This article can also be found in the Premium Editorial Download "Information Security magazine: IPSec vs. SSL VPNs: Which cures your remote access ills?."
Download it now to read this article plus other related content.
Today's SSL VPN products address a single problem: secure remote access. Is that going to be enough to sustain the vendors in this market?
Read Lisa Phifer's cover story: Tunnel vision: Choosing a VPN -- SSL VPN vs. IPSec VPN
History suggests that IT departments have love-hate relationships with "point" products. They love the convenience of self-contained operating systems and applications. Moreover, they don't have to be bothered hardening appliances. However, a complex layered security architecture that incorporates many point products is difficult to administer. Each product has its own policy model, user interface, log records and audit data. So, IT staffs want to consolidate functions into fewer devices that can be supervised from (ideally) one global management system.
The marriage of IPSec VPNs and firewalls is an example of such consolidation. Will SSL VPNs follow suit?
The history of IPSec VPN gateways illustrates how functional consolidation can take many forms. Joel Snyder of Opus One, an IT consulting and Internet services firm, classifies IPSec-capable devices as "Big VPN, Little Firewall" or "Big Firewall, Little VPN." NetScreen Technologies entered the market as an IPSec product (Big VPN), then evolved into a VPN firewall. Big firewall companies like Check Point Software Technologies complemented existing firewall products by adding IPSec. Cisco Systems added both features to its routers and switches.
Big customers can drive this trend. Fortune 1000 IT staff often influence vendors to incorporate point products into "entrenched" network and security products--firewalls, routers and switches. If there is one axiom in network technology, it's that incumbents will enhance, build or acquire technology demanded by large accounts to maintain market position. Fledging IPSec vendors that couldn't morph products into more than point products were acquired or expired, and all the major network and security vendors either enhanced existing products or acquired an IPSec company.
Today's green field SSL VPN market will likely contract in a similar fashion. Consider factors like market capitalization, history, strategic partnerships and complementary product offerings. Is your SSL VPN vendor a one-act play, or do they partner with your favorite firewall vendor (one possible sign of eventual integration)? Will firewall vendors such as Check Point and Nokia offer truly integrated IPSec/SSL/firewall products, or will they just cover all the bases by selling independent SSL and IPSec VPN products?
Lisa Phifer is vice president with Core Competence, a consulting firm specializing in network
security and management technology.
This was first published in August 2003