Got the NAC
Juniper Employee
Juniper Employee
‎11-11-2008 12:00 AM
‎11-11-2008 12:00 AM

Chris Hoff blogged yesterday about using TCG's standard IF-MAP protocol to connect security functions throughout the cloud. I couldn't agree more! That's exactly what IF-MAP is for: helping security systems share the information they have gathered. That's what I've been saying all along. Chris' idea to extend it to include virtualized security functions is a great one. I wonder if the virtualization folks are listening in.


Chris asks which vendors are supporting IF-MAP in their products. I have found that standards adoption follows the classic innovation adoption lifecycle. Innovators are the vendors and customers that have the vision and foresight to see where things must go. They are the first to create and adopt new technology. For IF-MAP, that group includes the folks who developed the IF-MAP spec and demonstrated implementations at Interop Vegas in April: ArcSight, Aruba Networks, Infoblox, Juniper Networks, Lumeta, and nSolutions. Next come Early Adopters, Early Majority, Late Majority, and Laggards. It takes at least a year for each stage: six months to turn prototypes into products and six months for the next generation of adopters to catch on. That's the timescale we've seen for the other TNC standards. So I expect to see Innovator vendors shipping products that implement IF-MAP in the next few months and Innovator customers deploying those products in the months after that.  Then will come Early Adopters and so on.


Innovation Adoption Lifecycle


IF-MAP provides immediate benefits. False positives and false negatives are greatly reduced since sensors are now identity-aware. Fewer false positives and negatives reduces the cost and increases the benefit of monitoring IDS and SEIM systems. Automated response is another way to reduce costs. Reduced cost with stronger security will definitely draw some attention in today's economic climate! I expect that it will quickly pull this technology across the "chasm" from Early Adopters to Early Majority, who are looking for successful ideas but open to new things. However, we still have a few years before we get to that point.

I have spoken about IF-MAP and coordinated security at several conferences and I have seen tremendous interest among customers and vendors. I'm not at liberty to give out names but some very large vendors and customers are excited about IF-MAP. As soon as IF-MAP products start shipping, I'll announce it on my blog and link to them.


As Alan Shimel points out on his blog, the best way to increase the number of products that support IF-MAP is for customers to demand and buy those products. Vendors who are Innovators have the foresight and resources to lead the market. Early Adopter vendors are eager to lead but need to see customer demand before they can add features. Will you provide the customer demand needed to pull the next group of vendors along the adoption curve? If you're interested, start asking vendors about IF-MAP support and examine the first generation of IF-MAP products when they ship.

Message Edited by SteveHanna on 11-21-2008 02:57 PM
Message Edited by SteveHanna on 11-21-2008 03:00 PM
Message Edited by SteveHanna on 11-21-2008 03:01 PM
Message Edited by SteveHanna on 11-21-2008 03:02 PM