Security box vendors set to square off at CeBit show

Security appliances optimized to run one or more applications, such as firewalls/VPNs, intrusion detection and antivirus, are winning praise and popularity.

These devices, sold by companies such as Cisco and Nokia, are said by supporters to cost less, run faster and be far easier to deploy than the alternative: installing security applications on general-purpose servers.

We’ll be examining the pros and cons of security boxes – among other issues – at Network World’s Security Showdown next week in New York at the CeBit America conference, a new spinoff of the huge CeBit show held annually in Germany. Panel participants will include representatives from Cisco, Network Associates, Nokia and Symantec, who will quiz each other about security appliances.

While Gartner says the total cost of ownership of a security appliance is 60% that of a software-based security application, and that appliances usually run two or three times as fast, the devices aren’t perfect. One shortcoming is management.

For instance, Nokia’s Horizon console can be used to configure and manage Nokia appliances, which run security software from vendors such as Check Point, Internet Security Systems (ISS) and Trend Micro. But the management capabilities don’t transfer to general-purpose server implementations of security software from those same Nokia partners. That means companies running both appliances and software-based versions of the security applications could be forced to run two management systems.

Check Point’s SmartCenter management console can manage a Nokia appliance running Check Point Firewall-1, but not the other Nokia appliances, says Nokia Internet Communications Senior Manager Denis Sullivan. The same appears true for the ISS management console, SiteProtector. And Trend Micro’s Control Manager won’t support Nokia’s Message Protector, of which Trend Micro’s antivirus is part, until the third quarter.

Other companies joining Nokia at next week’s CeBit debate have their own security appliance management issues.

Network Associates offers the WebShield line of antivirus messaging appliances, the Sniffer protocol-analysis appliances to which it intends to add high-speed intrusion detection and prevention, and thirdly, the Intruvert IDS/IPS appliance added by way of an acquisition. But none of these lines can be managed from the same platform, though Network Associates plans to change that in the future.

Symantec has four appliance lines, which also don’t use the same management console model. There’s a firewall/VPN appliance line, which works with the Symantec VPN client; the iForce IDS appliance, built in partnership with Sun; the Symantec VelociRaptor; and the Symantec Gateway Security appliances for small to midsize business.

Symantec has changes in the works though. The company soon plans to announce a gigabit-speed version of the Security Gateway (now maxing at 100M bit/sec) that’s based on the ManHunt IDS. It will include seven security applications for large organizations under a common management framework.

Cisco, which offers firewall/VPN and IDS technologies in the form of appliances and switch blades, can’t escape its critics either. “There’s very little integration across blades,” says analyst John Pescatore of Gartner.