Switch start-ups turn to WLAN security
But shake-out looms
The anticipated shake-out in the overcrowded wireless LAN switch market shows signs of starting, with the star of the sector, Vivato, making yet more cutbacks and Trapeze laying off more than one-third of its workforce. The market has become packed with start-ups in the past year, far too many to survive, especially with Cisco defending its 75 per cent-plus market share and other data networking companies moving across from the wired world.
Many of the specialists have sound technology and decent financing, but there are just too many of them in an enterprise WLAN market that has been slow to grow this year. Now they are all racing to add differentiators to their products that will encourage corporate uptake and enable them to survive long enough to reap some rewards from the likely upturn in enterprise WiFi spending in mid-2004.
The number one concern of companies considering wireless remains security, so it is no surprise that many of the switch makers are focusing on this in their bid to remain competitive.
Trapeze, one of the strongest of the switch specialists, but forced to lay off 22 per cent of its workforce this week, was the first to make capital out of corporate nervousness about hackers. Back in the spring, its advanced security features put it a step ahead of most start-ups, but now most of its rivals are jumping on the bandwagon.
Last week, we saw Aruba upgrading the software behind all its switches, AirOS, to include an intrusion detection system that can even handle the latest breed of denial of service attack, ASLEAP, which targets Cisco’s LEAP security protocol. This gave Aruba a new marketing line of attack for its low end 800 switch – as a dedicated IDS box – that is sure to be copied by others in the this increasingly pressurized market.
Intrusion detection systems are the hot ticket in wireless security at present, spurred by IBM’s entry into the market earlier this month with a managed service. IDSs go a step beyond rogue access point detection, which is now offered by most suppliers of business grade WiFi equipment. An IDS continually scans the airspace for clues to denial of service and other hack attacks. Vendors are offering a range of ways to implement such functionality – outsource it entirely to a managed service, as in the IBM solution; integrate it into the core switch and detect via passive monitors that feed data to the center, as Aruba and AirMagnet do; or use the existing AP network for monitoring, the approach to which Airespace, the grandfather of the WLAN security market, is moving in a bid to differentiate itself from the monitor-based systems and retain its market lead.
The latter route highlights the problem for the switch makers. Security is a strong selling point for their devices, but the software specialists can offer greater depth of functionality and can usually stay a step ahead. The switch companies can argue that an integrated IDS is a cheaper option than buying separate software on top, but few corporate customers are that price sensitive when it comes to protecting their networks.
So as Trapeze, Aruba, Vivato and others upgrade their security facilities, the software houses are moving ahead too. This week, AirMagnet has upgraded its Mobile suite to supports 802.11g for the first time and to identify 22 new attacks including denial of service from its notebook-based WLAN management software. Also included is a new signal strength capability that can detect signal fluctuations and their cause, distinguishing between malfunctioning access points, normal interference and multipath interference and a reporting function that monitors statistics and highlights abnormal patterns of usage. For companies of any size, the most effective security systems for WLANs offer multiple overlapping detection methods, which the switchmakers generally cannot support.
AirDefense is also upgrading its platform, aiming to diffentiate itself by moving more detection and monitoring functionality away from sensors and into the access point, reducing cost and deployment time by eliminating special sensor devices, or providing richer detection data by combining input from sensors and APs.
All this means the switch makers need to find a new way to attract customers to their devices, and some of them are running out of time. The first signs of trouble have come from Trapeze and Vivato, ironically among the best-funded and most technologically robust of the pack.
Trapeze, like Vivato a few weeks ago, has accompanied job cuts with a management reshuffle that puts greater focus on operational efficiency, appointing a chief operating officer for the first time. This is Al Sadler, currently vice president, and VP of worldwide sales George Prodan has also stepped down in favour of director of product marketing, Mike Banic. Forty of the company’s 110 staff have been laid off though Banic insisted this would not affect roll-out plans. “We're still completely staffed up to deliver on our... roadmap," he said. The next step on this map is a software upgrade that lets its Mobility Point APs communicate with the central switch without actually being connected to it.
Trapeze has been one of the most aggressive of the switch start-ups but it took the risk of throwing money at the challenge of taking a strong market position, a strategy expounded in the main by Prodan, who argued that there was only a year in which to gain this position or fail completely. Until the restructuring it had double the number of staff of its main competitors Airespace and Aruba and was said to be using up its $50m in funding to date at a rate that alarmed its backers. Prodan’s departure is taken as a signal to the investors that Trapeze will take a more cautious financial approach from now on, although he remains an advisor and investor. The company’s last round of funding was in June when it raised $34m from Oak Investment Partners, Duff Ackerman & Goodrich, Castile Ventures, Trautman Wasserman, CE Unterberg Towbin, Accel and Redpoint.
Vivato, too, has been pulled into line by investors recently. While it raised a third round of $44.5m in August, it laid off 10 per cent of its workforce shortly afterwards in order to “rebalance” the company away from engineering and towards operations and marketing. The company admitted this was spurred by the venture capitalists and was, in part, meant as a sign that Vivato would use its new funds responsibly.
This was apparently not enough and now Vivato has laid off another 22 staff, 2 per cent of the total, mainly from its engineering center. The company’s CEO Ken Biba stepped down earlier this month and a replacement is expected within a few weeks.
His primary role will be to ensure that Vivato can survive the shake-out. Like many innovative start-ups, it has invested heavily in engineering in order to create pioneering products – indoor and outdoor switches that boost WiFi’s range and data rates – only to find other companies catching up and itself forced to compete in a newly crowded space on the basis of marketing messages.
All this is made worse by the entry of established enterprise networking players. Cisco has always been there, pushing its ‘fat access point’ approach against the centralized switch dumb AP route of the start-ups. But now it is joined by Foundry and Extreme, both with R&D and marketing budgets that dwarf those of the new companies, plus established contacts in the corporate world.
The start-ups that have pioneered the dedicated, centralized wireless switch have achieved high levels of interest and headlines in the past year, but have failed to bite significantly into Cisco’s corporate WLAN market. Although we would expect Trapeze and Vivato, despite their current problems, to be survivors, we are sure to see many others cutting back and some disappearing altogether in the coming months.
© Copyright 2003 Wireless Watch
Wireless Watch is published by Rethink Research, a London-based IT publishing and consulting firm. This weekly newsletter delivers in-depth analysis and market research of mobile and wireless for business. Subscription details are here.
Sponsored: Network DDoS protection