John Katsaros

It's the time of the year again when the RSA Conference comes to town. It's always an interesting event as security companies get to strut their stuff. The market for security products has changed radically -- five years ago the threat landscape drove infrastructure gymnastics and lots of spending as IT managers wanted to avoid being on the front page of tomorrow's newspaper. But today's threats, although more lethal, are not as visible in the media, causing repercussions among security vendors as they're trying to learn how to sell in this new environment. It was really frustrating last year when speakers at the RSA Conference talked about the consolidation that was going to occur in the security market as weaker companies would be consumed by the stronger guys. Rather than preaching these gloomy self serving messages (self serving because it's the big company guys who get to do the keynotes) we're hoping that in this year's speakers come up with some good ideas as to how the security industry can provide greater customer value -- like in making products that are so valuable to customers that they'll buy them.

The first thing that comes to mind when you look at Cisco's purchase of IronPort is whether or not this is, finally, going to be the beginning of a direct confrontation between Cisco and Microsoft.  Up until now, both companies have nimbly avoided the appearance of a head to head battle despite the fact that they could go into direct battle in several areas (such as NAC and NAP).  And it has probably been a wise decision on the part of each to avoid a fight -- especially since most enterprise customers consider each to be strategic and would prefer them figuring out ways to work together.  But the IronPort acquisition positions Cisco directly against Microsoft's new Exchange 2007 Edge Server, a product built specifically to fit into the DMZ and reduce/eliminate the need for third party mail cleansing products.  Cisco might argue that their products apply more broadly than to just Exchange, but the spending in the market tells a different story as Exchange spending far exceeds the sum of the other enterprise e-mail systems.  Maybe this point wasn't that obvious to Cisco when it decided to enter this sector of the business -- up until recently, Microsoft didn't have much of an e-mail hygiene story.  But in the past Exchange 2007 is barely out of the starting gate -- it's going to be fun watching to see how this showdown shapes up.

This week the rhetoric that we typically hear in the security space suddenly took on new and, unfortunately, scary turn.  It's been pretty common to hear security software companies make claims that there are some "really bad guys" out there that are capable of doing "really evil things" -- we've heard that frequently enough that it blends into the marketing hype that comes from security companies.  But we heard an interesting story about a security startup that recently shut down when, after its products proved to be successful against some bad guys, the startup's founders were sent death threats that couldn't be ignored.  That unfortunately presents a new security axiom -- if a vendor is too closely associated with a cure then there's the added threat of retaliation from the germ.