integrated security devices

open opportunities for service providers

COMMERCIAL SERVICES PROVIDERS LOOKING for a leg up on the competition have an opportunity to be first to market with a new generation of managed security services that far outstrip security offerings in the past in terms of both cost-effectiveness and flexibility.

The opportunity rests on the availability of new integrated security appliances for end users that have in common the ability to support several types of security functions that once required separate boxes, often at price points within reach of businesses once deemed too small to afford firewall hardware and other advanced security support. But, as with any first-to-market opportunity, there’s a catch: the devices are so new there’s no assurance customers will buy into the service.

“There’s a certain level of ‘show-me’ attitude about multifunction devices because of problems in the past with trying to add too many features to devices that were essentially routers,” notes Zeus Kerravala, an analyst with Yankee Group Research Inc. “But these new integrated security platforms are built from the ground up and so represent a different class of device altogether.”

NetDevices’ SG-8 Unified Services Gateway

If one unit can incorporate the functions of a service gateway, router, firewall, spam filter, intrusion detection and protection device and much else with the capacity for adding new features via software downloads, what’s not to like, Kerravala asks. “People have to be convinced things work as billed, but there’s always a market for consolidation of equipment,” he says.

Indeed, when Yankee Group, in a survey of SMBs and larger enterprises, asked what applications they’d like to see integrated into their routers, over half said they wanted a combination of services for small offices and branch offices converged with data routing, including firewall, VPN, intrusion detection, antivirus software and IP telephony. In response to this demand, a wide range of manufacturers including startups as well as established suppliers have entered the market with remotely managed integrated security appliances suited for every type of environment, from enterprise branch offices down through SMBs to the smallest offices and even the SOHO market.

Among the newest players is NetDevices Inc., which began shipping its SG-8 Unified Services Gateway line at the end of June. Designed for large branch and regional offices, this is an all-in-one device that encompasses management of VoIP, data services and access services as well as security, says Mark Weiner, senior director of marketing at NetDevices.

“Our founders have extensive backgrounds with service providers like SBC [Communications Inc.], Qwest [Communications International Inc.] and MCI [Inc.] as well as on the manufacturing side,” Weiner says. “The SG-8 is optimized for [service providers] as well as for remote management by enterprises.”

A key element for service providers is that the functions can be configured to each situation at each customer location as needs arise. “Maybe you want to put the firewall on the WAN bandwidth and add other security elements at two branches and a different setup at a third,” Weiner explains. “You can do that, and if you want to change that configuration, you don’t have to go through a 30-day planning cycle. You just do it.”

Equally important, he says, the unit comes with a built-in management framework that operates separately from the rest of the processing. “If something goes wrong, you can get into the box, fix it and bring it up without the need for a truck roll,” he says. “Even if the data plane goes down and the CPU is out of cycle, you have access to a processor that can find the problem and bring the product back up.”

One of the problems in the past with scaling ever more security features and users onto devices was the amount of processing power consumed with duplicate packet reading functions associated with each application. Weiner says the NetDevices product employs “one-pass” reading of packets so that spam filters, virus detectors, intrusion protection and the like all rely on the onetime reading and registering of information on a given packet flow.

Cisco’s 1800, 2800 and 3800 series integrated services routers

NetDevices is talking to all types of service providers as it seeks to gain traction for the SG-8, but so far only a couple of smaller service providers — RockNet outside Chicago and Startec Global Communications operating in New York State — have been named as customers. “You can expect the big telcos to be slower than the smaller ones to make the move in this direction,” Kerravala says.

All the suppliers of advanced new premises devices are looking for ways to build demand on the service provider side. For example, Cisco Systems Inc., which introduced a new line of integrated service devices last fall, is taking the unusual step of marketing an enterprise line of products to cable companies as it searches for service providers who might be interested in using its products to develop new service opportunities. “Our new series of SMB integrated services routers (ISRs) makes it possible to offer a compelling portfolio of managed services at low price points to customers who otherwise wouldn’t be able to gain the security benefits enjoyed by bigger companies,” says Tej Kohli, a director for service provider marketing at Cisco. “We think this is an appealing opportunity for cable companies as they look for ways to add value to their new commercial service operations.”

Cisco’s 1800, 2800 and 3800 series ISRs come with a comprehensive portfolio of network security services with sufficient capacity to support multiple applications across multiple office locations from a single premises-based platform, explains Robert Checketts, senior manager for product marketing at Cisco. Built from the ground up, this is the first line of Cisco products that offers secure wire-speed delivery of concurrent voice and data,” he says.

All of these routers ship with built-in VPN hardware encryption and acceleration capabilities, version 2.0 of the Cisco Router and Security Device Manager and Cisco IOS software-based VPN firewall, he says. In addition, he notes, inline intrusion prevention system (IPS) functionality has been embedded into a router for the first time, providing the network with a deeper level of protection than was previously possible in low-cost devices.

The 2800 and 3800 series also integrate new releases of the Cisco CallManager Express, allowing businesses to replace PBXs and key systems with a comprehensive IP telephony, voice mail and auto attendant solution, Checketts says, noting the 3800 scales to 240 IP phones and the 2800 to 96. From a service provider perspective, all of these capabilities can be managed over a single device through a single user interface, making it much easier to sell smaller companies more than just transport service, Kohli says. And, he adds, they can be networked together into dynamic multipoint VPNs in a mesh (all-points-to-all-points) array that is as simple to manage as the traditional hub-spoke model.

With price points ranging from $1,395 to $9,500, service providers have the option of providing the CPE on a leased basis without incurring heavy capex costs, Kohli adds. “With the overall savings in equipment and truck rolls, we’re seeing payback on the leased equipment model reduced to eight months compared to 24 months for comparable services offered over previous generation equipment,” he says.

Another player in the integrated security device market, startup Electronic Lifestyle Integration Inc. (ELI), has gone so far as to produce what it describes as an enterprise-class device for consumer, enterprise remote workers and small home offices. Priced at under $200, the unit, known as “Eli,” operates as a remotely managed device that combines a broadband modem and wireless router with a full-featured firewall and antivirus, spam and content filtering solutions.

ELI, the company, is providing its own managed service, priced at $10 per month for a consumer SLA and higher for small office SLAs, as a key part of its business model, says ELI CEO Susan Lutz. But, she adds, the company also has made service providers a focal point of its marketing plan with the intention of offering to brand the managed service component in conjunction with service providers that market the Eli device to end users.

“Service providers have been a part of our thinking from the beginning,” Lutz says. “The whole idea is there should be a check box on the ISP’s or broadband service provider’s order form where customers can request this service.”

ELI is in discussions with all the top ISPs, including cable, telcos and independents, Lutz adds. “Our initial units come with DSL modems on board, but we intend to bring out models with cable modems built in as well,” she says.

The service component exploits the processing flexibility of the unit to create an extremely secure premises networking environment, Lutz explains. “Every line of code is remotely upgradeable, which allows us to renew all aspects of security,” she says. Firewall stateful inspections, antivirus updates and content filtering updates are among the service applications taking place anywhere from twice to 30 times a day, she notes.

While the market for the new generation of integrated security devices is fairly small today, measured at just $306 million in 2004 by In-Stat, the research firm projects a rapid escalation over the next four years, with the total global sales projected to reach $3.9 billion in 2009. “The benefit, especially for smaller companies, is the increased functionality,” says In-Stat research analyst Victoria Fodale.

Fodale says managed service appears to be part of the game plan for most suppliers, meaning the opportunity is huge for service providers. But it will take some pioneering spirits in the service provider ranks to begin bringing the business market around to understanding the benefits of these new devices.

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines