FRAMINGHAM – Best-of-breed security software lets data center operators tailor protection to their exact needs. But some midsize companies or branch offices without dedicated security experts may prefer a simpler approach.
That was the situation Greg Muehl faced when securing the network connecting United Building Centers’ (UBC) more than 200 lumberyards, manufacturing plants and millwork shops. He wanted to protect them, but he didn’t have IT staff at those locations, nor did he want to overburden existing servers.
“We didn’t want to put that additional load on the local servers by having them [encrypt and authenticate IP packets] with software, nor did we want to expose those servers to the danger of acting as border devices,” says Muehl, information security senior analyst at UBC’s Boston-based parent company, Pro-Build Holdings Inc., the nation’s largest supplier of building materials to contractors.
Like other companies seeking low-hassle network security, UBC deployed a virtual private network/security appliance — in this case, Firebox SSL Core boxes from Watchguard Technologies Inc. in Seattle. They provide Secure Sockets Layer (SSL) encryption, firewalls with deep packet inspection (inspection of the data in the packet, not just the header), intrusion protection and access-control lists.
Such hardware/software combinations are simple to install and manage but don’t offer the highest levels of security. So the question prospective users need to answer is, how much security is good enough for a particular location?
Apparently, many users find that appliances provide enough security for their needs. “Appliances are growing because they’re easier to install and easier to use,” says Bruce Schneier, chief technology officer at Counterpane Internet Security Inc. in Mountain View, Calif. “They’re not necessarily better or more secure, and in fact, you can get more security if you have more fine control [through dedicated security software]. But that takes know-how, and many customers don’t have the expertise.”
Box boom When looking to secure their systems, administrators have the option of either installing security software on a server or buying a security appliance with the software preinstalled.
Security appliances come in two basic flavors: dedicated and multipurpose.
Dedicated appliances provide a single security service such as firewall or antivirus protection. Multipurpose appliances are either networking devices such as routers that also incorporate security functions, or specialized security devices that provide suites of security services.
“With an appliance, you buy hardware and software, so you have a total solution,” says Ken Poulin, vice president of operations at emergency messaging services provider Varolii Corp. in Bedford, Mass. He uses firewall and intrusion-detection appliances from Juniper Networks Inc. “If you just buy the software, you run into compatibility issues, so it is easier for me to go with a plug-and-play solution,” he says.
Companies are increasingly adopting that approach, says Jeff Wilson, an analyst at Infonetics Research Inc. in Campbell, Calif. He says that security appliance sales are growing faster than security software sales. Infonetics figures show that while overall security appliance and software sales rose 15 percent to US$4.6 billion in 2006, SSL VPN gateway appliance sales rose 40 percent after posting a 61 percent rise the previous year.
“What were formerly separate network elements or devices such as firewalls or VPNs are now on a single platform,” says Aaron Vance, an analyst at Synergy Research Group Inc. in Reno, Nev. “We also see integration of those capabilities into more traditional network elements like routers and switches.”
This is reflected in who leads the market: Networking giant Cisco Systems Inc., which offers hybrid security/ networking products, has a 42 percent share, according to Synergy.
The rest of the top five are a mix of networking and security firms: Check Point Software Technologies Ltd., Juniper Networks, Nokia Corp. and Symantec Corp.
Vance says that the growth of distributed networks is also driving the adoption of multifunction appliances as companies try to protect connections such as those among branch offices.
Midsize organizations with a limited number of IT security staffers find the multifunction appliance option attractive as well. The city of Encinitas, Calif., for example, installed a Gate