Information technology architects have a choice in how they value security devices. The traditional approach is to treat security as a layered function whose job is to block traffic that might be damaging to the business; the alternative approach is to treat security as an operational capability that allows the business to efficiently connect with customers and suppliers over the Internet. This fundamental mindset trade-off is illustrated in the recent announcements of Finjan's Secure Web Gateway and Citrix's Access Gateway.
- Finjan is marching down the path of a unified Web security device by integrating elements such as antivirus, data leakage protection, URL filtering and unauthorized application protocol blocking. The collection of Web-specific antithreat technologies protects port 80 and 443 usage in ways that firewalls have not been able to effectively demonstrate. For instance, the addition of DLP features for Web traffic allows IT to detect when confidential information flows through the gateway and refresh the user on corporate policies and procedures for responsible Internet activity. Also, providing for the choice of antivirus engines is a nice touch that allows IT to choose the best security product for the job. Clearly, the vision for Finjan is to consolidate Web security features into a single security appliance.
Application firewalls: Comparative Product Review: Six Web Application Firewalls: No longer can security managers focus only on perimeter and host security. The application has become the prime target for hackers. We review six leading Web application firewalls.
- Citrix is focused on connecting users with applications by integrating functions including SSL VPN for secure remote communications, user authentication and single sign-on, and active endpoint security assessments. What makes Citrix Access Gateway exciting is its cooperation with the desktop to make a real-time security-based decision to establish full VPN connectivity or to virtualize elements of the application. The business applications are available to a wide range of users with full access control to the servers, and levels of protection against endpoints with dubious security profiles. The Citrix vision is to deliver applications while preserving a strong and secure user experience.
The job of security devices, both firewalls and Web appliances, is to allow the organization to safely conduct business over the Internet. It is not enough to simply provide safe perimeters for the business to hide behind -- the business has to reach out to customers, employees and suppliers over public networks to survive.
This trend will drive a convergence of security and operational features that will increase application performance, reduce administrative costs, and simplify network architectures. It is not hard to envision these devices becoming dynamic platforms for application sensitive virtual machines that provide the optimal mix of security and operational controls for the organization. For instance, it is not hard to imagine Finjan's Secure Web Gateway virtualizing access when sensitive data is involved, or Citrix' Access Gateway providing DLP features when sensitive data is destined for the endpoint.
IT has the opportunity to decide how it wishes to secure its Internet-oriented infrastructure. In the short term, integrated security appliances can give better value for the administrative dollar and satisfy the sense of urgency in plugging security deficiencies. In the long term, IT is better off satisfying users with superb connectivity features that are architected with strong security built in.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.