Meet Security Needs With VPNs, Firewalls

Security remains a very hot topic for many end users. We often hear horror stories about the security problems that many businesses face, but Jeff Fatica, VP of sales and marketing for Synctomi, Inc. (Erie, PA), believes computer threats are not talked about as often as they should be. "Everyone knows that misappropriation of data is happening," he says. "Most companies had simply been doing their best to deal with the problem, but government regulations are now being pushed down on them. If data is misappropriated, businesses now have to notify every person that was affected. The new regulations have teeth, especially in healthcare and banking. If data is misappropriated, there will now be hefty fines associated. Companies need to rethink the security they have over their networks."

In order to protect networks, many resellers are segmenting the networks by adding more layers of firewalls. This makes it more difficult for someone to break in and access data. Still, there are downsides to segmenting the network with hardware. It is very costly, and the network becomes difficult to manage. "Segmenting the network makes it more complex as more hardware is added," says Fatica. "Another downside is that as more and more layers of hardware are added, the performance of the network will also suffer."

Segmenting creates a catch-22 for customers. To get the needed security, customers need to add complexity and increased costs to the network. "A lot of customers are not properly addressing their security concerns because it is so costly and hard to manage," Fatica says. "The result is that a lot of networks today are left vulnerable."

Integration Makes Its Way Into Firewalls
New firewall products on the market are better at addressing many customer security problems. Dave Aylesworth, product manager for eSoft (Broomfield, CO), believes product integration has been the key factor. "Integrating content security, content management, and application awareness products can really help customers," he says. "These products have been around in different forms for a while, but now we are seeing a trend with vendors adding additional capabilities into their products. Some examples in the content security space are anti-virus and spam filtering."

In the past, technologies like anti-virus and spam filtering were not owned by firewall vendors. Those vendors partnered with companies that provided those technologies. The current trend is the actual integration of these technologies into firewall products. "The customer no longer has to purchase several products," says Aylesworth. "Firewall products now have an anti-virus and spam filtering capability, which eliminates the need to buy another product."

Take Security Up A Few Layers
Network security has always been driven by the attacks that are taking place. Until recently, those attacks have been focused on layers one through three (network, data link, and physical) of the OSI (open systems interconnect) model. However, many users are now being forced to take a closer look at layers four through seven (application, presentation, session, and transport). "Attacks cost businesses billions of dollars per year," says Pat Clawson, president and CEO of CyberGuard Corp. (Ft. Lauderdale, FL). "That is what gets the attention of these businesses. When they have to spend that kind of money, it causes them a lot of pain, especially when you figure in the downtime. This has changed the way customers purchase products like firewalls and VPNs [virtual private networks]."

People went with ease of use over security for many years. This caused them to focus on products that were for layers one through three. "Those products met the firewall requirement from an audit perspective," says Clawson. "The problem is attacks keep getting more mature and more aggressive. Users are now asking manufacturers to get into layers four through seven and give them solutions that protect the whole OSI model."

VPNs Deliver The Right Economics
Chris Roeckl, director of corporate marketing for NetScreen Technologies (Sunnyvale, CA), has also seen growth in the demand for VPNs. The benefit for end users is that the cost of a VPN can be between 20% and 40% cheaper than a frame-relay or private line network. "A VPN can also enhance the performance and productivity of those using the network," he says. "A VPN can be extended out to telecommuters, which cannot be done with private line and frame relay networks. For customers that believe in the power of the Internet, a VPN is the way to enable secure communication between sites."

Roeckl notes that a lot of the VPN business is driven by the economics of wide area network technologies. The cost savings and performance advantages are the reasons that most companies are deploying VPNs. The cost of Internet connections have come down, and the devices are also at an affordable price point. Any company with a DSL (digital subscriber line) connection can now get firewall, VPN, application-level attack prevention, and anti-virus protection for around $500.

Jeff Playton, senior director of security technology marketing for Cisco Systems, Inc. (San Jose, CA), believes VPN is moving from a dedicated, product-oriented device to an embedded feature within the switching and routing infrastructure itself. He cites good reasons for the change. "The purpose of a VPN is to provide secure connectivity," he says. "For that reason, there is a lot of required integration. If a customer can't leverage the intelligence of the basic connectivity features or the routing infrastructure, then they cannot intelligently understand where those two points of the connection are. Therefore, they cannot build a secure tunnel. That problem has been a challenge for the point product players because they are in the security business, not the connectivity business."

Finally, when it comes to firewall technologies, Playton believes the technology has become more application aware. Firewalls were thought to be adequate security to secure the perimeter of the business. But, when someone connects to the Internet, they are on a global network. "There is no longer a perimeter," says Playton. "The perimeter is the point of each transaction. The concept of putting a moat around the castle no longer works. A firewall, as a stand-alone technology, is not able to provide the kind of benefit today that it could a few years ago. Companies had one connection to the Internet for mail, but now have connected business processes. Those customers need more of a systems orientation. Firewall vendors are trying to provide a systems level orientation to solve the security problems."