Appliance vendors turn to security

Network appliance vendors are not just directing traffic any more; now they want to police it too

"First we directed traffic... now we police it." That's the slogan for Array Networks' latest attempt to gain the attention of the industry, but it is one that number of other suppliers might equally have adopted: vendors of network appliances are all lining up to hit on security as the next big opportunity for their products. Array Networks, formerly Click Array, now ships its appliance in a "military spec" hardened aluminium case, with authentication and authorisation added on top of previous features, which include cacheing, SSL acceleration, firewall and load balancing. At the same time, CacheFlow, whose product has been initially known for cacheing, is now promoting its box as a "security gateway". And Top Layer, which started out as a load-balancer company, has been majoring on the security applications of its box for more than a year now (load balancing lets users double up firewalls to meet the capacity of the links they have). The vendors are all following the money, of course. Security-aware appliances are a natural response to several of the trends hitting IT at the moment. Over the last few months, security has become very important, and IT managers have become more aware of it. The "Web services" trend has increased the need for network security, since it involves exposing more Web-based applications outside the company. And finally, security is a very compute-intensive application, since it requires inspection of packets which are flowing in and out of companies at increasing rates. This adds up to a gap which, vendors hope, can be filled by their boxes, which are, essentially, powerful processors attached to the network. Array Networks' SP (Security Proxy) secure Web traffic manager uses resource mapping, and secure sockets layer (SSL), to give access to Web services, for people outside the enterprise. Putting everything in one box saves resources, according to chief executive Don Massaro: "We only need to open the packets once. The product handles a million users, 1000 RSA handshakes per second and 40,000 HTTP requests per second." Array, a comparative latecomer to the network appliance market, was founded by Lawrence Lu, a veteran of Alteon WebSystems, the Web-switch company bought by Nortel Networks. Massaro, an industry veteran who helped holds the patent to the 5 1/4-inch floppy, and also worked at Xerox' famous Palo Alto Research Centre, was brought in as chief executive last year. CacheFlow, meanwhile was founded to provide cache products, when speed was the essence in Web systems. Its strength, according to EMEA marketing director Nigel Hawthorn, is in its handling of exceptions. "Security requirements are not uniform," he said, claiming that his product offers a more granular setup. In such a close-knit market, vendors are always keenly aware of the faults they see in each others' products. Hawthorn says Array's box is priced too high. "The cost of the box is more or less the same as the cost of boxes to do all the separate tasks. Most users will already have one or more functions covered, so they will have to pay twice." Massaro, in turn, says CacheFlow's system is not good at "content rewrite", reformatting addresses in Internet content so they are visible to users outside the corporation. In March, Top Layer launched the Attack Mitigator, an "out of the box" defence against denial of service (DOS) and worm attacks. Like its rivals, Top Layer relies on fast packet inspection -- in this case to spot and shut down specific attacks. Top Layer started in 1999, selling layer seven switches for load balancing but, by 2000, it was partnering with intrusion detection system (IDS) vendors and exploiting the fact that packet inspection provides some automatic barriers to denial of service (DOS) attacks. Attack Mitigator is an extension of this -- it costs $10,000.

More enterprise IT news in ZDNet UK's Tech Update Channel.

For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter. Have your say instantly, and see what others have said. Go to the ZDNet news forum. Let the editors know what you think in the Mailroom.