The high-end of the firewall market has really been dominated by two companies: Crossbeam Systems (with Check Point Software) and Juniper Networks. Over the past few years, these two firms won most of the high revenue/high margin enterprise and service provider deals.
Of course, others took notice and wanted their own piece of the pie. Cisco came out with its ASA 5580 a few years back. Network security guru Sourcefire introduced a high-end hardware architecture and a firewall in 2011. Finally, Check Point jumped in with its own high-end hardware as well.
As if this space wasn't crowded enough, F5 Networks threw its hat in the ring this week with the announcement that its Big-IP 11.1 software passed the ISCA Labs test for network firewalls.
This may seem like just another feature for Big-IP but it's not. F5 has a unique position amongst its competitors because:
- F5 is already in the right accounts. Big-IP is a staple product at large enterprises, wired/wireless carriers, and cloud service providers. F5 should be able to leverage these relationships to get a CISO introduction.
- Everyone knows that F5 can build a high-end network hardware box. Like Juniper, F5 built its reputation on building high performance boxes that can scale. This status may get F5 on the evaluation short list right away.
- F5 offers a consolidation play for the network. F5 sits behind the firewall but in front of a boatload of critical web applications. With a few network architecture tweaks, you can configure a Big-IP to perform firewall and ADC functions from the same box. This could simplify network architecture and operations.
- F5 brings a new recipe for network/application security integration. With all the industry talk about next-generation or application-aware firewalls, F5 goes a step further. Big-IP can be configured for security and customized with iRules to offer extremely strong network/application security integration.
F5 has a lot of potential to alter the high-end firewall market but there is still work ahead. Remember that many people still perceive F5 as the load balancer company, so for F5 to succeed it must first demonstrate its network security chops. This means convincing its customers that it is committed to network security and that its product is as strong on security protection as it is on performance.
Finally, the introduction of a high-end firewall just made F5 an even more attractive acquisition target. With a current market cap of $9.5 billion, the list of potential suitors is small, but F5 would certainly add value to HP's networking and security portfolio. IBM may be tempted to make a play since F5 makes sense from a security, data center, cloud computing, services, and WebSphere perspective. You could even make a case for Cisco to buy F5 but that's the longest shot of all.
You can read Jon's other blog entries at Insecure About Security.