Cisco Systems Inc. hopes to make inroads in security with its new multifunction appliance, but integration and price issues, along with Ciscos late entry into a crowded market, could stifle the effort, analysts and users say.
CEO John Chambers appeared at the Interop trade show here last week to introduce a multifunction device called the Cisco ASA 5500 Series Adaptive Security Appliance. The new family of appliances combines Ciscos VPN, firewall and IPS (intrusion prevention system) technology, along with malicious-code-detection features, in a single box.
Officials of Cisco, which is based in San Jose, Calif., said the new hardware will help small and midsize enterprises manage security more easily and inexpensively.
With the ASA 5500 Series appliance, Cisco is squaring off against an array of competitors, including chief rival Juniper Networks Inc., in Sunnyvale, Calif., in the price-sensitive small- and midsize-enterprise market, experts say.
The ASA 5500 Series is a 1U (1.75 inches) hardware appliance that comes in three varieties: the ASA 5510, 5520 and 5540, which support as much as 300M bps, 450M bps and 650M bps, respectively. The appliances will cost $3,495 to $16,995, Cisco officials said.
The new line of appliances combines the functions of Ciscos PIX firewall, IPS 4200 Series sensor and VPN 3000 concentrator and offers SSL (Secure Sockets Layer) and IP Security VPN services. Cisco Anti-X defenses provide intrusion prevention features, as well as anti-virus, anti-spyware and DoS (denial of service) protection, officials said.
The ASA 5500 appliances can control traffic and the amount of bandwidth consumed by peer-to-peer services and instant messaging traffic, as well as manage core business applications such as database services and VOIP (voice over IP), the company said.
Converged appliances such as the ASA 5500 are attractive to midmarket companies, said Rich Mogull, an analyst at Gartner Inc., based in Stamford, Conn. "These are companies with no security expertise, few bandwidth concerns and [few] custom applications," Mogull said. "They dont need something thats best of breed; they just need something thats good enough."
But Cisco is playing catch-up in an area already crowded with similar offerings from companies such as Juniper, Check Point Software Technologies Ltd., Fortinet Inc. and others.
"Cisco is behind in security. Im not sure theyre a one-size-fits-all vendor," said Fran Garrett, network systems manager at the San Diego Union-Tribune, in San Diego, after hearing Chambers keynote address. "We try to go with best of breed. I dont think a [security device that does multiple functions] is the best way to go."
Price will be an important factor for customers considering the ASA appliance, and customers arent likely to pay more for the Cisco name, Mogull said.
Rod Murchison, director of product management for Junipers Security Products Group, disputes that idea. He said he believes performance and ease of management are the main concerns for customers.
Getting different security products to work well together is challenging, and it is unlikely Cisco will get it right with its first-generation product, Murchison said. "As you get into security products, it gets intense to work them into each other. You cant just take a network platform and cram them all on one box. This is complex stuff, and its hard to get it right."
For example, integrated appliance vendors have to keep the performance of VPNs consistent with whats promised on the product data sheet, even while processor-intensive functions such as anti-virus tools are running on the same device, Murchison said.