Enterprise Strategy Group | Getting to the bigger truth.TM

Posts Tagged ‘Riverbed’

Big Network Security Investments –And Market Opportunities — Ahead

Thursday, January 20th, 2011

Here is some interesting data that came out of the 2011 IT Spending Intentions report from ESG Research. In a global survey of 611 IT professionals from mid-market (i.e.,  100-1000 employees) and enterprise (i.e., more than 1,000 employees) organizations, 46% of all firms reported they will increase investment in networking products and services in 2011 while 58% said they will increase investment in security products and services this year.

What I found especially intriguing is that both networking and security professionals claim that their organizations will make their most significant investments in network security over the next 12-18 months. In other words, networking AND security folks believe that network security is their highest priority. This emphasis on network security also came out with regard to infrastructure management. When IT professionals were asked which areas of infrastructure management their organizations would make the most significant investments in, the top two responses were security management (31%) and network management (29%).

What does this data mean? It’s easy to dismiss firewalls, IDS/IPS and SIEM software as mature legacy technologies. The ESG data indicates just the opposite–these venerable safeguards are going through a metamorphosis. Why? Perhaps data center consolidation and rich-media applications are driving new scaling needs. It may be that the threat landscape demands new types of safeguards. It is possible that existing network security and management tools have simply grown long in the tooth. I believe that all of these factors are driving network security upgrades and new requirements.

From an industry perspective, there is a lot of opportunity here. Some possible winners include:

  • Cisco. Cisco always gets its share of the pie but the ESG data indicates a better than usual opportunity for Cisco initiatives like TrustSec and Borderless networks. Cisco is also back in the high-end with its AXA 5585X.
  • Crossbeam/Check Point and Juniper. These companies lead in large enterprise perimeter security–a nice place to be with data center consolidation, wireless carriers, and cloud computing investments galore. Crossbeam and Check Point work well together but Crossbeam is building its multi-platform status with relationships with other leaders like McAfee as well.
  • HP. HP paid a lot for ArcSight but the ESG data shows that the timing may be fortuitous. HP is also re-investing in TippingPoint after the company’s on-again-off-again relationship with 3Com. HP should look at acquiring as a complement to ArcSight in the federal and large enterprise space.
  • Sourcefire. When is someone (perhaps HP) going to buy this successful firm? Should be another good year for Sourcefire both inside and outside the federal market.
  • McAfee. Killing it with IPS/IDS and has something up its sleeve with Sidewinder integration. The ESG data indicates that the market is ready for new solutions so the timing may be perfect for a new visionary offering.
  • The App firewall crowd. Palo Alto leads here but I keep hearing that its acquisition price is too rich for anyone. Better hurry as Check Point, Juniper, and others are catching up quickly.
  • Other SIEM vendors. Many organizations will be upgrading old SIEM systems or migrating away from Cisco MARS. Good opportunity for upstarts like LogLogic, LogRhythm, NitroSecurity, and Q1 Labs.

Beyond these mainstream players, there is plenty of business for others like Blue Coat, Citrix, F5 Networks, and Riverbed.

Cisco’s “Kitchen Sink” Product Announcements

Thursday, October 7th, 2010

Did you see the series of announcements Cisco made this week? It was pretty impressive. This is the traditional season where Cisco announces products and new initiatives but this week’s announcements were very extensive — new switches, routers, security devices, wireless access points, WAN optimization equipment, etc.

In its marketing mastery, Cisco related all of these announcements to two core strategic initiatives, data center virtualization and borderless networks. In other words, Cisco is talking about the way IT applications and services are hosted (central data centers, virtualization, cloud), and the way they are accessed (wired and wireless networks, security, access control).

Cisco is clearly demonstrating that it plays in a different space then it used to. It’s all about industries, business processes, and enterprise IT now; the network simply glues all the pieces together. So why all these announcements at once? Doesn’t this water down the individual piece parts? I don’t think so. Cisco is actually doubling down on integration across its products with an overall strategy aimed at:

  1. Competing on all fronts. In one day, Cisco delivered a response to a spectrum of IT vendors like Aruba, Check Point, Juniper Networks, and Riverbed. Cisco may not have the “best-of-breed” product in each category but it is reinforcing the message that the whole is greater than the sum of its parts.
  2. Out-executing the big competition. Cisco is betting that it can deliver technology integration and enterprise IT initiatives faster than its primary competitors — HP and IBM. There is some precedent here–HP and IBM business units haven’t always worked together well so Cisco believes it can capitalize on its organizational structure and market momentum.

Now I realize that the “integrated stack” story has limited value today since customers have a history of buying servers from HP, wired networks from Cisco, Wi-fi from Aruba, storage from , etc. That said, IT is radically changing. For example, ESG Research indicates that server virtualization is driving a lot more cooperation across disparate functional IT groups. As these organizations come together, it’s only natural that they will look for common solutions from fewer vendors.

In the meantime, service providers and financially-strapped organizations (i.e.,  State/local government, higher education, real estate, etc.) will look for IT savings anywhere they can, even if it means moving away from some vendors with relatively stronger point products in the process.

Cisco also has a services opportunity in that it gets to play services Switzerland and partner with companies like Accenture, CSC, and Unisys in competition with IBM Global Services and HP/EDS.

Lots of people knock Cisco products and point to better, faster, cheaper alternatives. Maybe, but the overall Cisco story seems pretty strong to me. As of Tuesday, Cisco has a bunch of new products that support its corporate strategy and make its story even stronger.

HP Buys ArcSight: More Than Just Security Management

Monday, September 13th, 2010

The waiting and guessing games are over; today, HP announced its intent to buy security management software leader ArcSight for $1.5 billion. I didn’t think HP would pull the trigger on another billion+ dollar acquisition before hiring a new CEO, but obviously I was wrong.

ArcSight is a true enterprise software company. As I recall, many of the early ArcSight management team members actually came from HP OpenView. With this model in mind, ArcSight went beyond technology and invested early in top field engineers, security experts, and sales people. This vaulted the company to a leadership position and it never looked back.

For HP, ArcSight fits with its overall focus on IT operations software solutions for Business Technology Optimization. In the future, security information will be one of many inputs that helps CIOs improve IT management and responsiveness. It won’t happen overnight, but think of all sources of IT management data (i.e., log data, SNMP, network flow data, configuration data, etc.) available for query, analysis, and reporting in a common repository. This is what HP has in mind over the long haul.

In the meantime, HP should get plenty of ArcSight bang-for-the-buck over the next 12-24 months by:

  1. Aligning ArcSight and EDS. Security is a top activity within professional services firms. Given ArcSight’s enterprise play, EDS will likely double down on IT risk management and push ArcSight wherever it can.
  2. Using ArcSight as a door opener in the federal market. Yes, HP already sells plenty of products and services to Uncle Sam, but it now has access to a CISO community with deep pockets. With CNCI 2.0 and FISMA 2.0 upon us, this will only increase.
  3. Bringing ArcSight into the virtual data center strategy. According to ESG Research, many enterprises don’t do a good job of coordinating security with server virtualization. This is a big problem given virtualization growth — which is why VMware was so vocal about its recent vShield announcement. HP can and should bring ArcSight into its strategic vision for CIOs with massive data center projects.

In spite of its security services and thought leadership, HP’s name has been notably absent from IT security leadership discussions in the past. ArcSight should change that.

A few other quick thoughts:

  1. In the past, ArcSight was built exclusively on top of Oracle databases. Great in terms of enterprise functionality, but it made the product expensive to buy, expensive to operate, and somewhat weak in terms of queries across large data sets. Look for HP to accelerate plans to decouple ArcSight from Oracle ASAP.
  2. If HP is still in buying mode, the obvious question is, “who is next?” Would anyone be surprised if HP made a move for Check Point, F5, or Riverbed soon?

The Branch Office Network Form Factor Debate

Thursday, May 13th, 2010

There is an interesting debate happening in the networking industry that centers around branch office equipment. ESG Research points out that branch office servers and applications are moving to the data center and this move is driving more investment in WAN optimization technologies from Blue Coat, Cisco, Citrix, and Riverbed. At the same time, cheap bandwidth and cloud services are changing the network infrastructure. Large organizations are moving away from back-hauling all traffic through the data center and setting up a real network perimeter at the branches themselves.

While networking changes continue, there is also another trend happening. Lots of legacy networking and IT functionality (WAN optimization, firewall, IDS/IPS, file servers, print servers, domain controllers, etc.) is now available as a virtual machine. A single device can now take on multiple functions.

The debate centers on the “hybridization” of networking and server functionality at the branch office. Should branches deploy edge networking devices packaged with Intel processors for running VMs, or should they simply implement Intel blade servers from , HP, and IBM at the network perimeter and then use VMs for all networking and server needs?

The answer to this question could really impact the industry. For example, Fortinet is the king of UTM devices for branch offices but what if these appliances are suddenly replaced with standard Intel servers and virtual appliance software? Obviously this wouldn’t be good news for Fortinet.

For the most part, leading vendors are not pushing one model or another. Cisco WAAS equipment comes packaged with a Windows server while the Riverbed Service Platform (RSP) can run a Check Point firewall, a Websense gateway, an Infoblox DNS/DHCP server, or basic Windows services.

So which model wins? Both (Yeah, I know it is a cop out, but I truly believe this). It’s likely that smaller branches go with Intel servers and VMs while larger remote offices stick with networking gear. Large organizations will also lean toward their favorite vendors. Cisco’s networking dominance means it wins either way while Riverbed will likely do well in its extensive installed base and succeed at the expense of second-tier WAN optimization guys like Silver Peak.

In truth, there is no right or wrong way at the branch office network, but the vendor debate ought to be very entertaining.

Final thoughts on Interop — and Las Vegas

Friday, April 30th, 2010

Okay, I’m back in sunny Boston after four days at Interop. I’m now convinced that no normal person should be subject to Las Vegas for more than this amount of time. Everyone I ran into yesterday was looking forward to leaving. I flew out at 2:15 and found that people with later flights were jealous. This says it all.

Enough about the fake city however. As for Interop, a lot of people thought that the 2009 downer indicated that Interop may not be around much longer. In less than a year, the buzz has returned under the guise of strong financials, more market demand, and cloud computing. Here are my final thoughts on the show:

  1. I was certainly entertained by the Xirrus booth that featured a real boxing ring with live sparring. That said, Xirrus positioned this as the Wi-Fi battle between Arrays and APs. Hasn’t this debate been settled? Personally, I think that Wi-Fi must evolve into a smart mesh that seamlessly integrates into the wired network. Aerohive seems especially innovative in this regard.
  2. I was impressed last year by 3Com’s product line and bravado but wondered if it really had the resources to impact Cisco. Now that 3Com is part of HP, those concerns go away. At the very least, Cisco margins will be impacted every time HP is in a deal but HP’s product line and resources may represent the first real Cisco challenger since Wellfleet Networks. HP’s problem? Marketing. When Cisco leads with its compelling borderless network vision, HP can’t simply respond with price/performance. What’s HP’s vision of the network in a cloud computing-based world? To challenge Cisco, it needs its own vision and thought leadership — qualities that HP hasn’t been strong with in the past.
  3. The WAN optimization market continues to flourish with Blue Coat, Cisco, and Riverbed leading the pack. To me, the next battle royale here is desktop virtualization. Which vendor will offer the best support? Too early to tell but this certainly provides a new opportunity for Citrix and it Branch Repeater product.
  4. It seems like the application acceleration market has become a two horse race between F5 and Citrix/NetScaler. I was impressed by some new feature/functionality from Brocade and also like scrappy startup A10 Networks who play the “hot box” role in this market. Of course Cisco plays in this market as well.  I need to ask my friends in San Jose for an update as the competition is aggressive and confident.
  5. Yes, Juniper wasn’t at Interop. Should we read anything into this as some people have suggested? No. Just look at Juniper’s financial results and you’ll see that the company is doing quite well. With all due respect to the folks who run Interop, it is no longer a requirement to attend industry trade shows.

One final thought. I don’t think anyone really knows what the network will look like in a world with cloud computing, advanced mobile devices, and ubiquitous wireless broadband. In my opinion, this means that the network business is up for grabs in a way it hasn’t been in the past. This should make next-year’s Interop just as exciting — I just wish it were at the Moscone Center.

PS: Thanks to all the folks who provided feedback on my comments about Arista Networks. Clearly, I owe Jayshree a call.

Interop 2010: What to Expect Beyond Cloud Computing Rhetoric

Tuesday, April 20th, 2010

Like the RSA Security conference in March, Interop will likely offer non-stop hyperbole about all things related to cloud computing. Nevertheless, I expect a lot of additional and very useful dialogue around the following topics:

  1. 40Gb Ethernet. While 10GbE is still ramping up, expect vendors to turn up the heat on 40GbE. Why? High-density data centers running thousands of virtual machines will need 40GbE sooner rather than later. Aside from basic connectivity, 40GbE could also be a tipping point where Ethernet replaces Fibre Channel and Infiniband. On a completely separate note, more video traffic will drive the need for 40GbE network backbones.
  2. 802.11n. The Trapeze acquisition a few years ago was a bit of a downer for the Wi-Fi crowd, but 802.11n is the networking equivalent to that old ditty, “Happy Days are Here Again.” Lots of organizations are ripping out old b/g networks, especially those in health care, education, and state/local government. New 802.11n equipment is also the first true wireless access layer, so it is likely to replace a lot of wired access switches. On the vendor front, the Meru IPO offering bolstered Wi-Fi visibility while Aruba and Cisco continue to chug along. I also like Aerohive technology, which seems like a very good fit as 802.11n networks scale.
  3. Network security. ESG’s Research indicates network security is a high priority for both networking and security groups. This is due to several factors including high bandwidth network security requirements, firewall consolidation, server virtualization, and new types of threats. Look for lots of talk about Layer 7 visibility, high-end UTM boxes, and virtual capabilities.
  4. Server virtualization. Networks must be aware of virtual machines to enforce network security and segmentation policies. Look for more one-off relationships between networking vendors, Citrix, VMware, and Microsoft. I also anticipate more support for the VEPA standard.
  5. WAN optimization. Think of this as the other side of server consolidation. While market saturation limits new business, there is a lot of WAN optimization consolidation going on. Good news for market leaders Bluecoat, Cisco, and Riverbed.
  6. Questions around HP/3Com. These discussions fit into the Interop scuttlebutt category. How will this merger work? Will there be personnel changes? Can HP really challenge Cisco in the enterprise? All of these questions and many more will be debated ad nauseum next week.

See you in Vegas.

Kudos to 60 Minutes, F5 Networks, and HP

Wednesday, November 18th, 2009

It’s tough to blog from the road so I’ll make this brief with a few noteworthy “atta boys” I’ve been thinking about.

1. Huge kudos to the CBS News Magazine 60 Minutes for its November 8 segment titled, “Sabotaging the System.” This piece described how hackers could launch a cyber attack and take down critical infrastructure like the power grid.

I can’t tell you how many people came up to me afterward and asked me if this story was true (note: “of course it’s true,” I replied). In my recent visit to Washington DC, other security and technology professionals said the same thing. I give 60 Minutes a ton of credit for exposing a very serious issue that average citizens need to be aware of. Exposing these problems can only put pressure on businesses and policy makers to fix them. Incidentally, this was 60 Minutes’ second story related to information security. Obviously, someone at CBS gets it.

2. Kudos to F5 Networks for its recently announced support for DNSSec. Why the kudos? Federal government agencies are trying to do two things simultaneously. First, they are trying to create new web-based e-government applications to increase online services for citizens and promote transparency. At the same time, the feds are under intense pressure to improve security with technologies like DNSSec. F5 recognized that these two goals could end up blocking each other and thus derail both efforts. To overcome this, F5 added DNSSec support in Big-IP. Federal IT gets a one-stop-shop for application acceleration and DNSSec while F5 should get lots of phone calls and sales from within the Beltway.

3. Kudos to HP on its ProCurve ONE support announcement. Here’s the thing: The 3Com announcement could become a huge distraction and thus usurp the effectiveness of historical programs like ProCurve ONE. Rather than let this happen, HP bolstered its ProCurve ONE marketing programs, messaging, and educational material within days of the 3Com announcement. This should reassure technology partners (like F5, McAfee, and Riverbed), channel partners, sales people, and customers that HP wants to build a networking ecosystem, not a proprietary portfolio of HP/3Com products for every networking need.

Gotta go, feel free to add to my list.

The Cisco Squeeze

Monday, November 2nd, 2009

Cisco Systems (CSCO) has long had a unique competitive position in the enterprise market. In the glory days of the mainframe, IBM still competed with HDS and Amdahl, but Cisco has had the enterprise networking market to itself for a number of years.

This monopoly seems to be at its greatest risk ever — ESG calls this market phenomenon the Cisco squeeze. Think of Cisco in the middle of a big triangle with the competition closing in on Cisco from three distinct fronts:

1. Innovation. Juniper’s (JNPR) Trio chipset and 3-D architecture set a new plateau for networking performance that Cisco can’t match. Yes, this is probably a bigger threat in the service provider market than the enterprise, but large enterprises like DISA and NYSE are buying into Juniper innovation. Beyond Juniper, companies like F5 Networks (FFIV), Citrix (CTSX), and Riverbed (RVBD) are out innovating Cisco in strategic areas as well. Finally, small enterprises are looking longer at innovative and affordable alternatives like Extreme Networks (EXTR), Force10, and even 3Com (COMS) to get better end-to-end functionality at a lower price point.

2. Commodification. While aggressive innovators hurt Cisco at the high margin data center and core network, commodification hurts Cisco at the edge. The best example here is HP. Low-cost edge and wiring closet switches with lifetime warranties are increasingly “good enough” for many Cisco customers. If history repeats itself and the low end scales to eat the high end, HP (HOQ), Dell (DELL), and other commodity networking vendors will continue to gain share at Cisco’s expense.

3. Server vendors. With its introduction of UCS (aka: California), Cisco effectively alienated major partners Dell, HP, and IBM (IBM). Publicly each of these companies say that they will continue to work with Cisco but privately they are mobilizing the troops. Both Dell and IBM now OEM networking equipment from Brocade (BRCD)and Juniper while HP is bolstering its ProCurve offerings with new products and partners. The rumor is that HP will no longer pay its sales reps commission on selling Cisco gear — that will certainly change selling behavior.

Cisco is a huge successful company with good products, great support, and some of the best sales and marketing in the industry. It also has done a great job diversifying into new areas like Telepresence, consumer electronics, unified messaging, and yes, even servers. Cisco is a machine that will continue to flourish but it clearly faces greater competitive and market pressures today than ever before.

Here are a few things I’ll be watching for over the next few quarters:

1. Layoffs or budget cuts in sales, marketing, or field support. This will tell me that margins are eroding, existing field skills are no longer useful, or Cisco is losing strategic battles.

2. “Back to basics” messages from John Chambers. If the ever-visionary Cisco CEO starts speaking to Wall Street in cliches like, “we took our eye off the ball,” or “we need to get back to basic blocking and tackling,” things are way worse than most people think.

3. Big acquisitions. If Cisco goes out and buys an F5 Networks, Riverbed, or ArcSight (ARST), it tells me that internal innovation can no longer keep up with the market.

4. Server deals. If Cisco wins large UCS deals, everything else will come along for the ride. If not, everything else will be challenged.

5. HP. If HP develops or acquires high-end networking equipment and new enterprise boss Dave Donatelli can instill an EMC-like sales culture at HP, Cisco will have its hands full.

Innovation, comodification, and competition are at the heart of the tech industry. Most industry leaders face these challenges from day one but Cisco through a combination of skill, luck, and lack of true competitors was able to tap dance around these pressures for a long time but no longer. Over the next few years, Cisco will be challenged like never before. It will certainly be interesting to see how it all unfolds.

Search
© 2011 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site