In just over half a year, COVID-19 has made its presence felt far and wide.  But it has been capricious.  The pandemic has caused severe illness for some individuals, while in others causing no symptoms. With 1Q20 squarely in the rear-view mirror, our data shows that the network security market experienced a similar phenomenon.  On the whole, the network security market paused in 1Q20 and registered small growth of just under 1% Y/Y.  But within the individual four product segments including Content Security, Application Delivery Controller, Firewall, and Intrusion Prevention Service, we track, 1Q20 played out very differently, with some seeing significant growth and others a marked deceleration:

The content security segment was the strongest as it accelerated to 16% Y/Y growth in 1Q20. Within this segment, we include secure web gateway products, which count remote access connectivity among its feature sets.  Before the pandemic, few enterprises were capable of supporting all employees as teleworkers.  There was no precedent.  With the pandemic turning most employees into full-time telecommuters’ virtually overnight, enterprises had to augment their remote connectivity infrastructure quickly.

Moving to a neutral segment, which experienced both growth and deceleration tension, was the application delivery controller (ADC) segment. While ADCs posted a modest revenue growth of 3% Y/Y in 1Q20, individual vendors experienced mixed results.  Some vendors saw overall revenue acceleration, while others hit headwinds.  There was no single factor that determined whether a vendor experienced tailwinds or headwinds.  There were at least three factors we identified, including uses cases serviced, market verticals sold into, and geo region exposure.

In the negative-neutral territory was the firewall segment, which experienced a marked deceleration in 1Q20 when compared to recent history. While still in the positive territory at 3% revenue growth Y/Y, it was not close to the high single or low double-digit growth we have typically seen.  The number of projects paused outnumbered the ones that went forward. In some instances, those that went ahead were reactionary projects caused by the pandemic.  For example, we heard from VARs and system integrators that small teleworker firewall appliances sold well and exhausted all available vendor inventory quickly.

Lastly, in negative territory was the intrusion detection service (IDS) and intrusion prevention service (IPS) segment with a Y/Y revenue decline of 4.2%. To be fair, the IDS and IPS market had already entered its twilight years before the pandemic’s arrival.  With IPS features in firewalls becoming good enough, the standalone IDS and IPS market has been under pressure for several years.  The pandemic added an extra layer of headwinds as remaining IDS/IPS projects got put on pause.

Looking at the rest of 2020, we expect it will continue to be a bumpy market, but cautiously optimistic that network security will be one of the first IT markets to bounce back.  Pandemic or not, IT security has been and will continue to be a top business imperative.  We do not see demand vanishing outright, but do see some continued project delays, as well as priority shifts between different product segments, as evidenced in 1Q20.  We are currently updating our 5-year forecasts, and in an upcoming blog will dig deeper into longer-term expectations.

To learn more about Dell’Oro Group Network Security and Data Center Appliances market research program, please check out the Network Security page for more information.

For several years now, we have been watching the SD-WAN market push through the growing pains and the ups and downs that new technologies typically encounter. As end users became more educated about SD-WAN technologies, use cases, vendors’ solutions, and the cost-benefit that solutions provided, the market grew at a remarkable rate.

In 2019, SD-WAN moved through the early adopter phase and expanded by more than 60% for the third consecutive year. Manufacturer’s revenue surpassed $1 billion, and 2020 was shaping up to be another solid year. Then the COVID-19 pandemic hit the world in an unprecedented manner, and cast a dark shadow on the SD-WAN market’s growth prospects.

How does the pandemic change the market’s potential?

We believe that the momentum of the SD-WAN market will be dampened over the near term, but there are a number of technological and business attributes that provide the basis for a positive long term outlook.

In the first quarter of 2020, the SD-WAN market grew by double-digits, but the growth rate decelerated considerably due to supply chain disruptions and end user purchase hesitations at the start of COVID-19. The lower growth rates will persist for some time, and we expect that over the next 12 months, some enterprises will defer plans to adopt SD-WAN, and severe financial distress will permanently eliminate deployment plans for others. However, over the longer term, we believe that SD-WAN is a compelling technology solution that many businesses will adopt despite the economic pressure resulting from the pandemic. At a high level, the SD-WAN market has these factors in its favor:

• SD-WAN sales should accelerate as macroeconomic conditions improve, but the flip side is that demand for legacy technologies such as standalone branch office routers will likely erode at a faster rate.
• SD-WAN is largely a software subscription-based business model whereby a vendors’ revenue is recognized on a recurring basis over multiple-year periods. As companies attain a critical mass of SD-WAN deployments, revenue streams are less susceptible to quarter-to-quarter fluctuations and more predictable.
• SD-WAN technologies are deployed by enterprises and by service providers, and the use cases for each are quite different: enterprises build infrastructure for internal business operations, and service providers construct infrastructure for revenue generating services. The SD-WAN market will benefit from the diverse demand and investment cycles the two customer sets.

But aren’t more people working from home?

In order to mitigate the spread of COVID-19, governments around the world have instituted lockdowns that force millions of people to work from home instead of travelling to their places of employment. These policies have both short term and long term effects on the SD-WAN market.

For the short term, some SD-WAN deployments will be delayed due to facilities being underutilized or inaccessible. Human and financial resources are being diverted to enable and support people’s ability to work from home. For the long term, we expect that a portion of the work force will continue to work from home rather than return to facilities, and that the number of existing work sites or branches will be reduced to align with the redistributed work force.

The workforce redistribution may present new opportunities for SD-WAN technologies. There is the possibility of a change in work facilities with an increase in smaller, less dense locations that creates additional demand for SD-WAN. Some people working from home may benefit from or perhaps require a SD-WAN solution. New technology and solution developments for work from home use cases will emerge, and these solutions may potentially reshape the reach and scope of SD-WAN solutions. To what extent these solutions are additive or substitutive to the SD-WAN market size is an open question that we will monitor closely.

Will all vendors gain from the market’s growth?

In 2017, Cisco and VMware plunked down more than $1 billon combined to acquire SD-WAN startups Viptela and VeloCloud, respectively. The acquisitions set the stage for the vendor landscape to consolidate around these two companies with deep pockets and several companies with best-of-breed SD-WAN solutions. Our market share research shows that the market opportunity is narrowing to a smaller set of vendors, with more than 75% of the 2019 market revenue concentrated amongst eight vendors.

Now the question is, will the COVID-19 pandemic accelerate SD-WAN vendor consolidation? To be clear, predicting the timing and players of consolidation is a fool’s errand, but we can point to some of the conditions and indicators that potentially accelerate the change in vendor landscape.

• There are more than 50 vendors touting SD-WAN technologies, and it is unlikely that the SD-WAN market will be large enough to sustain the number of vendors that currently offer solutions. The competition for end user mindshare and spending will be fierce.
• The global recession and ongoing macroeconomic uncertainties caused by the pandemic will place financial pressure on all SD-WAN vendors. Not all companies will have the resources to support ongoing business and technology developments required to remain competitive.
• In times of turbulent and unpredictable circumstances, the “flight to quality” becomes a common approach to technology investments. This type of conservative business decision making will drive demand to those vendors perceived to have strong and stable business models.
• Consolidation can occur in many forms. In addition to mergers and acquisitions, we expect some vendors to deemphasize, downsize, or terminate their SD-WAN solutions.

There is no doubt that the COVID-19 pandemic is disrupting the SD-WAN market in ways that were completely unexpected just six months ago. Because the SD-WAN market is a relatively young, it has the ability to adapt its technologies, solutions, and business models to this unprecedented disruption. We look forward to keeping you apprised of how this market evolves.

Since 2017, no fewer than ten vendors have launched Smart Network Interface Cards or Smart NICs. The Smart NIC market is projected to become a $600 M market by 2024, or 23% of the total Ethernet adapter market. Vendors have developed or are developing innovative solutions to gain entry in the expanding Cloud data center market, and the emerging telco edge market.

Smart NICs, with an on-board processor, can provide a wide range of offload benefits in the following scenarios:

• For a Public Cloud service provider operating a large-scale data center, Smart NICs could free up valuable CPU cores to run business applications for the end-user, potentially enabling higher server utilization.
• Smart NICs are offered to meet a wide range of offloads. Some of these include transport and storage protocol offloads such as RoCE, TCP, NVMe-over-Fabrics.
• Certain classes of Smart NICs are programmable and can be tailored for a wide range of applications and retooled to meet new requirements.

Smart NICs, however, are not without drawbacks and the following areas would need to be addressed before we see broader adoption:

• Smart NICs are priced at a significant premium over that of a standard NIC. This price premium can be 5-10X higher given the same port speed and need to come down especially for volume production.
• Smart NICs can draw anywhere from 20W up to 80W of power, which is not non-consequential on a per unit server basis.
• Given the programmability and complexity of Smart NICs, they can consume significant engineering resources to develop and debug, resulting in a lengthy and costly implementation.

Given the above considerations the major Cloud service providers and IC vendors have developed Smart NIC adapters based on different IC solutions: ARM-based SoC, field programmable gate arrays (FPGAs), and custom ASICs. Each of these solutions offers varying degrees of offloads and programmability. In general, ARM-based SoCs and FPGAs are fabricated with programmable cores and can be adapted to a wide range of applications. However, the drawback of the programmability is the greater extent of engineering resources and lead time needed to bring the products to market. Custom ASICs tend to be hard-coded with customization generally limited to vendor-provided application tool sets. As products start to ramp and the market reaches consensus on product definition, we expect the following three categories of Ethernet adapters to emerge: 1) traditional or standard NICs, 2) non-programmable Smart NICs that are ASIC-based, and 3) programmable Smart NICs, that are ARM-based or FPGA based.

Network IC vendors that either currently have Smart NIC adapters or are planning to launch one have a wide range of solutions and target market segments. Notable vendors include Broadcom, Ethernity Networks, Intel, Marvell, Mellanox, Napatech, Netronome, Pensando, and Xilinx. The major Cloud service providers have developed their own solutions, further fragmenting market.

Our long-term outlook of the Smart NIC market by market segments is as follows:

• Top 4 U.S. Cloud: In 2019, the Top 4 U.S. Cloud service providers, with Amazon in particular, drove more than 90% of the Smart NIC market by port shipments. This may be a challenging market for Ethernet adapter vendors to enter given that some of these Cloud service providers are likely to continue to develop their own solutions.
• Other Cloud: These segments include Chinese Cloud service providers, such as Alibaba and Tencent, and Tier 2 Cloud service providers such as Apple and Oracle. As these companies scale data center capacity higher, Smart NICs could be a solution to enable higher utilization. These companies may not necessarily have the resources to develop their own Smart NICs, and are likely to seek 3^rd party solutions from adapter vendors.
• Telco Operators: This segment is increasingly looking to shift core network services to run on x86 servers, thus, Smart NICs could be used to offload network function virtualization. Certain adapter vendors are also targeting the emerging edge computing market as well, as Smart NICs is complementary to multi-access edge computing (MEC) nodes to satisfy low-latency requirements.
• Enterprise: Generally, enterprise data centers tend to operate at a smaller scale, and would have less incentives to maximize utilization. Many enterprises would also rely on vendors to provide a solution with software implementation in place. Certain workloads, mainly enterprise storage arrays, are being developed with Smart NICs to facilitate NVMe-over-Fabrics connectivity.

As the Smart NIC markets continue to evolve, we believe the success of each vendor depends on whether its solution is a worthwhile upgrade over standard NICs from a performance, price, power consumption, and implementation perspective in their respective target markets. In 2020, activity level is high, as vendors work with end-users to complete product evaluation cycles. We expect to see volume ramp from a greater mix of vendors next year, as some of the short-comings mentioned above are addressed, realizing the benefits of Smart NICs.

Every year vendors rally around certain words and the RSA Conference 2020 was no different. It had been about ten years since my last RSA conference after regularly attending in the 2000s. After nearly 40 hours of meetings and vendor conversations at Moscone Center in San Francisco, I kept hearing how vendors were inventing (or reinventing) themselves to deliver SASE, SD-WAN, Zero Trust Networks, and/or SOAR with a sprinkle, or even a good helping, of SaaS.  Let’s break down what’s behind the buzz:

1. SD-WAN (Software Defined – Wide Area Network):

On the first day, the IT gods gave us routers for each branch office and expensive dedicated links. Eventually, businesses got tired of paying the high price for dedicated links. Plus, they wanted to improve the user/app experience that at times could get unstable, full of lag and generally poor. Behold: the SD-WAN routing solution was developed that can make snazzy forwarding decisions based on rich set of inputs, including user, app, latency, congestion and more, to deliver better user/app experience over cheaper commodity Internet links. It turns out many of these SD-WAN solutions also aim to provide network security. But many are not as effective as pure-play security solutions, such as FW/NGFWs.  Just so happens that the barrier to entry to implement SD-WAN isn’t like doing carrier routing. Thus, several security vendors have added sufficient routing capability to claim SD-WAN functionality.  At RSA 2020, I had some good discussions with Fortinet and Palo Alto Networks, both of which are investing heavily in the space.

2. Zero Trust Network:

Back in early 2000s I helped get Network Access Control (NAC), an ancestor to Zero Trust Networks, off the ground. I ran the IETF RADIUS extensions working group, which developed some of the open authentication standards leveraged by NAC and, now, Zero Trust Networks.  While NAC flamed out for being ahead of its time, I found Zero Trust Network solutions at RSA conference as a more usable, superset form of NAC solutions from my yesteryear.  Zero Trust Network solutions are all about implementing a multi-segmented network by orchestrating between endpoints, access edge (campus, branch, cloud user edge), and applications/data being accessed.  At RSA 2020, the folks at Cisco and Juniper Networks walked me through their campus network solutions.

3. SaaS (Security-as-a-Service):

While most think SaaS equals Software-as-a-Service, I prefer to think of it as an acronym for Security-as-a-Service. Boxes/appliances will never completely disappear, but the clear trend is to deliver services as a service where you want it and how you want it. Whether it’s NGFW/FW, email security, ADC/WAFs, web gateways, IPS, DLP, or ATP you can get it in a SaaS model, whether it’s a virtual machine, hosted service, or true pay-as-you go offering. Every vendor at RSA, or least everyone that wanted to be hip and cool, had a SaaS play.  This is a very exciting space for security vendors that I plan on digging deeper here at Dell’Oro.

4. SOAR (Security Orchestration, Automation, and Response):

Everyone at RSA 2020 wanted to SOAR in some way. But to my mind, SOAR boiled down to the cool new name for a central dashboard for policy, visibility, and analytics. Fifteen years ago, we called SOAR’S predecessor the “Single Pane of Glass.” But with a decade and a half of refinements, SOAR seems to be soaring higher than the pain caused by the early-gen single panes of glass. At RSA 2020, I noticed the focus on bringing together a vendor’s product/solution portfolio with complimentary, third-party solutions. It looked like vendors had finally internalized the maxim that security can’t and shouldn’t always be delivered by a single vendor. Like SaaS, every hip vendor had a SOAR-type offering, whether or not it was referred to as SOAR.

5. SASE (Secure Access Service Edge):

I saved the SASE (pronounced “sassy”) kid for last. As the new kid on the block, SASE is in that awkward phase that all young buzzwords/markets go through when industry lacks black-white clarity on what’s in it and who’s delivering it. This reminds me of the days when early cloud providers were hammering out the technicalities of IaaS, PaaS, and SaaS.

From what I can tell, we’ll continue in the storming and form phase a bit longer. But through the dust I can see that SASE, at its core, is anchored by an in-the-cloud gateway service. Thus, at minimum, SASE will replace on-prem security web gateway appliances with a side helping of Cloud Access Security Broker, Data Loss Prevention, applied threat intelligence, and even FW/NGFW capabilities brought together under a single administrative panel. At RSA, I had the pleasure of talking with the zScaler, Cisco, Palo Alto Networks, and ForcePoint SASE teams.

In future blogs, I’ll dig deeper into why I think these ideas caught wind. But for now, keep an eye out for a year filled with SASE security clouds over SD-WAN and Zero Trust Networks with some SaaS and SOAR… at least until RSA 2021. If you attended RSA 2020 and have different takeaways, drop me a note at mauricio@delloro.com. I always appreciate other perspectives.