Fighting For The Perimeter

When IDC released its Worldwide Quarterly Security Server Appliance Tracker last month, a new market category dubbed Unified Threat Management (UTM) appliances epitomized the developing battle among security vendors and resellers alike. The category, which reportedly has grown to comprise 12 percent of the security marketplace overall, identifies a new genre of appliances that incorporate firewall, intrusion detection and prevention (IDP) and gateway antivirus. By and large, these multifunction appliances are cheaper, faster and more flexible than their single-function predecessors. And although this fledgling space pales in comparison to more traditional market categories such as firewall and SSL VPN, vendors are finding that to integrate or not to integrate is rapidly becoming the question of the year.

"The integrated appliance is the hottest thing in security right now," said Robert Breza, director of the security and infrastructure software group at RBC Capital Markets, Minneapolis. "At the same time that certain vendors are finding huge profits in the integrated space, everyone is asking themselves whether every aspect of traditional security will move toward the all-in-one appliance eventually, too."

As vendors take sides in the battle between dedicated and integrated approaches, solution providers are doing the same, carefully plotting strategies that will enable them to stay ahead of the curve. While some assail the new tools and insist that dedicated devices still offer the best-of-breed solutions across the board, others report they are making "buckets" of money selling UTM appliances to customers of every shape and size. Is the integrated appliance for you? The answer may be more complicated than you think.

The Jacks-Of-All-Trades
Perhaps no appliance fits the "integrated" descriptor better than the new FortiGate5000 series from Fortinet, the company IDC pegged as the UTM leader, with 24.1 percent market share. The FortiGate5000 product line, unveiled this summer, features just about every security function--from IDP to VPN, antivirus to antispam, and firewall to content filtering--for a starting price of about $44,990.

Sponsored post

"There is nothing our appliance can't do," said Fortinet CEO Ken Xie, the man who essentially invented the integrated appliance at NetScreen in 1997. "The box is designed to provide something for everyone."

Other UTM market leaders, including Symantec and Secure Computing, and vendors such as Crossbeam, Internet Security Systems (ISS), SonicWall, WatchGuard, Fortress Technologies and TippingPoint Technologies offer appliances that integrate a variety of features at much lower price points.

According to security vendor executives, the tools are built and priced to appeal to smaller firms that want security but don't have the budget for six or eight dedicated boxes at the perimeter. Frequently, they say, one UTM box does the trick.

Just ask Mike Pearson, CEO of Digital Stakeout, a managed security services provider (MSSP) in Atlanta that resells the Proventia integrated appliance from ISS. He said that many times, customers will come to him asking for a "catch-all" solution that enables them to handle security without having to think about separate boxes for multiple functions.

"It's attractive to SMBs where literally we can drop in one box for all of their security needs and start managing it immediately," he said. "At a time when prices are dropping dramatically for managing security on a per-device basis, it's more efficient for us to only have to manage a single device."

Gordon Shevlin, executive vice president of Siegeworks, Dublin, Calif., agreed, adding that for solution providers that don't offer managed services, integrated appliances offer efficiencies to customers as well. "If you can put a box in one particular place and have the thing do a whole variety of things, that's always an advantage, right?" Shevlin said.

Dedicated to Dedicated
Depending on who's listening, Shevlin's rhetorical question may fall upon deaf ears. Despite the inherent benefit to managing a variety of functions with one box, many solution providers still are not impressed with the quality of the functionalities that comprise the integrated approach. They described UTM appliances as "weak" and noted that the only way to ensure that a network is secure is to invest in a layered, best-of-breed appliance for each individual security function.

One such naysayer is Stephen Raymond, security sales engineer at Integralis. The East Hartford, Conn.-based firm specializes in firewalls from Nokia and Check Point Software Technologies, and Raymond boasts that customers signing with him get the best firewall they can possibly buy.

While many of the newer integrated boxes offer faster throughput than the products he sells, performance isn't everything when it comes to security, Raymond said. "Speed can only get you so far," he said. "I just don't believe they can be really good at all of the things they say they are really good at."

In addition to Nokia and Check Point, vendors leading the way in the stand-alone firewall, VPN and IDP markets include Cisco Systems, Juniper, Aventail and McAfee Security. Prices for most of these solutions are considerably higher than prices for the integrated tools, and the dedicated nature of the solutions forces customers with multiple security needs to buy multiple boxes at a time. Then, of course, there's the issue of making sure that all of the boxes work together--an issue that solution providers love to solve as a value-added service.

Considering all of these costs, the layered approach tends to be better targeted at larger enterprises.

Eric Hemmendinger, senior product manager at Nokia's secure mobile connectivity division, said as large companies take their technical groups and move them into operations, many are forcing managers previously in charge of routers to be in charge of firewalls, too. When these managers are faced with purchasing decisions, he added, many of them attack security with the same mentality that they formerly attacked issues with infrastructure: They seek the best-of-breed.

"In a lot of cases, necessity forces these purchases, and a dedicated approach is all many of these [IT managers] know," Hemmendinger said. "If you're looking for the best of a particular kind of security, you can't go wrong with the best-of-breed."

Down the Road
Still, as security becomes more of an audit function within larger enterprises, IT managers may get to the point where manageability and cost outweigh the desire for best-of-breed solutions that handle one or two specific functions, some solution providers say.

Joseph Dell, CTO of Vigilar, Atlanta, said many of his customers have specifically requested integrated devices as a means to consolidate tasks and physical resources. Fewer boxes translates into fewer tasks for customers to manage, he said, freeing them to spend their time and resources on other issues. "For better or worse, it looks like everything is headed into the integrated device," he said. "How this impacts the quality of perimeter security is left to be seen."

George Anderson, CTO at TechNet Solutions, Pinellas Park, Fla., said while vendors continue to improve technology on both ends of the security spectrum, solution providers are the ones to help customers find the approach that suits them best. "In deciding [between an integrated or dedicated] approach to security, it really comes down to making a risk assessment, and that's something that individual corporations have to take a look at," he said. "At the end of the day, different strategies are going to work for every customer, and it's up to us to be flexible and ready for anything."