RSAC: Networking and Security Convergence Redux


By: R. Scott Raynovich

SAN FRANCISCO—For years, we have been hearing about the convergence of networking and security. At this year's RSA Conference in San Francisco, the trend was much discussed again. So we have to ask: Is it getting real this time?

To a certain extent, networking and security have already made progress in converging. Take a look at the huge growth in the secure-access service edge (SASE) and software-defined wide-area networking (SD-WAN) markets, which Raymond James analyst Simon Leopold recently identified as the fastest growing markets in enterprise networking. SASE, which emerged from SD-WAN, converges application-level security with networking at the edge.

But yet, we need to go deeper. SASE, which mostly concerns branch-level security and not multicloud networks, only scratches the surface of what can be done with fully distributed security. The reason networks are frequently identified as the linchpin to better security is because they transport all the data, most frequently in the form of packets traversing Ethernet and IP-based networks. Look more carefully inside them and analyze them better, the theory goes, and you'll have deeper, distributed security—across the enterprise network

End Users Need More

There are few reasons why this is the time and place for deeper, distributed network and security convergence. End users are starting to push back on cybersecurity armageddon—unlimited threats with unlimited vendors looking to sell you something.

Consulting firm McKinsey recently estimated the damage from security breaches will approach $20 trillion by 2025. McKinsey also estimated that global organizations are spending upwards of $20 billion a year on cybersecurity, with growth of about 12% per year. And they're losing!

With the endless parade of the “alphabet effect”—the emergence dozens of cybersecurity point products with different acronyms—converging networking and security has growing allure. Palo Alto Networks CEO Nikesh Arora recently referred to "pricing fatique" as security practitioners are assaulted by hundreds of cybersecurity point products. In fact, some of the red-hot network security stocks such as Cloudflare (NYSE:NET), Fortinet (NASD: FTNT), Palo Alto (NASD: PANW), and Zscaler (NASD: ZS) have cooled as sales growth slows.

Another factor is the growing diversity and distributed nature of enterprise networks. Most networks now include a hybrid blend of private infrastructure, encrypted Internet links, and connections to and across the major cloud services. Multicloud means that network boundaries are difficult to define. The distributed cloud network model needs a network that is more secure at the packet level.

This network-security convergence theme ran strong this week at the RSA Conference (RSAC), where the urgency appears to have grown. When I caught up with Shailesh Shukla, the recently appointed CEO of networking and security company Aryaka Networks, he pointed out that as a pioneering SASE and SD-WAN managed services provider, Aryaka is uniquely positioned to deliver secure networks for enterprises

“It’s all about the convergence of networking and security,” Shukla told me in an interview. We’ve done the hard part, which is the global infrastructure. So now we have built and will continue to offer more integrated security services as part of it.”

Another CEO, Kelly Ahuja of Versa Networks, is also embracing the convergence theme—a technology approach that Versa has pursued since its founding by providing cloud-based distributed security products as well as networking that can run either on premises or in the cloud.

“We did it in the WAN edge, then the cloud, and now the LAN,” Ahuja told me at Versa's RSAC booth. “We have SD-LAN with zero-trust built in. Security and network have to converge. Bad actors are going to come in through the network, at the edge. Where is the edge? It's everywhere.”

Of course, Aryaka and Versa aren't the only companies talking about network and security convergence. Palo Alto will pursue this trend with its "platformization" strategy, as it bundles and integrates network and security products ranging from firewalls to cloud security. Private company Cato Networks, a hot IPO prospect, is converging SD-WAN, SASE, and a suite of security services with a global private network backbone. Networking market leader Cisco is making attempts at unifying its security strategy, and it recently announced something new called "Hypershield," although the packaging of its dozens of security and networking products are still confusing to its users, according to our research. There is also promise in the multicloud networking market, where vendors such as Arrcus, Aviatrix, F5, Graphiant, and Prosimo all point to the promise of securing multicloud networks at the packet and applications level.

In our own research with end users, they are looking for ways to combine security and networking for the sake of convenience, efficacy, and cost. Return on investment (ROI) is a major consideration. If you can combine the cost of both networking and security, it's a win-win. We recently affirmed this in a Leadership Brief project with Aviatrix demonstrating how end users can save money by combining distributed cloud networking with to cut down on the high compute costs of cloud firewalls and network address translation (NAT).

Reordering the Networking Market

If this trend continues, which I expect it to do, it has large implications for both the networking and security markets. While Palo Alto’s Arora speaks of pricing fatigue, I also see vendor fatigue—customers regularly assaulted by the marketing from thousands of security vendors, many of whom have the same technology.

It’s best to think of it in these terms: Worldwide organizations need both connectivity and security, but they don’t necessary care about where they get it. And why not buy it together? While the vendor community is obsessed with analyst quadrants describing as many acronyms as possible—such as Secure Web Gateway (SWG), cloud-access service broker (CASB), or next-generation firewalls (NGFW)—end users just want a secure connection to applications.

The explosion of cloud applications such as software-as-a-service (SaaS) and has accelerated this need. Cloud meant that more users were connecting from many different places, including through the Internet. COVID brought more remote and hybrid work connectivity. Connections multiplied. Security needs to be everywhere.

With this model advancing, I expect more rapid consolidation in the cybersecurity markets. Firewall vendors such Palo Alto, Fortinet, and Cisco headed in this direction by scooping up SD-WAN startups to create the SASE category. The Zero Trust Network Access (ZTNA) category has already been deemed a feature, not a market. And now we seeing other elements of convergence, such as the adoption of extended detection and response (XDR) and Data loss and prevention (DLP) as part of networking suites.

You can expect more of this product jostling and repositioning to occur, as both vendors and security service providers position as the most comprehensive mix of connectivity and security features. Whether this is delivering a better life for networking and security practitioners is yet to be determined, as they continue to be swamped with attacks.

Let’s hope the vendors are going to make a real effort in good faith, rather than just moving the food around the plate.