Network Security Appliances Proliferate

Firewalls are so last year. Sure, you’ve got to have those general-purpose traffic filters in place, but increasingly CSOs are looking toward tools that examine more specific parts of their network traffic. These customizable products aim to allow companies to build increased security around particular applications, including relative newcomers such as instant messaging.

Many of these tools are available in appliance form, says Pete Lindstrom, research director for Spire Security. “You don’t get nickel-and-dimed to death, and when you install an appliance, you’re done,” he says. On the other hand, running all network traffic through a single appliance creates the architectural concern of a single point of failure. CSOs often work around this issue by purchasing a second unit as a backup, which doubles the cost (and makes automatic load-balancing a highly desirable feature in the appliance world). Even so, Lindstrom says, the extra security is usually worth the extra expense.

Here we take a look at three security add-ons in three sectors of protection: Web applications, e-mail and instant messaging.

NetContinuum’s Web Security Gateway (www.netcontinuum.com) is an appliance that combines a Web application firewall and a network firewall. The company’s sales pitch promises to “protect the entire Web application environment across all ports, protocols and layers.”

NetContinuum performs Web-traffic filtering on a single ASIC, which allows the gateway to examine all network traffic without slowing performance to a crawl. The controls allow users to set different firewall policies for each Web application and cloak network resource information from outside viewing. A gateway with 100-megabit bandwidth starts around $29,000. For gigabit capacity, the price tag jumps to $42,000.

IronMail, from CipherTrust (www.ciphertrust.com), focuses entirely on protecting the enterprise e-mail system from viruses, spam, denial-of-service attacks and pretty much anything else that can infect your network via e-mail. IronMail is designed with customization and integration in mind. Users can pick one, or all, of the many IronMail features, including content filtering, intrusion detection, and policy setting and enforcement.

CipherTrust CTO Paul Judge calls the IronMail gateway a “holistic solution” to e-mail security. The price for IronMail is based on features selected and message volume. One appliance can handle up to 500,000 messages a day for as many as 5,000 users. The average CipherTrust customer purchases one gateway at an estimated starting price of around $25,000, Judge says, and an additional IronMail gateway as backup.By some estimates, more than 80 percent of corporate employees use instant messaging software. And most often that usage is not sanctioned by the IT or security departments, says Dmitry Shapiro, chief technology officer and founder of Akonix. Unfortunately, he says, unmanaged IM leads to a slew of problems, potentially including the unprotected transfer of files, corporate secrets and intellectual property.

Akonix (www.akonix.com) makes softwarethe L7 Enterprise Software Gatewaythat the company provides on a Windows platform. L7 Enterprise filters all IM traffic and can protect at a set number of levels. The levels range from specifying which employees can use IM to allowing only incoming (or only outgoing) messages. The gateway can also filter IM traffic on a content level; it will block certain keywords so that companies can, for example, prohibit the transfer of personal health records or financial services information. Each gateway can handle 10,000 active users. Enterprise licensing starts at $3,875 for a 50-user license, including a year of maintenance.