Security Vendor Question

I get a lot of feedback that Symantec or Palo Alto can do this and that or the other thing and working on amazing things. My response is fine, but will their solutions replace a single appliance, or reduce the number of appliances a customer needs to buy?

An internet security report is defining the aspects of what makes cloud and internet security modern. Scaling is one such issue. According to the report it states the following:

Scaling isn’t accomplished anymore by expanding existing appliance structures, but rather must be performed by the system itself. When demand increases, more virtual resources are used…As such, it is no longer necessary to buy new appliances or replace existing ones.

This seems like death to a company like Palo Alto. And the only feedback I get is very narrowly focused. “Palo Alto provides cloud security…” yeah but they never get to the point that they only provide the security on the edge where they cannot otherwise sell hardware appliances. Their cloud package does absolutely nothing to limit the number of new or replacement appliances needed. Thus, by definition Palo Alto does not offer modern scaling, except with its edge product.

So my question is, is any company out there other than Zscaler or iBoss (that is relevant, I don’t care about some start up with $10 million in revenues) creating a solution that enables the elimination of having to buy new appliances to scale and the need to replace old appliances on the upgrade cycle that the industry has lived on?

For me, that is the definition of whether or not, in the long run, a company will remain relevant 5 to 10 years from now in this industry.

Thank you for anyone who may have some insight here. To my knowledge the answer is there is no one else, except of course on the limited edge usage areas where appliances cannot practically be used anyways, and thus would never be sold for that edge purpose.

Tinker

Hip boots on, wading in…

Scaling isn’t accomplished anymore by expanding existing appliance structures, but rather must be performed by the system itself. When demand increases, more virtual resources are used…As such, it is no longer necessary to buy new appliances or replace existing ones.

Let’s first recognize that this is an intentionally narrowly-focused, self-limiting definition. There is no virtual scale-up without a physical scale-up somewhere.

When “more virtual resources are used” then somewhere someone has to “buy new appliances.” Put simply, there’s some Amazon (or Google or Microsoft) server farm management team/software/process that is monitoring the overall load and if it is going to increase, Amazon buys/builds and installs new server appliances. If you’re running on your own private cloud, you’re doing that analysis and purchasing and installation yourself.

ZScaler runs its own cloud infrastructure, which they tout as consisting of “150 data centers on 6 continents.” So, as ZScaler signs up more customers and traffic increases, ZScaler must naturally be buying new server appliances for those data centers (and probably adding new data centers with new appliances as well). ZScaler enables their clients to not worry about scaling up because their customers are paying ZScaler to do that just as people using AWS are paying Amazon to scale as necessary.

In many ways, the discussion is similar to the public vs private cloud decisions companies do for a lot of computing. The public cloud is convenient and stable. But, it’s also more expensive than a well-managed private cloud in most cases. For many things at many companies, out-sourcing cloud computing capabilities is worth the extra cost, particularly if your need scale up and down or are less predictable. But, cost savings isn’t really what ZScaler is about, as far as I know.

I see the argument to ZScaler being less about buying or not buying appliances, but whether the on-premise appliance solutions are good enough and cost effective enough. I don’t know the security world that well - it may be that the purpose-build security appliances being sold are too expensive, too hard to setup, and too hard to monitor and maintain. But, even if that isn’t true, it seems that the ZScaler solution has superior attributes regardless due to how it works - and no amount of on-premise hardware can replicate that

Note that with ZScaler, all traffic is routed through ZScaler’s infrastructure (the nearest one of the 150 data centers), even traffic wholly internal to a company. That’s why ZScaler is so careful to tout their “resiliency, redundancy, and fast performance,” because there’s a potential that such routing could slow things down for companies. The traditional internal network is literally kept internal and so is very very fast. Access for remote people/processes is then accomplished through a VPN (Virtual Private Network), which definitely slows things down - but only for remote access.

With the traditional private internal network, the idea is that you trust everything on that internal network. That helps make it fast, too. But, these internal networks are not air-gapped from the internet. People that access internal databases also read email and browse the internet. So, you rely on firewalls and such (appliances) to keep people that don’t belong out. But, that fails sometimes, and that’s where ZScaler should have some advantages.

So, ZScaler means you’re not only outsourcing your hardware requirements, you’re getting a higher level of security since ZScaler is examining everything for authenticity before passing them along. Overall, I think the latter is more important than the former, even if both are good aspects.

If third party reports, customer reports, and Zscaler presentations are accurate, as you speculate, Zscaler is both more cost-effective and more efficacious.

As you also state, however, cost is not the #1 criteria. Security is. Palo Alto appears to be the high cost vendor. Bluecoat is by far the high cost vendor in cloud gateways.

I am actually looking for a reason to sell some Zscaler. Not finding any from fundamentals or competitive factors.

One Zscaler presentation from an oil company vendor shows a slide where they went from 50+ threats a day to 0-2 threats a day once they switched to Zscaler. They also said they got this increased security while saving $2 million a year, plus not having to worry about dynamic provisioning for scaling, upgrading software, user experience issues (particularly if you bolt on SSL inspection - with one executive stating that he had better user experience under dial up AOL {before Zscaler, using appliances}, far more financial flexibility (when oil prices crashed they could not afford to update their software, and when they needed to expand they couldn’t afford to buy yet another, but larger appliances, and if they did, what would they do with the perfectly good, but smaller appliance), and before Zscaler mergers and acquisitions were much more difficult trying to integrate security.

I probably forgot a few attributes. And no, no other provider eases these pain points but Zscaler. I don’t know who their original vendor(s) were. Obviously it would have been one or more of the current leading vendors (Checkpoint, Symantec, Palo Alto, Cisco).

So, at least the claim is made and supported by multiple sources from Zscaler to third party expert reviews (retained by other vendors, and not paid for by Zscaler), and customers, that along with everything else Zscaler provides improved security at lesser cost. Not that Zscaler is cheap, but it has better cost per GB than any other vendor in the enterprise market and yet appears to provide materially better security and user experience.

Zscaler announced some interesting new products last month. One is this B2B product. Third parties are a big security risk (as they are not likely to strictly comply with your security procedures), but third party vendors need access to your systems. Zscaler has in beta a product that enables you to give third party vendors access to your system, without changing your directory, through Zscaler (so they cannot be lax in complying with your security procedures), thus fixing a huge pain point in both information sharing and security.

I have no idea if anyone else provides a product like this. If they do, if they do with such low maintenance and lack of friction.

The product also prevents theft of information from vendors (as one example).

Doesn’t matter in the end unless they grow sales, but I am having a hard time finding any fundamental reason to not just hold or even add.

Tinker

Actually, I believe you have the speed issue backwards. I read recently, from an article posted on this board, that ZS is faster than communications going through in house security.

Gordon

ZS is faster, and far faster if you inspect all data through SSL encryption.

Zscaler has given many a demonstration on this topic and customers have confirmed.

Tinker

As you also state, however, cost is not the #1 criteria. Security is.

Security is not cost free, the proper way to look at cost is holistically, enterprise wide. The reason the economy has gone from vertical integrations (do everything in-house) to horizontal value chains is because the latter is the more effective way to run modern business. There are cases where keeping processes in-house makes sense and the generic way to look at it is to keep “core” in-house and farm out “context.” The simplest example I can cite is McDonald’s cooking their hamburgers (core) and hiring Fuller to maintain clean restrooms without which they cannot function (context).

Comparing the cost of ZS vs. security appliances as line items makes no sense at all.

On a related note, Zscalar can claim that their service provides all the virtual systems required because that is part of their business model. Buying hardware is “context” for most businesses, farm it out! This thread is getting mired in details when the investment thesis needs to be looked at at the business model level.

Denny Schlesinger

I read recently, from an article posted on this board, that ZS is faster than communications going through in house security.

Could you dig up that article?

I definitely see that for users connecting through VPN, ZScaler would be faster.
I could even see where some security measures would slow things down more, but I’d like some details.
What I have trouble understanding is that within a “circle of trust” company intranet with just password security within the intranet, how ZScaler going out on the internet could be faster.

Not an article, but the presentation during investor day. Go to the company’s investor relations site. I think you will find the presentation there.

Zscaler if faster than most VPNs, and it is way way faster than any appliance solution, say from Palo Alto, that bolts on an SSL reader to read each packet. That is part of their investor slides and something they have been demonstrating for years.

Tinker