My colleague Neil MacDonald blogged about the convergence trends in end point protection platforms (EPPs) here as part of defense in depth. Host and network security have very different needs, and the convergence trends are different. Network security convergence is very different, as he states. Enterprise network security won’t be served by a single device.
For small and lower midsize businesses or branch offices, having a lot of safeguards in the same appliance is good as the performance tradeoffs don’t hit hard at this scale, and the limited infrastructure ability make having point products a show-stopper. Really loading up your VW Bug once a year with that furniture from IKEA is not fun but doesn’t warrant buying a truck, and running your furniture delivery business with the Bug is not going to work.
Host products have to work with the processor they are given, whereas network products bring their own performance optimization gear with them in the appliance. At the enterprise scale, it turns out that for the foreseeable future one box can’t do it all: despite some vendor FUD there is no UTM for the enterprise. There are real difference in the operations centers, and the kinds of inspection these products do. There is also a significant divergence at this scale between the point product capabilities between the different vendors. I have seen vendors sizing 10 Gbps all in one products to serve 200 Mbps connections. Any savings of having fewer appliances is swamped by the higher sticker price this box brings versus point products sized for that connection. And you get network point product class protection.
By network point product class protection, I am referring to the different cross-product trends Gartner sees at the network: don’t see companies being a leader in all of the firewall, IPS, email security and SWG Magic Quadrants. This means if you want really good enterprise network security, you won’t be able to get it all from one network vendor. Don’t get extend this trend to other markets: the observation is specific to the network.
Below is a slide I’ve been using for some time to show how convergence is different between the horizontals:
(Image © 2009 Gartner, Inc. and/or its affiliates. All rights reserved)
There are a few exceptions and variations depending on the use-cases(URL filtering con move to NGFW, branch offices have some differences with SMB…). Also, the IPS offerings in the firewalls today are generally inferior to the point IPS products, however that is a short term qualitative difference.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.