Today, the companies made separate announcements regarding new features to their clientless Secure Socket Layer (SSL) VPN solutions (see Neoteris Expands SSL Access and Aventail Upgrades VPN Kit). In an effort to build products that can eventually replace IPSec VPNs, they've each added broader application support, a key issue for SSL VPNs.
The move is important because SSL gear risks becoming somewhat generic; more features will be needed to keep pace with technologies such as IPSec.
“For Aventail and Netoeris to succeed they need to become a full replacement for IPsec,” says Michael Suby, senior research analyst with Stratecast Partners. “They’ve got to prove that SSL holds more value, is just as secure, costs less, and is easier to manage than IPSec.”
IT managers today have two choices when it comes to secure remote access. They can deploy IPSec clients on individual laptops, desktops, and mobile devices, or they can use an SSL solution, which utilizes encryption capabilities built into browsers and does not require a client-side software installation other than the browser.
Each solution has its pros and cons. It’s a tradeoff between the simplicity of SSL VPNs and the security of IPSec VPNs. Emerging SSL VPN technologies generally deliver secure access to more places at a lower total cost of ownership, because they include less administrative overhead. But these benefits typically come at the cost of important features already available in IPSec solutions, like strong desktop security and broad application support. As a result, most companies use a combination of the technologies, depending on the application.
Some IPSec vendors are starting to add SSL technology. To combat this trend, Aventail and Neoteris are taking SSL VPNs to the next level with enhanced support for additional applications.
Neoteris has added a new product it calls Network Connect. Instead of creating a secure tunnel for a particular application, Network Connect creates a tunnel for a network connection. Just like an IPSec network tunnel, this allows users access to the entire network, including complex applications like streaming media and voice over IP. But unlike IPSec, the company asserts that a full-fledged client is not required on end-users’ devices, making it easier to manage and deploy.
The company also announced that it has developed application programming interfaces for integration with security products from other companies like InfoExpress, Network Associates Inc. (NYSE: NET), Sygate Technologies Inc., and Zone Labs. And it has fully integrated features from Network Associates and Fortinet Inc. to provide anti-virus support on its appliances.
Aventail has also added new capabilities to its OnDemand 3.0 product that will expand the type of applications it can support. For example, it will now support dynamic traffic redirection, which allows it to identify and secure traffic by domain, IP range, or subnet. This eliminates the need for making unnecessary changes to IT infrastructure like the domain name servers, desktops, or applications. OnDemand 3.0 also now includes support for dynamic port assignments. This allows it to support applications that use a complex, changing range of ports, like those from SAP AG (NYSE/Frankfurt: SAP) and Siebel Systems Inc. (Nasdaq: SEBL).
But the competition from incumbent equipment providers is heating up. Nortel Networks Corp. (NYSE/Toronto: NT), which also sells an IPSec solution in its Contivity product line, has continued to add new SSL VPN features to its Alteon Web switch (see Nortel Expands Security Portfolio). Nokia Corp. (NYSE: NOK), a leader in mobile/wireless devices, announced SSL VPN support this summer (see Nokia Sweetens SSL ). Cisco Systems Inc. (Nasdaq: CSCO) is also expected to make an SSL announcement soon. NetScreen Technologies Inc. (Nasdaq: NSCN) is supposedly shopping for a startup to buy (see NetScreen SSL Move Likely). And Check Point Software Technologies Ltd. (Nasdaq: CHKP) is likely to evolve its current SSL solution.
“When you have Cisco, Check Point, Nokia, and Nortel all with something in this market and all with channel distributors, it’s tough competition for a small private company,” says Stratecast's Suby. “You can be a niche player for SSL, but these small private companies are going to have to tie their wagons to a large IPSec vendor or some other kind of vendor.”
Consolidation has already started happening. F5 Networks Inc. (Nasdaq: FFIV), a load balancing appliance vendor, announced two weeks ago that it was acquiring SSL startup uRoam (see F5 Buys Into SSL VPNs).
There is still a long list of SSL VPN suppliers out there including:
- Array Networks Inc.,
- Aspelle Ltd.,
- Netilla Networks Inc.,
- NetScaler Inc.,
- SafeWeb Inc., and
- Whale Communications Ltd.
— Marguerite Reardon, Senior Editor, Light Reading