3Com, Crossbeam team on security

3Com this week is expected to announce a deal to resell security switches from Crossbeam Systems, a move that could offer users a multifunction security box at almost half the cost of competing security boxes, the companies say.

3Com this week is expected to announce a deal to resell security switches from Crossbeam Systems, a move that could offer users a multifunction security box at almost half the cost of competing security boxes, the companies say.

3Com this month will start selling its 6200 Security Switch, a box based on Crossbeam’s C30 product, which combines firewall, VPN, intrusion detection, and virus and spam filtering into one network processor-based platform.

The 6200 Security Switch is based on Crossbeam’s C30, a network appliance that runs embedded versions of Check Point Firewall-1 and VPN-1, Internet Security Systems’ Network Sensor IDS, TrendMicro’s InterScan VirusWall and the Snort Sensor software. These software engines run on network processors, which can be configured and reprogrammed inside the box, unlike security hardware based on hard-wired ASICs, says Peter George, CEO of Crossbeam. The product can process up to 2G bit/sec of firewall packet inspection, 300M bit/sec of VPN encryption throughput and up to 700M bit/sec of intrusion-detection packet inspection. Competing products from such vendors as Cisco, NetScreen Technologies and Nokia run between 1G and 16G bit/sec for these functions, depending on configuration.

The 3Com 6200 will be available this month. At the same time, 3Com will launch its own version of Crossbeam’s X45, a seven-slot security switch aimed at high-end enterprise data centers. This chassis-based box comes with seven slots that can be outfitted with modules running firewall, VPN and intrusion-detection system (IDS) applications, which run on an embedded Linux operating system in the blades. 3Com’s X45-based switch will be able to process 4G bit/sec of firewall traffic, 2G bit/sec of VPN traffic, and have server load-balancing capabilities.

Detailed pricing has not been set for the 3Com-branded Crossbeam products, but the companies say it will be in line with Crossbeam’s current product pricing – $24,000 for the C30 and $55,000 for the X45. Both vendors say the combined offering will cost about 25% to 30% less than comparable VPN, firewall and IDS point products from vendors such as NetScreen with its 5200, which costs about $99,000.

The Crossbeam-based 3Com gear will be tested in the network of the state of Louisiana court system in Baton Rouge, where 3Com Switch 7700s, among other products, are deployed.

The court has no firm plans to deploy the gear, says Freddie Manint, CIO for the Louisiana state courts, but he adds that the move by 3Com into high-end security is intriguing.

“Having another vendor to pick from for end-to-end infrastructure isn’t a bad thing,” he says.

Another aspect of the deal that interests Manint is the possibility of future 3Com/Crossbeam product integration, such as a blade for the 7700 switch that adds security functions.

“It would be nice if we could add security by leveraging our existing infrastructure without making any extreme architectural changes,” Manint says.

The two vendors say that users can expect to see this type of collaboration down the line.

“A 10 Gigabit firewall blade designed by both [3Com and Crossbeam] and sitting in a Huawei-based Switch 7700 is not out of the question,” Crossbeam’s George says. The two firms also will work to integrate Crossbeam technology into such 3Com product areas as switching, routing and voice over IP, according to Anik Bose, 3Com’s vice president of global development.

One analyst lauds 3Com’s choice of Crossbeam as a security partner.

“We recommend to our clients that they stop buying individual security appliances” and instead opt for consolidated security switch platforms, says Matthew Kovar, a director at The Yankee Group’s security consulting practice. Products that consolidate VPN, firewall and IDS are better suited for large companies because they are more adaptable and can catch malicious traffic better, he says.