DISQUS

Matasano Chargen: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

  • alan shimel · 3 years ago
    Well guys I guess I should pack my bags and go home then ;-) This is no different than in other industries. There will always be room for smaller, nimbler players who innovate and offer better service to customers. I think the real question is, how big do the big boys let the rising stars rise before they buy them. Also, in every generation if you will there will be a few new winners who can rise to the top and make it.
  • Randy Shimizu · 3 years ago
    The one that ISS does for IBM is that it gives them a leading security vendor drive their security efforts. IBM has a good reputation for security now IBM has a chance to be considered a leader in security. As for Cisco it's a different issue. ISS needs to compete with Cisco, but I don't believe that it's imperative to beat Cisco in the security space.

    As for IBM don't forget that they have pioneered
    the swtich on a chip and the router on a chip technolgy which Cisco uses. Recently IBM came out with some voip switch blades for it's blade center servers (http://www-03.ibm.com/servers/eserver/telecom/b... ). So given this fact it's not improbable that IBM would come out with some security related blades. Another factor to consider is IBM's considerable research and development resources.

    I do think the notion that IBM will completly dominate the "pure play" security market is way to early to tell and unlikely at this point. I do think however that IBM will put considerable pressure on companies like Symantec or CA. IBM's considerable customer base put's it in a very strong position to take market share.
  • Thomas Ptacek · 3 years ago
    Randy, thanks for the great comment. Let me say though that the reason "switch security" is an elephant in the room is that Cisco holds a monopoly on enterprise switching that resembles (if not, by the ratios, exceeds) Microsoft's old desktop monopoly. Put simply, nobody is going to run their network on IBM blades.

    "Switching" is a piece of real estate, like "desktop host" and "perimeter gateway". What you do with real estate is, you find the best parcels, you claim them, and then maybe you develop them. I'm waiting to see what Cisco builds on its enterprise infrastructure real estate. I'm pretty sure anything IBM might want to locate there, Cisco is going to charge enormous rents and make a pretty annoying landlord.

    (By the way, track down some of Cisco's PowerPoint decks on Cat architecture --- try searching for "Pinnacle ASIC" --- and see that while Cisco is clearly highly competant, they aren't winning with fabulous technological advancements. You can get a PICMG 2.16 chassis, slap a switch blade onto it, and another board with some Pentiums and system controllers on daughterboards, and bring a "security switch" to market. But nobody's going to run their network on it.)
  • Randall Shimizu · 3 years ago
    Actually Cisco is developing a blade to run on IBM's blade server. So it's really IBM's real estate. So it's quite probable that we could see a IPS or firewall ISS blade.

    But like I said before the real advantage is that it gives them a leading role in security

    New IBM Blade Computers Speed Business Data up to Ten Times Faster
    (http://www-03.ibm.com/press/us/en/pressrelease/... )

    "The BladeCenter H systems introduced today provide a new way to deliver blade technology, by collapsing servers, storage devices, networking infrastructure and security appliances into a single location in the datacenter."
  • Daniel · 3 years ago
    I still think there are loads of good indie research companies out there, i'm more interested to see what happens to the X force and how they are controlled (anyone remember @stake's research team after the yellow suit buyout?)
  • Thomas Ptacek · 3 years ago
    It's a good question (whether IBM keeps x-force intact). I think the answer is "no", for liability and PR reasons.

    Having said that, I don't believe @s had a research team that worked the same way x-force (or eEye or iDefense or whatever) does. X-Force team members are not billable 80% of the time (in fact, I don't know that they're ever client-facing at all). At @s, the impression I have is that you were client-facing the majority of the time, or you were working on product.
  • Thomas Ptacek · 3 years ago
    ... the irony of this is that, with Oliver Friedrichs' new team at Symantec, there's probably more vulnerability researching going on there now than there was at @stake at the time of the acquisition.

    Seems like a strong statement; anyone want to debunk me?
  • Chris W. · 3 years ago
    At one point @stake had 10-20% of the company working on research. What percentage does Matasano? I guess this would be %people * %research time. Symantec could have 100 people doing research and it would only be 1% of the company. That is easily doable and it make sense for them to do it. Look they have a vulnerability research page: http://www.symantec.com/enterprise/research/ind...
    It took them 16 months to do this after the @stake acquisition but better late than never.

    -Chris
  • Thomas Ptacek · 3 years ago
    In the last 12 months at @stake how many people were in roles that allowed for at least 50% of their time to be spent in non-product-development research work?
  • Gunnar · 3 years ago
    it was also interesting that when IBM bought Data Power last year for its XML security products, they put them in the Websphere group not the Tivoli group where TAM, et. al. live.
  • wpn · 3 years ago
    I'm sorry, but I just can't buy the concept of the "death" of ANYTHING IT-related. Maybe it's the constant inane warnings of the death of Usenet/the Internet/whatever, but I don't believe that security will ever be consolidated in one appliance. Yes, it would be nice to have some in the switch, but security *never* resides in just one place. So there will always be room for indie security to explore the next paradigms. The big players will keep gobbling them up as soon as they look tasty, but they'll never empty the pond.
  • stiennon · 3 years ago
    So much ground to cover! This is crazy to think IBM has made even a significant move by purchasing ISS, which was a big fish in a very small pond, IDS. To make a security play IBM has to purchase a firewall or anti-virus company.

    People, IBM has purchased a managed security service provider (MSSP). One at which I was employee number 9 (Netrex). ISS bought them for something like $60 million and just sold it for $1.3 billion. Brilliant move on Tom Noonan's part. And frankly, if you have followed IBM's recent product offerings, a strategic win for IBM.

    There are two battle fronts in security, the network and the desktop. If IBM, or EMC are going to go after Security (big S) they would have to go for one of these. But they are not. They are making strategic purchases, IBM around services, EMC around data life cycle protection.

    Note that Cisco and Microsoft are aiming at the desktop. Note that switch vendors are aiming at Cisco's weak underbelly: lack of innovation in their core product line to counter new threats.

    There is room for hundreds of new stand alone security companies in the next 18 months. Palo Alto Networks, FireEye, GreenArmor, BlueLane, MuSecurity, Breakingpoint to name the few that occur to me. Check 'em out.
  • Thomas Ptacek · 3 years ago
    I like your analysis but you skipped a couple battlefronts:

    - The Data Center (which EMC owns): interconnections between servers, including:
    - Data center switching
    - Storage
    - Virtualization

    - The Server Itself (Microsoft, Sun, Linux)

    - The Perimeter Network

    - Software Security

    - Professional Services

    Like I keep saying, I think Cisco makes around $1Bn on security, which sounds like a lot but it includes IP VPN (which is connectivity technology, not security) and is less than 10% of what they make on switching. The only thing that blurs the picture at Cisco for me is the ISR, which is a huge success for them.

    I think security is more of a threat to Cisco than an opportunity; it motivates enterprises to deploy security switches, which is not a category Cisco has a mortal lock on.

    I think you're oversimplifying IBM's strategy by saying they bought an MSSP. They picked an awfully expensive way to buy an MSSP if that's their strategy.

    I think you're oversimplifying EMC's strategy by saying they're just buying data protection. I think EMC wants to use security to lock out competitors, and cut off avenues for competitors to gain a beachhead in the data center.
  • dre · 3 years ago
    i have no problem with cisco taking 80 percent of the network security market and juniper networks taking 15 or the rest.

    cisco/juniper/foundry already own BGP. imagine! now i have security features where my network connects to other networks! fancy that!

    i've always been for switch and router integration of security features. the only network attack that's been [historically] more of a host problem instead of a network problem has been the syn attack. smurf (including tcp amplification), fraggle, land, etc - have always been solved at the network layer.

    sure, it's weird and uncomfortable that higher layer attacks are moving into routers/switches - but it makes sense to me to roll it out this way. we load hosts and servers up with tons of software - why not the network?

    what's wrong with this consolidation for now? what's good about pure-play in the firewall/IDS/IPS/NAC market?

    and how long will this last? 3 years until IPv6 grows in popularity? 1-2 years until a giant gaping hole in IPS is found - which could be vendor defaults - or an enterprise mishap in popular implementations?