Cisco is #1 in appliance sales

Network World published an interesting story about Cisco’s attempts to keep the number 1 spot in sales of network security gear. (note that I emphasise the words sales).

The article includes several security pies, the kind I like. it also include an analysis of best of breed versus good enough sales.

In my opinion the article is missing one important factors: The departure of Nokia from the network security appliance market.

Cisco is indeed the undisputed leader in sales for the security appliances market. It’s retired PIX firewall was all times best seller. People simply liked the way it worked. The more recent acquisition of IronPort gave it a powerful weapon in the e-mail security market and it also allows Cisco to claim some DLP capabilities. Cisco is also #1 in sales of IPS gear. Take a look at the left pie. While there’s a huge market share belongs to the “other” vendors, Cisco’s slice is bigger than the combined slices of Juniper, Check Point, Nokia and Microsoft!

The other pies show how Cisco rules the network security market (again, in sales).  While the article does not mention emerging market it focus on the main.

The Security Pie

The pies that were provided by Network world also include large slices for Nokia and it also list Check Point. In my opinion, part of the reason Check Point has maintained its marketplace position was Nokia, more specifically , the Nokia appliances. While Check Point partners with other appliance makers, such as Crossbeam Systems, Nokia systems (which used to come from the successful Ipsilon Networks acquisition) was always favored (it probably requires deserves a separate post on how to build appliances).

In my opinion, the pie will be changed: On 29 September 2008, the mobile communications provider Nokia announced that it is negotiating to sell its network security appliance business unit to an unnamed financial investment firm. The plan is part of an overall Nokia move away from enterprise IT channels. (See also Gartner: Nokia’s Planned Security Sale Will Not Benefit Customers. PDF available here).

My prediction: next year’s pie will look different but not very different. I expect that the vendors that can execute well (i.e. Cisco) will be able to increase their market share.

Cisco is promoting Diego Rivas

Dave, a developer from Melbourne, Australia brings an interesting story . He was installing a newly purchased VPN product. When he loaded the VPN client software, he discovered that in the place of the usual boring software was an audio disk with 12 tracks of Spanish music (see Cisco\’s Hit). A lively discussion on Dave’s blog tried and successfully managed to identify the musician.  You can watch the video below.

Beyond the anecdotal story there are few things that we can learn from this incident. I’m not picking on Cisco specifically: In the past, one of the products that I was managing was built by very large OEM partner that was responsible for building the appliance, packaging, forwarding etc. Though it was very rare, we had few incidents when customer X received parts of a printer with his order (inside the appliance package), while another customer received the wrong CDs etc. Errors do occur and I believe that Cisco will do everything it can to learn from this manufacturing snafu and improve its quality assurance process. However from a security risk management point of view , this incident is a reminder to trust no one:

Every CD should be considered suspicious, even if it arrived inside a box that has the Cisco logo. Due to the popularity of Cisco’s gear there’s a second hand market and also some fake devices. Softpedia tells that even the United States government is reportedly using some 3500 fake Cisco-branded network devices, including routers, network switches and hubs. “According to the investigation results, the fake devices are worth up to $3.5 million.” 

Trust no one is the moral of this story.  On a side note, this story also explains why the DOD is investing so much money looking for the kill switch. 

Enjoy the music!

(Arik, What’s going on down there in Australia?, we’re getting a steady stream of weird reports recently  

My bikes

There are things that we just can’t forget: like riding a bicycle or even driving a car. I was accompanying one of our sales engineers the other day at a customer sites and felt the urge to configure a layer 4-7 switch. If my memory serves me right, the last time that I was doing something similar was in 2000. Yet, one stare at the Access User Verification prompt and my memory was loaded.

I’m sure that somewhere, someone is studying why there are things that we can not forget. I am more interested in the opposite question. Why did I remember how to configure this switch? No, it was not a Cisco switch. However since Cisco’s IOS, style has been widely copied by other networking products (including the one I was configuring), it was very similar.  ? show run conf t ena always work somehow in a networking environment. Like seeing a friendly face in a “networking” cocktail party before the conference is a bout to begin…

Thinking about my own experience, the networking instinct is smiler to the the bicycle instinct: Both were developed over time after many trails (including errors. Some were painful). The basic instinct to keep up balance is similar to the IT instinct to keep systems up and running. Bicycle manufacturers, like networking switch vendors are using a very similar “CLI” to operate the device. the only differentiators exist with the value added features (security, voip, routing, layer 4-7 filtering etc).

Is there a conclusion? Sure. If you want a networking device, make sure that it’ll use the common CLI verbage.