Boxes Pack Punch

Security devices deliver wide range of functionality.

In their continuing effort to find new markets and additional ways into customer data centers, more and more security vendors are beginning to think inside the box.

Dedicated security appliances once were thought of as a low-end option for smaller IT shops that couldnt afford to invest millions of dollars in several separate security applications. But now, some of the biggest names in the industry, such as Internet Security Systems Inc., and some smaller companies, such as Arbor Networks Inc., are introducing lines of appliances that range from entry-level boxes to $60,000, 200M-bps monsters.

The move into hardware is a departure of sorts for most of these vendors. ISS, which has a strong presence in both vulnerability assessment and intrusion detection, has always preferred the high profit margins and lower investment costs of developing software to the risk and overhead involved in building hardware. However, with the introduction last week of its Proventia line of appliances, the Atlanta-based company has jumped into the hardware market with both feet.

The Proventia appliances include a wide range of functionality, from intrusion prevention to anti-virus to a stateful firewall and virtual private network gateway.

"We wanted to blend everything into a unified, multifunction device," said Greg Adams, vice president of product management at ISS. "I do feel that most companies cant afford to have [firewall, intrusion detection system and anti-virus] solutions at every branch office. In time, theyll grow accustomed to having one appliance, and it will make its way back into the enterprise core."

ISS entry into the appliance market comes at an auspicious time. The market for security appliances grew 15 percent, to $335 million, in the fourth quarter of last year, according to International Data Corp., of Framingham, Mass.

And ISS is not alone. Cisco Systems Inc., of San Jose, Calif., and Network Associates Inc., of Santa Clara, Calif., have had their own security boxes on the market for some time. With its recent acquisition of Okena Inc., its likely Cisco will soon be incorporating Okenas StormWatch intrusion prevention technology into its boxes as well.

NAI is following a similar path. Its WebShield line of appliances may soon benefit from the companys purchase of IntruVert Networks Inc. and Entercept Security Technologies Inc., both of which sell intrusion prevention solutions. NAI executives said they plan to integrate those technologies into the companys existing products in the near future.

The big vendors are facing competition from smaller, more specialized companies such as Arbor and Crossbeam Systems Inc. as well. Arbor, which sells solutions that detect and mitigate denial-of-service attacks and other network anomalies, has until recently focused on the service provider market. Last week, however, the company introduced its first enterprise product, PeakFlow X.

The appliance is based on the companys relational anomaly detection engine and is meant to help enterprises harden the core of their networks as attackers increasingly learn how to circumvent perimeter defenses. PeakFlow X can use network taps or spans to monitor traffic and gives customers the ability to block services at the firewall without disrupting business operations.

The appliance monitors inbound and outbound traffic and gradually establishes a base line for what normal network traffic looks like. It can then use that pattern to detect anomalous traffic and take action to prevent unauthorized operations.

"This is far more sophisticated than looking for malformed traffic," said Ted Julian, founder and chief strategist of Arbor, based in Waltham, Mass. "It can help tighten your security architecture in an intelligent way."

Like ISS boxes, Crossbeams X40S appliance integrates several security applications into one machine and includes load balancing capabilities. Executives at Crossbeam, based in Concord, Mass., said the X40S can perform several security operations at one time, instead of doing them sequentially, greatly enhancing the speed of the appliance.