How To Sell - The Rise of the Single Machine

Appliances that offer a range of security functions in a single box are gaining ground. But what are the pros and cons of such devices for customers and resellers?

Another day, another security alert. Microsoft's announcement in April that it had detected a massive 20 new flaws in its software was just the latest warning underlining why the IT security industry has to be ready to continually meet new threats.

With the rise of new threats has come a parallel increase in the number of solutions and the creation of defined categories in security offerings.

One of the fastest-growing categories is that of the security appliance - also called an integrated device or integrated security gateway. These are delivering more flexible solutions with a lower cost of ownership for customers and good opportunities for resellers to add value.

According to IDC, spending on appliances in western Europe increased by 23 per cent last year to £219m. Year-on-year growth in the fourth quarter of 2003 was an impressive 46 per cent, driven largely by uptake in the SME and branch-office sectors.

IDC says Europe is leading security appliance sales, representing 26 per cent of worldwide revenue for the sector. About 40,500 units were shipped in Q3 2003, the equivalent of a quarter of all units shipped globally.

IDC believes the firewall/VPN appliance market has reached maturity, now accounting for 85 per cent of all security appliances shipped.

Elsewhere, the intrusion-detection software appliance market is still immature, showing triple-digit growth, due to starting from a low base.

IDC predicts that by 2007 a whopping 80 per cent of all security offerings will be appliance-based.

Worldwide, Cisco leads the market with a 29 per cent share, followed by Nokia (18 per cent) NetScreen (14 per cent), SonicWall, WatchGuard, and Symantec.

Other vendors in this space include Astaro, Blue Coat Systems, Crossbeam, Fortinet, Immunix, Internet Security Systems (ISS), Network Appliance, Network Box and ServGate.

But IDC notes that vendors are characterised by targeting specific price bands, and therefore market share should be seen in relation to the band in which they mainly operate.

Of late the appliance market has been defined by consolidation. NetScreen acquired Secure Socket Layer (SSL) VPN vendor Neoteris; Check Point acquired firewall/VPN manufacturer Zone Labs; ISS bought content filtering firm Cobian; Blue Coat bought Ositis, the third-largest provider of anti-virus appliances; Symantec acquired SSL VPN vendor SafeWeb; and NetScreen itself was acquired by Juniper Networks.

Cisco, meanwhile, is in the process of acquiring distributed denial-of- service firm Riverhead and SSL VPN company Twingo Systems.

Typically an appliance is a box containing a firewall with a range of other security functions. IT departments like them because they can be 'dropped' into branch offices under a consistent security policy.

Meanwhile, enterprise-class functionality at a price that is attractive to SMEs is helping to drive significant growth in the low end.

Appliances come either as standalone, all-in-one blade or CD/software solutions. They usually run on a hardened Linux kernel or proprietary operating system (OS), doing away with the need to secure the underlying OS.

Alternatively, some vendors embed a firewall and OS directly into an ASIC, with consequent improvements in reliability and speed.

Appliances also can be categorised as either closed or open platforms, although there is some overlap between the two. Closed platforms offer all the security functions in a proprietary environment with the benefit of integrated processing across functions.

Symantec, Fortinet and NetScreen are examples of this approach, although NetScreen offers an open platform for anti-virus functionality.

Vendors vary in the degree of support they offer for cross-functional integration. Tighter integration must be weighed against the benefits of a best-of-breed approach.

Open platforms use licensed security functions from other vendors with integration across functions. A best-of-breed approach is maintained in addition to preserving legacy security investments where necessary. WatchGuard and Network Box are examples of this open approach.

WatchGuard's best-of-breed philosophy includes using Qualis on vulnerability analysis, McAfee on anti-virus and Safenet on VPNs. Network Box uses anti-virus software from Kaspersky Labs and content filtering from SurfControl.

Similarly, 3Com offers an all-in-one security solution called the Security Switch 6200. It is a high-performance security platform that supports multiple applications, such as Check Point NG FireWall-1/VPN-1, ISS RealSecure intrusion detection, anti-virus, content filtering, and more.

Understandably, each vendor champions the benefits of its chosen approach.

For example, Symantec, with its mid-range 5400, talks of the weakness of an open approach.

"This is integrated security with all the components from a single vendor. We are not making loose alliances with technology partners to provide solutions.

"We own the technology; this allows us to offer a single update to the customers and a single point of management," says Alastair Williams, EMEA appliance product manager at Symantec.

The upsides of the appliance are simplicity, ease of installation and reduced cost of ownership. In essence, a single appliance designed specifically for the purpose is far cheaper than a different product for each threat, and easier to manage.

Appliances are also seen as better at dealing with so-called 'blended threats', such as viruses launched on the back of spam.

Today appliances are addressing a wider range of functionality, to include anti-virus, VPNs, intrusion detection/prevention, email/spam gateways and internet filtering.

Although the one-box approach is less attractive to enterprise customers, because it represents a single point of failure, it is increasingly attractive to SMEs that are prepared to trade off risk against the benefits of a device that is comprehensive and scalable.

For example, ISS has extended its Proventia range, aiming the Proventia M30 at the mid-market.

This appliance combines intrusion prevention and detection with firewall, VPN, anti-virus, web filtering and anti-spam functionality. The device supports up to 500 users and receives automatic updates to handle impending threats.

The modular approach is apparent in products such as WatchGuard's Firebox X, which comes with a software key that can be used to turn on functions within the box, as well as to expand the number of users from 500 to 2,500.

Peter Crowcombe, director of marketing EMEA at NetScreen, says appliances are allowing a wider cross-section of resellers to service security sales.

"We are seeing a broader range of resellers now, notably network resellers, which is good because they understand IP packet processing.

"We advise resellers to pick a product that lets them solve the problem for the customer while also giving some value-add. An appliance with firewall, VPN and intrusion detection and prevention is a good solution."

Resellers have to consider performance adequacy, availability, ease of deployment, return on investment (ROI) and total cost of ownership before matching customers with products.

Ian Kilpatrick, chairman at distributor Wick Hill, says it is not a process to take lightly. "You can elect to sell a device with all the functionality, but that will increase the price and the risk. Or you can sell something more basic that doesn't damage your reputation if something goes wrong."

Manny Pinion, sales and marketing director, at Fortinet distributor Norwood Adam, admits that an appliance is something of a compromise.

"While you get four main features in the box it won't be as good as a dedicated specialist piece of software. But the upsides are significant, with network performance, simplicity, licensing, pricing and ease of support."

So what about the dominance of Cisco? "Naturally, Cisco has great channel presence, which is good for overall awareness. But we believe we have an edge because we are focused solely on security.

"It is less focused and we innovate by using ASICs. Our high-end experience means that we can bring innovation to bear more quickly. For Cisco, it's just one of their product lines, " says Crowcombe.

Phil Dean, product manager enterprise AVVID solutions EMEA at Cisco, says the company's emphasis is on making networks as secure as possible as they are rolled out, as opposed to after implementation. "Our appliances are ideal for branch offices, managed security providers and corporate data centres," he says.

Cisco distributor Azlan has a word of warning. "Appliances are a good way to get into security, but resellers that are new to the technology do need help, even with the most basic appliances," says Simon Hill, director of UK distribution at Azlan.

David Ellis, director of e-security at Unipalm, says a key feature of the market is segmentation.

"The market has split into enterprise vendors and SME vendors. You need to pick vendors carefully because of this. My advice to resellers is look at your target market and make a call on the type of products best suited to it."

On the downside, the main weaknesses of appliances are scalability problems, lack of unified management, the cost of subscriptions for virus updates and the fact they present a single point of failure.

Critics also say appliances are unlikely to be effective if internal security is not attended to. This includes workstation firewalls, OS updates, workstation anti-virus software and server backups.

These elements must form part of a security policy, and represent an opportunity for resellers to add value.

Others say that appliances are inflexible, although Crowcombe counters this. "A PC platform performs less well than an appliance because an appliance is built for the task, and after all, the PC OS is vulnerable," he says.

Others suggest that the mid-market and enterprise firms will stick with best-of-breed products for different aspects of security rather than expect all applications in one box.

Bob Jones, managing director of vendor Equiinet, says most firms want a unit that doesn't break the bank and that can be fitted without an engineer.

But he warns when it comes to SMEs, some internet appliances appear to have been designed more to get as many ticks in features boxes as possible, rather than addressing the issues SMEs face. "They may offer a very low level of security," he claims.

Jones says scalability is often cited as a problem. "It's vital to have a range of products and a trade-in option to match customers' needs as they grow." They should demand VARs provide standby units with automated configuration, he adds.

Peter Goodenough, managing director of security supplier HI SEC, says human resources also can be a problem. "If we go back a few years, IT and security people did not mix, so the security network was kept separate.

If anything went wrong it was a low priority because our kit was not running on the core network. Appliances allow you to be on the main network, but you have to jump through a lot of hoops to get there. The IT people will want to know what is on the network, so you need the right products to do it."

Niall McGrane, UK sales manager at Allasso, says it is still early days.

"There is no silver bullet. Appliances will eventually hit the sweet spot, but meanwhile there are many questions about how a range of best-of-breed software on one device is supported.

"SMEs want to tick off boxes, but what if anti-virus is not on the appliance? Then they need to buy two boxes, which makes it less attractive," he says.

Much will depend on how much added-value resellers can get from appliance sales. Given that many customers cannot expect to become sufficiently knowledgeable about security to maintain workable solutions they need experts, and will be happy to pay for specialist services.

Provided resellers are prepared to gain the necessary expertise, the appliance market appears to be fertile ground.

Kilpatrick says: "Appliances are excellent for value-add. You can effectively go back every three months and move the customer through the value chain if you are doing it right."

Paul Thackeray, UK managing director of SonicWall, says: "Service and bolt-ons are the main opportunity, and the opportunity to sell security consultancy. In addition, services may be activated and managed remotely from a central point."

According to IDC, the security appliance market shows all the signs of delivering good returns for resellers.

IDC analyst Oliver Harcourt says: "SMEs are attracted by having a range of applications on one device and enterprises will want more complex solutions that ensure throughput is protected and access is available to different security staff. There it's more of a human resources issue."

But whatever size organisation a reseller decides to target, the appliance is likely to form an important part of his security offering over the next few years; its simplicity, ease of installation and functionality should see to that.

CONTACTS

Allasso (0870) 366 8511
www.allasso.co.uk

Azlan (01189) 897 700
www.azlan.com

Equiinet (01793) 603 700
www.equiinet.com

HI SEC (01276) 679 950
www.hisec.com

IDC (020) 8987 7100
www.idc.co.uk

NetScreen (01372) 385 500
www.juniper.net

Symantec (020) 7616 5600
www.symantec.com

Unipalm (01638) 569 644
www.unipalm.co.uk

WatchGuard (01737) 735 015
www.watchguard.com

Wick Hill (01483) 227 600
www.wickhill.com