Guarding the Gigabits
Now, observers say, there is a trend towards creating hardware for more sophisticated security functions such as intrusion detection, content filtering, and virus protection. These security applications are more difficult to run at higher speeds than firewalls, which were the first high-speed security products.
Cisco Systems Inc. (Nasdaq: CSCO) was among the companies announcing such hardware-based security solutions at N+I on Monday (see Cisco Extends Intrusion Protection). The company reported that it is expanding its existing family of intrusion detection solutions (IDS) with two new appliances, as well as a new version of its IDS software. One of the devices, the 4250, offers gigabit performance.
"This is the first of what I expect to be a long string of announcements coming from different vendors," says Infonetics Research Inc. analyst Jeff Wilson. "You might have firewalls and VPN running at gigabit speeds, but other parts of the security system, like intrusion detection, are still holding people back."
Intrusion detection is not the only security application that's going gigabit. Fortinet Inc., a startup founded by Ken Xie, who also founded NetScreen Technologies Inc. (Nasdaq: NSCN), announced six new devices in its FortiGate family of content processing systems at N+I on Monday (see Fortinet Improves Security Family). In addition to offering firewalls, VPNs, and intrusion detection, the boxes, which range from a SOHO device all the way up to a carrier-class device with gigabit capacity, are the first hardware applications on the market to address virus protection and content filtering. The company claims that its ASIC-based solution is the only content processor fast enough to actually filter everything going through the network.
But while gigabit speed might sound enticing, observers warn that many equipment providers claim higher speeds than they can actually deliver.
"They can do tests in lab trials that show that kind of speed, but on a live network a lot can go wrong," says Synergy Research Inc. analyst Aaron Vance. He points out that Cisco’s 4250, which he says is one of the best intrusion detection solutions on the way to market, can actually only give about 500 Mbit/s in a live network. Though he does note that's good performance, especially since the company says it will reach true gigabit speeds later this year.
While speed is definitely a major issue in the push towards updating different security applications, the havoc caused by recent viruses and worms such as Code Red and Nimbda have also emphasized the importance of making the applications delve deeper in their search for problems. Cisco has been addressing this problem by integrating IDS into other network applications like routers and switches, and both of its new devices, the 4250 and the 4235, have both signature and anomaly-based algorithms (see Cisco Certifies Security). Most intrusion detection solutions on the market only have one or the other.
The hardware security solutions might be great, but Jeff Phillips, an analyst with TeleChoice Inc., is quick to point out that they won’t serve everyone. "Software has more flexibility and is cheaper," he says. "Not everyone can afford [hardware]."
Cisco’s 4250 and 4235, which will be shipping later this month, will cost $25,000 and $12,500 respectively, and Fortinet’s appliances, which are available now, cost between $695 and $39,995.
Cisco, however, is promoting its 4235 as an appliance that is "resetting the price/performance standard for the market," while Fortinet insists that having all the necessary security appliances on one box will not only cut capital and operational spending, but will also make life a lot easier for the system’s administrators.
While some observers say that companies in the market, especially startups, might have a hard time explaining to people why they need their products, Matthew Kovar, an analyst with the Yankee Group, says the products are addressing existing problems, even if they haven’t been defined yet. "Whether or not they’ll have a market is a valid concern," he says. "They’re just launching."
Wilson of Infonetics agrees that similar products from other vendors are sure to follow. "This certainly isn’t going to be the only one," he says.
— Eugénie Larson, Reporter, Light Reading