Nir Zuk, founder and CTO of Palo Alto Networks has slammed Sourcefire’s attempts to move into the next generation firewall (NGFW) market as ‘bullshit’ and without ‘a chance in hell’ of succeeding.
Nir Zuk, founder and CTO of Palo Alto Networks
Sourcefire, creator of the Snort intrusion prevention system (IPS), announced last year that it would be moving into the NGFW space alongside the likes of Palo Alto Networks and Barracuda.
Speaking to CBR earlier this year, Sourcefire founder Marty Roesch said: "There seems to be an opportunity around the NGFW space from a couple of different angles. If you look at some of the market predictions a fair amount of the IPS market will be delivered on NGFW markets and we don’t want to cede market."
"Also if you look at the vendors that are building NGFW almost all are coming at it from the firewall direction to build IPS, and we’ve already got the best IPS on the planet. We think building application control is not as difficult as building a world class IPS," he added.
However Nir Zuk, who worked at Check Point, NetScreen Technologies and OneSecure before starting Palo Alto Networks, told CBR that Sourcefire was taking the wrong approach, and that coming at the NGFW market from an IPS angle was not going to work.
"I think it’s complete bullshit," he said. "The idea that an IPS can be converted to a firewall is extremely silly to me. There is a reason why the IPS market is $1bn and the firewall market is $5bn; it’s because it’s much more difficult to build a firewall than it is to build an IPS."
"Firewalls are not about allowing or denying a packet. The difference between a firewall and IPS is that the firewall is part of the infrastructure whereas an IPS is a tool that just looks at the network and every now and then stops something," Zuk added.
Zuk suggested that Sourcefire’s move into the NGFW market was borne out of desperation.
"Nobody’s buying a standalone IPS anymore, especially with the economy," he said. "The standalone IPS companies are in trouble and Sourcefire is fighting for its life, and of course they will say they’re going to build the Next Generation Firewall but I don’t see a chance in hell that it will work for them."
"If it was simple to build a firewall you would have more firewall companies out there. There are more companies in that $1bn IPS industry than in the $5bn firewall industry, and there is a reason for that," he added.
Sourcefire declined CBR’s request for comment.
