CIO Update: Security Platforms Will Transform the Network Security Arena

Similar documents
CIO Update: Enterprise Firewall Magic Quadrant for 1H03

Nortel Networks Optivity Policy Services

Management Update: Storage Management TCO Considerations

Should You Use Liberty or Passport for Digital Identities?

CIO Update: Gartner s Storage Services Magic Quadrant

NetIQ's VoIP Management Products

Predicts 2004: The Future of Windows Server

Market Scope. Magic Quadrant Methodology

Symantec Client Security. Integrated protection for network and remote clients.

NGN: Carriers and Vendors Must Take Security Seriously

Finding Pure-Play Midtier ESPs: A Two-Step Process

Worldwide 2002 Security Software Market and Vendor Shares (Executive Summary) Executive Summary

Firewall and IP Virtual Private Network Equipment: Worldwide, 2002 (Executive Summary) Executive Summary

DBMS Software Market Forecast, (Executive Summary) Executive Summary

Optimize Your Broadband WAN

Management Update: Information Security Risk Best Practices

Unified Communications Magic Quadrant 1H03

KW Predicts: Who Will Own the Web-Conferencing Market?

Database Design Tool Magic Quadrant 2H02

Management Update: Wireless LAN Predictions for 2004

IT Services' IP Telephony-Related Growth Remains Strong Through 2007 (Executive Summary) Executive Summary

TCPN-WW-CV-0102 Frank Fabricius

IT Services: Identifying the Addressable Markets for Telecom Operators (Executive Summary) Executive Summary

Select Q&A, QA A. Hallawell, M. Grey. Anti-spam Architecture Choices. Firewall. Appliance or Licensed Software. SMTP Relay

Securing the Modern Data Center with Trend Micro Deep Security

Four Partial Solutions for Remote Network Access

Mesh Networking Principles

COM I. Keene, B. Hafner

2018 Trends in Hosting & Cloud Managed Services

Management Update: Gartner s New Magic Quadrant for U.S. Network Service Providers

DPRO Kimberly K. Hiller, Gerald Arcuri

COM F. Troni, L. Fiering

FICON Drives Fibre Channel Security

Antivirus Market Trends

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

2017 Trends in Datacenter and Critical Infrastructure

OpenService NerveCenter Event Correlation Network Management

Magic Quadrant Selection Criteria

Spending on Service Provider Routers Begins to Grow in EMEA

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Survey/Overview: Australian IT Service Provider Market

NEXT-GENERATION DATACENTER MANAGEMENT

Europe Wants Security Software, Despite Tight Budgets (Executive Summary) Executive Summary

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Can you wait until 2010?

What to Look for When Evaluating Next-Generation Firewalls

Symantec Security Monitoring Services

TREND MICRO SMART PROTECTION SUITES

NGN: The Evolution of Wireless Networks

Integration With the Business Modeler

Security 2.0: Balancing Business Enablement and Information Security

Security Made Simple by Sophos

Magic Quadrant for SAN Fibre Channel Switches, 1H03

Achieve deeper network security

Security Gap Analysis: Aggregrated Results

These patterns include: The use of proprietary software

TREND MICRO SMART PROTECTION SUITES

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Securing Your Amazon Web Services Virtual Networks

Business Strategy Theatre

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

DISRUPTIVE TECHNOLOGIES IN THE DATACENTER

UNIFIED NETWORK-DEFENSE APPLIANCES... A SOLUTIONS PRIMER

Symantec Protection Suite Add-On for Hosted Security

NGN: Enterprise IP Telephony

How Cisco IT Deployed Cisco Firewall Services Modules at Scientific Atlanta

Encryption Vision & Strategy

Securing Your Microsoft Azure Virtual Networks

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Ending the Confusion About Software- Defined Networking: A Taxonomy

Network Security Protection Alternatives for the Cloud

Activating Intrusion Prevention Service

NetDefend Firewall UTM Services

Huawei: China's Leading Equipment Vendor Returns to Growth

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

align security instill confidence

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Semiconductor Market for Data Processing: Asia/Pacific, 3Q03

The Future of Threat Prevention

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Protecting Your Digital World

IP Backbone Opportunities in Asia/Pacific (Executive Summary) Executive Summary

Why the cloud matters?

Performance/Throughput

Central and Eastern Europe: Premises Switching Equipment Market Share, 2002 (Executive Summary) Executive Summary

Growth Leadership, Unified Threat Management (UTM) Global, 2010

Protecting Your Digital Business: The Case for Next-Generation Intrusion Prevention

ISV Support Is Key When Choosing a Server Operating System

4Q02 Update: Disk Storage Forecast Scenarios,

Enterprise Data Architecture: Why, What and How

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Securing Industrial Control Systems

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Transcription:

IGG-11202002-02 J. Pescatore, M. Easley, R. Stiennon Article 20 November 2002 CIO Update: Security Platforms Will Transform the Network Security Arena An integrated network security platform approach will increase network security and reduce the cost of ownership for perimeter security, while preserving best-of-breed options. CIOs and other executives are interested in insights on how network-based applications can be made safe for mission-critical businesses. An integrated network security platform approach will increase network security and reduce the cost of ownership for perimeter security, while preserving best-of-breed options. The Rise of Network Security Platforms Best-of-breed security solutions have long been the most-effective choices for securing enterprise networks. However, that approach has resulted in the deployment of a disparate set of products for firewall, intrusion detection, antivirus blocking, vulnerability analysis and other network-centric security functions. That has led to gaps in protection and a high cost of ownership because of the need for multiple management consoles and a lack of integration. Gartner believes that the rise of network security platforms will enable best-of-breed security solutions to blur the lines between firewalls, network-based intrusion detection and vulnerability scanning, as well as other network-centric security technologies. What Are Network Security Platforms? Network security platforms are network-attached devices that can apply multiple security functions at a minimum, firewall, intrusion detection and vulnerability scanning at wire speeds. They provide environmental inputs (power, cooling and console) for the security capabilities, a common backplane for communications, and a control structure for communications between and to control across to security processing functions. Network security platforms use a variety of algorithms and techniques to inspect incoming and outgoing network traffic to determine if connections and payloads are dangerous to enterprises. The platforms decide whether to raise an alert regarding suspected malicious activity or to take specific actions such as block connections, drop packets or terminate sessions when malicious activity is detected. The platforms perform functions that are currently performed by firewall (network- and application-level), intrusion detection, vulnerability assessment, gateway antivirus and URL blocking products. Many network security platforms will include virtual private network capabilities. However, Gartner Entire contents 2002 Gartner, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

Gartner believes that such capabilities will not be long-term platform requirements, except for site-tosite connections. Network security platforms must run at wire speeds for most enterprises, that will be in the 100 Mbps (megabits per second) to 1 Gbps (gigabits per second) range for single connections, and much higher for multiple networks. For in the cloud security applications, with which telecom and Internet service providers provide security processing in the network, throughput of 2 Gbps or higher will be required. Those requirements will drive most network security platforms to be based on custom, application-specific, integrated circuits or network-security processors to support complex processing at high data rates. However, the platforms must support software-based updates, customization and scripting, similar to software-based systems. Hardware-based stack and protocol processing will be required to perform deep packet inspection without introducing unacceptable network latency. Software processing that runs on generic computing platforms will be sufficient where the network security platform primarily will be used for detection, not prevention; applications are simple or repetitive; or network data rates are low enough (see Figure 3). Figure 3 Network Security Management Through 2006 Firewall 1 Gbps or more In the Cloud Security Services Intrusion Detection Vulnerability Assessment Gateway Antivirus Network Security Platforms 100 Mbps or less Enterprise Intrusion Prevention Intrusion Prevention Appliances 2002 2004 2006 Source: Gartner Research Types of Network Security Platforms The four primary types of network security platforms are: Closed integrated platforms. The network security platform vendor implements all security functions in a proprietary environment and can integrate processing across functions, which enables security functions to make processing decisions based on the results of other processing functions. Vendors in this category include Tipping Point, NetScreen, BlueCoat Systems and Array Networks.

Closed separate platforms. The vendor implements all security functions in a proprietary environment without supporting integration across functions. Vendors include Symantec, with its initial Gateway Security product, and Cisco Systems, with its blade approach. Open integrated platforms. The vendor licenses security functions from other vendors (or supports open source) or partners with multiple security vendors that port their applications to the network security platform. Vendors include Nortel Networks/Alteon, CloudShield and Ingrian Networks. Open separate platforms. The vendor licenses security functions from other vendors (or supports open source) or partners with multiple security vendors that port their applications to the platform. However, integrated processing across functions isn t supported. Vendors include Crossbeam Systems, Blade Fusion and OmniCluster. Closed integrated platforms offer more-effective security via tighter integration between functions, but they require that enterprises abandon the best-of-breed approach to individual functions. Open integrated platforms enable enterprises to stay with best-of-breed options and preserve investments in network security products, as well as reduce the need to migrate security policies to new products. Both types of separate platforms will be interim offerings until fully integrated capabilities are available. Meaningful integration across functions is a complex issue. Gartner believes that this integration will not provide reliable results until 2H04. Within these types of platforms, different performance and price points will emerge: Carrier class. Products that run at OC-24 (Optical Carrier Rate 24 1.24 Gbps) and higher rates, and that allow network service providers to offer in the cloud security services, which eliminate the need for customer premises equipment and enable low-cost managed service offerings. Enterprise class. Platforms that can process multiple 100 Mbps networks that are used by Global 2000-class enterprises as enterprise intrusion prevention systems. Small-and-midsize-enterprise class. Products that offer limited flexibility or operate at 100 Mbps or lower rates at low price points. Types of Network Security Platform Vendors Network security product vendors will migrate to offering security platforms, while other network performance management vendors will also provide such platforms. Network-security-focused vendors (such as firewall, intrusion detection and gateway antivirus companies) will begin to offer security platforms to meet the challenges of blended and application-level attacks, and to address market demand to lower total cost of ownership. By 2006, 60 percent of firewall and intrusion detection functionality will be delivered via network security platforms (0.6 probability).

Content-switching and load-balancing vendors will add security functionality to their platforms, which already offer high-speed processing and deep packet inspection for making caching and loadbalancing type decisions. These vendors view security as a new revenue stream from their installed base, and as a way to avoid the threat of network security platform vendors that are adding switching and load-balancing functions to their platforms. Although content-switching and loadbalancing vendors have extensive experience in wire-speed traffic processing, they don t have deep security expertise. That will prompt network performance vendors to acquire network security technology companies that specialize in deep packet processing. Market Road Map for Network Security Platforms In 2002, firewall vendors such as Check Point Software, Symantec and NetScreen took steps toward becoming network security platform vendors: Check Point announced Smart Defense, which integrates intrusion detection capabilities onto Firewall-1. Symantec s Gateway Security product combines firewall, intrusion detection, gateway antivirus and URL blocking functions into one appliance. NetScreen s implementation of simple, signature-based filtering and its acquisition of OneSecure were strong moves in the platform direction. Gartner s Firewall Magic Quadrant for 2H02 provides an assessment of the major firewall vendors (see Figure 4). Figure 4 Firewall Magic Quadrant for 2H02

Challengers Leaders Microsoft Symantec Cisco Systems Check Point Software Ability to Execute Stonesoft Whale Communications CyberGuard NetScreen SonicWALL Secure Computing WatchGuard Source: Gartner Research BorderWare Niche Players Completeness of Vision As of August 2002 Visionaries However, those first-generation efforts provide minimal integration between functions, and they generally don t add vulnerability assessment capabilities. Newer market entrants such as TippingPoint provide tighter integration of the required functions, but in a closed architecture that will require enterprise testing to determine the effectiveness of the individual firewall, intrusion detection and antivirus functions, as well as integrated capabilities. Gartner believes that products that fully integrate network security functions and that operate at wire speeds will not affect the firewall and intrusion detection markets until 2H04. After 2H04, intrusion detection vendors that do not offer network security platforms will begin to exit the market through acquisition by network security platform players or loss of market share. The initial product focus between 2004 and 2006 will be at the enterprise level, with price points in the $25,000 to $75,000 range. If the telecom market recovers from the economic downturn before 2006, mainstream telecom and Internet service providers will begin to offer managed security services that will drive the development of higher-speed, lower-priced offerings and use-based pricing models. Gartner believes that aggressive telecom providers will offer some in-the-cloud services by late 2004. The low-end, small-and-midsize-enterprise-class network security platform will

not be a market factor until 2007, when platforms with limited functionality and processing speeds will be available at price points of less than $10,000. Managing Multiple Security Devices Most enterprises have deployed numerous firewalls, and many have also deployed one or more intrusion detection products. Network security platforms will be viable enterprise solutions by 2006, and they will transform today s disparate network security market. Until that occurs, enterprises that have deployed firewalls and intrusion detection systems can use security device management products to gain a preliminary level of integration between network security products. Those products support alarm and alert normalization, aggregation, data reduction and a degree of correlation to greatly reduce the false alarm rate and the operational burden of monitoring security devices. Although the loose integration that is provided by the products doesn t support the speed of response necessary to implement intrusion prevention, security management products enable enterprises to extend their investments in security products and provide a management structure for incorporating advanced security products. Security management price points will have to drop below the six figures of the current offerings to reach the broad market. Outsourcing the monitoring and management of perimeter network security devices is another option for enterprises that are looking to avoid investing in early-stage technology or limited security staffing levels. Bottom Line Tighter integration and common management across network security controls is a panacea of Internet security. Network security platforms maintain best-of-breed security approaches while supporting improved attack blocking and lowering total cost of ownership. Written by Edward Younker, Research Products Analytical sources: John Pescatore, Matt Easley and Richard Stiennon, Gartner Research For related Inside Gartner articles, see: CIO Update: Answer Six Key Questions, Improve Internet Security, 6 November 2002 CIO Update: The Gartner Firewall Magic Quadrant for 2H02, 25 September 2002 Management Update: Network Security Predictions for 2002, 13 February 2002

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback