An Information Security Place

I just read a post by Mike Rothman where he is revisiting the "Big is the New Small" post he wrote oh so long ago (is it just me, or does 2 years in the blogging world seem more like 20?).  Basically, it was all about the consolidation of the security market, which is still happening, as Mike points out.

But the little nugget that Mike points out but really doesn’t give enough time to is the integration issue.  Mike says this:

There are many that cling to the "best of breed" myth. It’s even funnier when you think about folks positioning their offerings as "integrated best of breed," whether it happens on the perimeter or on the devices. Or even in security management. Integration/unification and best of breed are opposites. Oil and water. You get the picture. It just doesn’t happen.

I added the emphasis there because I think that is important.  I have seen some of these bigger companies that have a centralized management platform (especially the end-point security companies) that have bought these different products and are still trying to integrate them all into that platform.  Their vision is good as far as the concept goes.  "Let’s put all of these products into a central management console that can provide all the information in a single spot." It makes their offerings attractive to the client if it worked.  I think this is the reason a lot of people are going with some of these "bloated, unresponsive, lumbering vendors."  Some of it may be that they don’t want to work with 5 different companies, but I think that happens more often in infrastructure types of products (DLP products, now mostly owned by bigger companies, still often sell as best of breed much of the time because they each have their own strengths). 

What I see as something of a trend (though not long term because the consolidation will still happen) is that some of these shops will look at best of breed in some areas for a while because the integration they were sold has not been delivered.  I really see some of these shops not wanting "good enough" because it isn’t close enough to actually being good enough.  These products that should have been integrated and functioning smoothly by now are still struggling to get off the ground, and they are causing more management headaches.

I guess we’ll see.  Some people may continue to struggle through and wait for the promise.  But I see a lot of people getting aggravated, and they are being almost forced to make some changes in order to manage the problems.

Vet

…for this interview?  It is titled "Embedding security has drawbacks says TippingPoint chief architect", but the explanation Brian Smith gives is about as weak as the American dollar.  Did TippingPoint marketing write the questions?  Sheesh.

Look, there is a need for embedded security AND security on the edge.  It really comes down to your business.  When good and fast security becomes built into the switch, I will look at it and judge it’s merits for MY BUSINESS (or my client’s business).  But this whole thing about switching and routing technology being outpaced by security technology is the largest piece of crap answer I have ever heard.  Of course the security technology is outpacing it.  That is because security is hot, hot, hot right now, and it has been for the last few years, whereas routing and switching are routing and switching.  But what does that mean?? 

Mr. Smith, was the incorporation of IPS into 3COM switches was a "fool’s errand", as you called it at 3:21 in the video?  Does that mean that you can’t incorporate the two?  Does it simply not work?  Is this just not feasible?  Of course not.  The reason you are saying this is because the 3COM / TP deal fell through for other reasons.  Plain and simple, 3COM was not in any kind of position in the switching market to make a dent.  I wrote about this a while back.  Here’s most of that post:

When I was an infosec manager, I was a TippingPoint customer. When I bought the TippingPoint box, stand-alone devices were still all the rage. UTM and NAC were pretty much still new terms. But right about the time TippingPoint was bought by 3com, the convergence track had started to emerge. Cisco was really getting into putting different devices in their switches. Things were really starting to move in that direction, and 3com probably thought they should do the same.

But just in case things were not what they seemed, 3com decided to test the waters (conjecture on my part, but plausible conjecture nonetheless). So they surveyed their customers (or TippingPoint customers, at least). I received one of these surveys. Among other things, it asked if I would buy a 3com enterpise switch with a TippingPoint IPS blade integrated into it. Understand that I come from the network engineering world. I have installed and configured many a switch and router. And for the immediate 4-5 years before this survey hit my inbox, 3com had been about as present in the enterprise switch space as a woman at an ISSA chapter meeting. The biggest place you saw 3com was on a NIC or a little white 8-port hub in a room full of cubicles. So, I answered a definitive “not no, but hell no”.

To clarify (if the above didn’t explain it well enough), it was the 3com switch that threw me. I wasn’t unhappy with TippingPoint (except that they had been bought by 3com). I liked the box. It served me well. If I could get a TippingPoint blade for the 4506, I would have seriously considered it. But there was no way I was going to replace my Catalyst 4506 with a 3com switch, no way, now how.

Of course, I cannot answer for every TippingPoint customer who received the survey, but I can guess that many of them answered the same way. And this makes me wonder if 3com and TippingPoint are sitting in ivory towers and ignoring the trends because it doesn’t compute that people don’t like their switches.

And to add one more thing that may add some credence to my hypothesis: I also had a couple of 3com reps come out to visit me during the final months of my tenure as an infosec manager. When my boss and I told the 3com guys that we would not consider in any way replacing our current switching infrastructure with 3com because of our impression of 3com as a serious player, they were completely surprised by our attitude. Now maybe they had never received that reaction before because we were just a little more harsh and up front with our opinions. But my immediate opinion was that they really didn’t know they had that kind of reputation. Maybe it is just me that thinks this about them, but I don’t think so.

 

So basically, what it came down to was that 3COM did not impress me, so I would never have bought their switches.  The IDEA was a good one.  They recognized that it was a good one.  But they could not make it happen because no one wanted to buy 3COM switches.  Plain and simple. 

Now let us get back to the business of security while you guys go try to fool a few more people.

Vet

Here’s Chris’ comment:

You are both way off-base! The reason Brian Smith was quoted in this article within this context is because Tippingpoint/3com are showing their honking M60 Security SWITCH at RSA! I think you guys are more interested in knocking the 3Com/Tippingpoint relationship than understanding what Brian was saying.

Chris,

I see what you are saying (from reading your post), and I agree that I may have read that wrong. But when I read “bump-in-the-wire”, I think hardware device. Even if it is super fast and doesn’t introduce any noticable latency, it is still a device to be managed.

Also, I am not really interested in knocking the relationship. Did I like the relationship when it started? No, I didn’t. I thought it made sense for 3com, but I did not like my IPS vendor being bought by 3com because I thought they would possibly screw up TippingPoint. I thought of (and still think of) 3com as a sub par enterprise switch company that is entering the game late and will probably not be able to make up the ground they have lost. And I BS you not when I talk about their attitude.

And as far as the switch they have coming out, you point out in your article that it is a year late. I spoke of “too late” in my post. That just makes me think again of their reputation.

BTW, it is good to hear from you again. I was wondering where you had disappeared to.

Vet

Alan Shimel posted about something said by Brian Smith, co-founder of TippingPoint and chief architect of 3Com, in an SC Magazine article. Here’s part of the excerpt Alan used:

Smith says he also plans to emphasize the benefits of
the bump-in-the-wire network approach to deploying security solutions.
Rather than embedding solutions into switchers and routers, Smith plans
to suggest overlaying solutions to allow for a more converged, cheaper
way to add intelligence to the network.”

Alan rightly points out that Mr. Smith may be smoking a big crack pipe. Alan then ponders the mystery by asking, “Do the Tipping Point people resent and hate their 3Com overlords so much that they refuse to see the natural evolution of converging security and network gear?” Alan, I may have an inkling to why Smith thinks this is the best approach. And if my suspicion is correct, then you are on the right track, but their resentment is not the reason. Let me ’splain.

When I was an infosec manager, I was a TippingPoint customer. When I bought the TippingPoint box, stand-alone devices were still all the rage. UTM and NAC were pretty much still new terms. But right about the time TippingPoint was bought by 3com, the convergence track had started to emerge. Cisco was really getting into putting different devices in their switches. Things were really starting to move in that direction, and 3com probably thought they should do the same.

But just in case things were not what they seemed, 3com decided to test the waters (conjecture on my part, but plausible conjecture nonetheless). So they surveyed their customers (or TippingPoint customers, at least). I received one of these surveys. Among other things, it asked if I would buy a 3com enterpise switch with a TippingPoint IPS blade integrated into it. Understand that I come from the network engineering world. I have installed and configured many a switch and router. And for the immediate 4-5 years before this survey hit my inbox, 3com had been about as present in the enterprise switch space as a woman at an ISSA chapter meeting. The biggest place you saw 3com was on a NIC or a little white 8-port hub in a room full of cubicles. So, I answered a definitive “not no, but hell no”.

To clarify (if the above didn’t explain it well enough), it was the 3com switch that threw me. I wasn’t unhappy with TippingPoint (except that they had been bought by 3com). I liked the box. It served me well. If I could get a TippingPoint blade for the 4506, I would have seriously considered it. But there was no way I was going to replace my Catalyst 4506 with a 3com switch, no way, now how.

Of course, I cannot answer for every TippingPoint customer who received the survey, but I can guess that many of them answered the same way. And this makes me wonder if 3com and TippingPoint are sitting in ivory towers and ignoring the trends because it doesn’t compute that people don’t like their switches.

And to add one more thing that may add some credence to my hypothesis: I also had a couple of 3com reps come out to visit me during the final months of my tenure as an infosec manager. When my boss and I told the 3com guys that we would not consider in any way replacing our current switching infrastructure with 3com because of our impression of 3com as a serious player, they were completely surprised by our attitude. Now maybe they had never received that reaction before because we were just a little more harsh and up front with our opinions. But my immediate opinion was that they really didn’t know they had that kind of reputation. Maybe it is just me that thinks this about them, but I don’t think so.

Vet