Gartner Blog Network


Don’t Confuse Convergence Trends Between Host and Network Security, and Enterprise and SMB

by Greg Young  |  March 6, 2009  |  2 Comments

My colleague Neil MacDonald blogged about the convergence trends in end point protection platforms (EPPs) here as part of defense in depth.  Host and network security have very different needs, and the convergence trends are different.  Network security convergence is very different, as he states.  Enterprise network security won’t be served by a single device.

For small and lower midsize businesses or branch offices, having a lot of safeguards in the same appliance is good as the performance tradeoffs don’t hit hard at this scale, and the limited infrastructure ability make having point products a show-stopper.  Really loading up your VW Bug once a year with that furniture from IKEA is not fun but doesn’t warrant buying a truck, and running your furniture delivery business with the Bug is not going to work.

Host products have to work with the processor they are given, whereas network products bring their own performance optimization gear with them in the appliance. At the enterprise scale, it turns out that for the foreseeable future one box can’t do it all: despite some vendor FUD there is no UTM for the enterprise.  There are real difference in the operations centers, and the kinds of inspection these products do.  There is also a significant divergence at this scale between the point product capabilities between the different vendors.  I have seen vendors sizing 10 Gbps all in one products to serve 200 Mbps connections.  Any savings of having fewer appliances is swamped by the higher sticker price this box brings versus point products sized for that connection.  And you get network point product class protection.

By network point product class protection, I am referring to the different cross-product trends Gartner sees at the network: don’t see companies being a leader in all of the firewall, IPS, email security and SWG Magic Quadrants.  This means if you want really good enterprise network security, you won’t be able to get it all from one network vendor. Don’t get extend this trend to other markets: the observation is specific to the network.

Below is a slide I’ve been using for some time to show how convergence is different between the horizontals:

ngfw

(Image © 2009 Gartner, Inc. and/or its affiliates. All rights reserved)

There are a few exceptions and variations depending on the use-cases(URL filtering con move to NGFW, branch offices have some differences with SMB…).  Also, the IPS offerings in the firewalls today are generally inferior to the point IPS products, however that is a short term qualitative difference.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: 

Greg Young
Research VP
6 years at Gartner
22 years IT security

Greg Young is a research vice president in Gartner and the lead analyst for network security. Mr. Young has experience in IT security in product companies, and in both the private and public sectors. He spent his military career in technology security… Read Full Bio


Thoughts on Don’t Confuse Convergence Trends Between Host and Network Security, and Enterprise and SMB


  1. Agree – it all gets down to effectiveness first, then efficiency. When two different ways of stopping threats are equivalent, then efficiency rules. But if one approach is considerably better, then effectiveness rules. The All in One Firewall or UTM is fine for the low end but not effective enough for the high end.

    What we’ve been saying at Gartner is there are some natural platforms that make sense, like End Point Protection on the desktop and NGFW at the network level and Web Security gateway at the web level and Email Security Gateway at the email level. Those platforms align with the needs of those who own and operate them, but also with how threats work, as well. Over time those platforms will each absorb related areas – but it will still be small innovative vendors who come up with the early solutions to new threats.

    The emergence of new threats is always going to mean we are going to have multiple products for a while – we used to show this by illustrating different phases of a threat hype cycle. The cost of a single serious attack succeeding is almost invariably higher than the cost of deploying the additional protection for the interim. The key is to force your platform vendors to obey Murphy’s law and keep absorbing those new protections without raising your cost.

  2. […] also this blog post here on the three silos of convergence of point […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.