IPolicy Chips In

One year after it emerged from stealth mode, iPolicy Networks has introduced two new carrier-class security boxes that it claims can run up to seven different security applications simultaneously at wire speed (see IPolicy Beefs Up Security, iPolicy: IP Services on Speed).

At a time when service providers aren’t exactly throwing money at new technology, iPolicy might have a rough ride ahead trying to sell the new ipEnforcer 6000 and 6500. But the company hopes to convince some cash-strapped carriers that it is offering a good deal, claiming that the boxes deliver not only new levels of high-speed security but also allow for great savings in operational and capital expenses.

As with the ipEnforcer 5000, which shipped last year, iPolicy says the new boxes will help cut carrier expenses due to their centralized, automated management platform, the ipEnforcer Unified Service Manager, as well as the integration of multiple security applications into one device. All three boxes are two rack units high.

The management software is touted as a key feature of the box -- it allows for the configuration of a certain security profile for each customer, which is then deployed across the network simultaneously.

“The greatest advantage they have is that their emphasis on manageability can really help cut costs,” says Yankee Group analyst Anil Phull. He also points out that if you need multiple security applications, like most service providers do, it is almost always less expensive to buy one device with several functions than to buy one device for each function.

Some observers, however, say they don’t think carriers will jump at the chance to cut costs if it means having to offer a single security platform for all the different services they want to offer their customers.

“Carriers usually offer services with different security vendors, because it’s usually important for them to give their customers a choice of technology,” says Jeff Wilson, an analyst with Infonetics Research Inc. “The problem is that everyone wants something different… They usually don’t use a single platform.”

In addition to the firewall, virtual private network (VPN), intrusion detection, anti-virus protection, and quality of service applications provided in the 5000 box, the new boxes also offer URL screening and virtual network address translation (VNAT). IPolicy's hardware is built from scratch using multiple Vitesse Semiconductor Corp. (Nasdaq: VTSS) network processors, and the company teamed with third-party vendors like Elron Software, Network Associates Inc. (NYSE: NET), and Symantec Corp. (Nasdaq: SYMC) for the actual services (see Vitesse Pumps Up its Net Processor ).

The ipEnforcers do not, however, offer switching and routing as do some of the company’s competitors' products, but iPolicy claims the boxes can be integrated with any router or switch on the market.

Founded in February 2000 through the merger of two software companies -- U.S.-based TunnelNet and India-based Duet Technologies -- iPolicy claims to have already gained some traction in the market. At present, according to Gajraj Singh, director of marketing at iPolicy, the company has nearly two dozen paying customers, including one Tier 1 service provider, some government agencies (especially within the Department of Defense), and other large organizations.

The California-based company has received more than $29 million in total funding to date, through one round of about $24 million and a bridge round of $5.5 million. The three biggest backers are Morgan Stanley Dean Witter & Co., Greylock, and Tamir Fishman Ventures. The company says it is not currently seeking additional funding.

While many companies in the security market offer devices based on custom-made ASICs (application-specific integrated circuits), iPolicy has decided to base all of its boxes on network processors. And early tests of the performance of the box indicate there is some truth to claims that network processors are catching up to ASICs in performance.

In January, Tolly Group performed a test on the ipEnforcer 5000, finding that the box could deliver zero-loss, wire-speed, 2-Gbit/s performance in a carrier-class traffic environment. And iPolicy claims that the new 6000 and 6500 can do even better. Both new boxes support 200 customer locations and 1 million active sessions. While the 6000 offers 4 Gbit/s of wire-speed throughput and four GBIC-based GE interfaces, iPolicy claims that the most powerful box, the 6500, is the first security platform with OC48 (2.5 Gbit/s) interfaces.

Of course iPolicy isn’t the only company on the market to make high-end security products that promise to make life easier -- and cheaper -- for carriers. IP service switches from companies like CoSine Communications Inc. (Nasdaq: COSN) and Nortel Networks Corp. (NYSE/Toronto: NT) -- through its Shasta acquisition -- also offer security services like VPN and firewall, so that service providers can sell those services to customers without deploying customer premises equipment. And companies like NetScreen Technologies Inc. (Nasdaq: NSCN), RapidStream Inc. /WatchGuard Technologies Inc. (Nasdaq: WGRD), CloudShield Technologies Inc., Crossbeam Systems Inc., and ServGate Technologies Inc. offer specifically built high-speed firewall and VPN services. Others, like TippingPoint Technologies Inc., specialize in high-end threat detection and denial-of-service applications.

“A lot of people are trying to carve out a niche and stay there,” says Wilson of Infonetics. “It’s a crowded market.”

The ipEnforcer 6000 starts at $125,000; the 6500 starts at $157,000. In addition, the different service application modules range from $58,000 to $125,000 apiece. Both devices and the application modules are available immediately.

— Eugénie Larson, Reporter, Light Reading
vnowoslawski 12/4/2012 | 11:24:16 PM
re: IPolicy Chips In They never did supply the answer.
Light-bulb 12/4/2012 | 10:13:28 PM
re: IPolicy Chips In I like how everyone says Carrier Class. How is a 2U box scalable past the one 2U platform? When you grow to multi-platforms you now have multiple boxes to manage... and Voila! you are right back to what they said they would solve. Carrier class means much more than simply 5 9's of reliability though everyone thinks that thats the net of it all. Thats only the Tip of the iceberg. Carrier Class means Reliability, Scalability with the hopes of Managability via Existing OSSs. (Though I concede the Managability of a Next gen product doesn't fall directly into TIRKs - Most of the time)
My money is on CrossBeam for an Intelligent IP security/General chassis. Though execution is everything and that remains to be seen. The product can start small and scale large with one platform to manage.
These little 2U boxes are too small they just don't get enough work done. I believe its similar to Whiterock's products. Sure they start small... until you start stacking box after box. Don't know about you all, but I prefer managing say 3 boxes instead of 30 1U boxes. The theory of starting with small little boxes sounds great until the ILEC has to keep scheduling Box adds for the Rack for network growth... anyone know what a blueprint add for a CO costs a ILEC? Well its pretty substantial thats why most of the time they install a frame of equipment not 1/30 of the frame. But thats a whole other talk.

Oh well, I wish IPolicy the best, just hope they are thinking long-term scalability and showing an adequate "Dream-Map" err... Roadmap.

LightReading: Please make this distinction when we talk about Carrier Class... its being applied to everything and anything. Please supply "Your Definition" to help clarify.

Sign In