Matasano Chargen - Latest Comments in Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

dre — Tue, 29 Aug 2006 20:36:10 -0000

i have no problem with cisco taking 80 percent of the network security market and juniper networks taking 15 or the rest.

cisco/juniper/foundry already own BGP. imagine! now i have security features where my network connects to other networks! fancy that!

i've always been for switch and router integration of security features. the only network attack that's been [historically] more of a host problem instead of a network problem has been the syn attack. smurf (including tcp amplification), fraggle, land, etc - have always been solved at the network layer.

sure, it's weird and uncomfortable that higher layer attacks are moving into routers/switches - but it makes sense to me to roll it out this way. we load hosts and servers up with tons of software - why not the network?

what's wrong with this consolidation for now? what's good about pure-play in the firewall/IDS/IPS/NAC market?

and how long will this last? 3 years until IPv6 grows in popularity? 1-2 years until a giant gaping hole in IPS is found - which could be vendor defaults - or an enterprise mishap in popular implementations?

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Thomas Ptacek — Mon, 28 Aug 2006 13:12:20 -0000

I like your analysis but you skipped a couple battlefronts:

- The Data Center (which EMC owns): interconnections between servers, including:
- Data center switching
- Storage
- Virtualization

- The Server Itself (Microsoft, Sun, Linux)

- The Perimeter Network

- Software Security

- Professional Services

Like I keep saying, I think Cisco makes around $1Bn on security, which sounds like a lot but it includes IP VPN (which is connectivity technology, not security) and is less than 10% of what they make on switching. The only thing that blurs the picture at Cisco for me is the ISR, which is a huge success for them.

I think security is more of a threat to Cisco than an opportunity; it motivates enterprises to deploy security switches, which is not a category Cisco has a mortal lock on.

I think you're oversimplifying IBM's strategy by saying they bought an MSSP. They picked an awfully expensive way to buy an MSSP if that's their strategy.

I think you're oversimplifying EMC's strategy by saying they're just buying data protection. I think EMC wants to use security to lock out competitors, and cut off avenues for competitors to gain a beachhead in the data center.

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

stiennon — Mon, 28 Aug 2006 12:44:56 -0000

So much ground to cover! This is crazy to think IBM has made even a significant move by purchasing ISS, which was a big fish in a very small pond, IDS. To make a security play IBM has to purchase a firewall or anti-virus company.

People, IBM has purchased a managed security service provider (MSSP). One at which I was employee number 9 (Netrex). ISS bought them for something like $60 million and just sold it for $1.3 billion. Brilliant move on Tom Noonan's part. And frankly, if you have followed IBM's recent product offerings, a strategic win for IBM.

There are two battle fronts in security, the network and the desktop. If IBM, or EMC are going to go after Security (big S) they would have to go for one of these. But they are not. They are making strategic purchases, IBM around services, EMC around data life cycle protection.

Note that Cisco and Microsoft are aiming at the desktop. Note that switch vendors are aiming at Cisco's weak underbelly: lack of innovation in their core product line to counter new threats.

There is room for hundreds of new stand alone security companies in the next 18 months. Palo Alto Networks, FireEye, GreenArmor, BlueLane, MuSecurity, Breakingpoint to name the few that occur to me. Check 'em out.

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

wpn — Mon, 28 Aug 2006 09:03:17 -0000

I'm sorry, but I just can't buy the concept of the "death" of ANYTHING IT-related. Maybe it's the constant inane warnings of the death of Usenet/the Internet/whatever, but I don't believe that security will ever be consolidated in one appliance. Yes, it would be nice to have some in the switch, but security *never* resides in just one place. So there will always be room for indie security to explore the next paradigms. The big players will keep gobbling them up as soon as they look tasty, but they'll never empty the pond.

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Gunnar — Mon, 28 Aug 2006 08:30:55 -0000

it was also interesting that when IBM bought Data Power last year for its XML security products, they put them in the Websphere group not the Tivoli group where TAM, et. al. live.

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Thomas Ptacek — Sun, 27 Aug 2006 15:32:44 -0000

In the last 12 months at @stake how many people were in roles that allowed for at least 50% of their time to be spent in non-product-development research work?

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Chris W. — Sun, 27 Aug 2006 14:25:11 -0000

At one point @stake had 10-20% of the company working on research. What percentage does Matasano? I guess this would be %people * %research time. Symantec could have 100 people doing research and it would only be 1% of the company. That is easily doable and it make sense for them to do it. Look they have a vulnerability research page: http://www.symantec.com/enterprise/research/ind...
It took them 16 months to do this after the @stake acquisition but better late than never.

-Chris

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Thomas Ptacek — Sat, 26 Aug 2006 19:00:25 -0000

... the irony of this is that, with Oliver Friedrichs' new team at Symantec, there's probably more vulnerability researching going on there now than there was at @stake at the time of the acquisition.

Seems like a strong statement; anyone want to debunk me?

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Thomas Ptacek — Sat, 26 Aug 2006 18:59:05 -0000

It's a good question (whether IBM keeps x-force intact). I think the answer is "no", for liability and PR reasons.

Having said that, I don't believe @s had a research team that worked the same way x-force (or eEye or iDefense or whatever) does. X-Force team members are not billable 80% of the time (in fact, I don't know that they're ever client-facing at all). At @s, the impression I have is that you were client-facing the majority of the time, or you were working on product.

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Daniel — Sat, 26 Aug 2006 18:00:24 -0000

I still think there are loads of good indie research companies out there, i'm more interested to see what happens to the X force and how they are controlled (anyone remember @stake's research team after the yellow suit buyout?)

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Randall Shimizu — Sat, 26 Aug 2006 05:26:01 -0000

Actually Cisco is developing a blade to run on IBM's blade server. So it's really IBM's real estate. So it's quite probable that we could see a IPS or firewall ISS blade.

But like I said before the real advantage is that it gives them a leading role in security

New IBM Blade Computers Speed Business Data up to Ten Times Faster
(http://www-03.ibm.com/press/us/en/pressrelease/... )

"The BladeCenter H systems introduced today provide a new way to deliver blade technology, by collapsing servers, storage devices, networking infrastructure and security appliances into a single location in the datacenter."

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Thomas Ptacek — Sat, 26 Aug 2006 01:34:44 -0000

Randy, thanks for the great comment. Let me say though that the reason "switch security" is an elephant in the room is that Cisco holds a monopoly on enterprise switching that resembles (if not, by the ratios, exceeds) Microsoft's old desktop monopoly. Put simply, nobody is going to run their network on IBM blades.

"Switching" is a piece of real estate, like "desktop host" and "perimeter gateway". What you do with real estate is, you find the best parcels, you claim them, and then maybe you develop them. I'm waiting to see what Cisco builds on its enterprise infrastructure real estate. I'm pretty sure anything IBM might want to locate there, Cisco is going to charge enormous rents and make a pretty annoying landlord.

(By the way, track down some of Cisco's PowerPoint decks on Cat architecture --- try searching for "Pinnacle ASIC" --- and see that while Cisco is clearly highly competant, they aren't winning with fabulous technological advancements. You can get a PICMG 2.16 chassis, slap a switch blade onto it, and another board with some Pentiums and system controllers on daughterboards, and bring a "security switch" to market. But nobody's going to run their network on it.)

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

Randy Shimizu — Fri, 25 Aug 2006 20:08:12 -0000

The one that ISS does for IBM is that it gives them a leading security vendor drive their security efforts. IBM has a good reputation for security now IBM has a chance to be considered a leader in security. As for Cisco it's a different issue. ISS needs to compete with Cisco, but I don't believe that it's imperative to beat Cisco in the security space.

As for IBM don't forget that they have pioneered
the swtich on a chip and the router on a chip technolgy which Cisco uses. Recently IBM came out with some voip switch blades for it's blade center servers (http://www-03.ibm.com/servers/eserver/telecom/b... ). So given this fact it's not improbable that IBM would come out with some security related blades. Another factor to consider is IBM's considerable research and development resources.

I do think the notion that IBM will completly dominate the "pure play" security market is way to early to tell and unlikely at this point. I do think however that IBM will put considerable pressure on companies like Symantec or CA. IBM's considerable customer base put's it in a very strong position to take market share.

Re: Has IBM’s ISS Takeover Killed Indie Security? Next on the Matasano Group.

alan shimel — Fri, 25 Aug 2006 19:03:32 -0000

Well guys I guess I should pack my bags and go home then ;-) This is no different than in other industries. There will always be room for smaller, nimbler players who innovate and offer better service to customers. I think the real question is, how big do the big boys let the rising stars rise before they buy them. Also, in every generation if you will there will be a few new winners who can rise to the top and make it.