Firewall appliance market takes off

A firewall software firm called Technologic is joining the move toward firewall appliances, hardware devices that are bundled with firewall software to keep outside intruders off corporate networks and control access to sensitive data within an organization.

Technologic is now marketing its Interceptor Firewall Appliance in the United States. It previously was introduced in Asia under the Net Defender name by DynaLab. The Interceptor joins similar products such as the PIX firewall from Cisco Systems and WatchGuard from Seattle Labs in a new product category that analyst firm Gartner Group calls a high-growth market.

"Small enterprises will increase the quality of their security and reduce their operating expenses by selecting firewall appliances instead of general-purpose firewalls," Michael Zboray, a Gartner network security analyst, wrote last month. Gartner defines small enterprises as having $20 million to $200 million in annual revenues.

Technologic's chief executive, Brian Cohen, trumpeted the new product's simplicity: "Every security expert will tell you a firewall needs to be on a standalone piece of hardware. We deliver a firewall with a box that's specially designed for it, something that's ready to go."

The Interceptor appliance runs on an Intel-based chips but uses a stripped-down and hardened version of BSDI Unix as its operating system, which is effectively hidden from any user.

Firewall software running on the Windows NT operating system has been the hottest segment of the firewall market, accounting for about 60 percent of shipments, Gartner estimates. NT firewalls are regarded as easier to configure and use than Unix-based firewalls, despite concerns about NT's overall security features, according to the Gartner report.

But Gartner predicts firewall appliances will overtake NT firewalls as the "easy to use" solution. "By 2002, at least 40 percent of firewalls shipped will be low-cost, minimal configuration firewall appliances," the research report states.

"By packaging the hardware and software components together, overall security of the system is improved and the opportunity for inexperienced administrators to misconfigure the underlying operating system and introduce a vulnerability is eliminated," Gartner states.

However, firewall appliances sacrifice some flexibility and offer more limited options than firewall software, which Technologic also offers in its Interceptor 3.0 product.

Although firewall appliances cost more than firewall software alone, the price differential shrinks when a dedicated PC or workstation is added to the cost of firewall software.

Technologic's Interceptor Firewall Appliance starts at $3,495 for 32 simultaneous connections. It ranges to just under $10,000 for unlimited concurrent connections. Options include a virtual private network (VPN) module.

Cisco's PIX firewall starts at $9,000, while Seattle Lab's WatchGuard products comes in a commercial version for $3,495 or in a special configuration for schools for around $5,000.