Firewalls Forced to Adapt

Are data center managers moving away from firewalls to more specialized security? Today's $430 acquisition bid for intrusion prevention specialist TippingPoint Technologies Inc. by 3Com Corp. (Nasdaq: COMS) would seem to indicate that that might be the case (see 3Com Takes TippingPoint).

But the real story seems to be a trend toward a wider range of security products, including both classic security of firewalls supplemented with the highly defined defense of specialized security.

Jon Oltsik, senior analyst for information security at Enterprise Strategy Group, believes firewalls will continue to grow at a modest rate. Firewall sales are up from last year in the 5 percent to 7 percent range,” he says. “We see a lot of old software firewalls being upgraded to higher-throughput firewall appliances. We also see a lot of firewall consolidation.”

Check Point Software Technologies Ltd. (Nasdaq: CHKP) is one such firewall/VPN player that enjoyed a financially rewarding year in 2004 (see Check Point Gets Cheeky). Oltsik believes the company will slowly move beyond the firewall space in 2005.

Oltsik believes that companies, like Check Point, will focus on creating firewalls with integrated specialized security technologies. In the 1990s, firewalls evolved from static packet filtering to the application-layer inspection applications of today. “With the cost of hardware continuing to decrease, there is no limit to how much intelligence you can cram into an individual firewall box,” he says.Oltsik uses the analog of Microsoft Windows to explain the evolution of firewalls. "Through the years, Microsoft added a TCP/IP stack, browser, and media player to its operating system to increase the core functionality,” he says. “The same thing is happening at the firewall. These boxes are getting smarter, cheaper, and taking on more security functionality.”

This means it's likely that firewalls will have to evolve quickly to keep pace. Indeed, newer players are eager to stuff new functionality into firewalls. In the meantime, firewalls will have their place in this mix, but there are many additional technical pieces needed for adequate protection.

Lee Klarich, director of product management at Juniper Networks Inc. (Nasdaq: JNPR), believes the future of security favors companies that can provide convergent security initiatives. “Our integrated network security strategy is paying off,” says Klarich. "We believe that the big story is convergent security initiatives that combine firewalls and network security with other products, such as SSL VPNs and intrusion prevention.”

Pete Lindstrom, analyst at Spire Security, agrees with Oltsik that data center managers aren't moving away from firewalls, but have begun embracing more granular security. “You can’t do without a firewall,” says Pete Lindstrom. “But it’s just not as all-encompassing as it has in the past; however, hackers have exploited the holes, which were for legitimate application use, and now data managers have to get more granular as far as how they protect the application level."

One example of a company with specialized security is Netegrity and its identity management (IM) products (see Niche Security Markets Booming). At a high level, IM puts a firewall around individuals not network assets. “IM authenticates me to the network, restricts my access to specific services needed to do my job, and audits my behavior,” says Oltsik. “This technology is especially appealing because of extended enterprises and regulatory compliance.”— John Papageorge, Senior Editor, Next-Gen Data Center Forum