Firewall vendors are souping up their firewalls for corporate networks because of falling prices and their desire to have their products at the center of the security universe.
Companies are taking a variety of approaches to expansion. Network Associates, Axent, and Secure Computing have bought several security technologies and either bundled them as an integrated suite or put them on a menu of offerings. Network Associates offers firewall, antivirus, and intrusion-detection software in its security tools.
"The trend of last year was that every firewall vendor became a VPN vendor as well," said analyst Chris Christiansen of International Data Corporation. "This year everybody became a firewall, VPN, and security management platform."
"They all see this huge installed base sitting out there and an opportunity to cross sell," added Jim Hurley of the Aberdeen Group.
Secure Computing is looking outside too; earlier this week it announced it will add intrusion-detection software from market leader Internet Security Systems in its firewalls. Next week it will announce it is bringing in load-balancing software from Radware, allowing a cluster of firewalls to function as one so it has automatic backup if one fails.
Firewalls are a natural place to cluster security technologies. "A lot of these products aggregate at the perimeter of the network, so there's an opportunity to combine them," said Matthew Kovar, security analyst at Yankee Group.
Also, firewalls are relatively mature technologies, and they're often the first piece of security software a network manager installs after hooking up to the Internet.
"It's becoming a must-have technology," said Robert Wise, director of product marketing for Secure Computing. In addition, he said, security threats have multiplied and network insiders are responsible for perhaps half of security breaches. Then there are computer viruses, hostile Java applets, and coordinated "denial of service" hacker attacks designed to crash a firewall.
Sitting on the edge of a network, firewalls are becoming a place to marshal security forces against a broad range of attacks.
"There's a growing realization that firewalls are extremely effective in controlling who can enter your organization, but they are not effective in terms of what enters your organization," said Daniel Schrader, director of product marketing at Trend Micro.
Check Point was one of the earlier firewall vendors to add VPN capabilities, and customers have responded. Two years ago, 1 in 12 customers bought a VPN add-on to their Firewall-One, said Asheem Chandna, Check Point's vice president of marketing. In its most recent quarter, half of its firewall buyers purchased VPN too.
But Check Point's ultimate strategy is to own the centralized management of a corporation's security network, and for that it has established its OPSec Alliance of some security 200 vendors whose products work with Check Point's. Through a deal with public key infrastructure vendor Entrust, Check Point now bundles public key infrastructure software to authenticate both users and devices on a network using digital certificates.
Lucent, a latecomer to the network security, isn't sticking just to firewalls.
"We have found on firewall side that the two elements customers want are content security and integration of user authentication," said Howie Gittleson, Lucent's director of security and VPN solutions, hinting of more deals.
But Hurley says big customers don't see the need for integrating other security measures with firewalls.
"We're not seeing a large take, up from users to take advantage of all these things," Hurley said, noting that firewalls are notoriously difficult to configure and manage. "Adding additional services that plug into firewalls only makes their job more difficult," he added.
Analyst Kovar says big customers still look for the best products in the category.
"If they're going to use those products already, they're happy for vendors to do the integration for them," he said. "They're looking for best products and that's what they're going to go with. If the relationships are already established, it's better for them."