Like static passwords, plain old firewall software just doesn’t cut it in
the enterprise; even hardware devices that combine a VPN
firewall need a shot in the arm, if new appliances unveiled at
the RSA Security Conference are any indication.
Now, the hot object of desire is a jazzed-up, rack-mounted, Unified
Threat Management appliance with soup-to-nuts security features baked right
in, and room left over to expand and upgrade.
RSA Security is one example. Although it has
traditionally offered software-based security, the vendor just launched a
fixed-function appliance for two-factor authentication. Called SecurID, the
appliance authenticates via keychain tokens whose
constantly changing numbers, coordinated with the appliance, help Web sites
manage secure logins and do away with static passwords.
RSA is pitching the bundled software/hardware device to small and medium-
sized businesses with 1,000 or fewer employees. RSA’s Gary Wood, senior
product manager, said the SecurID product is rack-mountable and designed to
be installed in about 15 minutes. The appliance also is aimed at
re-sellers that want to offer two-factor authentication choices to
organizations looking to eliminate static passwords. The SecurID Appliance
comes pre-configured (and priced) in bundles of 10, 25, 50, 100
and 150 users.
SurfControl is another player offering security software baked into the
hardware device as a part of its RiskFilter product line. Paris Trudeau,
senior product marketing manager, said customers are asking for more
all-in-one devices that are easily added to server racks. The company’s
appliances are focused on Internet filtering across the gamut of network
threats: Web filtering, inbound and outbound attacks, some IM and peer-to-peer communications too. “We provide them in a deployable option for our
customers, either software-based, hardware-based or integrated,” she said.
“We’re definitely seeing a demand from our market base for this.”
SurfControl just teamed with security appliance maker Celestix Networks
and Microsoft in an integrated add-on to Microsoft’s Internet Security and
Acceleration Server (ISA) 2004. The deal means the Celestix MSA features,
such as Web filtering, advanced application-layer firewall, virtual private
network (VPN) and Web caching, can be bolted on to the ISA server offering, if
customers so choose.
Integrated security appliances make sense for a lot of
reasons, most of them obvious, said Michelle Spolver of Fortinet, a provider
of some 30 products that offer different levels of Unified Threat
Management on a piece of hardware. “From a cost standpoint, it takes a lot
of time and work to manage all these [security applications] separately,”
she said. “With Unified Threat Management, we combine a firewall, VPN,
intrusion and detection prevention systems, content filtering, anti-spam
software and traffic shaping on one platform.”
The Fortinet systems are built with ASIC (Application-Specific
Integrated Circuit) chips that are designed to make the particular applications
built into the device run faster without slowing a network.
But that’s where critics say the appliances can be problematic. At least,
that’s what software vendors say: Appliances are a form of lock-in that can
be tough to upgrade quickly. No so, countered the appliance crowd. “You buy
the hardware platform and update the software that’s on it,” said Spolver.
Market forecasts are seeing similar shifts. In a 2004 report, Ferris
Research said secure content appliances have eaten into the once-dominant
software part of the security mix. Now, the breakdown is estimated at about
28 percent appliances, 28 percent managed services and 44 percent software.
Expect to see a lot more of these UTM appliances, according to IDC. The
research firm projected in a report last fall that
the UTM market is “being created because it is quickly catching on with
customers and vendors. UTM incorporates firewall, intrusion detection and
prevention, and antivirus in one high-performance appliance.” IDC reckons
that UTM market revenue will exceed that of standard firewall/VPNs at a compound annual growth rate of about 70 percent within five years, becoming a $1.9
billion market, up from about $205 million in revenues in 2003.