Virtualise your security tools for greater flexibility

Security products purchased as virtual appliances give IT greater flexibility in deployment than traditional security hardware devices.

The concept of treating network security as a software application has proven to be successful. Organisations can save money by re-purposing expensed servers as security devices, achieve a performance boost by placing network-oriented security on a faster processor and consolidate security functions on fewer servers to save on administration while making the security function a bit greener.

One of the more interesting news items of late barely caused a ripple in the security blogosphere: Check Point and Riverbed Technologies entered an agreement allowing Check Point's new software blade architecture to run as a virtual appliance on Riverbed's Steelhead WAN optimisation platform. Branch offices can take advantage of data center consolidation cost savings without sacrificing end-user performance or exposing the organisation to increased security risks. Virtualisation is one of the technologies that make this enhancement practical. Riverbed relies upon VMware, enabling Check Point to co-exist on the Steelhead device without significant software re-engineering.

The next generation of network perimeter devices will likely offer business connectivity features in addition to firewall security to capture market share. The traditional drivers of firewalls enable business connectivity to the Internet including network address translation, protocol validation, and VPN termination – functionalities that are more important for allowing traffic into the network than for blocking traffic at the edge. Organisations with branch offices and remote campuses are concentrating Internet security into network devices to save on acquisition and operational expenses.

Security vendors can pack more security features into a hardware appliance, such as with Unified Threat Management devices, but the disruptive innovations will appear with integrated capabilities such as WAN optimisation, virtualisation support, routing, and auditing. Security co-existing with optimisation technology is also not new. Microsoft included security with performance features in ISA Server and also integrates secure branch office access to SharePoint repositories.

By contrast, UTMs, package firewall functionality with network security technologies such as network antivirus, intrusion prevention, and URL filtering into a single appliance to fulfill a small and medium sized business need for low administration small footprint security devices. Security vendors liked the concept because vendors could augment firewall sales with signature-update subscription revenues, and also protect the price points of the product line by including commoditized features. The seldom-mentioned issue with UTMs is that security effectiveness is often pared way down to maintain performance, especially AV and IDS inspection technologies with short signature lists to keep the traffic moving.

IT always prefers secure products over incremental security products. Additional devices in the network require time and energy to deploy and operate. In addition to Check Point and Riverbed, SourceFire has announced the availability of SNORT as a virtual appliance in 2009 which means IT has a leading firewall, WAN optimisation, and IPS to start with. IT should start making requirements for its strategic security vendors to deliver products as virtual appliances allowing the enterprise the most flexibility in deploying security and business connectivity.