Also, AWS and Azure will have their own NGFW-like services, meaning you can ditch your on-premise NGFW entirely, and use inexpensive routers. Moreover, services like Zscaler will make more sense, than a big iron box of wires.


This is an April article on Next Generation Fire Walls. It is a neutral article written by no one with a sales agenda or beef. Sinply, like many of us here, an interest in the topic. The article goes on to discuss what we already know, and that is cloud is taking over everytihng.

Reading through Zscaler’s 10K, there are no competitors like Zscaler, at least accoridng to Zsclaler in regard to being cloud only.

As you read through this article, Zscaler is also the only one. Azure and AWS will develop their own cloud NGFW, but that should probably not affect Zscaler all that much, anymore than it affects other companies that compete with the clouds but are specialized.

Certainly NGFWs will create links to the cloud, and be part of the cloud, but the appliances will always exist. How can they not absent cannibalizng their business models or dramatically raising their prices for cloud? Perhaps the legacy installed base will slowly melt away and thus enabling the continual upselling of appliances to a large but slowly shrinking base, while also moving into the cloud only offering (which of course would interfere with the marketing message).

Hard to read too much into it, how competitors will deal with something like Zscaler. I don’t know. All I do know is that they will have to and this article supports the supposition that Zscaler is first mover and unique in how it does it. Blue Coat’s complete and rather rapid busines failure (not long after Zymantec spend a few billion to buy it and installed Blue Coat’s CEO as Symantec’s CEO - while selling off their storage software product Veritas for even more money than what Blue Coat cost) either means that Symantec ruined a great product (the only other product in the leader square other than Zscaler) or the day of the appliance (that Blue Coat was famous for, and was the leader in being a hybrid) has come and gone. I cannot say which.

Either way, we know Zscaler is for real given the large companies that have come on board. That Zsclaer is the first mover in the providing cloud only security that no longer requires a corporate perimeter or appliances, but we do not know if the market will move its way or if Zscaler will be a nice niche or simply bought out.

Of course the way of Palo Alto is what we would most like to see. Given how many companies that Palo Alto services, it is going to be a long time before Zscaler’s all cloud model becomes the predominant model, perhaps a very long time. But all that is required that it keep growing and taking marketshare systematically.

Interesting discussion on understanding Zscaler better.



This is an April article on Next Generation Fire Walls. It is a neutral article written by no one with a sales agenda or beef


I think you are mistaken. This is what the article states: “Furthermore, when you automate
the deployment and configuration of those endpoints (which is exactly what we do in our Sherlock Managed Detection and Response services) then you can uniformly enforce security on every host in the environment.”

If you google “Sherlock Managed Detection and Response services” you’ll find that the article was a recent post by Anitian, Portland, OR, and Sherlock managed cloud security is one of their offerings, https://www.anitian.com/sherlock/. The post is on the right, third from top.

So it is NOT a neutral article.



but the appliances will always exist

Tinker, that is not necessarily true. On my Gov program I have seen a number of appliances phased out, often by their own maker in favor of VM based software. An appliance can be a “black box” computer, or a more sophisticated and specialized device. Technically a switch and a routers are appliances. They have very specialized chips to do specific things quickly, and one might assume they would never go away, but in the end they are just a bunch of processing chips and if computing chips (e.g. GPUs from Nvidia) become fast enough, they can replace even those types of appliances. In fact, VM hosts can have virtual switches already.

Do not underestimate the speed of change, like I said, I am seeing it. Not only that, as you might know from my posts, my “new” company (spin off) chose Zscalar because of its simplicity of operation, reduction of necessary nerd-power and elimination of equipment replacement. And don’t underestimate the need to replace equipment. It goes obsolete much faster than anyone but the vendors want! At some point Cisco will stop issuing security patches and just say “upgrade or be unsecure”. Now in this hack-a-second world, what CIO or CEO is going to let their company become unsecure? The liability is huge. Even the civilian side of the Gov is starting to see the light. Remember the Chinese stealing millions of people’s clearance info from OPM? Do you think they were up to date on security? (sadly, I would be surprised if they are now).