3Com Corp. plans to integrate intrusion prevention technology from its TippingPoint subsidiary into networking gear from its H3C division as part of a strategy to deliver streamlined secure networks at less cost and power consumption than marquee vendors.
The company kicked off its initiative this week with appliances and switch modules based on VPN (virtual private network) technology from H3C. Early next year it will start introducing blades with the TippingPoint IPS (intrusion prevention system) for its modular networking products, according to Gary Kinghorn, product marketing manager for security at 3Com. Also beginning next year, the company will build a single management platform from TippingPoint’s Security Management System (SMS) and H3C’s Intelligent Management Center (IMC) software.
3Com began talking about integrating TippingPoint’s intrusion prevention smarts into its network gear soon after it bought the company for US$430 million in 2004. It even brought those elements together in a set of products based on 3Com’s SMB gear. But it took time for enterprises to embrace the concept and for network equipment to be able to support such functions, said John Vincenzo, 3Com’s vice president of corporate marketing.
Cisco Systems and Juniper Networks have been pushing the integration of higher-level functions such as security into the network infrastructure for the past few years.
3Com has introduced the H3C SecPath family of standalone firewall appliances, ranging from the F1000 to the F5000-A5, a chassis seven rack units high that can accommodate several of the appliances. The F5000-A5 can provide line-rate protection for multiple 10 Gigabits per second (Gbps) bps connections and a fully configured rack can perform at 40 Gbps, Kinghorn said.
The company also rolled out the H3C SecBlade modules, which are designed for integration into the H3C Switch 9500E and 7500E Ethernet chassis devices and the H3C Switch 5820 stackable product family. The modules offer between 6.5 Gbps and 8 Gbps performance.
The firewall products are based on the H3C Comware operating system. They can perform stateful packet inspection filtering and let administrators set up multiple zones with separate firewall instances, which 3Com calls “virtual firewalls,” so administrators can enforce different rules for employee and guest networks and wired and wireless LANs, according to 3Com. The firewalls can also look inside IPSec VPN tunnels to detect attacks, block specific kinds of traffic and e-mail attachment types, and prioritize traffic based on business policies. 3Com said its products take up less space and consume far less power than those of competitors.
U.S. government scrutiny probably helped to stymie 3Com’s bid to bring TippingPoint capabilities into H3C products, said Yankee Group analyst Zeus Kerravala.
“I’m not sure they really could have done it any faster,” Kerravala said.
In 2008, Bain Capital abandoned a proposed deal with Huawei to acquire 3Com because the U.S. Committee on Foreign Investment in the United States (CFIUS) delayed it. Critics saw danger in allowing TippingPoint’s intrusion prevention technology to get into the hands of a Chinese entity.
The market is ripe for converged security and networking, Kerravala added. The scale and speed requirements of today’s networks call for integration, he said.
“It’s hard to build a really big network if you’re using a bunch of (discrete) security appliances,” Kerravala said.
The F-series appliances are available now. The F1000 starts below $10,000 and the F5000-A5 starts below $100,000. The SecBlade VPN Firewall modules are available now for the 7500E chassis and will ship for the 5820 and 9500E chassis in the fourth quarter. They are priced starting below $25,000. All prices are in U.S. currency.