Home > Punditry, Unified Threat Management (UTM), Virtualization > The 4th Generation of Security Devices = UTM + Routing & Switching or New Labels = Perfuming a Pig?

The 4th Generation of Security Devices = UTM + Routing & Switching or New Labels = Perfuming a Pig?

That’s it.  I’ve had it.  Again.  There’s no way I’d ever make it as a Marketeer.  <sigh> Pig_costume1_2

I almost wasn’t going to write anything about this particular topic because my response can (and probably should) easily be perceived as and retorted against as a pissy little marketing match between competitors.  Chu don’t like it, Chu don’t gotta read it, capice?

Sue me for telling the truth. {strike that, as someone probably will}

However, this sort of blatant exhalation of so-called revolutionary security product and architectural advances disguised as prophecy is just so, well, recockulous, that I can’t stand it.

I found it funny that the Anti-Hoff (Stiennon) managed to slip another patented advertising editorial Captain Obvious press piece in SC Magazine regarding what can only be described as the natural evolution of network security products that plug into — but are not natively — routing or switching architectures.

I don’t really mind that, but to suggest that somehow this is an original concept is just disingenuous.

Besides trying to wean Fortinet away from the classification as UTM devices (which Richard clearly hates
to be associated with) by suggesting that UTM should be renamed as "Flexible Security Platform," he does a fine job of asserting that a "geologic shift" (I can only assume he means tectonic) is coming soon in the so-called fourth generation of security products.

Of course, he’s completely ignoring the fact that the solution he describes is and has already been deployed for years…but since tectonic shifts usually take millions of years to culminate in something noticeably remarkable, I can understand his confusion.

As you’ll see below, calling these products "Flexible Security Platforms" or "Unified Network Platforms" is merely an arbitrary and ill-conceived hand-waving exercise in an attempt to differentiate in a crowded market.  Open source or COTS, ASIC/FPGA or multi-core Intel…that’s just the packaging and delivery mechanism.  You can tart it up all you want with fancy marketing…

It’s not new, it’s not revolutionary (because it’s already been done) and it sure as hell ain’t the second coming.  I’ll say it again, it’s been here for years.  I personally bought it and deployed it as a customer almost 4 years ago…if you haven’t figured out what I’m talking about yet, read on.

Here’s how C.O. describes what the company I work for has been doing for 6 years and that he intimates Fortinet will provide that nobody else can:

We are rapidly approaching the advent of the fourth generation
security platform. This is a device that can do all of the security
functions that are lumped in to UTM but are also excellent network
devices at layers two and three. They act as a switch and a router.
They supplant traditional network devices while providing security at
all levels. Their inherent architectural flexibility makes them easy to
fit into existing environments and even make some things possible that
were never possible before. For instance a large enterprise with
several business units could deploy these advanced networking/security
devices at the core and assign virtual security domains to each
business unit while performing content filtering and firewalling
between each virtual domain, thus segmenting the business units and
maximizing the investment in core security devices.

One geologic
shift that will occur thanks to the advent of these fourth generation
security platforms is that networking vendors will be playing catch up,
trying to patch more and more security functions into their
under-powered devices or complicating their go to market message with a
plethora of boxes while the security platform vendors will quickly and
easily add networking functionality to their devices.

generation network security platforms will evolve beyond stand alone
security appliances to encompass routing and switching as well. This
new generation of devices will impact the networking industry it
scrambles to acquire the expertise in security and shift their business
model from commodity switching and routing to value add networking and
protection capabilities.

Let’s see…combine high-speed network processing whose routing/switching architecture was designed by the same engineers that designed Bay/Welfleet’s core routers, add in a multi-core Intel processing/compute layer which utilizes virtualized, load-balanced security applications as a  service layer that can be overlaid across a fast, reliable, resilient and highly-available network transport and what do you get?


Up to 32 GigE or 64 10/100 switching ports and 40 Intel cores in a single chassis today…and in Q3’07 you’ll also have the combination of our NextGen network processors which will provide up to 8x10GigE and 40xGigE with 64 MIPS Network Security cores combined with the same 40 Intel cores in the same chassis.

By the way, I consider that routing and switching are just table stakes, not market differentiators; in products like the one to the left, this is just basic expected functionality.

Furthermore, in this so-called next generation of "security switches," the customer should be able to run both open source as well as best-in-breed COTS security applications on the platform and not constrain the user to a single vendor’s version of the truth running proprietary software.


But wait, it only gets better…what I found equally as hysterical is the notion that Captain Obvious now has a sidekick!  It seems Alan Shimel has signed on as Richard’s Boy Wonder.  Alan’s suggesting that again, the magic bullet is Cobia and that because he can run a routing daemon and his appliance has more than a couple of ports, it’s a router and a switch as well as a multi-function UTM UNP swiss army knife of security & networking goodness — and he was the first to do it!  Holy marketing-schizzle Batman! 

I don’t need to re-hash this.  I blogged about it here before.

You can dress Newt Gingrich up as a chick but it doesn’t mean I want to make out with him…

This is cheap, cheap, cheap marketing on both your parts and don’t believe for a minute that customers don’t see right through it; perfuming pigs is not revolutionary, it’s called product marketing.


  1. June 22nd, 2007 at 08:00 | #1

    Drummer Hoff fired it off…

    I am not sure, but I think I detect a slight bit of annoyance in Chris Hoff's latest post. This problem is a neverending battle between technologists and marketers. A quick read of Crossing the Chasm – one of my favorite books – will highlight the key …

  2. June 24th, 2007 at 16:39 | #2

    Hey Chris. Just because your great products enable routing and security in a hardware accelerated platform is no reason to say that change is *not* in the air. Crossbeam's capabilities, value proposition, and market momentum *support* my thesis.
    If you thought that Cisco, Juniper and Checkpoint had been doing routing + Switching + Security (in all its facets) for ever then I could see why you have your knickers in a stitch. But they have yet to do this. They have separate platforms for each function.
    So join Shimel and me as we blog the future of networking and security.
    And thanks for the geologic/tectonic thing.

  3. June 24th, 2007 at 17:39 | #3

    Let's get one thing straight; I'm not supporting *YOUR* thesis…I work for the company that created the very thesis you claim to originate and what you're suggesting is, well, just slightly annoying to me.
    You won't and can't admit to that, I know, but don't expect me to sit idly by and let these sorts of messages not to be attended to…even unofficially through my personal blog.
    Change has been in the air for years, and I think it's great that you're cognizant of that.
    Specifically, what my knickers are in a twist about is you and Alan suggesting that you're anywhere near "first" in providing this functionality.
    I tip my hat to your marketing prowess; it's your calling and not mine, so I apologize for the vitriol.
    My wife's a geophysicist…had to bring that up.
    BTW, when are you going to post or send me that great picture you took?

  4. June 25th, 2007 at 08:16 | #4

    I believe Nexi was the first, Cosine next, a few others that have gone by the wayside.
    I'll send you the picture if you promise to post it next time you go off on a Jericho-Microsoft-The-Endpoint-is-everything tirade. :-)

  5. June 25th, 2007 at 12:43 | #5

    Let's see…Nexi, Cosine (whose IP Fortinet now owns)…both formed, I believe, at exactly the same time as Crossbeam — in 2000.
    Which one of those are still alive?
    Send me the picture…I'll post it in 10 minutes…you deserve it, it was a great shot!

  1. No trackbacks yet.