Security service (SS) switches—an architecture, market, and term defined by the Yankee Group—are the dominant next-generation technology that will supplant security appliances in enterprise networks.
Enterprises’ migration from implementing security event detection products to deploying intrusion prevention solutions requires a fundamental shift in how enterprises design, deploy, and manage security solutions.
The convergence of multiple security services into a single SS switch architecture is not a new phenomenon. It is similar to the consolidation of bridges, hubs, routers, and switches in networking equipment during the mid- to late 1990s.
SS switches are superior to security appliances because they enhance security performance; security appliances are optimized for network performance, where throughput is valued over security.
The SS switch blueprint comprises three components: performance, security services, and management. The components can be on separate blades but must be provided in a single rack-mountable configuration collapsed into the same network-based chassis. These three components distinguish SS switches from rudimentary security appliances and position the switches as the intrusion prevention platform of choice for enterprises over the next 3 to 5 years.
Emerging vendors in the SS switch market include:
- Network Perimeter Vendors: Crossbeam, iPolicy, NetContinuum, TippingPoint, IntruVert, Fortinet, ServGate, Top Layer, F5, Mazu, Arbor, Riverhead
- Internal Network Vendors for Database, Application, and Web Server Security: Cryptek, Decru, NeoScale, Vormetric, Top Layer, Array Networks, Sevan Networks, Neoteris, Netilla, uRoam, Permeo Technologies
- Traditional Security Vendor Challengers: WatchGuard, NetScreen, and Symantec
This year, 25 percent of Fortune 100 companies will deploy SS switches. These switches will be the dominant network security architecture within 3 years. The incumbent network equipment vendors, including Cisco, Alcatel, Nokia, Siemens, and Ericsson, will acquire SS switch vendors by the end of 2004.
- Optimized security performance, multiple complementary security services, and security event management (SEM) provide the killer combination for SS switches compared to incumbent security appliance vendors.
- Integrating security services with SEM: A SEM module aggregates, correlates, and provides the enhanced security information that enables a superior view of the risk exposure from individual packets.
- Greenfield vendors make enterprises nervous. Since the dot-com bubble burst, enterprises are taking fewer chances with new products and immature companies.
- Products have not been deployed in larger enterprise networks and operated at multi-gigabit speeds.
Security Appliance Vendor Recommendations
- Stop buying appliances. The money saved today by buying a cheaper appliance will cost you tenfold in 2 years when you need to upgrade to an SS switch.
- Extend the time horizon for TCO calculations. Make TCO decisions on 3 years. Don’t base them on the lowest cost to purchase, install, and maintain for 12 months.
- Purchase product, installation, and tuning from the vendor as a package. This will lock in TCO for the product. It may be more expensive up front, but it will be much cheaper in the long run. Vendors are more qualified to tune the SS switch, which represents the largest hidden operational cost in year one.
- Plan a 3-year technology strategy. Plan your security life cycle for the next 3 years and match your needs to vendor product road maps. Plan your security, determine your security direction and architectures, and then buy to meet those needs.
- Require security appliance and SS switch vendors to integrate their products with SEM systems. If they cannot identify low and slow attacks, or don’t have a strategy that helps the organization reduce the security risk beyond the domain of the vendor’s point solution, then take them off the short list.
- Don’t let your incumbent network equipment suppliers tell you what you need.
SS Switch Vendor Recommendations
- Add additional security services. Make the transition to SS switch architecture.
- Integrate into SEM systems. Feed output from security services into SEM solutions so the simple security appliance will contribute to the enterprise’s risk reduction strategy.
- Change the pricing model. Deeply discount products and increase the price of maintenance. The next generation of threats and vulnerabilities will require security systems to update signatures and patterns of threat analysis rapidly. This expertise exists within the appliance vendor’s technical teams. Incumbent vendors can price it at a premium and sell it as their competitive advantage compared to the greenfield SS switch vendors.
- Exit the market quickly. Position the company to be acquired and look for new jobs.
Incumbent Network Equipment Vendor Recommendations
- Integrate into SEM solutions. Open up information and standardize it for easy integration into SEM systems.
- Add a SEM module to the switch. A SEM module enables faster analysis of suspicious behavior and allows the switch to prevent intrusions, even if the connection to the SEM system failed.
- Change the marketing message from intrusion detection to intrusion prevention. It is no longer sufficient to identify attacks. Enterprises must stop them.
- Sell product, installation, and tuning as a package. TCO justifies it and the customization required for the product to work effectively.
- Contract with security VARs to do installation and tuning. They most likely have relationships with customers.
- Do one function well and grow from demonstrated strength. Web traffic scanning, for example, is a security problem for enterprises because of the vacuum of attractive solutions. Concentrate on this one service and leverage this differentiator to show a 3-year road map and aggressively deliver SS switches.
Service Provider Recommendations
- Develop a 3-year SS switch road map.
- Accelerate SEM solutions into existing platforms.
- Buy SS switch companies.
- Choose SS switch solutions for customer-premise managed security service offerings. SS switches provide a platform that can deliver multiple managed security services such as firewalls, intrusion detection, content inspection, and IP VPNs.
- Deploy SS switches as carrier-based devices that will be the basis for a managed service offering. SS switches that are carrier based and can provide a range of security solutions from one network element are coming to market. This network equipment is installed once and then serves dozens of customers, further turbo charging gross margins.
The Yankee Group originally published this article on 2 April 2003