Like static passwords, plain old firewall software just doesn't cut it in the enterprise; even hardware devices that combine a VPN (define) and firewall need a shot in the arm, if new appliances unveiled at the RSA Security Conference are any indication.

Now, the hot object of desire is a jazzed-up, rack-mounted, Unified Threat Management appliance with soup-to-nuts security features baked right in, and room left over to expand and upgrade.

RSA Security is one example. Although it has traditionally offered software-based security, the vendor just launched a fixed-function appliance for two-factor authentication. Called SecurID, the appliance authenticates via keychain tokens whose constantly changing numbers, coordinated with the appliance, help Web sites manage secure logins and do away with static passwords.

RSA is pitching the bundled software/hardware device to small and medium- sized businesses with 1,000 or fewer employees. RSA's Gary Wood, senior product manager, said the SecurID product is rack-mountable and designed to be installed in about 15 minutes. The appliance also is aimed at re-sellers that want to offer two-factor authentication choices to organizations looking to eliminate static passwords. The SecurID Appliance comes pre-configured (and priced) in bundles of 10, 25, 50, 100 and 150 users.

SurfControl is another player offering security software baked into the hardware device as a part of its RiskFilter product line. Paris Trudeau, senior product marketing manager, said customers are asking for more all-in-one devices that are easily added to server racks. The company's appliances are focused on Internet filtering across the gamut of network threats: Web filtering, inbound and outbound attacks, some IM and peer-to-peer communications too. "We provide them in a deployable option for our customers, either software-based, hardware-based or integrated," she said. "We're definitely seeing a demand from our market base for this."

SurfControl just teamed with security appliance maker Celestix Networks and Microsoft in an integrated add-on to Microsoft's Internet Security and Acceleration Server (ISA) 2004. The deal means the Celestix MSA features, such as Web filtering, advanced application-layer firewall, virtual private network (VPN) and Web caching, can be bolted on to the ISA server offering, if customers so choose.

Integrated security appliances make sense for a lot of reasons, most of them obvious, said Michelle Spolver of Fortinet, a provider of some 30 products that offer different levels of Unified Threat Management on a piece of hardware. "From a cost standpoint, it takes a lot of time and work to manage all these [security applications] separately," she said. "With Unified Threat Management, we combine a firewall, VPN, intrusion and detection prevention systems, content filtering, anti-spam software and traffic shaping on one platform."

The Fortinet systems are built with ASIC (Application-Specific Integrated Circuit) chips that are designed to make the particular applications built into the device run faster without slowing a network.

But that's where critics say the appliances can be problematic. At least, that's what software vendors say: Appliances are a form of lock-in that can be tough to upgrade quickly. No so, countered the appliance crowd. "You buy the hardware platform and update the software that's on it," said Spolver.

Market forecasts are seeing similar shifts. In a 2004 report, Ferris Research said secure content appliances have eaten into the once-dominant software part of the security mix. Now, the breakdown is estimated at about 28 percent appliances, 28 percent managed services and 44 percent software.

Expect to see a lot more of these UTM appliances, according to IDC. The research firm projected in a report last fall that the UTM market is "being created because it is quickly catching on with customers and vendors. UTM incorporates firewall, intrusion detection and prevention, and antivirus in one high-performance appliance." IDC reckons that UTM market revenue will exceed that of standard firewall/VPNs at a compound annual growth rate of about 70 percent within five years, becoming a $1.9 billion market, up from about $205 million in revenues in 2003.