Out with the old, bring in the new -- Firewalls?
Beth Blakely
Published: 28 Jan 2003 11:47 GMT
Holistic security vs. piecemeal approaches
Loingtier says the notion of XML-application firewalls as independent, or somehow separated, from customary security won't last long because traditional vendors have agreed that security is a holistic endeavor where all components must cooperate and be considered in the totality of their interactions.
"Besides, no IT manager would look very kindly at managing two PKIs [public key infrastructures], one for the same firewall/VPN that protects an extranet and one for the sake and needs of Web service applications," Loingtier explains. When choosing a vendor for application-level security for Web services, Loingtier recommends that CIOs first ask, "Has it been tested with the products and the configuration I intend to use?" If the answer is no, don't proceed, he says.
However, CIOs can feel safe investing efforts with a small security firm whose product integrates well with their existing security infrastructure and processes, he adds.
"Pick up the right one and you might not even have to change anything in your infrastructure if it is ultimately migrated to Cisco or Symantec," Loingtier says.
Smaller companies will likely be swallowed
Sorrentino expects the new or smaller vendors offering application-level security for Web services to be overtaken by larger vendors.
The newer companies "have little proprietary knowledge, technology, patents, and so on " that would prevent mainstream network security players like Cisco or Nortel from engaging in the market once it's large enough to be interesting, Sorrentino says. So, an "adaptation to XML would not be a challenge" for the traditional players, "nor at the right time would be the acquisition of one or more of the new vendors."
Leading vendor: Check Point Software
Gartner predicts that as organisations evaluate security requirements, more will implement more than one kind of firewall, spurring demand for integrated centralised administration. One firm that offers central administration is Check Point Software Technologies, which Gartner has named as one of the leading vendors in the firewall market, along with Cisco.
Check Point is among the first to offer an end-to-end security solution that includes application-level security as well as centralised administration, according to Neil Gehani, Check Point senior product manager.
That holistic approach to security is what will separate the surviving application-level security vendors from those destined to fail or be swallowed by bigger fish, he says.
"A lot of the application firewall vendors come from the application space and not from the security context, so they're not aware of all the security issues you have to deal with," Gehani says. "You have to remember that most of the people that come to this space assume that the network security issues have been taken care of, which, of course, is the wrong assumption."
The September 2002 release of Feature Pack 3 for Check Point's VPN-1/FireWall-1 Next Generation product includes security for XML and SOAP protocols. The additions are a free upgrade to existing customers. Gehani says that's an advantage of an integration solution over companies offering just the application-level security solutions.
"XML-specific firewall vendors will charge you about $50,000 a pop, plus about $15 a user for it," Gehani says. "It's expensive for what they offer, because it's very limited."
He recommends that before CIOs spend their money, they narrow the field of vendors offering application-level security by considering those that offer a complete solution that will fit the entire infrastructure and eliminate vendors offering only a piecemeal solution for Web services.
Gehani warns that CIOs will have a tough time wading through the hundreds of vendors to find the top two or three whose solutions match their business needs. However, if they take the time to make a decision with their entire business in mind, they'll avoid choosing a "penny-wise, pound foolish" solution, he says.
"Most people don't do that," Gehani says. "Then they spend a lot of money and later have to deal with the integration issues."
For a weekly round-up of the enterprise IT news, sign up for the
Enterpise newsletter.
Find out what's where in the new Tech Update with our
Guided Tour.
Tell us what you think in the
Enterprise Mailroom.
Previous
Did you find this article useful?
80 out of 184 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
