This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."
Download it now to read this article plus other related content.
Sound familiar? Welcome to the downside of consolidation! It's living proof that bigger is not always better and that capitalism exists to serve businesses' profit margins, not the customer. Practically every one of us who works in the security industry has had this experience--for the simple reason that only about 25 percent of security products last longer than five or six years without some major life-threatening event. Most of us have had a product suddenly go extinct--to be followed shortly by a sales
| call from the vendor that fired the fatal shot--in spite of the fact that we depended on it and paid 20 percent annual maintenance.
I'm not saying consolidation is always bad; sometimes you'll see a good match between a standalone technology and a large vendor that can sell, support and maintain it better. But the sad truth about our industry is that there are too many products vying for the available niches. Each time some new technology becomes the hot topic, there's a brief flurry of Darwinian activity, one or two really good products rise to the top, and then the scavengers move in to gobble up the weak and stupid. Here's the problem--there's just no room in any given security product niche for 10 venture-backed startups chasing the same group of customers. Now that venture capitalists are less interested in security (we're back to being a backwater!), the number and size of new niches is shrinking.
The reality is that the IT security industry exists to serve itself--not the customer. Whenever we forget that, we're bound to be frustrated by our experience. Consolidation is an inevitable result of what happens when you have big players that cannot innovate, and too many startups innovating on a tight venture-fueled schedule. If you look at it from the industry perspective (or the venture capitalist's), it makes perfect sense that the industry will go through this boom-and-bust cycle.
What does it mean for customers? To me, it's the best argument for do-it-yourself or integrating open source technologies into your product choices. Remember: the big argument that's levied against open source is "Who is going to maintain it?" That argument stacks up pretty neatly against, "Is this product going to exist tomorrow?"
This was first published in March 2008