Home > De-Perimeterization, General Rants & Raves, Information Security, Unified Threat Management (UTM) > Best of Breed Says: “Rumors of my death have been greatly exaggerated…”

Best of Breed Says: “Rumors of my death have been greatly exaggerated…”

Marktwain[Editor’s Note: You should also check out Alan Shimel’s blog entry regarding this meme.  I’ll respond to some of his excellent points in a seperate entry, but he beat the crap out of Mike and my Pink Floyd references!  I guess that comes with age ;)]

Uncle Mike and I today debate his notion that Best Of Breed/Best In Breed is dead — it’s actually a sing-a-long to Pink Floyd’s "The Wall."  Who knew security could be so lyrical?

By the way, in case you didn’t figure it out, that’s Mark Twain to the right, who, in his own right was once Best In Breed, is credited for the (butchered) quote above.

I think Mike missed my point — or more realistically, I didn’t do a good enough job of making it before he turned/titled the discussion into another rambling argument about the dying "perimeter." 

This really is the first time I’ve had trouble following Senor Rothman’s logic.  I think Stiennon planted a trojan via our IM chat the other night and is typing in his stead πŸ˜‰

This is also probably my first really Crossbeam-centric post, but I’ve been prodded by Mike into ‘splaining/defending what we do (and how we do it) via BoB/BiB, so here goes:

Here’s my clarification:

Mike says:

It is my belief
(and remember I get paid to have opinions) that perimeter best of breed
is a dying architecture. Crossbeam even calls what you do UTM. So maybe
we are just disagreeing about semantics and words. Ultimately isn’t
this abstracted "security services" layer that you evangelize more of
what customers are interested in.

Your definition of the "perimeter" no longer interests me πŸ˜‰ 

If you’re talking about the SMB market and their adoption of Perimeter UTM to consolidate seperate appliances, then this argument is done. 

However, these customers that suffer from box stacking recognize that they bought the best product they could (perhaps it was more than they could afford) at the time, but what they’re looking for now is "good enough" and "reduced cost."  When you purhase a $500 box that does 8 things for $500, you get a "reduction of (device) complexity" as a side effect.  But it’s silly to suggest that these folks were really BoB/BiB targets in the first place.  That’s why BoB/BiB companies such as Check Point have small UTM boxes in this range.  Please see below. 

This abstracted "security services" layer is exactly what I evangelize, however it’s comprised of BoB/BiB solutions and functionality at it’s foundation.  As players commoditize, they move into core technology as a table stakes play, but then we have distinguished BoB/BiB technology that is truly differentiated for some period of time.  Sometimes this technology becomes a market, sometimes it becomes a feature, but either way, it’s an organic process that is still based upon BoB/BiB.

You bet that Crossbeam is a UTM player.  In fact, despite what Fortinet lies (yes, lies) about in their press releases, Crossbeam continues to be the leader in the high-end ($50K+) UTM market.  However, as I’ve said eleventy-billion times, there is an enormous difference between the small SMB $500 Perimeter UTM solutions and our Enterprise and Provider-Class UTM solutions.

I’m not going to re-hash this here again.  You’ll need to reference this post to get the big picture.  Suffice it to say, we’ve been in business for 6 years with revenue doubling YoY doing the thing that is now called UTM — and we do it in a way that nobody else can because it’s damned hard to do right.

I admit/concede/agree that Single-function BoB/BiB solutions that are intended by their creators to be deployed in a singular fashion on their own appliance stacked next to or on top of another BoB/BiB solution is a dying proposition.   This is why you see vendors — even Cisco — combining functionality into a consolidated solution to reduce security sprawl.   That won’t stop them from building BoB/BiB compartmentalized solutions, however.  This is what vendors do.

Typically integrators get to make money from cobbling it all together.  Savvy resellers and integrators don’t have to cobble if they use an architecture that aligns all of these solutions into and onto a platform architecture that is as much a competent networking component as it is a BoB/BiB security layer.  That would be Crossbeam.

That does NOT, however, mean that BoB/BiB itself is dead (at the perimeter or otherwise) because just like IBM buying ISS (the market leader in BoB/BiB IPS,)  this will result in the inevitable integration via service of ISS’ components into a  more robust suite of security services complemented by infrastructure.   

However, when a single vendor does this, you only get that single vendor’s version of the truth and so I assume this is what Mike means when he says a customer has to "settle" for BoB/BiB.

The dirty little secret is that customers are forcing BoB/BiB vendors to work together — or more specifically work together on a platform using an architecture that provides for this integration in an amazingly scaleable, highly-available, and high performance way.

Here are some pertinent examples:

  • Next Generation Networks de-couple the transport from the service layers.  You have plumbing and intelligence.  The plumbing is dumb, fast and reliable whilst the service layer providers the value in things such as content delivery, security, etc.

    In this model, the plumbing is made up of the BoB/BiB networking components and the intelligence layer is comprised of BoB/BiB service delivery components.

    NGN’s are driving the re-architecture of some of the biggest networks on the planet — in fact THE largest IT project in the world, BT’s 21CN, calls for this architecture where BoB/BiB components have been selected to be consolidated in a single platform in order to deliver BoB/BiB security as a service layer across the entire network — end to end.  They don’t expect switches or routers to be able to deliver this security — they trust in the fact that BoB/BiB players will — in one platform. 

    By the way, that includes that little thing called "the perimeter."  I’ve said it once and I’ll say it again:

    The perimeter is not going away.  In fact, it’s multiplying.  However, the diameter is collapsing.

Applying dynamic, on-demand and highly-differentiated combinations of BoB/BiB security services at different areas of the network from a single set of carrier/enterprise -class security switches allows you to secure these micro-perimeters as you best see fit.

You don’t "settle" for anything.  The customer has a choice of which BoB/BiB security software he/she wishes to run and like a "Security Service Oriented Architecture" and dynamically and at will apply these choices where, when and how needed.  If vendor A changes strategy or goes out of business, you can add/switch vendor B.

  • Virtualization in both the data center and the "network" is dependent upon BoB/BiB to deliver the functionality required for distributed computing.  Just as servers, storage, networking and processing is virtualized, security is too.

    Since many companies are utilizing VLANs to being their virtualization efforts and beginning to abstract the network in VRF terms @ Layer 2/Layer 3, they have two choices: use the still immature security technology present in clumps in their routers/switches (and hold your breath for SNF — which is really just a product like ours connected to a switch — don’t believe me?  I’ll post one of Richard Stiennon’s slides describing SNF) or choose an architecture that delivers EXACTLY the level of security you need at its most potent level as a combined virtualized service layer across the network using BoB/BiB.

  • Consolidation and Acquisitions will come and go, but you’ll notice that we are able to do things that nobody else can in the BoB/BiB market.  Take this VARBusiness story for example — just published today — in which an established BoB/BiB Firewall player (Check Point) is combined with a BoB/BiB IPS player (SourceFire) on our platform doing something the two companies could not do otherwise.  By the way, and most importantly, the customer can choose from 15+ other BoB/BiB security applications to combine, also, such as ISS, WebSense, Trend Micro, Forum Systems, Imperva, Dragon, etc.
  • Customers (in our world that’s large enterprise and service providers/carriers/mobile operators) are no longer settling for "good enough" and they’re also not settling for having BoB/BiB providers suggest that they need to tear into their networks to integrate their individual wares.  Here’s an interesting one for you:

    While many of them utilize things like FWSM modules in their 6500 series Cisco switches for firewall or even combine Juniper’s ISG2000 IPS devices with the 6500’s to provide FW and IPS together (and both of those are still considered BoB/BiB solutions by the way,) they tell the BoB/BiB purveyors of Web Services/SOA/XML security, gateway A/V, Content Filtering, Web Application and Database security solutions that while they will most definitely want their products, they won’t deploy them unless they run on the big, white, box.  That would be these.

To wrap up, Mike ends with:

To get back to my another brick
analogy, you could say that every new best of breed application you add
to your box is another brick that makes your box more interesting to
customers. No?

Yes, but how does that mean BoB/BiB is dead again?

In the spirit of the Who, here’s an appropriate selection from the Quadrophenia song "I’ve had enough":

You were under the impression
That when you were walking forward
You’d end up further onward
But things ain’t quite that simple.

You got altered information
You were told to not take chances
You missed out on new dances
Now you’re losing all your dimples.

Yours wordily, Mr. Dimples…


  1. August 25th, 2006 at 04:29 | #1

    Pigs (Three Different Ones) and Sheep

    My friend, Mike Rothman recently blogged on adding capabilities to an existing platform and how it is driving the UTM market and away from best-of-breed solutions. He calls the post security is just another brick in the wall. In keeping

  2. August 25th, 2006 at 06:12 | #2

    The Daily Incite – August 25, 2006

    August 25, 2006 – #103 Good Morning: Hi, Im Mike. And Im a blogaholic. Thats right, Im looking for a 12-step program that would allow me to cure my need to share my opinions for free and not complete documents that pay money. I h

  3. August 28th, 2006 at 06:54 | #3

    A walkon part in the war

    Okay, I can't stand it. Even at the risk of brain damage I have to comment on this whole UTM, BoB, integration by friends Rothman, Hoff and Shimel. Yes, best of breed will continue to be utilized for point solutions,…

  4. August 28th, 2006 at 10:54 | #4

    A walkon part in the war

    Okay, I can’t stand it. Even at the risk of brain damage I have to comment on this whole UTM, BoB, integration by friends Rothman, Hoff and Shimel. Yes, best of breed will continue to be utilized for point solutions,…

  1. No trackbacks yet.