Network World

Social Web
Email
Close

Security made simple

Security appliances are the latest rage, thanks to their easy deployment and high reliability.

By Bob Violino , Network World , 09/29/2003

Share/Email
Tweet This
Comment
Print

	Beyond firewalls

	Protecting thousands

	A sampling of security appliances

	What to ask your security appliance vendors

Today's security appliances perform so many necessary security functions, they are becoming irresistible to network executives. IDC reports that worldwide unit shipments of security appliances increased 17% in the first quarter of this year over the first quarter of 2002.

True, network executives still prefer the traditional software-on-server approach for their conventional needs - like the main corporate firewall. But they like appliances for their simplicity and convenience, particularly when securing small or home offices.

IBM ISS X-Force Threat and Risk Report: Download now

"What appliances have going for them is you can drop them into a network, configure them and you're done," says Laura Koetzle, a senior analyst at Forrester Research. "We see this in organizations that have a lot of branch offices, with people in the field who are not technical but need to have some sort of security. You can configure the appliance in the head office and ship it out to the remote office."

Adds Charles Kolodgy, research director at IDC: "You don't have to worry about patch levels on the systems, you don't have to worry about interactions between software on another machine, and you don't have to worry about buying an operating system. You just have to receive the box from the vendor."

However, appliances have limitations. They aren't as reconfigurable as software-based security applications. "Appliances can really only do what they're designed to do," Koetzle says. "If your needs change radically it's tough to update appliances. If your needs are stable then appliances make total sense."

Beyond firewalls

The earliest models mostly combined firewall and VPN functions, but today's crop integrates a wider range, such as intrusion detection, anti-virus protection and content filtering. "Pretty much everything that you can do with software you can do with an appliance," Kolodgy says.

As appliances' capabilities have expanded, network executives gained a path for adding new security protections to their networks. Mike Grimm, CIO at Seton, a Norristown, Pa., manufacturer of leather automotive products, uses Fortinet's Fortigate 200 and 400 appliances for VPN, packet-level virus-scanning and firewall functions. He soon will use the products' intrusion-detection capabilities as well, he says.

A sampling of security appliances

Vendor	Product	Description	Price
Fortinet	FortiGate 3600	Network-based anti-virus, Web content filtering, firewall, VPN and intrusion detection.	About $30,000.
NetScreen Technologies	NetScreen- IDP	Intrusion-detection and -prevention device.	NetScreen-IDP 10 is about $8,000; IDP 100 is about $16,500; IDP 500 is about $35,000.
Nokia Internet Communica-tions	Nokia Secure Access System	Secure Sockets Layer VPN.	From $3,500 to $12,000 for 10 connections, ranging up to $55,000 for 500 connections.
SonicWall	SOHO TZW	Integrated firewall and VPN for wireless environments.	Available in base configuration supporting up to 25 users, with upgrades to 50 or unlimited users for $895.
Symantec	Gateway Security5400 Series	Firewall, VPN, intrusion detection and preven-tion, anti-virus software and content filtering.	Ranges from $4,000 to $51,300 based on model, functions and number of nodes used.

Seton is in the midst of an appliance rollout that began early this year, with plans to use appliances at 11 regional sites worldwide, Grimm says. All traffic going in or out of each facility passes through the devices. Grimm initially had concerns that the packet-level scanning might cause latency problems with data flow, but says his fears have proven unfounded.