I take a lot of calls from private equity and wall street analysts seeking to get educated on various aspects of the IT security industry.
One of the benefits of spending ten years researching and analyzing a market is that I have developed a simple high level view of of a rapidly changing industry. That change is within a very rigid framework. Understanding the framework provides the insight needed to understand where the market evolved from and where it is going.
There are four segments of the security industry: network, end point, data, and users. Not only are these four buckets good for categorizing the 1,200 vendors in the space but they provide a “red flag” for the analyst.
If a particular technology, or even vendor, attempts to encompass more than one of these categories watch for trouble in their go-to-market and sales strategies.
Network security is primarily gateway security: the firewall. But wait, you say, what about IPS? What about access control? What about URL content filtering and network anti-malware? Aren’t those separate products, categories, industries? NO! Those are features in the gateway security product.
As always, during times of rapid change in an environment, in this case the rise of targeted attacks and state sponsored hacking, there are point products that are the first to provide a response.
But industry dynamics force the established vendors to add the capabilities of the point products. And customers, overwhelmed by the need to manage multiple solutions from multiple vendors, gravitate towards established vendors that can provide comprehensive protection in a managed platform.
One such vendor is NetASQ, the leading European UTM (Unified Threat Management) vendor. Born as an IPS solution NetASQ rapidly leveraged their ability to do deep packet inspection, (or, as IDC terms it, complete content inspection) to apply policies based not just on source-destination-port, but on content of assembled packet streams.
It is well worth your time to hear NetASQ’s story as related by it’s CEO, Francois Lavaste, in this interview.
As you listen to Francois, compare his story to that of the so-called Next Generation Firewall vendors who have settled on a subset of network protections to define NGF, namely IPS and application awareness. Yet, UTM encompasses NGF, and indeed most of the NGF vendors also include URL content inspection, and anti-malware features.
When selecting your next gateway security solution, assemble a set of features and capabilities you require (or already maintain), then compare that to the offerings from the vendors regardless of the terminology they choose to describe their product. Next Generation Firewall and Unified Threat Management are two names for the same thing.