|
Security appliances
UTM’s strong: edge and core
The complexity in deploying and managing vanilla point security
solutions is driving further investments in integrated security appliances.
Neeraj Gandhi says that this market has moved beyond the edge of the network
into the core
 India
Inc. has adopted a proactive approach to safeguard data. As enterprises traverse
the growth path, they are realizing that a secured network is essential. Consequently,
the large-scale adoption of security appliances is gradually becoming the order
of the day.
According to Frost and Sullivan, the integrated security
appliance market in India was growing at a CAGR of 30.2% and was expected to
reach $32.5 million in 2007 with a growth of nearly 70% over 2006. However the
first half of 2007 has already seen integrated security appliance revenues cross
$17.5 million. “Information security spending has continued to grow year-on-year
in India. As the technology awareness grows, the market for security products
and services is expected to surge making IT security the fastest growing segment
of the IT industry in India,” said Neenu S Kumar, Research Analyst, ICT
Practice, India & South East Asia, Frost & Sullivan.
|
 "With
the increasing usage of
Internet and the growing prevalence of Internet threats, India is experiencing
tremendous growth in the UTM market. Awareness has increased creating
a huge potential and resulting in
accelerated growth."
- Digvijaysinh Chudasama
Vice President,
Cyberoam
|
Digvijaysinh Chudasama, Vice President, Cyberoam said “With
the increasing usage of Internet and the growing prevalence of Internet threats,
India is experiencing tremendous growth in the UTM market—estimated at
50 to 60% on a YoY basis. Awareness has increased creating a huge potential
and resulting in accelerated growth.”
Comprehensive risk coverage with low TCO
Broadly, this market consists of two types of appliances,
standalone and all-in-one. The former includes appliances that address a single
security function, like firewall/VPN, SSL VPN, secure routing etc. Standalone
devices may also include content filtering or intrusion prevention appliances,
which are used at a specific point in the network. Besides, e-mail security
appliances, which protect against Spam and Phishing, can also be used as standalone
devices.
In contrast, the latter category, i.e., integrated security appliances, also
known as Unified Threat Management (UTM) solutions, combine a complete suite
of threat management functions to offer comprehensive security on a single platform.
UTMs sport features such as firewall, VPN, anti-virus, anti-spam, IDS and IPS,
content filtering, bandwidth management, multiple load balancing and gateway
failover.
“The market has been found favoring hardware appliances rather than software
applications. The growth of hardware appliances has been at a higher pace when
compared to software application penetration,” said Kumar.
“More enterprises opt for a security appliance as it
is plug and play and therefore easier to manage. Moreover, most security appliances
come with more than one security feature. As more enterprises look to simplify
their infrastructure management, they will look for all-in-one security appliances
to ease their management burden,” added Ajit Pillai, Country Manager, India
& SAARC, Secure Computing.
|
 "We
are seeing the deployment of UTM in areas such as the headquarters of
many businesses and also at their data centers. The recent price cuts
have helped the market to expand further while some customers are replacing
their point security solutions with security appliances"
- Prasad Babu
Director for Systems Engineering and Sales Operations, Juniper Networks
India Pvt. Ltd
|
 "Data
center operations
demand higher throughputs
and since many UTM boxes are designed to cater to higher
throughputs they are expected to find a place at the core of the enterprise
network."
- Shubhomoy Biswas
Country Manager – India,
SonicWALL
|
Factor driving appliance sales
Blended Threats: Point solutions are no longer sufficient to protect the enterprise
from blended attacks. Therefore, organizations need a unified approach that
protects their networks and business users from blended attacks and technology
misuse while decreasing their operating costs.
Ease of installation and use: Software-based security products require multi-vendor
support, a server (one vendor), server operating system (Windows, Linus, Unix,
Solaris etc.) and then the security software itself. Appliances based solutions
are from a single vendor.
Higher TCO for point solutions: All-in-one security appliances offer reduced
TCO by minimizing the number of security solutions deployed and cost savings
in management and implementation overheads such as training, maintenance, installation
and upgrades.
Deploying an appliance-based solution ensures that the product is hardened for
the application that it is meant for. Whereas a software solution requires vulnerability
assessment and hardening for the server operating system.
Prasad Babu, Director for Systems Engineering and Sales Operations, Juniper
Networks India Pvt. Ltd. said, “It is the cost advantage of security appliances.
For a software-based security solution, a customer needs experts who understand
the server operating system and then also have trained experts in configuring
the security software. Whereas the appliance is a single box for all purposes.
In addition, there is an upgrade cost for each individual component in a software-based
solution, whereas in an appliance, it is only one component.”
“The fast-paced transition from point to integrated
security appliance solutions is largely due to the cost-effectiveness and ease
of manageability of these devices. Traditional software-based point solutions
require fast (and often dedicated servers) on which to run, and are not only
complex to manage but also require investment in technical staff to operate.
The inconvenience of dealing with multiple annual maintenance contracts, patches,
upgrades, licensing of standalone products etc. adds to the complexity,”
said Shubhomoy Biswas, Country Manager – India, SonicWALL.
- Reduced complexity: Single
security solution. Single Vendor. Single AMC
- Simplicity: Avoidance of
multiple software installation and maintenance
- Easy management:
Plug & Play Architecture, Web-based GUI for easy management
- Performance:
Zero-hour protection without degrading the network performance
- Troubleshooting ease: Single
point of contact – 24 x 7 vendor support
- Reduced space and power utilization
- Reduce training requirements, one product
to learn.
- UTM vs. stand-alone
|
In data centers and core networks
UTM appliances are being deployed to a large extent by companies in the banking
and finance vertical. In addition IT/ITeS, government and manufacturing concerns
are also taking to UTM in a big way. This large-scale adoption is largely due
to the advantages that UTM has over standalone security appliances and software-based
security solutions. Some of these advantages include reduced TCO, reduced complexity,
ease of installation, and capability of UTM to address multiple security needs.
That said, what is astonishing is the way in which UTM has been able to enter
the mainstream of IT in a spam of a few years. The UTM market is now gaining
traction, and gradually more enterprises from different verticals are adopting
this technology.
“We are seeing the deployment of UTM in areas such as
the headquarters of many businesses and also at their data centers. The recent
price cuts have helped the market to expand further while some customers are
replacing their point security solutions with security appliances,” said
Babu. According to Chudasama, “Small businesses and remote/branch office
networks utilize UTM appliances for perimeter security. A UTM appliance that
is deployed at the network edge not only blocks unauthorized Internet traffic,
but stops Web server hacks, strips viruses, discards spam, foils Phishing URLs,
and closes the spyware back-channel.”
Appliance-based security solutions are more stable in terms of speed, in achieving
higher throughputs and act as integrated single point solutions against all
security threats. Biswas said “Data center operations demand higher throughputs
and since many UTM boxes are designed to cater to higher throughputs they are
expected to find a place at the core of the enterprise network. Since many enterprises
had earlier been using low and mid-level UTM boxes at their branches and at
the network periphery they are expected to adopt high-end UTM boxes at the core
of their network as well.”
Although many enterprises were using UTM appliances to secure their branch level
networks there is a shift toward securing data centers and other core IT infrastructure.
The average deal size with enterprise customers for high-end UTM boxes is now
touching more than Rs one crore. Many UTM boxes are going into the core network
of these enterprises besides the branch offices. High-end UTM boxes offer enterprise
customers higher throughputs to support a large data center environment. Most
security appliances that are getting deployed at the network core are based
on the blade architecture—each blade can have 250 virtual UTMs and each
box supports up to 14 blades. Such boxes are expected to help Managed Service
Providers (MSPs) as they manage the security infrastructure of their customers.
In most core environments throughputs of over 200 Mbps are required and nowadays
UTM appliances can manage a 400-node network efficiently. UTM appliances are
offering enterprises greater granularity of control which is a must in a consolidated
IT environment.
Additionally UTM appliances are geared for the enterprise environment and can
protect hosted Web sites, Custom Web Applications and database servers hosted
in data centers. Attacks such as buffer overflow, Denial of Service (DoS), un-authorized
access attempts can be controlled via UTM Appliances deployed in core sensitive
applications.
| As networks are expanding and applications are increasing,
complexity and security threats are becoming more prominent and increasingly
sophisticated. This sophistication in the pattern of attack has left enterprise
with only one option—deploy security solutions or perish. But the selection
of security solution hasn’t proved that easy, and both standalone and
UTM boxes have managed to create their own market.
Babu said, “Both these solutions have their
place in an enterprise environment. A standalone appliance based layered
security architecture is preferable in a critical environment such as
a data center, headquarters server farm etc. Whereas, UTM is preferred
for a branch office, SOHO and like.” The growth in UTM has also been
fueled by demand from SMBs.
Even though each has a market of its own, this
growth in UTM is eating up the share of standalone appliances. So where
does this huge demand for UTMs leave standalone appliances. Does the advent
of UTM sound the end of standalone appliances? And if yes, are UTM appliances
a safe bet? Opinions are divided.
Pillai opined that UTM is the best choice to address
security requirements. He added, “The UTM appliance had indeed scored
a perfect 10 in terms of handling the security needs in an enterprise.
The only limitation of a UTM appliance is the ability of the user to learn,
use and manage each security feature efficiently.”
Chudasama added, “While point solutions have proven
effective in the past, it’s becoming increasingly evident that they
do not provide sufficient, timely and unified protection against today’s
threats. Point security solutions simply cannot keep up with protecting
against these complicated threats and productivity issues, and tend to
be difficult to deploy, cannot be managed centrally, which gives rise
to increased operating complexity and overhead costs.”
On the other hand, critics of UTM are of the opinion
that some of the devices do not have all features, requiring that companies
invest in add-ons to improve security across the board. With all the jobs
UTMs are handling, performance is a legitimate concern. Another criticism
is that UTMs give rise to a single point of failure. Therefore the more
functions they offer, the more risky it becomes.
|
For SMBs and large enterprises
The shift in the SMB sector towards an Internet enabled business model, and
expansion of large enterprises setting up new branches is also leading to the
adoption of integrated security appliances. Essentially it is the SMB segment
which has triggered the UTM wave, coming primarily from the increased expenditure
on security. In fact 2007 saw major demand for integrated security appliances
from SMBs (those with less than 500 users) and the branch offices of large enterprises
(those with more than 500 users) spread across various verticals.
Kumar added, “Apart from the large enterprises, the SMB spending on security
is witnessing a huge demand. Further with exclusive options available for security
appliances at competitive prices prompted the SMB segment to invest in integrated
security appliances.”
In addition to price cuts in the security appliances, lower TCO has also triggered
growth. Lower TCO, ease of deployment and low maintenance has played an equally
important role. Since SMBs have limited expenditure, these factors have been
of particular interest to SMBs. “Without doubt SMBs have been the driving
force in the adoption of UTM appliances. We have seen a lot of demand emerge
from tier-2 and -3 cities. We have seen several large enterprises decentralizing
the networks into small networks and deploying UTM,” added Biswas.
The kind of UTM appliance deployed varies from SMBs to large enterprises. “Enterprises
require security with high performance, high throughput and low latency. Also
enterprise-class UTM devices need to support the complicated network topologies
present in larger corporations,” said Chudasama.
Some of the features in a enterprise-level UTM box are integrated active-active
high availability which provides protection against hardware failure to maximize
network uptime and ensure uninterrupted access, dynamic routing that provides
rapid uptime, increased network throughput with low latencies and trouble-free
configuration that supports rapid network growth, and VLAN support that enables
large enterprises to create work profile-based policies across distributed networks
from a centralized location or head office.
The road ahead
According to Frost and Sullivan, India is one of the fastest growing IT security
market in the Asia Pacific region. The market has also witnessed a change in
the mindset of customers who were earlier restricted to firewalls and anti-virus
solutions, are now looking at security in a holistic manner. They have started
seeing security investments not only as a mode of tackling security issues,
but also as a strategic move which can enhance business productivity.
According to Kumar the major trend which the IT security market is witnessing
and which is expected to extend further is the convergence of technologies happening
in this space. The most significant among such kind of convergence is security
and networking and integrated security appliances. In past two years there have
been significant sales of firewalls and VPN modules sold along with routers
and switches. However, integrated security appliance is a major trend moving
forward.
Presently UTM is integrated with security features like firewall, VPN, anti-virus,
anti-spam, IDS and IPS etc. Besides, it also has features such as content filtering,
virtualization, URL filtering and routing. “UTM appliances are being enhanced
to include routing so that the branch router could be replaced by the UTM box,”
opined Prasad. A more recent feature is the ability to inspect all network traffic,
including encoded, compressed, encrypted and wireless traffic. Though data leakage
protection is already available in some UTM appliances, it has yet to take off
in a big way.
Biswas said that going ahead one can also expect more intelligent features becoming
a part of UTM appliances. “I can see extended log-analysis mechanisms,
such as behavioral analysis of network traffic, becoming a common feature,”
he added.
neeraj.gandhi@expressindia.com
|
