VARs Eye Threat-Management Security Appliances

Internet-borne security threats are indiscriminate. Viruses, worms, phishers, spyware and hackers all hit targets of opportunity, regardless of size. While enterprises have the infrastructure and in-house expertise to thwart many attacks, small and midsize businesses don't have such capabilities.

Unified threat management (UTM)--consolidated security features in a single appliance--was tailor-made for the SMB market, giving users the ability to combat common threats and protect data through a single point and management console. Likewise, they provide companies the ability to comply with various regulations, such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA).

Common features of UTM appliances: antimalware, content filtering, VPN (SSL and IPSec), intrusion detection/prevention and stateful-inspection firewall. Resellers can deploy them in their customers' networks to provide enterprise-class protection at an affordable price.

UTMs were the rage at the recent RSA Conference, the premier security event of the year. The following products are a sampling of some of the UTM appliances currently available or in development.

Symantec Gateway Security 1600 Series

Designed for deployment in midsize corporate settings and their connected branch offices, the Symantec Gateway Security 1600 appliances have integrated antispam, antivirus, antispyware, IPSec and clientless SSL VPN, a stateful-inspection firewall, intrusion prevention and detection, dynamic document review and URL list-based content filtering.

The Symantec Gateway's intuitive management console's features include configuration management, event-logging and administration-alerting. Users can glean global visibility and control through centralized policy management and event correlation for all of their Symantec Gateway appliances. A client-compliance function allows customers to enforce policies over systems connecting remotely via IPSec or SSL VPN.

The base product license includes all security functions for unlimited users. Customized updates of security content, hot fixes and patches are automated via Symantec's LiveUpdate.

D-Link NetDefend security appliances

The NetDefend DFL-CPG310 and DFL-CP310 deliver enterprise-level UTM features, including gateway antivirus, intrusion prevention, VPN and content filtering. What makes NetDefend different is the incorporation of Check Point Software Technologies' Embedded NGX stateful-inspection firewall with Application Intelligence.

Available later this quarter, the NetDefend DFL-CPG310 costs $499; the DFL-CP310 is $319.

Applied Watch S-Series IDS

Developed by open-source security vendor Applied Watch Technologies and Web-application security maker Breach Security, these IDS appliances are designed to protect organizations against encrypted attacks, a rapidly emerging threat.

The Applied Watch IDS appliance uses Breach Security's BreachView SSL to decrypt all SSL traffic for attack analysis. Suspect traffic is analyzed with the Snort IDS sensor, which can inspect the decrypted contents of every packet to identify attacks.

The Applied Watch Command Center Agent--also powered by Snort--updates thousands of remote Snort sensors with a single mouse click. It also provides complete analysis and comprehensive reporting for the SSL-encrypted traffic and runs in all major Unix environments. That functionality allows the S-Series appliance to fully interact with Snort, Snort-Inline, Nessus and other popular open-source security applications for remote management and activity monitoring.

The S-Series is currently available; pricing depends on configuration and deployment.

NEXT: More appliances from Juniper, IronPort, Imperva and Trend Micro.

Juniper Networks Secure Access SSL VPN and IDP

Updated with IVE 5.3 and IDP 3.2R2 software, the Juniper Secure Access SSL VPN and IDP appliances tie SSL VPN session-identity with the threat-detection capabilities of IDP to protect against both network- and application-layer threats. The upgrades are part of Juniper's Enterprise Infranet strategy, which is designed to give customers secure and assured application delivery with new, identity-based threat-prevention technology.

Now network administrators can identify the source of an attack and respond to the security event by blocking attacks before they reach targets and taking action against the source of the attack. The appliances also let IT managers monitor user behavior and security events with detailed identity, endpoint and application-usage-logging for mitigation, auditing and compliance.

The Secure Access appliances with updated software are slated to ship at some point in the first quarter. Pricing has not been announced.

IronPort Systems M-Series Security Management

The M-Series provides users with a consolidated SOX-compliant platform for managing all policy, reporting and audit data. It consolidates configuration, reporting and communication auditing for IronPort's Email and Web Security Appliances, while lowering administrative costs and applying security policies across all layers of protection, eliminating the need for separate e-mail and Web-security policies.

The initial release includes a new consolidated quarantine for e-mail security that can store messages for hundreds of thousands of users. The device can be used to review suspected spam, possible security threats and content-security issues. The quarantining functionality is built to provide user self-service, with fast searching and both Web- and e-mail-based interfaces. The appliance also has a new self-managing storage feature.

The M-Series M600 Security Management Appliance for midsize-to-large businesses and the M1000 enterprise version ship this month.

Imperva SecureSphere Database Security Gateway

SecureSphere shipped a few months ago, helping Imperva earn a most-innovative-company award (along with security vendor Elemental) at the RSA Conference.

The device monitors and audits database usage in real-time to prevent security breaches. Its dynamic profiling of legitimate user and application activity enables it to automate the creation of database-security policies. All database activity is compared against these policies to identify unauthorized database usage.

SecureSphere does all of this with no impact on database performance, stability or administration. By monitoring database activity for policy violations, SecureSphere can distinguish between normal database transactions and suspicious activity. For organizations that need to comply with regulatory legislation, SecureSphere maintains a log of database activity and offers customized reporting.

SecureSphere Database Security Gateway appliances, which start at $30,000, support Oracle, MS-SQL, Sybase and IBM DB2.

Trend Micro InterScan Web Security Appliance

This gateway-based hardware solution provides enterprises with perimeter protection against malware and content-security threats. InterScan acts as the first line of defense against spyware, viruses and phishing. When it detects an attack, it triggers automatic, agentless endpoint cleanup via collaboration with Trend Micro Damage Cleanup Services.

Users also get malware detection and blocking, URL filtering, antiphishing and other features. The appliance, which features an easy-to-deploy hardware option, works with Trend Micro's standalone and integrated antispyware solutions.

InterScan, available in North America, starts at $20,000 for up to 2,500 users and $30,000 for up to 5,000 users.