x
Optical/IP

NetScreen Snags SSL Leader

NetScreen Technologies Inc. (Nasdaq: NSCN) has announced a deal to acquire SSL startup Neoteris Inc. for roughly $265 million in stock and cash (see NetScreen to Acquire Neoteris).

Based upon the completion of various revenue milestones, the $20 million cash payment could increase by an additional $30 million for a combined potential value of $295 million. To date, Neoteris has raised $38 million in funding from venture capital companies such as New Enterprise Associates (NEA) and Battery Ventures.

Analysts are hailing the acquisition as a strong move for NetScreen, which is already a leader in the IPSec VPN market. Neoteris is considered number one in VPN security gear based on SSL technology. According to a recent Frost & Sullivan report, Neoteris has 36 percent market share, more than 20 percentage points ahead of the closest competitor in the SSL market (see F&S: Neoteris Leads in SSL VPNs). As a combined entity, NetScreen and Neoteris offer one of the most comprehensive VPN portfolios in the market.

“This makes a lot of strategic sense,” says Erik Suppiger, an analyst with Pacific Growth Equities Inc. “There is a strong case to be made that NetScreen will be the entrenched leader in the VPN market.”

After the acquisition closes, which is expected in the December quarter, Neoteris should start generating revenue right away. The company has been shipping product to more than 550 enterprise customers and has 120 channel partners. NetScreen officials say they expect Neoteris to contribute between $47 million and $52 million in revenue for calendar year 2004. Analysts estimate NetScreen’s total revenue for calendar 2004 to be around $300 million.

NetScreen had been eyeing the SSL market for some time. Rumors circulated during the summer that the company was interested in an emerging player, uRoam Inc. (see NetScreen SSL Move Likely). F5 Networks Inc. (Nasdaq: FFIV) announced it was acquiring the startup in late July (see F5 Buys Into SSL VPNs).

Last year, NetScreen announced an interoperability and reseller relationship with SafeWeb Inc. (see SafeWeb Joins NetScreen Alliance). But David Flynn, vice president of marketing for NetScreen, says SafeWeb had few resources to devote to sales and marketing efforts. NetScreen will continue to interoperate with SafeWeb’s products, but it will no longer jointly sell or invest in the relationship, says Flynn.

“Our sales force has been beaten to hell by customers who really want SSL,” says Flynn. “SafeWeb had some funding trouble, and they were still investing in their technology. Neoteris, on the other hand, defined the segment with their product. We wanted to go with the number one player.”

NetScreen plans to keep the IPSec and SSL technology in separate products. Flynn says the reason for this is because the products address two separate and distinct VPN markets. Companies connecting remote and branch offices will continue using IPSec for static point-to-point connections. This has been NetScreen’s primary market for IPSec VPNs. SSL VPNs will be targeted at the remote access market.

The NetScreen strategy sets it apart from some of its competitors. F5, which started life as a load balancing appliance, is marketing its new SSL solution as an IPSec killer. Just today, the company announced the availability of its Uroam product (see F5 Intros SSL VPN Product). Eventually, the company plans to integrate the Uroam solution into its load balancing hardware.

“F5 is not a security company,” says Flynn. “They’re trying to transform into one, but that doesn’t happen overnight. They bought some interesting technology, but they’ve still got a lot of work ahead of them.”

NetScreen’s two biggest competitors are Cisco Systems Inc. (Nasdaq: CSCO) and Check Point Software Technologies Ltd. (Nasdaq: CHKP). So far, neither company has come out with as comprehensive an SSL offering as NetScreen will soon have.

Currently, Check Point sells a rough version of SSL, but the company hasn’t gotten much traction with it. In fact, Nokia Corp. (NYSE: NOK), which licenses Check Point’s firewall technology, decided to develop its own SSL VPN technology instead of using what was available from Check Point (see Nokia Sweetens SSL ). Right now, Cisco doesn’t offer any sort of SSL VPN solution, but rumor has it the company is developing technology internally.

Nortel Networks Corp. (NYSE/Toronto: NT) also has a solution. Like F5, it has added SSL VPN functionality to its load balancing switch (see Nortel Revamps VPN Portfolio). It also offers a strong IPSec portfolio on a separate product line. But, Nortel has struggled to promote these products, since they’re run by two different groups.

Neoteris's strongest competitor in the SSL market has been Aventail Corp. It just announced enhancements to its product today (see Aventail Enhances SSL Product).

Most of the 160 Neoteris employees are expected to remain through the acquisition, says Flynn. Netscreen was trading up $0.74 (3.34%) to $22.90 today.

— Marguerite Reardon, Senior Editor, Light Reading

DoTheMath 12/4/2012 | 11:21:27 PM
re: NetScreen Snags SSL Leader We recently evaluated both Netscreen & Neoteris for our remote access VPN needs, and we picked Neoteris. We found the Netscreen box to be an unmanageable mess, while the Neoteris box was a snap. Our folks love it. Admitted, IPSec VPNs and SSL VPNs are not exactly apples to apples, but I bet there is a lot of apples to oranges substitution (in economic jargon) going on! Even for our data-center to NOC static connection, we were less than thrilled with Netscreen, and are looking at other vendors.

Overall, a smart move on Netscreen's part to cover itself.
techathiest 12/4/2012 | 11:21:27 PM
re: NetScreen Snags SSL Leader The article mentions Cisco and Checkpoint as biggest competitors. But Nokia with second largest market share (and a shipping SSL VPN solution as reported in the linked Nokia article) should be more worrying competition for Netscreen. Am I missing something ?
laserbrain 12/4/2012 | 11:21:26 PM
re: NetScreen Snags SSL Leader >> We recently evaluated both Netscreen & Neoteris for our remote access VPN needs, and we picked Neoteris. We found the Netscreen box to be an unmanageable mess, while the Neoteris box was a snap. Our folks love it. Admitted, IPSec VPNs and SSL VPNs are not exactly apples to apples

Did you find any problem with the SSL VPN running random applications that aren't web based? That's the knock against an SSL VPN solution. They call it "clientless" but there's always a client. More appropriately it should be, "much easier and smaller client than IPSec."
laserbrain 12/4/2012 | 11:21:26 PM
re: NetScreen Snags SSL Leader in the enterprise network, Checkpoint implies Nokia and vise versa. Netscreen is eating their lunch.
DoTheMath 12/4/2012 | 11:21:25 PM
re: NetScreen Snags SSL Leader laserbrain> Did you find any problem with the SSL VPN running random applications that aren't web based? That's the knock against an SSL VPN solution. They call it "clientless" but there's always a client. More appropriately it should be, "much easier and smaller client than IPSec."

-----------------------------------------------
Luckily, we don't face the situation. In our shop, there is no legacy of non web-based apps (if you exclude email, that is!).

Yes, if we had to do such applications, things get a little messy, but still a lot easier than IPSec. For example, some folks run SSH through the Neoteris box to our Linux servers - there is a little Java applet that enables this. It is not that great, but gets the job done.

We had tried Netscreen and Sonicwall for remote access at different sites, and basically the mechanics of their respective VPN clients is so messy, people practically stopped using them.
green 12/4/2012 | 11:21:17 PM
re: NetScreen Snags SSL Leader hi,

can anyone point out what are the adv/disadv of one technology over another ?

are there some things that IPsec vpns can do that SSL vpns cannot and vice versa ?

thx
DoTheMath 12/4/2012 | 11:21:17 PM
re: NetScreen Snags SSL Leader green>hi,

can anyone point out what are the adv/disadv of one technology over another ?

are there some things that IPsec vpns can do that SSL vpns cannot and vice versa ?

thx
---------------------------------------------
I will take a shot. IPSec, as the name implies, operates at the lower level in the networking stack. This means that higher level applications can run transparently over the IPSec pipe, just as they run on a regular IP pipe. One example is email (SMTP and POP).

SSL VPNs, on the other hand, can handle only web based applications (i.e any application that uses HTTP or HTTPS) to communicate. They are basically smart proxy devices - they take in the HTTPS request from "outside" and translate it to a HTTP or HTTPS request to the server "inside". SSL VPNs can only do web based email, not traditional email.

But in reality, the categories are blurred. SSL VPN vendors offer shortcuts that proxy other TCP based protocols as well. SSH is one example. But usually done in a case by case basis, so your mileage (for your application) may vary.

The main advantage of SSL VPN is simplicity. To an average user, it is simply a matter of bookmarking a URL and logging onto it with a name and password. It then takes to a portal type interface from which they can get access to internal web applications.

IPSec requires a proprietary client software installed on each user, and the user has to go through a log-in, which looks much like using a dial-up modem. The problem is that this software is complex to configure (talks language like "Security Policy Editor" etc which is confusing, to say the least), and therefore easy to break. The support burden is heavy.

So the market is moving towards:
SSL VPN - for on-demand remote access to humans
IPSec VPNs - for "nailed down" or static connections, for example, between different sites.
Such connections would be managed by qualified IT staff, not end users.

In other words, each has its use. This is exactly how we use it, by the way.
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE