Microsoft acquired Israeli startup, CyberX Labs today in a move that gets Microsoft Azure into the IoT security market. We have been tracking CyberX for a couple years and have generally categorized it as an emerging player in the Operational Technology Access Control (OTAC) market. More recently, it has smartly repositioned itself as an IoT network discovery, posture assessment and management company. We see OTAC as an adjacent market to an existing, more IT-oriented security market called Enhanced Network Access Control (ENAC). Microsoft explains that CyberX will extend its Azure IoT security capabilities towards devices used in industrial IoT, Operational Technology and infrastructure scenarios, and that, it will allow customers to discover their existing IoT assets, manage and improve security posture of these devices.
We see this move by Microsoft as encroaching into the network security space a bit further than it had before. And, it is using IoT and industrial operations as a means to enter. We sill see the CyberX portfolio as an OTAC company, but since many IoT devices are just Internet Protocol (IP) connected devices, the CyberX portfolio can perform many of the tasks of that of an ENAC system. And so, this puts Microsoft quite closely in competition with the existing leaders in the much-larger ENAC market, namely, Cisco, HPE Aruba, Forescout and Fortinet (listed as a partner on the CyberX Labs website). Cisco and Forescout have announced OTAC products recently, as well. HPE Aruba, a big player in ENAC, had integrated CyberX into its Clearpass ENAC product in 2019 and featured CyberX at its user conference in 2019.
So, given Microsoft is acquisitive these days and clearly has an interest in beefing up its Azure IoT capabilities, and given that Forescout is in the midst of a failed merger bid from investor Advent, perhaps it is time for Microsoft to take a closer look at Forescout.
We attended the Aruba Atmosphere 2019 user conference in Las Vegas. What we learned was that Aruba had made solid progress since last year’s Atmosphere conference. It has delivered on 802.11ax, SD-Branch (and SD-WAN), AI/ML, and Zigbee/Bluetooth 5.0, and elements of the IoT market. The company also introduced a new access point that was not hinted at last year, an 802.11ad outdoor access point. If we were to sum up the company’s main message for the show, it’s all about SD-Branch. The company took great efforts to emphasize that its portfolio has greater breadth than ever and is among the few vendors that can deliver all the networking a company may desire.
802.11ax. At last year’s event, the company told customers to expect 802.11ax products by Nov/Dec of 2018. Our market share tables show the company shipped 802.11ax for revenue in 4Q18. At the show, the company also announced some new, full-featured 802.11ax Access Points, the 530 and 550 series. These new Access Points support Bluetooth 5 and Zigbee, to allow support of IoT devices. These new 802.11ax Access Points will be available this month, April 2019.
802.11ad. The company also introduced a point to point outdoor access point. The new AP387 allows 1 Gbps at 400 meters using 802.11ad and has a backup of 5 GHz 802.11ac in case of inclement weather. This device has been shipping for a “couple months” according to the stage presentation (personnel at the show booth said since January 2019).
Machine Learning. Using Machine Learning for Client Steering and for managing Transient clients. At last year’s Atmosphere event, the company was just rolling out AI/ML to customers to improve networking capabilities for wireless users.
SD-Branch. The company disclosed that it has 25,000 SD-Branch “wins,” which means that it has many contracts to sell “at some point in the future” SD-WAN and other branch equipment systems such as WLAN and switching. At last year’s event, the company had not sold any SD-WAN, so this is a big accomplishment and signifies Aruba’s progress in delivering what it calls a Single Pane of Glass approach that includes four parts: SD-WAN orchestration, Dynamic Path Steering, Secure Connectivity, and Dynamic Segmentation.
Clearpass Device Insight. The company introduced its device recognition system, intended to simplify the discovery of IoT devices on the network. Clearpass Device Insight is available in April 2019. This cloud service uses a fingerprint database, as well as AI/ML, to find devices on the network, and then presents them by category on a single screen.
During the day-2 presentations, the company had some fun and CTO, Partha Narasimhan, showed a picture of him pretending to be an IT executive of a fictitious university.
Earlier this year, Aerohive issued a press release about its A3 software system. A3 is what we categorize as an Enhanced Network Access Control (ENAC) system; we calculate market share statistics on this market in our Security report series. The company is now getting ready to bring the product to market and is blitzing the media, so to speak. We were briefed and learned more about the product. To summarize, it checks the boxes necessary for us to include it in our ENAC report and we like that it has a common user interface to allow customers to perform device profiling, authentication / registration, compliance / remediation, device management, billing integration and network access control.
Our outlook for ENAC is positive and, today, three main vendors consist of the majority of share: Cisco (with ICE), Aruba (with Clearpass) and ForeScout. We learned that company has more aggressive pricing than these market leaders. If you look at why a product like A3 is important to Aerohive, recall that back when Aruba introduced Clearpass back in 2012/2013, it used it as a selling tool to get into its competitors' accounts (it also got high margin sales from Clearpass, too). Aerohive's A3 is positioned similarly - it operates with its competitors' equipment (including those from Cisco, Ruckus, Extreme and others). So, Aerohive has developed another means of selling to customers, by offering A3 to customers using non-Aerohive equipment.