Product Details
Product Rating
Appliances (2003)
The growing trend of packing several security functions into one hardware box can solve problems of incompatibility and installation. By Geoff Marshall
For some time, many software vendors have been producing 'security suites' that offer many commonly required security tools in one box.
With the new trend towards appliances, the same thing is happening in this hardware sector. This is because of the desire for the same ease of integration that suites offer, without the compatibility problems and general hassle of installing software on their own hardware.
Speed of deployment and ease of management are what busy administrators want today. So, the race is on to provide the best multi-faceted security appliance in this new category. In this Group Test we look at security appliances that provide at least three separate security-related functions in one hardware box.
A logical combination
We define content filtering, in its broadest sense, to include web and email content filtering, plus anti-virus and anti-spam. Nevertheless, we have included some appliances in this Group Test that only perform content filtering (within our definition) because, when counting security functions, we count anti-virus and anti-spam as separate from general content filtering as they have been separate software products traditionally.
The point we're also making here is that it is quite logical to combine these functions, because, once you have built an engine to examine content, you might as well analyze that content for viruses and spam in addition to inappropriate and non-productive data.
Other functions for which we are looking are firewall, virtual private networks (VPNs), intrusion detection systems (IDS), authentication gateway, SSL acceleration and vulnerability assessment. Traffic management can also have an impact on security by limiting abuse of bandwidth, which could be regarded as a security issue because of the possibility of denial-of-service attacks.
Some appliances combine firewall, VPN, content filtering and intrusion detection to provide a complete solution to securing an internet connection. Others add a few useful but non security-related features such as mail server, web server, caching, etc.
One of the problems with combining at least three radically different functions, such as a firewall, content filtering and intrusion detection, is the fact that many larger businesses will already have standardized on a firewall (or IDS) and will never use that functionality in an all-in-one appliance - unless they buy the appliance mainly for that functionality and treat the other features as a bonus.
So, one reason for buying an all-in-one appliance is that you choose it primarily for one of its features, say firewall or IDS. It's not wise to compromise on choice of firewall and IDS, so it must be a good one that you would choose if it had no other features. But there's no point in buying an all-in-one box unless you also need some of the other features. You might be prepared to compromise on a second-best content-control element, but not on firewall and IDS, for example.
This raises the question of value for money, when you are effectively paying for a function that you won't use. Small-to medium-sized enterprises (SMEs) are more likely to appreciate the benefits of all-in-one appliances, and this brings into question the value of having any such multi-function product above a certain price point - say $10,000. However, nearly half the products in this Group Test are above that price threshold.
Boxing clever
The fact is that large enterprises would also like fewer boxes to manage, and are starting to look at the universal security appliance, particularly for large 'green field' deployments of server farms, multiple branch offices, etc. So, it seems that there may be a place for the higher-priced solutions, particularly where they are part of a scaled range of products aimed at everything from the corporate headquarters to the branch office or teleworker.
The advantage of central management of such a range is considerable. A well-integrated all-in-one appliance can also tackle blended threats better, where co-operation may be required between firewall and IDS, for example. It also means that you have a single-vendor solution to all your major security concerns and, therefore, one point of contact for support. Many of these appliances are scalable by taking advantage of load-balancing features, or by being part of a family of solutions, each aimed at different throughput levels. Sometimes high availability is supported by redundant power supplies, mirrored hard disks and failover features between multiple appliances - an important consideration for an appliance that may provide all your defenses at the interface to the internet.
Even if you are a small business that cannot justify the cost of duplication that high-availability requires, you should consider what happens if the box fails - is a 24-hour swap-out service enough, and can you afford to lose security/connectivity for 24 hours?
