All Network Security Functions in the Switch

The ISS acquisition has me thinking again about the security space. I noticed Richard Stiennon wrote the following:

Consolidation? Not even close. There are over 867 vendors in the IT-Harvest knowledge base this morning. When that number falls month to month we can start talking about consolidation.

I'm not sure that's the right way to look at the issue. How many of those companies are 1 year old or less? 2 years? 3 years? I'm guessing that many companies that were firewall development startups have either been bought or gone out of business. The same can be said for other product types. The vendor count may never decrease because new companies are always joining the market to address new problems (or so they claim). I think that process is consolidation.

The main reason I posted this entry, however, is the title above. I am not the only person to discuss collapsing all network security functions into switches, and I have probably said something similar already. Nevertheless, I believe that the future is not bright for companies that want to introduce network security products but remain independent.

Let me define a few terms. By "network security" I mean products that interact with network traffic, for inspection or access control decisions. I do not mean products which work on the host level. When I say "remain independent" I mean start as a small company and grow to become a billion dollar plus company.

It seems as though all network security functions are going to collapse into the devices which carry traffic -- switches. Consider a router to be a "layer 3 switch" for the sake of this argument. If you can't accept that, imagine I said "switches and routers" earlier.

I think the shelf life of point products is going to become increasingly short. In other words, I could see IBM eventually selling or abandoning its ISS network security product line. Why? IBM doesn't make switches or routers that compete with Cisco. The functions that ISS network security products provide, however, are going to end up in Cisco switches. Those features are going to be available as upgrades to sufficiently powerful switches, leaving managers with the choice of running Cisco plus other boxes, or just Cisco. They will choose "just Cisco."

Am I Cisco hack? No (but I do have my CCNA). Do I think this is the best of all possible worlds? No, since I prefer Cisco's routing and switching to its security products. Nevertheless, the drive to consolidate products is going to eventually collapse network security functionality down to the only boxes which absolutely must remain -- switches.

I expect to see network security point products continue to be developed. However, they will continue to be outsourced research, development, and viability testing factories for Cisco. When Cisco sees a product it likes, it will buy the company and then integrate the functionality into its own equipment.

Where does this leave the other security gorillas, and gorilla wanna-bes? Those that focus on host-centric products may continue to exist, but there is a good chance that they will be continue to be bought by Microsoft. Those that provide services to make all this work will grow. I think this is where IBM and other giant integrators can make a good living.