[wp_tech_share]

In this annual forecast blog covering our network security and SASE/SD-WAN services, we explore a pressing question for 2024: Will 2024 be the year traditional firewalls and branch access routing die in favor of SASE? As we embark on a new year, it’s crucial to examine how these longstanding network security and connectivity pillars are expected to respond to the rapid advancements and growing adoption of SASE (which we see as the combination of SSE and SD-WAN). Let’s dissect how these adjacent markets are expected to behave in 2024 and influence each other to reveal a complex narrative of give and take.

Firewalls Won’t Die in 2024 but Will Continue to Take Some Body Blows

In 2024, the overall firewall market is set to experience a modest, low-single-digit growth, mirroring its performance in 2023. This steady yet subdued growth trajectory reflects the market’s resilience amidst evolving challenges and the shifting landscape of network security. For example, after weathering a significant 16% drop in 2023, the high-end firewall market is expected to rebound slightly with a single-digit increase in revenue. This recovery, although modest, signals a stabilizing trend under the influence of broader economic conditions and a restart of purchasing by service provider customers.

Conversely, the midrange firewall market anticipates a single-digit decline in 2024 after growing solidly in 2023. This downturn highlights a shift in the fortunes of a wider swath of the enterprise market, which is expected to return to earth after robust growth in the past couple of years. The low-end firewall segment, in contrast, is forecasted to see a marginal 1% growth. This limited increase points to the segment’s challenge in adapting to the growing preference for cloud-based alternatives and the evolving requirements of hybrid work environments.

On a brighter note, the virtual firewall market is poised for a significant surge, expecting a nearly 40% increase in revenue in 2024. With impressive growth, it will represent nearly 15% of the overall firewall market, underscoring the sector’s growing importance in a cloud-centric world and its adaptability to protect distributed, dynamic environments.

Despite the varied performance across these segments, the overall firewall market’s persistence in achieving low single-digit growth in 2024 suggests a continued relevance and necessity for firewalls in network security, albeit in an evolving role and form.

Access Routing Will Become a Shell of its Former Self in 2024 if Cisco Gets Their Way in the SD-WAN Market

Access routing, a mainstay in enterprise networks, is undergoing a dramatic transformation, largely influenced by Cisco’s strategic push towards SD-WAN. With the sunsetting of its successful ISR 4k access routers and the introduction of the Catalyst 8000 series, which are optimized for SD-WAN, Cisco is steering the market towards SD-WAN. This shift marks a significant pivot from traditional access routers to more agile, software-defined networking solutions.

The impact is stark: access router revenue is expected to drop by over 30% in 2024 to $1.4 billion. This seismic shift underscores the industry’s rapid adaptation to the changing needs of enterprise networks, favoring flexibility and cloud integration over traditional hardware-centric models. As SD-WAN gains prominence, it’s clear that access routing, as we know it, is on the brink of a fundamental change.

SASE Will Buck Market Uncertainty and Crack $10 B for the First Time

In 2024, the SASE market is expected to continue its upward trajectory, bucking broader market uncertainties and achieving a record-breaking milestone of $10 billion. This growth underscores the rising importance of SASE as a cornerstone in modern enterprise networking and security strategies. The surge in SASE’s popularity is driven by its ability to seamlessly combine SD-WAN networking with SSE security into an integrated service. This integration increasingly appeals to enterprises seeking efficient, streamlined, and secure network infrastructures, especially in an era of distributed workforces and cloud-centric IT models.

2024 will stand as a landmark year for SASE, not just in terms of technological adoption but also as a strategic response to the evolving needs of modern network environments. Reaching the $10 billion mark is a testament to its growing significance and the industry’s shift towards integrated, agile, and cloud-centric network solutions.

As we analyze the trajectories of firewalls, access routing, and SASE in 2024, it’s clear that we’re witnessing a period of significant transition in the enterprise network and security landscape. Traditional firewalls and access routing are being redefined and challenged by the rising tide of SASE, which offers a more integrated, flexible, and cloud-centric approach.

This evolution is not just about technological change; it reflects a deeper shift in how enterprises view and manage their networks in an increasingly cloud-dominated, hybrid work environment. While traditional solutions will not vanish overnight, their role and relevance are being reshaped in the face of these emerging paradigms.

[wp_tech_share]

Today, the networking industry experienced a tectonic shift with HPE’s announcement that it has entered a definitive agreement to acquire Juniper for a cool $14 B. Juniper has long been known as a premier service provider router company, and, more recently, as darling in the enterprise networking space with the AI-powered MIST WLAN solutions. HPE has been in the networking industry even longer, going back to the 1980s, and most recently, a well-regarded enterprise networking player with Aruba campus solutions. However, both firms have a wider portfolio that spans the network security and SASE/SD-WAN technology landscape, which is my focus. Figure 1 below shows the technology segments I cover.

In this blog, I share some quick thoughts on what the merger may mean from the lens of the technologies I cover.

Key takeaways and my opinions on HPE’s acquisition of Juniper from the context of technologies I cover are:

  • The overlap between both is limited to SASE (Figure 2). Both have SD-WAN and SSE offerings to provide a single-vendor SASE solution:

  • The overlap in SASE should be straightforward to reconcile since HPE has a much larger business than Juniper. In 3Q23, HPE was the tenth largest SASE vendor by revenue and its business was nearly four times larger than Juniper’s SASE business (which occupied the 18th revenue position).
  • Outside of SASE, Juniper extends HPE’s reach into the DDoS, Firewall, Cloud Workload Security, and Distributed Cloud Networking markets.
  • My SWOT analysis
      • Strengths
        • Juniper brings a number of network security technology capabilities that HPE lacks.
        • Juniper’s reputation in the cloud and comms service provider space will help HPE’s overall credibility.
      • Weaknesses
        • Juniper’s network security market share is small compared to the big 3 of Cisco, Fortinet, and Palo Alto Networks
      • Opportunities
        • Quickly align behind Axis Security for SSE for both HPE and Juniper customers to accelerate uptake.  Juniper’s SSE solution relies on OEM’ed technology.
        • Enable the total HPE salesforce to sell all Juniper products.
      • Threats
        • Bungle the SASE integration and fall further behind
        • HP/HPE has had a troubled past trying to sell network security.  Juniper’s security business may further be marginalized.
        • HPE has had a checkered past with company acquisitions (Colubris wireless, 3Com/H3C networking, TippingPoint security). Aruba has been a bright star.

HPE has scheduled analyst briefings over the next several weeks to discuss today’s news. We keenly await to hear more, but until then, please feel free to reach out with any questions.

[wp_tech_share]

Today, Microsoft’s identity and access group made numerous announcements about its Entra product family. The Entra name was introduced a year ago (May-2022) to bring together the long-standing and well-respected Azure Active Directory (AD) franchise with Microsoft’s cloud infrastructure entitlement management (CIEM) solution. While Azure AD kept its name a year ago, today, it was changed.  Azure AD is now Microsoft Entra ID. The picture below summarizes the essential products part of today’s announcement.

Source: Microsoft blog

 

For me, the critical announcement today was Microsoft’s introduction of its new SSE solution anchored to two new products, Microsoft Entra Internet Access and Microsoft Entra Private Access, and an existing one, Microsoft Defender for Cloud Apps.

Source: Microsoft blog

 

Key takeaways and my opinions on Microsoft entry into the SSE space are:

  • Microsoft Entra Internet Access (EIA) provides SWG (secure web gateway) functionality.
  • Microsoft Entra Private Access (EPA) provides ZTNA (zero trust network access) capabilities.
  • Microsoft EIA is in public preview with limited functionality. It can only protect Microsoft 365 and Windows clients. General traffic protection, cloud firewall, threat protection, and support for other operating systems are slated for later this year.
  • Microsoft EPA is in public preview. No significant limitations were noted in today’s announcement.
  • Microsoft went out of its way to remain committed to supporting an open SSE ecosystem.
  • The naming scheme for Microsoft copies Zscaler’s naming scheme for equivalent products (Zscaler Internet Access [ZIA] and Zscaler Private Access [ZPA]). This is not the first time we have seen a vendor copy Zscaler’s product structure and naming. As they say, if you can’t fight them, join them.
  • CASB (cloud access security) requires a third Microsoft product, Microsoft Defender for Cloud App.
  • My SWOT analysis
    • Strengths
        • Unrivaled enterprise presence to facilitate awareness. Everyone knows who Microsoft is and generally enjoys substantial goodwill among its customer base. A large salesforce and partner ecosystem will open many doors.
        • Identity foundation. No other SSE vendor has the same identity vendor chops that Microsoft brings. SSE is identity-heavy, which Microsoft can exploit by owning the identity use cases end-to-end.
        • Azure Cloud. Most SSE vendors partner with cloud service providers like Microsoft Azure to stand up their SSE clouds. Whether cost models or the ability to exploit deeper integrations, the Entra team has a likely advantage.
    • Weaknesses
        • Severely late to market. Cisco, Palo Alto Networks, Symantec, and Zscaler have a multi-year start over Microsoft. Gaining momentum in a crowded market will take work.
        • No full SASE: SD-WAN still requires a third-party vendor. Single-vendor SASE vendors are gaining market traction.
        • CASB is still a separate product. Unclear how policy sets are defined, but from initial impressions, there will be no policy tie-ins with Microsoft Defender for Cloud App.
    • Opportunities
        • Costing model. Large enterprises that are strong Microsoft shops and take advantage of Microsoft’s Enterprise Licensing Agreement benefits could lead to significant uptake of Microsoft SSE solution.
        • Full SASE: Microsoft has strong networking chops that could facilitate servicing the full SASE opportunity, including networking and security.
    • Threats
        • Microsoft has a history of entering network security markets and then backing away. It tried entering the firewall market in the 2000s, then backed out, leaving customers stranded.
        • Rate of feature richness: Best-of-breed players likely will continue to drive faster innovation and feature richness.

Microsoft has several scheduled analyst briefings over the next month, including one focused on today’s SSE announcement in mid-August.  We keenly await to hear more, but until then, please feel free to reach out with any questions.

[wp_tech_share]

 

Credit: RSA Conference 2023

 

Last week was the RSA Conference 2023 in San Francisco, the annual gathering of security vendors and their customers to review the latest in cybersecurity. This year’s theme was “Stronger Together.” According to the conference, it was selected to highlight that when the cybersecurity community works together, it strengthens the community.  Over 600 vendors heeded the call to come together in the vast halls of the Moscone Center.  While I had no intention of meeting with even a tenth of the vendors at RSAC 2023, I did meet with nearly 30 vendors across a swath of the vendor landscape.  (If you are a client of my research services, I will shortly send an email with thoughts from my meetings.)

For me, RSAC 2023 ended up a glass-half-full and half-empty event. While there was tangible progress and innovation, it lacked the same buzz of the 2022 and 2020 editions (2021 was canceled due to the pandemic). In this blog, I examine the three reasons I believe this was.

1) Zero Trust, Data Security, and Software Security were hot buzzwords but no common winner across the show. Meanwhile, SASE/SSE lost some intensity.

 During the worst of the pandemic, the rise of remote/hybrid work and attacks on Internet-based applications caused the industry to rally behind SASE and runtime app security solutions.  But all good parties must start winding down.

SASE appears to have come down from an apex in the last couple of years because, at RSAC 2023, it was no longer a pivotal conversation. Perhaps there is some marketing fatigue, but other externalities are at play, such as a reduced number of full-time remote workers as some have returned to the office full-time.

Similarly, the hot discussion about runtime application security (such as API security) has spread out as part of the “left shift” movement to greater design/coding security.  Now, there’s a greater breadth and depth of solutions to consider as part of a comprehensive cloud application security that inevitably has shifted the conversation to more generalized concepts like data and software security. As a result, cloud application architects now have an abundance of tools to contemplate. But, unfortunately, where to start is daunting, and the market fragmentation isn’t making it any easier.

Beyond what I noted above for SASE and cloud security, there was the factor of increased macroeconomic pessimism. Enterprise IT is no longer on a spending spree as it had been just last year. For vendors, it seems to have led to playing RSAC 2023 conservatively.

2) AI (artificial intelligence)-drive ChatGPT is coming to security, but we’re just scratching the surface of possibilities with AI

Unless living off the grid, you probably have heard, or even have tried, ChatGPT, the chatbot driven by AI technology that eerily feels human. From passing law exams at the University of Minnesota to writing computer code, ChatGPT has shined a bright light on AI and generated many new discussions about the possibilities for AI. So, it wasn’t surprising to hear ChatGPT dropped by more than a few vendors at RSAC 2023.

ChatGPT wasn’t part of the formal vendor marketing messages on the show floor – the arrival of ChatGPT happened too recently have made it into any of the marketing  – but many vendors in discussions talked up adding AI-driven natural language processing (solution-specific ChatGPT-like chatbot engines). Natural language processing promises that it will make solutions easier to use and increase the effectiveness of security admins. For example, rather than hunting through dashboards or reams of events, the security admin will be able to ask questions such as, “Where is my greatest security risk?”

Though ChatGPT brought AI awareness to the masses, AI has been in play for several years in the security industry, specifically in threat detection.  One of the first examples I remember was the 2020 firewall announcement by Palo Alto Network. It added machine learning to the firewall to improve malware and phishing detection.  Since then, I’ve run across other examples of AI-powered threat detection.  Still, the maturity and power of AI-drive detection need to improve. Of course, human security researchers are still vital, but I suspect AI will incrementally enhance and reduce the reliance over time.

3) Applications and IT infrastructure security are still top of mind but were – unfortunately –worlds apart.

It used to be that IT infrastructure teams held the keys to the security kingdom since applications could only get deployed once the infrastructure team did so. Infrastructure owned the servers, storage, and networking that applications relied upon.

From a security perspective, infrastructure teams tended to put significant thought into the application data security lifecycle because, over many years, they had come to understand the security implications of data in motion, in use, and at rest.

However, applications teams hated having to wait for the infrastructure teams. The infrastructure teams lost most of the security control when the cloud-based paradigm arrived with its continuous integration/continuous development (CI/CD) on ephemeral infrastructure (also known as a cloud DevOps culture).  Applications teams could now do as they pleased without involving or waiting for the infrastructure teams.  But unfortunately, cloud application security is far from as mature as it had been in the traditional monolithic days involving the infrastructure team. Consequently, security posture has suffered and led to notable cloud breaches.  However, as the saying goes, necessity is the mother of invention.

The last seven years have seen a bumper crop of new cloud workload security vendors (from acquired startups like Dome9, Twistlock, and PureSec to more recent pure-plays like Lacework, Orca Security, and Wiz).  These vendors are in tune with application developers’ operations and have identified key points in their workflows to insert security. The space is evolving quickly, and seeing how many were represented at RSAC 2023.  For the interested reader, in October 2022, I put out my first Advanced Research Report on Cloud Workload Security detailing market evolution and TAM (total addressable market).

Nonetheless, it was disheartening how these two camps, the infrastructure and application security, literally lived in different worlds at RSAC 2023. The north expo hall had the infrastructure security vendors, and the south hall had the applications security vendors.  Enterprise infrastructure and application teams must work together for the common security good. Still, developing beneficial synergies will be impossible if the vendors they rely on occupy different worlds. In addition, because application development moves to be “cloud-native,” it doesn’t eliminate the need and possibilities with the enterprise infrastructure teams.

Yes, the glass was half full and half empty on several fronts at RSAC 2023. But, then again, nothing is ever perfect, nor will it be. So rather than ending on this bittersweet note, I’ll end on a positive and highlight that my conversations at RSAC 2023 were enthusiastic, rich, and insightful, which demonstrated that as we come together, we do get stronger.

I look forward to RSAC 2024.

[wp_tech_share]

In the new year, the time is ripe to reflect on our 2022 predictions and look to a fresh batch of 2023 predictions. A year ago, we made the following predictions for 2022:

  1. Only a minority of enterprises will fully deploy SASE in 2022, but all will force SASE of their vendors
  2. The physical Firewall market rebound will modulate, while cloud-centric security will continue to grow faster
  3. Firewall-as-a-Service will begin to cannibalize carrier-class Firewall physical appliances

On our first prediction, we believe we were right. SASE, an architectural IT direction to transform and unify WAN-centric networking and security for branches and remote users, continued to gain interest and traction. However, how the enterprises deployed SASE networking versus security technologies remained extremely disaggregated and on different timelines due to the difficulty of changing too many parts simultaneously. The implications for the technology vendors were that irrespective of whether disaggregated or unified–or even whether single-vendor or multi-vendor SASE–they had to demonstrate to customers that they could help them on their SASE journey today and into the future. In other words, vendors were forced to show SASE capability even if customers didn’t yet take advantage.

Our second prediction was a split decision. We were right that cloud-centric security–the SaaS- and virtual-based variants of network security solutions–would grow faster than traditional network security solutions. While there will always be a role for hardware, the ongoing shift to the cloud limits the role that hardware can play in the enterprise, particularly in the data center. However, as corporate networks–or even cloud service provider networks–footprint expands in size, hardware firewalls play a role. We are wrong about how much appetite the market still had in 2022 after robust 2021. 4Q22 numbers haven’t come in, but if current trends hold, the full-year 2022 revenue growth of the hardware firewall market will match the 2021 rates.

Our third and last prediction was the boldest, and we were wrong. We still believe that cloud-based firewalling can and will eventually put pressure on the highest tiers of firewalls (carrier class), but 2022 was a different year. However, at the branch or even small data center level, we did some start on displacing lower-end firewalls.

Gazing in our crystal ball, we have the following three predictions for 2023:

1 – Security spending to remain stable in looming economic storms

Most economists predict that in 2023 the worldwide GDP growth rate will be weaker at 2.1% compared to the actual 6.0% and expected 3.0% growth in 2021 and 2022, respectively.  Put in perspective, 2.1% growth would be the third weakest rate of growth in the last 20 years and only overshadowed by the Great Recession in 2009 and the Covid-19 drop in 2020.

While it would be folly to say security spend will break records in 2023, we expect it to remain stable against increasing economic storminess. Of late, security has and is expected to continue a board-level discussion and hence be a top investment priority. Attacks aren’t stopping even if the economy does. No CEO wants their mugshot on the nightly news because of a security breach.

2 – SASE to keep growing, but a split decision between networking and security components

SASE is the amalgamation of networking (SD-WAN) and security (security service edge [SSE]) technologies. Most enterprises have and will continue to purchase separate SD-WAN and SSE solutions to (eventually) integrate them to achieve the disaggregated form of SASE. We expect enterprises to continue to prioritize the security side of SASE but slow down the networking side as the economic pressure increases. As a result, we foresee the SSE-side of SASE to post another year of solid growth in 2023, but we anticipate that SD-WAN will see a marked deceleration in its growth.

3 – Increased cloud breaches to cause spending on cloud workload security to be over $6 B in 2023, which is over 4x higher than in 2020

This past Fall, we issued our first Advanced Research Report on the cloud workload security market, which goes by various names, including CNAPP, CWPP, and CSPM. We delved into this space because network security vendors have entered cloud workload security as a natural adjacency. We found a market in hypergrowth as enterprises that have or embrace the cloud find many new, thorny security problems. As a result, we expect that enterprises will have to spend the money and lead the cloud workload security market past the $6 B mark, which is 4x higher than in 2020.

A year from now, we’ll reevaluate and see what came true. Until then, all the best in the new year.

Watch This Video:

What’s next for SD-WAN, SASE, and network security in 2023?