It's time to look into the crystal ball to see what exciting products will be coming your way next year. In my case, I can skip the crystal ball and just look at the testing projects at The Tolly Group that are wending their way to you. Breakthroughs in performance and functions abound.
A trend we've seen in 2007 will continue in 2008 - the availability of enterprise-class technology packaged and priced for the small-to-midsize (SMB) company environment. (A corollary is the availability of carrier-class technology packaged and priced for the enterprise.) Switching, SSL-VPNs, wireless LAN technology - all can be had at prices so low they would have seemed like misprints just a few years ago.
Still, this does not mean that all switches are created equal, for example, and that price should be the only criterion. While multiple products are based on similar components, vendors often put significant added value into the finished product.
Open source will be creeping further into many enterprise and SMB products. Already in 2007 we've benchmarked open source routing code that can outperform the market leader. Given the vast amount and generally good quality of the open source code available, it makes sense for vendors to take advantage of it rather than reinvent the wheel.
Along with the open source movement, we are witnessing a resurgence of the general-purpose computer as the platform for such specialized network functions as firewalls and intrusion-prevention devices. Since the 1990s, the trend has been toward using specialised, hardware ASICs in such devices to deliver the desired high throughput and low latency. Back then, general-purpose computers simply didn't have the horsepower to process data fast enough.
ASICs did the job just fine, but the fact that they were produced in limited quantities (relative to general PCs, certainly) usually meant a steep price premium. Additionally, the entire process of design, fabrication and testing (with multiple passes at each) often meant a delay in time to market. Finally, major changes could require new ASICs - not a cheap proposition for the customer.
This approach won't go away and can be the best way to go for certain applications, but the general-computing vendors will soon turn the price and performance charts on their heads. The current crop of multicore processors now is being used to provide the brute-force power to enable software based security products to deliver throughput heretofore seen only in ASIC-oriented, hardware-based devices. Even if such offerings don't change your point of view about what you should deploy, they should help you get a better price from your hardware vendor.
Finally, the number of data security options available will continue to make your head spin. We've already moved from intrusion to extrusion. Now you'll find devices tuned to read specific types of data streams.