Is there a need? In many cases, yes. Software-based firewalls and antivirus products are not providing adequate protection against an epidemic of new virus threats. The biggest issue is performance. Today’s software tops out at about 3 Mbit/s. What's more, many traditional security products don’t go deep enough into the packets to be able to block bad traffic from coming into the network.
As thousands of enterprise customers feel the effects of nasty viruses like SQL Slammer, Code Red, and Nimba [ed. note: and don't forget Monkeypox!], the need for higher-performance protection is growing. Last year, one in every 350 emails sent contained a virus. The cost to enterprises has been tremendous. Between 2001 and 2002 the total financial loss due to virus activity increased 435 percent, according to the 2003 CSI/FBI Computer Crime and Security Survey. Some studies suggest that 84 percent of virus infections resulted in up to 20 workdays lost. On average, these attacks took network administrators 50 hours to clean up and recover lost files. Companies also have reported losing up to 70 percent of productivity due to viruses.
Many vendors have introduced hardware appliances that use ASIC-based network processors to improve performance. But at the moment, products tend to each specialize on one attack or weakness, which leaves enterprise customers with dozens of products to manage.
The trend is a consolidation of these products into a single device that can assemble packets and apply rules across a wide array of attacks. Richard Stiennon, a security analyst with Gartner Inc. has called this looming product category “Network Security Nirvana.” In a report that he will publish in the next couple of weeks, he mentions four major market segments that are expected to evolve their products into this God Box.
- Intrusion detection system vendors like TippingPoint Technologies Inc., OneSecure (acquired by NetScreen Technologies), and Intruvert (acquired by Network Associates Inc.);
- Content switching vendors like Blue Coat Systems Inc. (Nasdaq: BCSI), Cisco Systems Inc. (Nasdaq: CSCO), F5 Networks Inc. (Nasdaq: FFIV), Nortel Networks Corp. (NYSE/Toronto: NT) and Radware Ltd. (Nasdaq: RDWR);
- Application-specific firewall vendors like NetContinuum Inc.; and
- Firewall appliance vendors like Fortinet Inc., NetScreen Technologies Inc. (Nasdaq: NSCN), and Nokia Corp. (NYSE: NOK).
Content switching products were originally designed to provide high-speed, intelligent load balancing across Web and application server farms. But recently, vendors have added firewall and antivirus load balancing. Radware has taken security a step further, and added filters to block specific viruses, like Code Red and Nimba.
“Adding the ability to block attacks is merely a matter of adding additional filters to check for anomalous packets, signatures of known attacks, buffer overflow attempts, and even keywords,” says Gartner’s Stiennnon. ”Dropping packet streams or sessions associated with bad stuff is easy for a content switch.”
Vikram K. Desai, chief operating officer for Radware, says sales of its new security products have increased 85 percent from the fourth quarter of 2002 to the first quarter of 2003. The new market opportunity couldn't have come at a better time. Over the past year, revenue from traditional application load balancing has been relatively flat.
Stiennnon agrees. “They already sit in the right place in the network,” he says. “And if they continue to develop their product, they have a shot for a piece of the $3.5 billion firewall market.”
— Marguerite Reardon, Senior Editor, Light Reading