We Will Be Assimilated. Unless We Are Secure Computing.

Matasano Team | March 31st, 2006 | Filed Under: Industry Punditry

I’m a huge fan of these consolidation posts from Steinnon. It’s just got to be true that firewalls aren’t consolidated! There’s still 77 vendors in the space!

To prove Steinnon’s statement to myself, I sanity-checked his list, evaluating all the vendors and re-segmenting the industry (I don’t think Steinnon represents his list as a real industry analysis). And, with apologies to Frances McDormand, I’m not sure I agree with you a hunnert percent on your policework, there, Richard. Here’s what I found:

  • There are 5 indie enterprise firewall vendors (if you don’t count Check Point as “indie” and you don’t include ISS). Their combined revenue is a rounding error relative to the Big 3 (Cisco, Juniper, and Check Point).
  • 65 of Steinnon’s 77 firewall companies sell products you can actually buy. 3 of them sell products you can buy if you live in China. One of them is the number 1 security company!, and will kick your ass. Another 6 of them will return your phone call only if you are a vendor looking for an OEM deal.
  • 15% of them are all-in-one appliances, like Fortinet, which is a new category in which content virus scanning is the flagship feature and “firewalling” is as relevant to the platform as it is to a Netgear prem box, which brings us to
  • the 13% of the vendors who sell boxes that are customer prem connectivity devices first and firewalls second (or third), such as Efficient and 2Wire. This is a segment you enter with a cheaper DSL chipset, not a better security solution.
  • Another 13% of that 65 is the web-app vendors. This is a real space, and it’s not consolidated, but nobody buys a Teros box instead of Check Point or Juniper. The same goes for Barracuda, who positions against IronPort, not Juniper.

I’ll post my analysis of the list later on this evening, but my read from Steinnon’s raw data is this: perimeter firewall is very much consolidated, and unless you’re an open-source product with traction, you’re kinda crazy for going after it.

I see a lot of value and potential in the “niche” space, but it’s unfortunately represented in the Steinnon 77 by an X.25 firewall (keeping Telenet safe from the evil forces of Dr. Dissector and NUAA!) and something called a “modem firewall”.

I’m biased here, but I’m pretty sure I’m biased in favor of Steinnon’s argument; I just don’t think the facts bear it out.

No comments yet. Be the first.

Leave a reply