Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Seeking Security At The Network Edge

Today's network attackers have an almost limitless imagination when it comes to the range of strategies they use: Viruses; denial-of-service attacks; Trojans; malicious attempts to access corporate information; or threats to Web site content using Internet Protocol (IP) spoofing, man-in-the-middle or port redirection are all part of their arsenal. At the same time, the impact of such security breaches on the corporate bottom line is growing increasingly difficult to ignore.

The costs of such attacks can be enormous, ranging from the personnel and equipment needed to detect an attack to the costs associated with cleaning and restoring systems to the attack's impact on worker productivity. A recent study conducted by CSO (Chief Security Officer) magazine estimated that criminal attacks on corporate and government networks cost businesses more than $665 million in 2003.

The growing sophistication of these attacks has driven enterprises to seek higher levels of security than those provided by traditional virtual private network (VPN)/firewall products. To address such security threats, many companies are investing in new intrusion detection and prevention systems (IDS/IPS) or deep-inspection firewalls capable of analyzing the contents of a flow instead of just header information for each packet. Ideally, the new systems will help enterprises identify threats-even those hidden deep in the application headers and payload-and thereby prevent successful attacks.

In most cases, however, the new security systems can be complicated to set up and expensive to maintain. This translates into higher operating costs and capital expenses for enterprises. The rising expenses are particularly burdensome on small office/home office (SoHo) businesses and small enterprises that require the same protection from security threats as their larger competitors, but at a lower cost structure.

Moreover, the security solutions in use today typically do not scale well. As enterprises grow, service providers must add more boxes to their sites across the wide-area network, and each box must be set up and maintained. Furthermore, global security policies for mobile users are difficult and cumbersome to implement. They must be enforced either through resident software or hardware or by routing all requests through the security system at the corporate site.

  • 1