• United States
Senior Editor, Network World

Symantec pumps up security appliance family

Sep 15, 20034 mins
Intrusion Detection SoftwareNetwork Security

Symantec last week announced a family of all-in-one security appliances that will give customers a variety of ways to beef up security without adding multiple devices to their networks.

Symantec last week announced a family of all-in-one security appliances that will give customers a variety of ways to beef up security without adding multiple devices to their networks.

The Symantec Gateway Security Appliance 5400 models combine an Internet gateway firewall, anti-virus, Web filtering, anti-spam, and intrusion-detection and intrusion-prevention technology to support from 65,000 simultaneous users connections on the 200M bit/sec speed Model 5420 to more than 200,000 on the Model 5460, which reaches 1.8G per sec.

The 5400 line is intended to replace Symantec’s year-old 100M bit/sec Gateway Security Appliance, the vendor’s first multi-function gateway that lacks the ManHunt-technology intrusion-detection system (IDS)/intrusion-prevention technology that Symantec acquired when it purchased Recourse Technologies. Attached to the corporate LAN at the Internet’s perimeter, the Symantec multi-function gateways play the role of the firewall, while also blocking employee access to unauthorized Web sites, stopping spam and checking for possible computer viruses. With ManHunt technology, the Symantec gateway could be set up to monitor as a passive IDS or actively block-specified attacks.

In the realm of the all-in-one security appliance, Symantec competes against CrossBeam, Internet Security Systems, NetScreen Technologies, Network Associates and TippingPoint Technologies, although few vendors can pack it into one box without having to rely on technology partners.

All three Gateway Security Appliances can report event activity to the Web-based Symantec management console, and customers can design customized policy-configuration management templates for remotely configuring settings at the gateway, according to Howard Lev, Symantec’s group product manager. The older gateway appliance that these replace was limited to Microsoft Management System.

Although multi-function gateways are still fairly new and raise the possibility of a single point of failure unless carefully set up with load balancing and failover, some network managers are keen to buy them because they might be able to simplify security monitoring and management.

At the Omaha World-Herald, the 4,000-employee Nebraska publishing and direct-marketing company that is beta-testing the midrange version of the Symantec Gateway Security appliance 5400, firewall administrator Greg Zill says he wants to use an all-in-one gateway to get a “management dashboard” to view events and monitoring related to anti-virus, spam and firewall use.

Because the beta tests in a lab environment have gone well, Omaha World-Herald is ready to swap out an older Symantec firewall and other vendor Web filtering and anti-spam gateways for the single Symantec Security Gateway. Zill says he’s probably saving about 10% by buying a single gateway rather than multiple products.

While his company does some Web filtering of employee Internet use, “spam is the big issue for us now,” says Zill, recalling how the recent SoBig.F virus smacked a load of spam on the company. But the company also has a practice of monitoring for any file attachment more than 10 megabytes between the publisher and the outside because that also clogs bandwidth. Instead, Omaha World-Herald has a file-transfer service for that purpose.

While Zill says he has a favorable impression of the new-model Security Gateway Appliance, he’d like to see the device add the ability to generate reports using SQL so he can upload regularly reported information into Crystal Reports software.

Symantec’s Lev says the new Gateway Security Appliance line comes with its own event-logging, reporting and alerting tools. He says the 5400 multi-function security appliance line is sold as a firewall in its most basic form, and customers can purchase anti-spam, anti-virus and other functions separately. “This wasn’t the case with the older Symantec gateway security appliance,” Lev notes.

Lev says that buying security features such as anti-spam and Web filtering on an a-là-carte basis will add tens of thousands to the base price for each model. But buying off the menu of security features offers customers a way to start off by using the 5400 line of appliances as a firewall first without necessarily having to immediately drop alternate anti-spam, Web-filtering or IDS gateway products they might use already.