is that the traffic or the processing is suppose to be load balanced inside between those "internal" boxes. This is a simplified description, of course...

    $20M indicates that NFR pretty much made no sales whatsoever and their investors are so tired of waiting that they just want a way out.
  • Barry Silber · 2 years ago
    You mention you don't think that Checkpoint acquiring NFR is an example of consolidation, and I'm with you. I have recently written about my view of consolidation in the industry -- and why people in different roles are concerned about different issues. Coincidentally, I use Marcus Ranum's article "Dog Eat Dog" from a few years ago as a starting point for much of the discussion. I'd welcome your comments. Also, I wonder how Bivio is doing these days?