Now I’m a cynic by nature but there seems to be a fundamental transformation in progress here. Why? Because legacy data center networking equipment and operational processes are a mismatch for massive data center scale and dynamic cloud computing applications. ESG calls this imbalance data center networking discontinuity. The solution to this problem is fairly logical: Cloud platforms and server virtualization use software to turn hardware into a virtual platform. SDN, OpenFlow, DVNI, and even VMware VXLAN take the same approach.

To paraphrase the Monkees, I’m an SDN believer. Networks have to become virtual platforms that gracefully interoperate with cloud platforms like OpenStack. Provisioning new devices needs to be based upon a standard policy-based publish-and-subscribe model. Traffic engineering and security rules need drag-and-drop simplicity.

Pressing requirements, wide SDN adoption across the industry, and a new wave of engineering innovation will lead to an accelerated technology refresh cycle over the next few years. Yes, this has the potential to impact the networking status quo but I am reluctant to include hyperbolic terms like “game-changer” and “revolutionary” into my analysis for several reasons:

1. Network service providers and cloud computing service vendors are feeling the effect of data center networking discontinuity most acutely so it is logical for them to experiment with cutting edge technologies. Juniper proved in the 1990s that service providers are happy to take an alternative path if they see the potential to lower operating costs or increase ARPU so Nicira’s business model is spot on. By moving networking functionality to a virtual layer, Nicira gave itself a go-to-market advantage as it does not advocate a “rip-and-replace” hardware strategy (although it does turn feature-rich switches into an expensive transport layer). Still service providers feel the pain and have the motivation to move quickly.
2. Enterprises are not service providers and typically don’t have a team of network engineers to throw at a brand new technology. As a proof point, enterprise networking staff is finally comfortable with server virtualization although virtual switches retain the role of basic provisioning and access. Enterprises want a smooth migration path that addresses requirements and adds benefits over time without disrupting business operations.
3. What about software? This market will go a few ways: A new vendor could become the VMware of virtual networking by gaining a rapidly-growing market presence. With this position, it could become the networking software nexus with published APIs, SDKs, development partners etc. Alternatively, virtual network platforms could be based upon open standards or even open source a la Linux. In lieu of either of these models however, virtual network software becomes a proprietary game. Given Cisco’s market share, Cisco could turn Nexus into Windows and networking feature/functionality into Office. Regardless of the model, SDN will grow as a function of the software development community supporting it and that hasn’t happened yet.

The SDN market is very exciting but remains immature. I have no doubt that enterprise data center networks circa 2017 will look very different from the device-centric, manual process-driven model of today. How we get from here to there is a bit more difficult to forecast.

You can read Jon’s other blog entries at Insecure About Security.

via HP Rolls Out OpenFlow-Enabled Switch Portfolio | NewsFactor Network.

“Enterprise data centers are in the midst of a massive transformation driven by data center consolidation, server virtualization, Web-based applications and new security requirements, which our research indicates has created numerous network challenges that can’t be addressed with existing legacy networks and manual processes,” Oltsik said.

“OpenFlow holds the promise of breaking the logjam in network flexibility as well as paving the way for network innovation in the data center — and vendor support from companies like HP is crucial for advancing this technology in 2012.”

via HP Rolls Out OpenFlow-Enabled Switch Portfolio | NewsFactor Network.

In this first edition of ESG’s Behind the Findings program, Jon Oltsik, Principal Analyst and author of the ESG Research Report, U.S. Advanced Persistent Threat Analysis, offers his analysis based upon the results of his recent survey of 244 security professionals.

Advanced Persistent Threats (APTs) are defined as targeted multi-vector attacks usually initiated by a sophisticated and well-resourced adversary.   APTs are typically used as a means for discovering and stealing sensitive data. ESG is now in a position to better understand end-users’ familiarity with and opinions about APTs.

If you have any questions, Jon can be reached via e-mail at jon.oltsik@esg-global.com.

The show doesn’t start until 2/27 but you can feel the anticipation in the air across the whole security community. That’s a good thing since 2011 was an especially difficult year – some have even labeled it “the year of the breach.” Hmm, what happens if 2012 is even worse – which is not unlikely?

In any case, RSA is always chock-a-block with a number of common themes. Here’s what I am anticipating, as well as my editorial comment on each.

1. Threat/malware management. This is a very important topic as Advanced Persistent Threats (APTs) and other types of sophisticated malware demonstrate that our existing security defenses are inadequate. I’m hoping to hear some good intelligence about cyber adversaries, and discuss best practice modifications around security processes and defense-in-depth controls to address these increasingly dangerous threats. Interesting vendors in this space include Countertack, Damballa, and FireEye, as well as old guard companies like Sourcefire and Trend Micro but I’m interested in hearing from others as well.
2. Security intelligence. Security situational awareness is marginal at best at many enterprises. Why? Lots of firms don’t have the right skills or tools in place while others need visibility to more host systems, applications, and network behavior. As I’ve said many times, this makes security a big data problem (I’m on a panel focused on this topic) and I’m interested in learning how the industry plans to address this. I’ll seek out HP, IBM, LogRhythm, McAfee, and RSA on this topic.
3. Security services. With security skills in short supply, the security service providers must be seeing lots of activity. Good discussion for Symantec, Unisys, and Verizon.
4. Mobile security. Yeah, I know about the malware and poorly written applications and I do see a lot of interest in this space. That said, ESG has yet to see a lot of demand for mobile security technologies. I expect a lot of buzz over mobile security, even if no one is making any money.
5. Cloud security. A complex topic but all I anticipate seeing at RSA is simple and tactical solutions (unless I get an architectural overview from Amazon, Google, or Rackspace).
6. Data center network security. We’ve had firewalls, IDS/IPS, and gateway devices forever but network security is still a major area of investment for enterprises. Data center network security is particularly challenging these days as large organizations deal with massive data center scale, web-based applications, and server virtualization/cloud. Does anyone offer a highly-scalable physical/virtual data center network security architecture? Good question to bring up when I talk to Cisco, Check Point, and Juniper.
7. Enterprise security software architecture. In the client/server days, departmental applications were subsumed into enterprise ERP systems. This same type of integration/centralization has to happen with security technologies. Which vendors understand this and know how to build scalable software security architecture a la Oracle and SAP? My goal is to find out.

Like all other similar events, RSA has its share of cocktail parties, tradeshow gimmicks, and give-aways. Entertainment is certainly a big part of the event, but RSA is really about cybersecurity – a very serious topic. Before imbibing their fourth Mai Tai at a Hawaiian-themed party at the W Hotel, I hope that RSA participants think about recent security breaches at New York State Electric & Gas (800k customer records exposed), Zappos.com (24 million customer records exposed), and our security colleagues at Stratfor ,and then consider the real objective of this event.

You can read Jon’s other blog entries at Insecure About Security.

Of course, others took notice and wanted their own piece of the pie. Cisco came out with its ASA 5580 a few years back. Network security guru Sourcefire introduced a high-end hardware architecture and a firewall in 2011. Finally, Check Point jumped in with its own high-end hardware as well.

As if this space wasn’t crowded enough, F5 Networks threw its hat in the ring this week with the announcement that its Big-IP 11.1 software passed the ISCA Labs test for network firewalls.

This may seem like just another feature for Big-IP but it’s not. F5 has a unique position amongst its competitors because:

1. F5 is already in the right accounts. Big-IP is a staple product at large enterprises, wired/wireless carriers, and cloud service providers. F5 should be able to leverage these relationships to get a CISO introduction.
2. Everyone knows that F5 can build a high-end network hardware box. Like Juniper, F5 built its reputation on building high performance boxes that can scale. This status may get F5 on the evaluation short list right away.
3. F5 offers a consolidation play for the network. F5 sits behind the firewall but in front of a boatload of critical web applications. With a few network architecture tweaks, you can configure a Big-IP to perform firewall and ADC functions from the same box. This could simplify network architecture and operations.
4. F5 brings a new recipe for network/application security integration. With all the industry talk about next-generation or application-aware firewalls, F5 goes a step further. Big-IP can be configured for security and customized with iRules to offer extremely strong network/application security integration.

F5 has a lot of potential to alter the high-end firewall market but there is still work ahead. Remember that many people still perceive F5 as the load balancer company, so for F5 to succeed it must first demonstrate its network security chops. This means convincing its customers that it is committed to network security and that its product is as strong on security protection as it is on performance.

Finally, the introduction of a high-end firewall just made F5 an even more attractive acquisition target. With a current market cap of $9.5 billion, the list of potential suitors is small, but F5 would certainly add value to HP’s networking and security portfolio. IBM may be tempted to make a play since F5 makes sense from a security, data center, cloud computing, services, and WebSphere perspective. You could even make a case for Cisco to buy F5 but that’s the longest shot of all.

You can read Jon’s other blog entries at Insecure About Security.

via Unified Edge Fabric enhances enterprise mobility, BYOD support., Enterasys Networks.

via Cisco Ethernet switches make big leap to 40/100G.

It didn’t take long until both sides realized that things had changed. With the invention of the water-cooled machine gun and pill box fortification, human waves were not only ineffective, but also resulted in mass casualties. The sides adapted to this new reality with trench warfare, long-range munitions, and a battlefield stalemate for much of the war.

There are countless examples like this in the history of warfare where technology advancement forced tactical changes for both offense and defense. In theory, cybersecurity should behave in a similar way where new threats lead to new defenses and tactics. Unfortunately, however, things don’t always progress so quickly. Take Advanced Persistent Threats (APTs) for example. APTs have been in the mainstream since the Aurora attack was first exposed by Google in January 2010 but many organizations haven’t adapted defenses or tactics accordingly. Why? Several reasons:

1. Executives don’t get it. CISOs who lobby executives for more money tend to be faced with a rather cynical question: Why do you need to invest in new security technologies when we’ve already invested millions? This is like a WWI general asking why the troops needed shovels to dig trenches when they were already trained to charge the enemy.
2. Security staff wants a canned solution. In the past, each new type of threat (i.e., SPAM, spyware, DOS attacks, etc.) was addressed with a discrete threat management solution but this no longer works. APTs exploit the gaps between security defenses with 0-day vulnerabilities, credentials harvesting, DDNS, and homegrown encryption algorithms and transport protocols. Rather than a one-size-fits-all APT solution, enterprises need defenses for each stage of an attack.
3. If you can’t see the enemy, you can’t defeat the enemy. I’m sure Sun Tzu said something along these lines and it is certainly true in cybersecurity. The situational awareness tools in use today typically capture and analyze a fraction of the data needed. Many of these platforms also need custom coding and must be managed by highly-skilled security analysts. As a result, security intelligence remains an exclusive and elitist club.

In WWI, the military adapted quickly for two main reasons. First, they faced a life or death situation so there was a real sense of urgency. Second, armies are hierarchical organizations so when generals mandate changes in training and tactics, everyone else falls into line.

Like WWI weapons advances, we’ve reached a new era where our enemies are embracing new technologies and offensive tactics. We need to respond with appropriate changes in defense skills, and situational awareness.

Like it or not, we are engaged in a cybersecurity arms race, and our adversaries show no sign of fatigue. If your organization isn’t willing to recognize this, understand the enemy, and adapt accordingly, you may as well disconnect from the Internet before an inevitable attack.

You can read Jon’s other blog entries at Insecure About Security.

To assess these issues, ESG asked 280 networking professionals to respond to questions in areas including:

• Data center strategy
  • How many data centers do large organizations have today?
  • Are large organizations consolidating data centers?  If so, how many data centers do they hope to eliminate?  Are they consolidating discrete business unit data centers into multi-tenant mega-centers?
  • Are they extending applications or IT operations across multiple data centers?  If so, which specific applications and IT operations activities are being extended?
  • Is server virtualization a substantial component of their data center strategy?  How will the use of server virtualization change in the future?
• Data center networking environment
  • What types of data center networking architectures are in place today?
  • How are networks segmented?  Why is some segmentation done at Layer 2 and some at Layer 3?
  • What is the standard server-to-network interface today?  How will this change in the future?
  • What is the standard data center network cabling infrastructure today?  How will this change in the future?
  • How is networking equipment provisioned and managed?
  • What is the role of virtual switches today?  How will this change?
  • What is the impact of web applications on data center networks?
• Data center networking operations challenges
  • What types of network operations problems do large organizations face today?
  • What are the biggest network operations challenges?
  • Which network operations activities are most costly and time consuming?
• Data center networking adaptation
  • How is the networking organization changing to adjust to data center scaling and operational requirements?
  • Are large organizations adopting new data center networking technologies?  If so, which ones?
  • Are enterprises implementing converged data center networks (i.e. common network for storage and data traffic)?  If so, why and how?
  • What changes are taking place in order to support more server-to-server web application traffic within the data center?
• Data center networking strategy
  • Which data center networking technology innovations are users aware of?
  • Are enterprises interested in data center network fabric architecture?  Will they implement data center network fabrics over time?

For more information on the contents and findings of this report, please download the executive summary below.

ESG Research Report Data Center Networking Trends Executive Summary

Click the picture for a PDF of the Data Center Networking Infographic.