One plus One is Not Innovation

1,987 people reacted 0 1 min. read
Nir Zuk


Category: Firewall


Check out Richard Stiennon’s blog entry on his Threat Chaos blog. I think very highly of Richard – he has never been afraid, even as a Gartner analyst, to say what he thinks even if some of Gartner’s customers did not like it.

But this time, Richard, I have to disagree with you. Putting a firewall and an IPS on the same box is not innovation. I did it as the CTO of NetScreen more than 6 years ago so it’s certainly not new. And even then it was not innovative. Even in U.S. patent law, which sets the bar quite low on what can be patented (as in Sealed Crustless Sandwich), the mere action of putting two things together does not create something that is patentable. But above all that, putting firewall helpers, such as an IPS, on the same box as the firewall, does not make a better firewall. To make a better firewall, one needs to change the firewall itself. Check out my video response to learn more…

2 Reader Comments

  1. Avatar

    I agree that putting IPS on a firewall is no longer innovation. It certainly was innovation in 2003 when you, Tippingpoint, Intruvert, and Reflex Security simultaneously announced IPS. You were the only one to eventually combine with a firewall at Netscreen. The rest stayed separate.

    PAN, Fortinet, iPolicy are all exploring the possibilities of a single platform that by looking at *all* packet data can apply policies that include URLs, applications, users, and even the presence of malware. Since the concept and products are now 6-7 years old the true innovation is coming from end-users that are junking their Juniper-Cisco-Checkpoint products and moving to protective gateway devices.

  2. Avatar


    It will be NICE if you can be more specific and specify what makes the Palo Alto concept very different from other UTMs like Cyberoam (for example: even fortigate already have similar capabilities).

    I’m trying to understand the new funcionality that you can’t do with the others.


Got something to say?