There was a story in the news recently where one prominent network security vendor was accusing another vendor...
of infringing on its patents regarding firewall technology. Our organization is considering purchasing the allegedly infringing product, but we don't want to have the product be discontinued or significantly changed down the road. Is this a legitimate concern?
Ask a question
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
I assume you’re referring to the ongoing patent dispute between Juniper Networks Inc. and Palo Alto Networks Inc. over next-gen firewall technology. The intellectual property issues in question here are likely to remain entangled in the courts for quite some time, so I wouldn’t wait for them to be resolved before making your decision.
Almost every technology vendor out there has some sort of ongoing patent litigation and, more likely than not, they are on both sides of those lawsuits. Except in unusual circumstances, such as a small vendor with its core technology threatened, I would not let the gathering patent storm clouds influence your vendor decision in any major way. Some lawsuits gain widespread publicity because prominent individuals or vendors are involved, but most disputes of this nature proceed under the radar until they reach a quiet resolution.
In this particular case, there is little risk that Juniper’s accusations will drive Palo Alto Networks out of business. Firewalls are Palo Alto’s “bread and butter”, and it is not going to exit that market without putting up the fight of its life. The most likely scenario is that the two companies will reach a settlement that involves some one-time payment or a licensing of the technology. These are issues that may affect stockholders’ perceptions of the firm, but should not affect them from a security professional’s point of view. Even in the worst-case scenario, where Palo Alto is somehow forced out of business or into an acquisition, there is too large of a deployed base out there for the product to be completely abandoned. Juniper, or some other vendor, would probably assume support responsibilities for the line.
To be clear, the worst-case scenario described above is highly unlikely. Since this particular legal battle isn't slated to go to trial until early 2014, barring a settlement, it will remain in the headlines for a while. That said, while it's worth noting when it's time to make a purchasing decision, it shouldn't be a determining factor either way.
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.