Caching vendors adding security features to gear

Businesses looking to add another layer of protection beyond traditional firewalls will find a slew of new products from companies that are adding security features to their Web caching offerings.

Inktomi last week unveiled its Traffic Edge Security Edition software, which adds virus scanning, content filtering, and user authentication and access control to its caching software. Other vendors such as CacheFlow, Network Appliance and F5 Networks recently have added security features to their devices.

Analysts say they're seeing a trend among caching and Web acceleration companies to add more features to Web caches, enabling businesses to cache clean content, for example, or to speed up Secure Sockets Layer processing. The trend makes sense, analysts say, because of how caching and other Web acceleration products fit into current business networks. Caches typically sit behind a network firewall and store oft-accessed content so that repeated requests for a Web page can be served locally from the cache, rather than having to be routed through the Internet again.

"These products are at a critical point in the network and they're a perfect location to add security functionality or just make sure that content that they're caching is secure," says Cindy Borovick, an analyst at IDC. "There is definitely a need to make sure that these products complement a customer's security implementation. They're not replacing firewalls, but they're adding another layer of security to the network."

Frank Cabri, director of marketing at CacheFlow, which introduced its Security Gateway product earlier this year, says integrating security features into a cache is a perfect complement to firewalls, which scan packets as they enter the network. On the other hand, caches can look at the content that is being delivered and store the clean content.

By getting integrated security features within a Web cache, customers also get a single box to manage and configure, eliminating the headaches of running separate servers for caching and virus scanning. But when more than one function is performed on a single box, a single point of failure exists, so redundancy is important, analysts say.

A director of security at a financial services firm, who asked not to be named, says he uses Inktomi's caching software and is looking at the new security offerings because they provide the security he needs without the inconvenience.

"It's one device, one place to visit, one place to configure. Why do I want to go to three different boxes, and manage three different boxes and maintain configurations of three different boxes," he says. "Less is more. . . . Why should I maintain three different vendor relationships when all I want to do is maintain one?"

What companies such as Inktomi need to do, he says, is ensure tight integration between their caching products and the additional features.

Inktomi says its caching software integrates with Symantec's CarrierScan Server antivirus software to protect business networks against viruses such as Nimda, which can be spread through infected Web pages.

Inktomi also has added authentication and access control to its caching software so that businesses can let employees access information such as 401(k) benefits from the Internet. The Traffic Edge Security Edition software lets businesses track who accesses information and restrict that access by linking to Lightweight Directory Access Protocol, for example, to maintain existing authentication policies.

Traffic Edge Security Edition software is available now and will also be available through Inktomi partners including Compaq, Dell, Hewlett-Packard, F5 and Fujitsu. Pricing for the software starts at $5,000.