Security appliances are the latest rage, thanks to their easy deployment and high reliability.Beyond firewallsProtecting thousandsA sampling of security appliancesWhat to ask your security appliance vendorsToday's security appliances perform so many necessary security functions, they are becoming irresistible to network executives. IDC reports that worldwide unit shipments of security appliances increased 17% in the first quarter of this year over the first quarter of 2002.True, network executives still prefer the traditional software-on-server approach for their conventional needs - like the main corporate firewall. But they like appliances for their simplicity and convenience, particularly when\u00a0securing small or home offices."What appliances have going for them is you can drop them into a network, configure them and you're done," says Laura Koetzle, a senior analyst at Forrester Research. "We see this in organizations that have a lot of branch offices, with people in the field who are not technical but need to have some sort of security. You can configure the appliance in the head office and ship it out to the remote office."Adds Charles Kolodgy, research director at IDC: "You don't have to worry about patch levels on the systems, you don't have to worry about interactions between software on another machine, and you don't have to worry about buying an operating system. You just have to receive the box from the vendor."However, appliances have limitations. They aren't as reconfigurable as software-based security applications. "Appliances can really only do what they're designed to do," Koetzle says. "If your needs change radically it's tough to update appliances. If your needs are stable then appliances make total sense."Beyond firewallsThe earliest models mostly combined\u00a0firewall and\u00a0VPN functions, but today's crop integrates a wider range, such as\u00a0intrusion detection,\u00a0anti-virus\u00a0protection and content filtering. "Pretty much everything that you can do with software you can do with an appliance," Kolodgy says.As appliances' capabilities have expanded, network executives gained a path for adding new security protections to their networks. Mike Grimm, CIO at Seton, a Norristown, Pa., manufacturer of leather automotive products, uses Fortinet's\u00a0Fortigate 200\u00a0and\u00a0400 appliances for VPN, packet-level virus-scanning and firewall functions. He soon will use the products' intrusion-detection capabilities as well, he says.A sampling of security appliancesVendorProductDescriptionPriceFortinetFortiGate 3600Network-based anti-virus, Web content filtering, firewall, VPN and intrusion detection.About $30,000.NetScreen Technologies NetScreen- IDPIntrusion-detection and -prevention device.NetScreen-IDP 10 is about $8,000; IDP 100 is about $16,500; IDP 500 is about $35,000.Nokia Internet Communica-tions Nokia Secure Access SystemSecure Sockets Layer VPN.From $3,500 to $12,000 for 10 connections, ranging up to $55,000 for 500 connections.SonicWall SOHO TZWIntegrated firewall and VPN for wireless environments.Available in base configuration supporting up to 25 users, with upgrades to 50 or unlimited users for $895.SymantecGateway Security5400 SeriesFirewall, VPN, intrusion detection and preven-tion, anti-virus software and content filtering.Ranges from $4,000 to $51,300 based on model, functions and number of nodes used.Seton is in the midst of an appliance rollout that began early this year, with plans to use appliances at 11 regional sites worldwide, Grimm says. All traffic going in or out of each facility passes through the devices. Grimm initially had concerns that the packet-level scanning might cause latency problems with data flow, but says his fears have proven unfounded.By using the appliances' VPN functions to secure remote offices, Seton will become less reliant on its frame relay network. Over time, Grimm will phase out frame altogether for these offices, saving the company an expected $12,000 a month in telecom costs, he says. The appliances cost about $50,000.Plus, with multiple security functions executed by a single device, "less staff is needed to maintain security," Grimm says. On the down side, "if you have a hardware failure you're in trouble. We have had hardware appliances fail us in the past," he says. To counter that, he has placed a second, redundant appliance at each site.As for intrusion-detection, time will tell how well the appliances perform. Grimm does note that through the first seven months of use, Seton hasn't suffered any major breaches such as viruses or hacker attacks.Still, Seton also uses a few server-based security software applications, such as the virus scanning of its enterprise e-mail systems. Seton began using software from Trend Microsystems several years ago before the anti-virus appliances were available. Grimm feels that keeping it in place gives Seton multiple layers of protection for e-mail.Questions for your security appliance vendors\u2022What security standards does your box support?\u2022In what ways is the appliance\u2019s operating system hardened?\u2022Under what circumstances will the appliance need to be updated with patches and how difficult is that process?\u2022How compatible is the appliance with the rest of our IT infrastructure?\u2022If we buy multiple devices, can we manage them as a pool rather than separately?Protecting thousandsRaymond James Financial, a financial services company in St. Petersburg, Fla., also is using a combination of appliances and traditional security software. The company uses Linux-based appliances called V6 from\u00a0VPN Dynamics, equipped with Check Point software for firewall\/VPN and intrusion detection and prevention.Raymond James has installed appliances at 50 of its locations worldwide and ultimately plans to deploy the devices at 2,000 to 3,000 offices, says Scott Loach, senior information security engineer. The appliances cost about $500 each, including hardware and software, Loach says, and are proving to be a cost-effective way to secure its widespread network of home offices and independent financial advisors environments - smaller facilities that are not covered by the corporate firewall.Simplicity, centralized management and monitoring were among the key selling points for the appliances, Loach says. While he isn't planning on tossing out the server-based Check Point software now used as the main corporate firewall at headquarters, Loach finds appliances equal the reliability of server-based software.Analysts agree: Be it start-ups, niche players or mainstream security vendors, this is a highly competitive market that only will become more so as appliances' popularity soars.Violino is a freelance writer covering business and technology. He can be reached at firstname.lastname@example.org.