Security products purchased as virtual appliances give IT greater flexibility in deployment than traditional security hardware devices.
The concept of treating network security as a software application has proven to be successful. Organizations can save money by re-purposing expensed servers as security devices, achieve a performance boost by placing network-oriented security on a faster processor and consolidate security functions on fewer servers to save on administration while making the security function a bit greener.
One of the more interesting news items of late barely caused a ripple in the security blogosphere: Check Point Software Technologies, Ltd and Riverbed Technologies Inc. entered an agreement allowing Check Point's new software blade architecture to run as a virtual appliance on Riverbed's Steelhead WAN optimization platform. Branch offices can take advantage of data center consolidation cost savings without sacrificing end-user performance or exposing the organization to increased security risks. Virtualization is one of the technologies that make this enhancement practical. Riverbed relies upon VMware, enabling Check Point to co-exist on the Steelhead device without significant software re-engineering.
server security best practices: Avoid server virtualization security bad practices with these
dos and don'ts. Get info on virtualization products, segmentation, implementation, avoiding malware
VMware releases long-awaited VMsafe security API: With the release, the virtualization powerhouse will now enable third-party security vendors to apply security within
The next generation of network perimeter devices will likely offer business connectivity features in addition to firewall security to capture market share. The traditional drivers of firewalls enable business connectivity to the Internet including network address translation, protocol validation, and VPN termination – functionalities that are more important for allowing traffic into the network than for blocking traffic at the edge. Organizations with branch offices and remote campuses are concentrating Internet security into network devices to save on acquisition and operational expenses.
Security vendors can pack more security features into a hardware appliance, such as with Unified Threat Management devices, but the disruptive innovations will appear with integrated capabilities such as WAN optimization, virtualization support, routing, and auditing. Security co-existing with optimization technology is also not new. Microsoft included security with performance features in ISA Server and also integrates secure branch office access to SharePoint repositories.
By contrast, UTMs, package firewall functionality with network security technologies such as network antivirus, intrusion prevention, and URL filtering into a single appliance to fulfill a small and medium sized business need for low administration small footprint security devices. Security vendors liked the concept because vendors could augment firewall sales with signature-update subscription revenues, and also protect the price points of the product line by including commoditized features. The seldom-mentioned issue with UTMs is that security effectiveness is often pared way down to maintain performance, especially AV and IDS inspection technologies with short signature lists to keep the traffic moving.
IT always prefers secure products over incremental security products. Additional devices in the network require time and energy to deploy and operate. In addition to Check Point and Riverbed, SourceFire has announced the availability of SNORT as a virtual appliance in 2009 which means IT has a leading firewall, WAN optimization, and IPS to start with. IT should start making requirements for its strategic security vendors to deliver products as virtual appliances allowing the enterprise the most flexibility in deploying security and business connectivity.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.