|
||
|
|
|
              |
|
 |
 |
||||||||
 |
|
|||||||
By Chris Angelini |
||||||||
I CAN'T COME UP WITH A GOOD DEFINITION for kitchen appliances. I know that they often help in the preparation and storage of food. I can give you several examples of appliances in my kitchen. I can even tell you why I need those appliances. But pegging a single-sentence summation is surprisingly tough. It turns out that the same is true for network security appliances, even though the phrase is thrown around loosely, just like SMB, the market so well served by many such appliances. Lief Koepsel, director of channel marketing at SonicWALL, was kind enough to take a stab in a recent conversation we had with him, defining network appliances as specialized, hardware-based, easy-to-manage tools used to solve security problems. Like a refrigerator keeps food cool and a waffle maker server up Belgian goodness, so too do network appliances perform a number of different functions. Some stand by vigilantly, protecting against unauthorized intrusion—glorified firewalls, basically. Others handle unified access control, delegating network resources through dynamic policy management. The list goes on and on, spanning content security management, VPN connectivity, backup, email antivirus, and anti-spam. So why the sudden interest in appliances? Didn't we traditionally use software for this stuff? Absolutely. But according to SonicWALL's Koepsel, the commoditization of silicon is making it easier to push dedicated hardware down into the small business whereas it might have been limited to larger enterprises before. A recent analyst report from Forrester expounds the benefits of positioning hardware against the ever-changing security conundrum. Drop-in appliances are able to offer better performance, for one. Without a web of security applications weighing down your customer's servers, they're able to make better use of computing resources while a right-sized security component does its job separately. Koepsel also says that a security appliance is actually less expensive to install than software, even if software costs less to acquire. "Organizations with smaller IT budgets are better off with an appliance because they're so simple. Configuration is minimal. Updates happen automatically. And maintenance really isn't necessary. Conversely, the consulting fees on a complex security software deployment can quickly add up—even more so if things don't go exactly as planned."
Finally, the Forrester report cites simplified management behind the mounting popularity of appliances. Devices that combine multiple security features can be controlled through a single interface, which again, helps, keep costs down when it's time for a service provider to step in. I can't tell you how many times I've spun the proverbial tires learning the latest version of an antivirus suite or installing a new one based on a customer's favorite vendor. That waste of time and money gets circumvented by a drop-in appliance. Be The Advocate SonicWALL's Lief Koepsel observes that the channel has become increasingly important as hardware appliances have developed an SMB focus. "Resellers used to be an extension of sales, representing the best way to get a product message out to the thousands of small business customers. Now, as VARs start offering maintenance and support contracts, they're quickly becoming more of an extension to the customer's IT department. Thus the benefits of network appliances once offered to customers now help resellers do their jobs better, as well." Of course, when there's a limited IT budget in effect (and there always is), helping a customer realize the true gravity of security threats out there can be problematic. "They tend not to think in terms of TCO," says Koepsel. "A small business is just trying to keep its doors open. To really illustrate the value of protection, it helps to put everything in terms of dollars."
In other words, if your customer is carrying a laptop on a plane and loses it, they're out not only the cost of replacement, but also the value of all information saved on its hard drive. Depending on the business, that could be millions of dollars. Similarly, your customer wouldn't normally give some random stranger a thousand dollars in cash. However, that's a likely outcome should an employee fall victim to a phishing email, wherein he volunteers corporate credit card information. The message is clear: Customers need to protect their data. Blazing a Tunnel Security is a particularly sensitive matter when it comes to organizations with remote workers who connect to corporate applications. Traditionally, the employee would fire up an IPSec VPN client to join the network. Connectivity isn't always guaranteed, though. On the road, airport and hotel firewalls may prevent the client software from communicating. More specific to medium-sized organizations, IPSec clients have to be installed on each and every machine that is to connect remotely, creating a veritable headache for support staff. SSL VPN has emerged as a compelling alternative to IPSec, allowing any system to gain access securely using the ubiquity of a Web browser. There's no required client software, so you know customers will be able to log in from anywhere. Additionally, you sidestep deployment and recurring support hassles, enabling SSL VPN with a lower cost of ownership than IPSec. Adding an SSL VPN appliance is actually pretty easy. SonicWALL's SSL-VPN appliance can sit right behind one of the company's TZ or Pro series firewalls. Encrypted SSL traffic from the Internet hits the firewall and is redirected to the VPN appliance, where it's decrypted. The remote user is authenticated as traffic gets forwarded back to the firewall and inspected for threats. SonicWALL's SSL-VPN then displays a personalized portal with access to whichever resources that user is authorized to view. In short, deploying an SSL-VPN appliance is an immensely valuable way to make customers more productive, especially those with mobile employees. It's less expensive for SMBs to use on a day-to-day basis than IPSec thanks to clientless browser connectivity. Moreover, complete policy control keeps security tight on a per-user basis. Pick a benefit—almost any of those are compelling enough to get an SMB customer excited about your SSL-VPN appliance offering. Email Protection Not every business needs VPN functionality. However, any organization with its own mail server should be filtering out unwanted viruses and spam. A study conducted by Symantec and the Small Business Technology Institute shows that 18% of small businesses have absolutely no email security in place and as many as 74% perform no security planning to counter threats. An industrial-strength appliance can help plug those gaping holes. Symantec has done well with its Hosted Mail Security for Small Business and Brightmail AntiSpam for Small Business software. But the Mail Security 8220 appliance is even better when it comes to protecting local email boxes from message-bound bugaboos. The 8220 integrates lots of functionality that you'd otherwise have to procure from three or four different software vendors, including inbound anti-virus, anti-spam, content filtering, anti-phishing, and directory harvest attack prevention. Additionally, the appliance guards against outbound viruses and spam. Those functions run transparently—your customer's network isn't in any way disturbed by the appliance protecting it. Symantec's update servers are queried for the latest patches and virus definitions every 10 minutes. Thus maintenance is kept to a minimum. Deployment is greatly simplified since Symantec pre-configures the 8220. The result is lower cost, aided by the use of a conventional x86 platform consisting of Intel's 2.8 GHz Pentium 4, 1GB of memory, and an 80GB hard drive. When you factor in licensing, the raw cost exceeds a software deployment. But by cutting out manual configuration, Symantec's solution might actually save your small business customers a significant chunk of change. Back to Basics If we use the definition of an appliance proffered by SonicWALL's Lief Koepsel, SOHO routers would technically qualify as appliances. But when you're looking to deploy true small business network security, you'll be better off setting your sights a little higher. A component such as Juniper Networks' NetScreen HSC performs a handful of basic tasks, along with more advanced extras that add to its value. Of course, a stateful firewall with deep packet inspection helps protect against application-level attacks from outside of the network. Moreover, integrated antivirus detection effectively contains the spread of malicious code within your customer's organization. Web filtering promotes productivity by blocking access to restricted sites while simultaneously limiting the liability tied to downloading music, for example, from peer-to-peer sites. Finally, two IPSec VPN tunnels enable remote accessibility over a secure connection, something you wouldn't usually get with an off-the-shelf router. The NetScreen-HSC is a great starter box for organizations that aren't quite ready to adopt SSL-VPN and might not be running a local mail server. It's equipped with plenty of protection features and can easily be managed locally or remotely, too. At the bare minimum, Juniper's NetScreen covers the basics of network security. The Backup Boogie Server and workstation backup is an absolute necessity—I don't think anyone will argue that one. And yet it often requires lots of manual configuration. Although there's money to be made in getting backup systems online, it isn't one of those tasks with any room for error. Sounds like the perfect environment for an easy-to-use hardware appliance.
SonicWALL's CDP (Continuous Data Protection) series maintains data security by establishing both on- and off-site backup routines. The entire product family is able to detect new and changed files, replicating them locally without any sort of user intervention. The CDP appliance then allows you to add value by configuring an offsite data vault protected by 256-bit AES encryption and capable of storing the same information, safe from fire or theft. As with most other security appliances, the CDP-series works in conjunction with other network devices. It sits behind your customer's firewall, shielded from intrusion, can be accessed by remote users through a VPN, and benefits from the protection of an antivirus component. Layering Up With so much emphasis on deploying appliances as fail-safe security measures, it'd only be natural to drop software alternatives completely. But it turns out that, in some cases, layering hardware and software is preferred. "In some instances, hardware completely replaces software. In others, a layered approach is certainly prudent," says SonicWALL's Lief Koepsel. "For example, an anti-spam box protecting your customer's mail server can stand alone. There's no need for secondary software running behind it. On the other hand, an antivirus gateway might help prevent malicious code from disseminating through Web pages and email, but it doesn't stop employees from taking their laptops home and bringing bugs back to work or inadvertently using some sort of infected media." From a cost perspective, the idea of layering may seem daunting. Appliances can get pricey, software is similarly expensive, and small businesses are left wondering when the madness ends. If you plan to protect a customer with layers of security, have a conversation early on that establishes expectations and diagrams how hardware and software work together to keep viruses at bay. Explain a right-sized solution that employs redundancy purposefully, cutting back on cost where just an appliance will suffice, such as spam filtering. That's a Wrap Hardware appliances are easy to install, maintenance-free for the most part, and remotely manageable. Compared to a majority of software-only apps that require manual deployment, appliances make it much easier to look your customers in the eye and assure them you've done everything possible to protect their data. After all, data and downtime both have monetary values, and your expertise is the only thing standing in the way of the IT malaise suffered by countless other SMBs. |
||||||||
 Back to top |
||||||||
Copyright © 2007 RAM Magazine. All rights reserved.
Do not duplicate or redistribute in any form. |
||||||||
