Arik Hesseldahl's Clips: Internet World

4 May, 1998
New Firewall Devices Can Simplify Security
By Arik Hesseldahl

Firewalls have traditionally been software products, but a new generation of firewall appliances-products that integrate software and hardware into a single device-promises to increase security while greatly simplifying a process that is an ongoing challenge for systems managers.

Richard Hanke, director of marketing at NetScreen Technologies Inc., a Santa Clara, Calif., startup that manufactures two firewall appliances, compared the evolution of the firewall to the evolution of the router.

"The routers on the market today evolved from the need for a special architecture," Hanke said. "Most of the firewalls running today are on generic computers. We think it really needs to evolve into its own piece of hardware."

Most software-based firewalls are too complex for smaller companies to manage, said Pete Cafarchio, firewall program manager for the International Computer Security Association, an organization that tests and certifies firewall products. In comparison, firewall appliances can be much easier to implement, he said.

"You can buy very good firewalls, but if you don't set them up properly, they're not going to do you any good," he said. "There is a trend in the market toward simplifying the configuration and administration of these firewalls, and the companies producing these appliances are riding that wave."

Firewall appliances include the products from NetScreen-the NetScreen 100 for large corporate networks and the NetScreen 10 for small to midsize networks-WatchGuard Technologies' Firebox 2.0, Lucent Technologies Lucent Managed Firewall 2.0, and Cisco Systems' PIX Firewall.

The Lucent Managed Firewall is currently positioned for ISPs and large enterprises. However, Howie Gittleson, director of Lucent's Internet Security Products group, said the company-following its purchase last year of Livingston Enterprises Inc.-plans to develop a product targeted toward smaller organizations in the near future.

On the other hand, firewall appliance vendors are adding advanced security features to accommodate the changing needs of their customers, said Steve McLean, a WatchGuard spokesman.

"There are a lot of people looking for a quick solution, but a lot of those companies are growing and realize they now have to consider full security solutions," he said.

Jude O'Reilly, a senior analyst with the Gartner Group, said that while demand for firewall appliances is beginning to grow, their effectiveness has not yet been proven.

"Once you move away from central access and central control, how can you effectively manage all those different appliances in the field?" he said.

< Back