I was actually in Ann Arbor last week when news broke that Arbor Networks had acquired Ellacoya a so called "deep packet inspection" technology vendor. I was perplexed. That's not security.
First let me clear up some terminology. "Deep Packet Inspection" was the term some Gartner analyst popularized to describe what content filtering gateways do. They inspect content for worms, attacks, and viruses. Somewhere along the line the traffic shaping industry(Ellacoya, Allot, Sandvine) co-opted the term to describe what their devices do: look at the packet header to determine what protocol is being transported and throttle the throughput based on protocol. In other words Quality of Service for network traffic. These devices do not look at payloads at all except in some rare instances when you have to determine if Skype-like programs are spoofing different protocols.
And then there are the Netflow companies (see "Getting to know Netflow") that had been using existing packet monitoring capability to provide an analytical view into a network's traffic.
It appears that once again I am going to be a lone voice in objecting to this merger. First of all, when a privately held company like Arbor makes an acquisition it is usually at a fire sale. In other words, my guess is that Ellacoya was having trouble getting traction in a very competitive field. So maybe this is a classic "leverage existing customer base to sell more tools" play. My only problem with this is that it further dilutes the security message.
Every merger is a huge risk. Many companies have entered their death spiral soon after attempting to merge two dissimilar product portfolios. The sales force gets confused over conflicting messages (would you like some traffic shaping with that DDoS defense?) The customer gets confused. And the competitors move in.
All I can hope is that this is a technology acquisition and that Arbor will continue to evolve its security message. Switching gears and going after the Sandvine's is a mistake. Arbor has survived one downturn in the telecom space. Last time around they created enterprise products to tide them over. I am afraid that with the telecom recovery they have neglected their true strengths for the easy pickings. If, as seems likely today, the telecom industry is entering another recession Arbor should be looking for enterprise security opportunities, not doubling down on the carrier.