'[ISN] Software extras add fuel to firewalls'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Software extras add fuel to firewalls
From:       mea culpa <jericho () dimensional ! com>
Date:       1999-03-19 23:13:10
[Download RAW message or body]

Forwarded From: darek milewski <darekm@cmeasures.com>

http://www.news.com/News/Item/0,4,33972,00.html?st.ne.ni.lh
Software extras add fuel to firewalls
By Tim Clark
Staff Writer, CNET News.com
March 18, 1999, 12:20 p.m. PT

     The lowly firewall, once threatened with becoming a commodity, is
being beefed up with antivirus software, virtual private network
functions, intrusion detection, digital certificate servers, and bandwidth
management. 

     "The trend of last year was that every firewall vendor became a VPN
vendor as well," said analyst Chris Christiansen of International Data
Corporation. "This year everybody became a firewall, VPN, and security
management platform." 

     Firewall vendors are souping up their firewalls for corporate
networks because of falling prices and their desire to have their products
at the center of the security universe. "They all see this huge installed
base sitting out there and an opportunity to cross sell," said Jim Hurley
of the Yankee Group. 

     Vendors are taking a variety of approaches to expanding their
firewalls. Network Associates, Axent, and Secure Computing have bought
several security technologies and either bundled them as an integrated
suite or put them on a menu of offerings. Network Associates offers
firewall, antivirus, and intrusion-detection software in its security
tools. 

     But Secure Computing is now looking outside too; earlier this week it
announced it will add intrusion-detection software from market leader
Internet Security Systems in its firewalls. Next week it will announce it
is bringing in load-balancing software from Radware, allowing a cluster of
firewalls to function as one so it has automatic backup if one fails. 

     Another aggressive mover is antivirus firm Trend Micro, which has won
deals with Lucent for its managed firewall product and has strong ties
with firewall leader Check Point. 

     Firewalls are a natural place to cluster security technologies. "A
lot of these products aggregate at the perimeter of the network, so
there's an opportunity to combine them," said Matthew Kovar, security
analyst at Yankee Group. 

     Also, firewalls are relatively mature technologies, and they're often
the first piece of security software a network manager installs after
hooking up to the Internet. 

     "It's becoming a must, have technology," said Robert Wise, director
of product marketing for Secure Computing. In addition, he said, security
threats have multiplied and network insiders are responsible for perhaps
half of security breaches. Then there are computer viruses, hostile Java
applets, and coordinated "denial of service" hacker attacks designed to
crash a firewall. 

      Sitting on the edge of a network, firewalls are becoming a place to
marshal security forces against a broad range of attacks. 

     "There's a growing realization that firewalls are extremely effective
in controlling who can enter your organization, but they are not effective
in terms of what enters your organization," said Daniel Schrader, director
of product marketing at Trend Micro. 

     Check Point was one of the earlier firewall vendors to add VPN
capabilities, and customers have responded. Two years ago, one in 12
customers bought a VPN add-on to their Firewall-One, said Asheem Chandna,
Check Point's vice president of marketing. In its most recent quarter,
half of its firewall buyers purchased VPN too. 

     But Check Point's ultimate strategy is to own the centralized
management of a corporation's security network, and for that it has
established its OPSec Alliance of some security 200 vendors whose products
work with Check Point's. Through a deal with public key infrastructure
vendor Entrust, Check Point now bundles public key infrastructure software
to authenticate both rs and devices on a network using digital
certificates. 

     Lucent, a latecomer to the network security, isn't sticking just to
firewalls. 

     "We have found on firewall side that the two elements customers want
are content security and integration of user authentication," said Howie
Gittleson, Lucent's director of security and VPN solutions, hinting of
more deals. 

     But Hurley says big customers don't see the need for integrating
other security measures with firewalls. 

     "We're not seeing a large take, up from users to take advantage of
all these things," Hurley said, noting that firewalls are notoriously
difficult to configure and manage.  "Adding additional services that plug
into firewalls only makes their job more difficult," he added. 

     Analyst Kovar says big customers still look for the best products in
the category. 

     "If they're going to use those products already, they're happy for
vendors to do the integration for them," he said. "They're looking for
best products and that's what they're going to go with. If the
relationships are already established, it's better for them." 


-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic