According to Sholmo Kramer, the CEO of Imperva, there are three pillars of enterprise security: endpoint security, network security, and data center security. Symantec and McAfee are the leaders in endpoint security, Palo Alto in network security, and Imperva in data center security. Palo Alto Networks pioneered the Next Generation Firewall and App-ID, a feature that detects the types of applications flowing through the network, as opposed to identifying traffic by protocol or port.
Imperva is leading the data center security segment, through innovation, being the first company to identify the need to protect information assets in the cloud, and building a product set to satisfy that need. There is a forth pillar to the security model, with no clear-cut leader. Since the segment is still in infancy, yet to fully mature, I’ll call this pillar “Global Edge Security” (GES).
The Four Pillars of Enterprise Security
- Endpoint Security – Symantec and McAfee
- Network Security – Palo Alto and Checkpoint
- Data Center Security – Imperva
- Global Edge Security – Incapsula, Akamai & Zscaler
Global Edge Security
The Global Edge Security pillar is a work-in-progress. There are two requirements to be considered a player in this tier; first, the company needs to have a global network of POP’s, with a presences at some of the major Internet peering exchanges. Second, the company needs to offer some form of security beyond the standard WAF.
That’s why content delivery networks are a natural fit for this category, because they have a global POP infrastructure in place for delivering content. The reason why the fourth pillar is needed is simple. Currently, critical data is protected from the endpoint device, through network, to the corporate data center. However, if the corporate data center is in one location, once the packet leaves the data center, packet visibility ceases.
With the fourth pillar, packet visibility continues to the furthest part of the world, close to the last mile, near the packet destination. Thus, the fourth pillar enables companies to have end-to-end packet visibility, from the endpoint device, through the network, through the corporate data center, and through the POP closest to the destination. Currently, there are three companies in this category: Incapsula, Akamai and Zscaler.
Akamai, Incapsula, and Zscaler go about solving the same problem in different ways, with different value propositions. Akamai addresses the need with it’s CDN assets, Incapsula with its CDN assets and Imperva type technology, and Zscaler with a new cloud infrastructure built from the ground up for this occasion.
From a technology standpoint, the products in the 4th tier include the router, with its built-in functionality to thwart DDoS attacks, web application firewalls, Netflow appliances that offer packet capture and packet analysis, IP Reputation Database, and lots of bandwidth to withstand 100Gbps+ attacks. These tools are sufficient in protecting against DDoS attacks, layer 7 attacks, botnet attacks, and some advanced persistent threats (APT). However, there is one important piece missing from this list.
Global Edge Security Platform with Artificial Intelligence
The missing piece is the platform with built-in artificial intelligence, that continuously learns its surroundings, detects breaches in real time, and responds to attacks while they’re in progress. In other words, an Aorato and Fortscale type technology is needed for the edge. When it is developed, it could plug into the system back at corporate, forming an enterprise platform with end-to-end artificial intelligence and packet visibility. As far as the technology that is needed to create this edge platform, that is a discussion for another post.