Guarding the Gigabits
LAS VEGAS -- With more and more companies deploying networks that can run at gigabit speed, certain security applications can literally be a drag. But judging from several announcements at NetWorld+Interop (N+I), that might just be about to change.
Now, observers say, there is a trend towards creating hardware for more sophisticated security functions such as intrusion detection, content filtering, and virus protection. These security applications are more difficult to run at higher speeds than firewalls, which were the first high-speed security products.
Cisco Systems Inc. (Nasdaq: CSCO) was among the companies announcing such hardware-based security solutions at N+I on Monday (see Cisco Extends Intrusion Protection). The company reported that it is expanding its existing family of intrusion detection solutions (IDS) with two new appliances, as well as a new version of its IDS software. One of the devices, the 4250, offers gigabit performance.
"This is the first of what I expect to be a long string of announcements coming from different vendors," says Infonetics Research Inc. analyst Jeff Wilson. "You might have firewalls and VPN running at gigabit speeds, but other parts of the security system, like intrusion detection, are still holding people back."
Intrusion detection is not the only security application that's going gigabit. Fortinet Inc., a startup founded by Ken Xie, who also founded NetScreen Technologies Inc. (Nasdaq: NSCN), announced six new devices in its FortiGate family of content processing systems at N+I on Monday (see Fortinet Improves Security Family). In addition to offering firewalls, VPNs, and intrusion detection, the boxes, which range from a SOHO device all the way up to a carrier-class device with gigabit capacity, are the first hardware applications on the market to address virus protection and content filtering. The company claims that its ASIC-based solution is the only content processor fast enough to actually filter everything going through the network.
But while gigabit speed might sound enticing, observers warn that many equipment providers claim higher speeds than they can actually deliver.
"They can do tests in lab trials that show that kind of speed, but on a live network a lot can go wrong," says Synergy Research Inc. analyst Aaron Vance. He points out that Cisco’s 4250, which he says is one of the best intrusion detection solutions on the way to market, can actually only give about 500 Mbit/s in a live network. Though he does note that's good performance, especially since the company says it will reach true gigabit speeds later this year.
While speed is definitely a major issue in the push towards updating different security applications, the havoc caused by recent viruses and worms such as Code Red and Nimbda have also emphasized the importance of making the applications delve deeper in their search for problems. Cisco has been addressing this problem by integrating IDS into other network applications like routers and switches, and both of its new devices, the 4250 and the 4235, have both signature and anomaly-based algorithms (see Cisco Certifies Security). Most intrusion detection solutions on the market only have one or the other.
The hardware security solutions might be great, but Jeff Phillips, an analyst with TeleChoice Inc., is quick to point out that they won’t serve everyone. "Software has more flexibility and is cheaper," he says. "Not everyone can afford [hardware]."
Cisco’s 4250 and 4235, which will be shipping later this month, will cost $25,000 and $12,500 respectively, and Fortinet’s appliances, which are available now, cost between $695 and $39,995.
Cisco, however, is promoting its 4235 as an appliance that is "resetting the price/performance standard for the market," while Fortinet insists that having all the necessary security appliances on one box will not only cut capital and operational spending, but will also make life a lot easier for the system’s administrators.
While some observers say that companies in the market, especially startups, might have a hard time explaining to people why they need their products, Matthew Kovar, an analyst with the Yankee Group, says the products are addressing existing problems, even if they haven’t been defined yet. "Whether or not they’ll have a market is a valid concern," he says. "They’re just launching."
Wilson of Infonetics agrees that similar products from other vendors are sure to follow. "This certainly isn’t going to be the only one," he says.
— Eugénie Larson, Reporter, Light Reading
http://www.lightreading.com
Now, observers say, there is a trend towards creating hardware for more sophisticated security functions such as intrusion detection, content filtering, and virus protection. These security applications are more difficult to run at higher speeds than firewalls, which were the first high-speed security products.
Cisco Systems Inc. (Nasdaq: CSCO) was among the companies announcing such hardware-based security solutions at N+I on Monday (see Cisco Extends Intrusion Protection). The company reported that it is expanding its existing family of intrusion detection solutions (IDS) with two new appliances, as well as a new version of its IDS software. One of the devices, the 4250, offers gigabit performance.
"This is the first of what I expect to be a long string of announcements coming from different vendors," says Infonetics Research Inc. analyst Jeff Wilson. "You might have firewalls and VPN running at gigabit speeds, but other parts of the security system, like intrusion detection, are still holding people back."
Intrusion detection is not the only security application that's going gigabit. Fortinet Inc., a startup founded by Ken Xie, who also founded NetScreen Technologies Inc. (Nasdaq: NSCN), announced six new devices in its FortiGate family of content processing systems at N+I on Monday (see Fortinet Improves Security Family). In addition to offering firewalls, VPNs, and intrusion detection, the boxes, which range from a SOHO device all the way up to a carrier-class device with gigabit capacity, are the first hardware applications on the market to address virus protection and content filtering. The company claims that its ASIC-based solution is the only content processor fast enough to actually filter everything going through the network.
But while gigabit speed might sound enticing, observers warn that many equipment providers claim higher speeds than they can actually deliver.
"They can do tests in lab trials that show that kind of speed, but on a live network a lot can go wrong," says Synergy Research Inc. analyst Aaron Vance. He points out that Cisco’s 4250, which he says is one of the best intrusion detection solutions on the way to market, can actually only give about 500 Mbit/s in a live network. Though he does note that's good performance, especially since the company says it will reach true gigabit speeds later this year.
While speed is definitely a major issue in the push towards updating different security applications, the havoc caused by recent viruses and worms such as Code Red and Nimbda have also emphasized the importance of making the applications delve deeper in their search for problems. Cisco has been addressing this problem by integrating IDS into other network applications like routers and switches, and both of its new devices, the 4250 and the 4235, have both signature and anomaly-based algorithms (see Cisco Certifies Security). Most intrusion detection solutions on the market only have one or the other.
The hardware security solutions might be great, but Jeff Phillips, an analyst with TeleChoice Inc., is quick to point out that they won’t serve everyone. "Software has more flexibility and is cheaper," he says. "Not everyone can afford [hardware]."
Cisco’s 4250 and 4235, which will be shipping later this month, will cost $25,000 and $12,500 respectively, and Fortinet’s appliances, which are available now, cost between $695 and $39,995.
Cisco, however, is promoting its 4235 as an appliance that is "resetting the price/performance standard for the market," while Fortinet insists that having all the necessary security appliances on one box will not only cut capital and operational spending, but will also make life a lot easier for the system’s administrators.
While some observers say that companies in the market, especially startups, might have a hard time explaining to people why they need their products, Matthew Kovar, an analyst with the Yankee Group, says the products are addressing existing problems, even if they haven’t been defined yet. "Whether or not they’ll have a market is a valid concern," he says. "They’re just launching."
Wilson of Infonetics agrees that similar products from other vendors are sure to follow. "This certainly isn’t going to be the only one," he says.
— Eugénie Larson, Reporter, Light Reading
http://www.lightreading.com
EDUCATIONAL RESOURCES
FEATURED VIDEO
UPCOMING LIVE EVENTS
April 6-4, 2023, Virtual Event
April 25-27, 2023, Virtual Event
May 10, 2023, Virtual Event
May 15-17, 2023, Austin, TX
May 23, 2023, Digital Symposium
June 6-8, 2023, Digital Symposium
June 21, 2023, Digital Symposium
December 6-7, 2023, New York City
UPCOMING WEBINARS
April 4, 2023
RAN Evolution Digital Symposium - Day 1
April 6, 2023
RAN Evolution Digital Symposium - Day 2
April 12, 2023
B2B 5G: Lessons learned from Huawei’s path to monetization
April 12, 2023
Harnessing the Power of Location Data
April 19, 2023
Finding the right path to Automation
April 20, 2023
SCTE® LiveLearning for Professionals Webinar™ Series: Getting A Fix on Fixed Wireless
April 20, 2023
13 Million DDoS Attacks – What You Need to Know
April 24, 2023
APAC Digital Symposium - Day One
April 26, 2023
Developing achievable SLAs for 5G Private Networks
April 26, 2023
APAC Digital Symposium - Day Two
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
Embrace F5.5G and stride to Green 10Gbps
By Kerry Doyle
How Carriers can Boost B2B Services Growth
By Kerry Doyle
WBBA Director General: Creating a Roadmap for Broadband Advocacy
By Pedro Pereira
All Partner Perspectives
