NetScreen Firewall Gets Smart
NetScreen has been selling the OneSecure product as a standlone solution since it acquired the company for $40.3 million last August (see NetScreen Acquires OneSecure and NetScreen CEO Touts Integration). Its new software is an upgrade that adds protection for more than 250 application-level attacks to NetScreen's low-end firewall appliances, which are often deployed in branch offices and corporate remote sites.
With the new software, NetScreen's firewall appliance has gained the ability for "deep packet inspection," or peering into packets to find protocol anomalies targeting key Internet services, such as Web, email, and file transfer resources. Early next year, the company plans to include the functionality in a next-generation, high-end platform.
NetScreen's upgrade reflects a trend toward combining intrusion detection and prevention in firewalls. The reasoning is simple: As application-layer attacks through email and Web browsers get more sophisticated, customers are looking for products that can identify and block these threats. The firewall is an ideal location for this activity -- even though many vendors have been selling separate inrusion detection and prevention platforms up to now.
“The trend in the industry is toward consolidation,” says Richard Stiennon, a security analyst with Gartner Inc., who has published reports on this topic (see Security God in the Making?). “Customers want to be able to block a lot of these application attacks at the firewall.”
Other security companies adding more application intelligence to their firewall products include NetScreen’s leading competitor, Check Point Software Technologies Ltd. (Nasdaq: CHKP), which announced its Application Intelligence technology in May 2003 (see Check Point Protects Applications).
But there's a price to be paid for consolidation. Turning on intrusion detection and prevention features in a standard firewall usually slows down packet processing, something NetScreen’s VP of marketing David Flynn acknowledges as an issue. He says that is why the company is only offering the software upgrade on its low-end devices. He says the new hardware platform set for release next year will have more horsepower to handle the combined tasks.
Even with the performance hit, Gartner's Stiennon says NetScreen's ASIC-based platform should be an improvement over software solutions such as Check Point's, because the ASICs are designed for higher performance. He notes that NetScreen's approach is designed for carriers that often purchase NetScreen's gear as part of a managed security solution.
“Upgrading flash memory on an ASIC is a lot different than updating software running on a Linux hard drive,” Stiennon says. “The performance almost always will be better using the ASIC-based platform.”
What about the rest of the competition? Firewall market leader Cisco Systems Inc. (Nasdaq: CSCO) is well behind NetScreen and Check Point, says Stiennon. Like NetScreen, Cisco sells separate firewall and intrusion detection platforms. So far, it has not announced plans to integrate the offerings.
Stiennon says Cisco is taking a wait-and-see approach, and he expects that it will acquire more startups in the intrusion detection and prevention sector. The company has already picked up two small ones. Psionic helped provide technology to improve intrusion detection accuracy, and Okena offers a client-based solution (see Cisco Buys Psionic and Cisco's Got an Okena ).
There are several companies left that Cisco could choose, including NetContinuum Inc., Sanctum Inc. and TippingPoint Technologies Inc.
As for the rest of the competition, Fortinet Inc., a small appliance competitor specializing in antivirus protection, also says it is adding more application-aware technology to its ASIC-based firewall (see Fortinet Score $30M Funding Round). Internet Security Systems Inc. (Nasdaq: ISSX), an antivirus company, also says it is adding this functionality.
— Marguerite Reardon, Senior Editor, Light Reading