Displaying articles for: 08-22-2010 - 08-28-2010
SearchNetworking.com had a thought-provoking article yesterday by Shamus McGillicuddy about Cisco’s network security strategy. The concern that the market has is that, “As Cisco Systems expands into selling servers and consumer electronics, the company is also abandoning key security products, leaving some customers questioning its overall network security strategy.”
Freelance blogger and network architect Greg Ferro, who was at our network blogger day events earlier this week, commented in the article, "I have people questioning Cisco's viability in the market. The other vendors are pouring on the FUD as Cisco pulls out. It seems like they are throwing away market share."
As an HP enthusiast, it would be easy to jump on the bashwagon, but that would be too easy. Instead I’ll focus on some important points customers are facing today and some important decisions the HP security team is making.
Notably, these moves by Cisco are an acknowledgement that the network security market is very challenging, and evolving rapidly. In Cisco’s defense, they probably made some very early bets on security technology that didn’t pan out the way they hoped, notably Security Information and Event Management (SIEM), which they acquired, and NAC, which they developed largely in-house. That’s not to say there aren’t important features here, but they aren’t big growth generators. As security solutions are becoming more complex and addressing a wider range of threats and policy enforcement capabilities, it’s going to be difficult for large vendors to maintain a lead in all areas.
Since you can’t lead in all areas, major vendors like HP and Cisco will have to do three things: 1) paint a strategic direction for customers so they can invest long term, 2) focus on differentiating technologies where they want to lead, and 3) partner well. HP Networking is becoming more successful in each of these areas, especially since the acquisition of 3Com and TippingPoint. For example, TippingPoint is still the perceived leader in the IPS space and we continue to grow our investment here accordingly, focusing on our differentiation, and deepening the integration with HP. HP is also partnering in a number of areas where we don’t have industry-leading solutions, such as branch office UTM appliances.
HP is also taking the lead in security for virtualized data centers, which is a strategic direction for us and our customers. In my last blog post, I went into some detail about our Secure Virtualization Framework (SVF) which was very well received during our blogger day festivities, and stood out as a strong strategic advantage for HP Network Security. We will continue to define the technology direction here for the market, particularly as it relates to the data center. We don’t expect to invest in “me too” products that we’ll have to abandon later as they lag best-of-breed solutions.
But the security market is changing rapidly, particularly as security services that could be applied at desktop endpoints now are migrating into the network infrastructure (Intel, are you listening?). Shared networks, all the way up to multi-tenant clouds are shifting the way we have to think about network security and apply security policies. More and more, the network is becoming the focus for security enterprise wide. Expect more changes to come, and more shifting landscape in the network security space from all vendors.
I had an opportunity to talk to Manfred Arndt about HP Networking's UC&C or Unified Communications and Collaboration strategy, and called into Manfred's #HPNetworkDay presentation to listen to the discussion.
The session started with a lively debate over the definition of UC&C - and whether it is best delivered as a service via public clouds; or as an enterprise offering through a IT hosted by the enterprise as a private cloud. The point was also made that one size does not fit all, and that UC&C requirements vary depending on your business needs, the individual role within an organization, and demographic/geographic preferences – for example, with a hospital taking advantage of wireless voice and location based services, but a call-center needing a completely different set of applications. Greg (@etherealmind) suggested that his iPhone delivered enough UC&C for his needs.
Click through to the article to read more about how UC&C isn't just voice or video, how an open standards-based network is critical to support UC&C, and how you can build the business case to move to UC&C. The slides from the presentation are embedded at the end of the post.
I’m excited to be one of the hosts for HP’s Tech Bloggers Day(s) this week (Aug. 23-24, Twitter hashtag #HPNetworkDay). The list of blogger attendees includes: Jeremy Gaddis (http://evilrouters.net), Greg Ferro (http://etherealmind.com), Alex Williams (http://www.readwriteweb.com/enterprise), John Obeto (http://absolutelywindows.com), and Andy MCaskey (http://sdrnews.com). Naturally, I’ll be covering HP Networking’s recent security news and strategy, particularly our focus on the data center and recent news about security virtual environments and our Secure Virtual Framework (SVF).
Security for virtual environments is known to be a challenging technology, and it’s increasing in importance as organizations continue to consolidate their data centers, while both server and network virtualization becomes ever more prevalent. I usually sum up the problem for audiences by pointing out the dichotomy of having the industry’s leading in-line IPS appliance from TippingPoint, and the challenge of placing any physical device “in-line” in a virtualized data center environment where: 1) applications and virtual machines are always migrating between hosts (if not data centers) and 2) may not even hit a “real” network when two virtual machines on the same host share east-west traffic that, by policy, should be analyzed and secured. Security devices, of course, whether an IPS or Firewall, have to be in-line with the network flow to enforce policies and block malicious traffic.
There are few optimal solutions to this challenge, and even fewer standards between the various constituent vendors, but the approach developed by HP TippingPoint is rather elegant in design, simple to deploy and manage in large data centers, and takes advantage of the best features of our S-Series IPS appliances. The SVF consists of: 1) a highly scalable N-Platform IPS appliance, 2) a software layer deployed into the Hypervisor that redirects relevant traffic (per the security policy desired) to the external (outside the host server) IPS box, and 3) management extensions to the VMware management platform that manages and configures the virtual machines and hypervisors and defines the security policies to be enforced.
In the case of two applications resident on the same server host, this kind of traffic redirection introduces some network hops that may not otherwise be required, but the overall latency is extremely minimal when you consider that only the east-west traffic ever would require inspection (north-south traffic can be handled as it enters the data center), and that only certain east-west traffic applies, depending on application zones and policies. This inspection policy may apply to only PCI-related data accessed from applications outside a particular trust zone, which the redirection engine in the hypervisor can determine and redirect.
Arguably (and this is why technology is so fun, there are always design issues and points of contention, aren’t there?), a better approach could be to put an entire IPS in software in the hypervisor or the virtual machine itself. This may result in better overall performance, but greatly depends on the amount of traffic being inspected and what is being analyzed by the IPS. The HP TippingPoint appliances are purpose designed for high-throughput and parallel processing of various analytical filters that no software-based IPS can compare to. But ultimately, both approaches are valid and customers will want to have the choice.
We look forward to the vigorous debate, sharing more details, and a demo of SVF for our blogger guests, as well as sharing more details and strategy of our HP TippingPoint S-series product family.
Editor's note: We captured a short video of Gary just after his presentation in which he summarizes what he discussed: