Shoring up security against new threats

Each year, the IT industry is always on the lookout for the next big thing — be it a new device or a new technology — that will bring about significant market hype and, ultimately, significant market adoption as well.

  • E-Mail
By  Peter Branton Published  February 27, 2005

Introduction|~||~||~|Each year, the IT industry is always on the lookout for the next big thing — be it a new device or a new technology — that will bring about significant market hype and, ultimately, significant market adoption as well. The security sector, for instance, translates this to new vulnerabilities that need to be patched and protected. The rise of new threats has brought with it a parallel increase in the number of solutions and the creation of defined categories in security offerings. However, this trend has consequently resulted in an increased complexity of defences and solutions. Companies, especially those that don’t have enough IT resources to spare, find it more difficult to maintain proper security precautions amidst mounting costs and complexities. The call to replace traditionally deployed, disparate security solutions has prompted security vendors to develop tools that can safeguard companies from multiple threats at much friendlier price tags. This is where integrated security appliances come in. Security appliances first appeared in the firewall and virtual private networking (VPN) market several years ago, and were focused on single functions only. Nowadays, these appliances contain most if not all the information security measures that an enterprise will require in a single box. “IT security started off with it being needed at the network level. The first form of security, which happened at the corporate level, was firewall, which moved to anti-virus and then to intrusion detection solutions, says Abdul Karim Riyaz, business technologist, technology services, Computer Associates Middle East. “All of them were concentrated at the perimeter or the network entrance. At some point, companies started questioning the industry about why they needed to have different solution sets and different groups of people to administer them. They demanded some sort of black box that had all the different capabilities they needed, hence the launch of integrated appliances,” he says. Ray Kafity, general manager of Blue Coat Systems Middle East, believes that the evolution of appliances results from the inefficiencies of standalone software solutions. “Before, a security solution was primarily a piece of software that sat on a server. But as more and more people began accessing the internet, the concept of security software sitting on a general-purpose operating system became inefficient. Performance-wise, as more users started using the internet and started playing with security vulnerabilities around the network, it turned out that this architecture was full of holes. To protect these insecurities, companies started bundling features and solutions into what we now know as appliance-based solutions,” says Kafity. ||**||Benefits|~||~||~|Integrated or all-in-one security appliances have added more functions such as VPNs to provide secure remote working; web content filtering to control web usage; intrusion detection to monitor and analyse system events to find break-in attempts; instant message filters that monitor chat services; spam filtering; virus protection; encryption; and monitors to detect the downloading of music and games through peer-to-peer file sharing services. The main attraction of integrated appliances is cost. A single appliance is generally much more affordable than an amalgamation of dedicated security tools. It’s no wonder that these hardware-based security tools appeal to small- and medium-sized businesses and large organisations’ branch offices. “The biggest benefit for the end user is that he only has a single product to purchase,” explains Peter Cox, VP, BorderWare Technologies. “He can get everything he needs from a single supplier. He is guaranteed that the software and the hardware will operate together. He doesn’t have to worry about additional installation and configuration efforts, and he can get support and hardware warranty from a single source. The benefit is really about ownership cost. It’s much easier to purchase, especially for a small company,” . All-in-one appliances are valued also for their quick deployment, manageability and simplicity, says Heine Booysen, IDC programme manager for the Middle East and North Africa. “One of the benefits customers found in appliances is that they like the fact that they are ‘plug-and-play’. It requires very little knowledge of security software. You don’t need a security specialist,” he adds. ||**||Smooth traffic|~||~||~|Integrated appliances also boast enhanced performance. Unlike standalone software products, a single appliance is less likely to create a network bottleneck. “Software solutions have a lot of drain on a company’s IT department because you have to make sure that you have the latest patches, and that you get the newest versions updated all the time, whereas appliances don’t have that problem,” says Booysen. “They have better performance than software. Software solutions depend on whatever hardware configuration the reseller or the customer uses. For an appliance, it doesn’t really matter what background infrastructure the customer has.” It would seem that security vendors have finally found the perfect model to introduce their security solutions in. However, not all are eager to buy the idea. Larger enterprises, for example, have long been apprehensive about its resiliency. According to them, an appliance’s ability to consolidate network security to a single point is also its pitfall. Besides providing simplicity, consolidation can make a network more vulnerable to sudden, unexpected failure. “A lot of people believe that an appliance is prone to being a single point of failure,” says Riyaz. “Security is about multiple layers. If there were a breach in one layer, there would be another layer behind it to protect the network. On a standalone software solution you need to break about three or five different layers before you actually get to the core of the system. If you put everything in one box, like an appliance, it becomes a definite single point of failure. Once it goes, the network becomes open.” “People don’t really want one point of failure when it comes to security. They don’t want one appliance to run all of their security solutions because once that application fails they become completely vulnerable. That’s probably the biggest inhibitor we see,” says Booysen. Appliance vendors claim they have found a way to get past this issue by offering redundancy in their products. “Appliance companies have built in redundancy. In BorderWare, we have two levels of such redundancy,” says Cox. “We have redundancy within the hardware, such as redundant power supplies and disks. In the next level, we have appliance redundancy, where we connect several appliances, with fairly sophisticated fail-over mechanisms, in parallel.” Blue Coat, according to Kafity, also applies redundancy in its systems and believes most companies who manufacture appliances have introduced it too. By concentrating key security functions in a box, appliance adopters also give up a significant amount of flexibility, specifically the ability to handpick the best technology features that best-of-breed solutions can offer. “In any IT solution, the best method is to have best-of-breed solutions that can integrate with each other, and that can build up on each other to create one comprehensive solution. In an appliance, you don’t get that benefit. An ideal solution is somewhere in between, where you have the ability to pick and choose solutions that have the capability to integrate with each other and create this big picture, so that as the company grows, and the requirements grow, your security infrastructure can also grow,” says Riyaz. Finally, like many dedicated security boxes, an all-in-one appliance’s performance is typically boosted through the use of application specific integrated circuits (ASICs). ASICs are chips that are “hard-wired” to process specific tasks extremely quickly. But ASICs are expensive; replacing them will prove to be too costly for the company and quite impossible to do. But since integrated appliances cover multiple functions, companies require frequent upgrading of their devices, as each component is susceptible to obsolescence. ASIC-dependent devices then create upgrade issues for companies. “Appliances have some sort of mechanism to upgrade themselves in terms of new viruses or threats. But in terms of new features, such as speed or capability to perform a new process, the core appliance itself has to be changed,” claims Riyaz. “Remote administration is another issue that the appliance market faces. For software solutions, troubleshooting is much easier. You can troubleshoot from remote locations,” he adds. “That’s not the case for us. In Blue Coat, all our appliances are field upgradeable, which means you can upgrade the system on a customer site. Migration is also possible remotely. We have had companies that started with a small appliance, then later on upgraded it to accommodate more users and improve its capacity,” argues Kafity. “The reality is, whether you source your security product to software or hardware, it will still run into something. You face exactly the same issues of upgrading software as you do with appliances,” Cox says. “There are different upgrade processes for different appliances. Some vendors, for example, put all their functionalities in firmware. That does make it difficult to upgrade. BorderWare is different. All of our appliances are equipped with hard disks, and we have mechanisms that allow simple uploading of new software. When it comes to hardware upgrade, we face exactly the same issues as a company running a software product. The only difference is because a single company is responsible for both software and hardware [in an appliance] the upgrade is simpler because we can ensure that the latest hardware patches work with the latest software patches. It takes all the worries away from the end user,” he adds. ||**||Opportunities|~||~||~|Nevertheless, the security appliance industry is a thriving one. IDC predicts that by 2007, 80% of all security solutions will be delivered via a dedicated security appliance. “We definitely see that trend,” confirms Booysen. “We also expect that a lot of networking companies will start integrating security on the switch level. We see software companies like Oracle, which never used to be a security player before, trying to embed security in the background with their database systems. We see security becoming less and less a separate market and more and more becoming something that runs in the background by default.” Booysen said that this doesn’t mean that appliances will greatly depreciate the security software sector’s market share. With worldwide IT spending to grow by 6.1% this year — estimated to be more than a US$1 trillion global budget, said IDC — and security being on top of any IT shopping list, there is definitely enough room for anyone to grow in that area. “The two main security product markets — software and appliances — will continue to take different roads. IDC forecasts that the security appliance market will outperform the security software market by more than 7% CAGR (compound annual growth rate) until 2008,” says Thomas Raschke, programme manager, IDC European security products and strategies. With glowing recommendations from industry pundits, security appliances are fast becoming the latest celebrities. In the next few years, all-in-one devices will become the enterprise norm, and with the IT big boys such as Microsoft, IBM and Oracle — non-traditional security companies — beginning to notice, it’s bound to become a much more interesting area. Watch this space.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code