Security shows a harder edge

Security software vendors are taking a fresh look at ways to help IT managers maximize their network protection. Their weapon of choice: hardware.

Security software vendors are taking a fresh look at ways to help IT managers maximize their network protection. Their weapon of choice: hardware.

Network Associates Inc., Axent Technologies Inc. and Check Point Software Technologies Ltd. last week each discussed plans for hardware-based security—dramatic shifts for the software-oriented companies.

Bolstering these efforts, detailed at NetWorld+Interop here, is a renewed interest in security technology by hardware vendors such as Intel Corp., NetBoost Corp. and Sun Microsystems Inc.

New hardware/software combinations should give administrators security solutions that are easier to use, faster to deploy and more scalable than most software-only implementations. However, vendors may find such offerings a tough sell to large customers that have a security infrastructure in place.

"It's not that we don't believe these would work," said Tim Bowen, product marketing manager for VPN (virtual private network) and Internet security services at GTE Internetworking, in Burlington, Mass. "But at this point, we're set up for Solaris-based firewalls, and that's what we're going to be looking for."

For smaller customers, how ever, GTE provides outsourcing services with hardware-based firewalls from WatchGuard Technologies Inc.

Hardware-based security is nothing new. WatchGuard and Technologic, a division of eSoft Inc., have offered such solutions for years. Much of the market for VPN products is hardware-based through companies such as Time Step Corp. and Altiga Networks Inc. And large networking vendors have had security in their hardware for some time.

None of those companies, however, has established a leadership position in network security as NAI has done with anti-virus software, Check Point with firewalls and Axent with host-based intrusion detection. Still, these companies have some convincing to do with enterprise customers using hardware from smaller companies.

"No matter what you do, it's difficult for a firewall to handle VPN throughput along with firewall traffic as well," said a network administrator at a large East Coast financial institution that uses Altiga VPN hardware.

NAI's new E-ppliances, unveiled here last week, come in three versions manufactured by Sun with anti-virus software, the Gauntlet 5.5 firewall and a VPN embedded in the devices. The systems eventually will include Cyber Cop intrusion detection software from NAI, of Santa Clara, Calif. Sun, of Palo Alto, Calif., in turn, is expected to embed Gauntlet in a future version of Solaris.

Pricing for the E-ppliances will be announced in November. The first two editions are slated to ship next quarter; the third is due early next year.

Axent, of Rockville, Md., announced plans to embed its firewall, VPN and intrusion detection capabilities in chip sets built by NetBoost, of Mountain View, Calif., which signed a deal ear lier this month to be acquired by Intel. The Axent features will be built into NetBoost boards by the end of the year. They can be installed in servers or dedicated devices.

Check Point, of Redwood City, Calif., signed a similar deal with NetBoost, putting Intel firmly at the center of this growing part of the security market.

Santa Clara-based Intel is embedding cryptographic functions in chip sets that could find their way into servers from Compaq Computer Corp. by year's end.