A Secure Start For 2005
As security becomes a front-and-center concern for organizations of all sizes, security vendors of equally varying types have been rushing to create more powerful, comprehensive appliances that can solve as many network headaches as possible.
But how long will these devices remain viable? As security and networking technologies converge, vendors are folding as many features as possible into a single device. And at least one formidable company, Cisco, envisions a day when all necessary security functions will be included in networking routers and switches, perhaps eliminating the need for standalone security devices altogether.
"It's moving from a standard overlay technology into something that's fundamentally integrated into the network," says Richard Palmer, vice president of Cisco's security technology group.
But until that day arrives, plenty of networks can benefit from what the latest round of appliances can do.
"VARs have been building security into networks on the higher end because their customers insisted on it, so folding these features into networking devices is kind of a natural move," says Michael Haines, research vice president for Gartner's business strategy group.
And that means solution providers still can profit from security appliances, particularly ones that are targeted at the SMB space. "We're still seeing decent margins on midtier products, such as fireboxes and firebricks," says Matt Ridings, president of MSR Consulting, a St. Louis-based firm that helps clients develop Internet and e-commerce strategies. "The $500- to $1,000-level boxes never seem to get commoditized."
Here's a look at some of the devices that debuted late last year:
Anonymizer's Enterprise Chameleon & Intelligence Chameleon
Anonymizer released its Enterprise Chameleon network appliance and the Anonymizer Intelligence Chameleon service. Enterprise Chameleon is a plug-and-play network-level appliance that masks a company's IP address by providing a VPN connection between the enterprise's network and Anonymizer's Secure network. VPN technology enables traffic randomization with approximately 2 million Anonymizer users.
Anonymizer's Intelligence Chameleon service enables enterprises to engage in Internet research and competitive intelligence-gathering using automated Web harvesting or Unstructured Data Management tools. The product circumvents tactics such as Web site blocking, "spoofing" and traffic analysis, and prevents IP address tracing, hacking or spamming.
Price: $500 to $700 per seat per year; the service costs $1,000 per 1 million queries, with volume discounts available
Contact: (619) 725-3180; www.anonymizer.com
Barracuda Networks' Spam Firewall 800
Spam firewall solution provider Barracuda Networks released the Barracuda Spam Firewall 800, a carrier-class spam appliance for large organizations and ISPs. The Firewall 800 can handle almost 1.3 million spam messages per hour and supports up to 30,000 active users. It also has redundant hot-swap power supplies, RAID 5 disk storage and dual Gigabit Ethernet ports.
The 800 has all the functionality of the Barracuda Spam Firewall 600, including per-user settings and quarantine, MS Exchange/LDAP Accelerator, and Syslog support and clustering. Multiple Barracuda Spam Firewall 800 units can be clustered for greater redundancy and higher capacity.
Price: $17,999, plus a $3,999 annual subscription to the Energize Update service
Contact: (408) 342-5400;
Blue Coat Systems' Spyware Policy Control
In recent months, spyware programs, usually delivered as advertisements that can track users' surfing habits, have become an increasing problem for businesses. To combat this, Blue Coat Systems, a developer of proxy appliances, introduced a preventive gateway anti-spyware solution called the Spyware Policy Control solution. It utilizes advanced policy controls to stop "drive-by" spyware installations, which secretly install on desktop computers without user knowledge.
The solution also blocks access to known spyware Web sites and scans Web content for known spyware signatures. In addition, Blue Coat's solution helps identify infected computers for a targeted spyware clean-up across the enterprise.
"Spyware or adware is on a rapid trajectory to replace spam as the most annoying effect of doing business on the Internet," says Peter Firstbrook, program director at Meta Group. "Web-proxy controls combined with URL filtering and spyware signatures can be an effective way to keep the network clean and avoid infections in the first place."
Price: Available for the ProxySG ($3,695) and ProxyAV ($5,495) appliances as a free add-in
Contact: (408) 220-2200; www.bluecoat.com
Digital Evolution's XML VPN Appliance
Web services security and management software developer Digital Evolution has come out with its XML VPN appliance, which ensures secure and managed Web services communication among business partners, thus facilitating the development and use of Web services. The company created its XML VPN appliance to make it easy for its customers to securely consume their partners' Web services. As service-oriented architecture (SOA) standards gain traction in enterprise and government sectors, XML-based Web services are becoming a popular network architecture choice.
"Many large enterprises are beginning to enable their value chain through the use of Web services," says Daryl Plummer, group vice president and research general manager at Gartner Research. "As this process continues, it is critical that these enterprises maintain control of their distributed value chain. The security and ease-of-use of the services they expose will determine how successful they can be in becoming an essential part of their partners' business processes."
Price: Starting at $75,000
Contact: (888) 993-4438; www.digev.com; [email protected]
Imprivata's OneSign 2.6
Imprivata launched OneSign 2.6, the next-generation release of an enterprise single sign-on (ESSO) appliance. Designed for SMB customers, OneSign 2.6 will run on Novell's SuSE Linux Enterprise Server 9 (SLES 9). By packaging an SSO solution as an appliance, Imprivata is bringing ESSO to the mainstream market, making it easier for any organization to deploy and manage SSO as a core component of its security infrastructure.
Imprivata OneSign 2.6 is a channel-ready solution that allows security VARs to address SMB customers' demands for an out-of-the-box SSO solution that is affordable, easy to install and manage, and provides enhanced security for regulatory and corporate compliance.
The emergence of Linux-based security appliances shows how evolved open-source security has become. It's a message open-source resellers are trying to get across to the marketplace.
"Open source has an inherent advantage in that anyone interested in making it more secure can do so because it's open," says Aaron Wolfe, senior networking engineer at KDT Solutions, a security solution provider based in West Palm Beach, Fla. "Of course, that means it's also more accessible to hackers, but open-source administrators tend to be more on top of things because the bar is set higher."
Price: List price beginning at $15,999 for 200 users
Contact: (781) 674-2700; www.imprivata.com
Trend Micro's Network VirusWall 2500 and 300
Trend Micro expanded its Network VirusWall line of outbreak prevention appliances with the introduction of Network VirusWall 2500 and 300, which are designed to provide customers with greater flexibility in enforcing network-security policies that help stop network worms. Targeted at large organizations with complex networks, Network VirusWall 2500 enables IT security administrators to secure multiple network segments and application servers through a single appliance, offering high availability and redundancy to ensure minimal business disruption.
Network VirusWall 300 protects mission-critical devices that may not easily be protected using traditional software or server-based antivirus solutions, such as bank ATMs or self-service kiosks. Blocking unauthorized access to such devices, Network VirusWall 300 creates a two-way security barrier that protects customer-facing service machines from becoming launching points of network infection.
Price: The 2500 starts at $7,995 per unit for up to 10 units; the 300 costs $325 per unit, starting at quantities of 1,000 units
Contact: (800) 228-5651; www.trendmicro.com
WatchGuard's Gateway AntiVirus For E-Mail
WatchGuard Technologies released WatchGuard Gateway AntiVirus for E-mail for the Firebox X line of security appliances. The signature-based solution is designed to provide comprehensive security against e-mail threats at an affordable cost. Deep application inspection capability provides zero-day protection, shrinking the window of vulnerability to a variety of new threats and variants until signatures become available.
The new solution is specifically designed to provide maximum protection for e-mail, which has become the most significant vehicle for the propagation of viruses and a major point of network vulnerability. The tool will be available as a software license key upgrade to all Firebox X customers running version 7.3 of the WatchGuard Firebox System.
Price: Ranging from approximately $300 to $1,300, depending on the Firebox X model
Contact: (206) 521-8340;