Proxy Server 2.0 crowds firewalls

Security features added to version 2.0 of Microsoft's Proxy Server software could shake up the firewall software market.

4 min read
Though Microsoft (MSFT) says it doesn't plan to compete with firewall vendors, its plans to add firewall security features to the latest version of its Proxy Server software could shake up the firewall software market.

Proxy Server 2.0 goes into beta testing in July and will add to security features in version 1.0, where it handled access control and generic security functions. But Microsoft officials declined to elaborate on the new features until the beta of version 2.0 is out.

Firewalls are designed to block intruders from getting onto a company's internal networks via the Internet. If Proxy Server 2.0 adds many security features, it could hurt sales of firewall software for Windows NT in particular, and NT has been the market's hottest segment.

Although Microsoft officials declined to discuss pricing, they noted that the customer base for Proxy Server has been small businesses with a single Internet connection shared by 20 or 30 people.

Proxy Server 1.0 allows firewall and filtering software vendors build services on top of the $995 Microsoft product, which lacks such common firewall features as packet filtering, network address translation, and problem alerts.

"We will continue to be complementary with firewall vendors," said Microsoft's Lloyd Spencer. "So far, all the firewall vendors we work with view this as positive, a way to complete what we have today."

Microsoft's move is the second major firewall development in a week--last week Cisco Systems paid $40 million for staff and a firewall from Global Internet.com.

"We are interested to see that as validating the perception that it's a significant market, a big opportunity," said Elizabeth Kaufman, business development manager for Cisco. "The challenge [from Microsoft] is more for point product vendors than for Cisco." Cisco will market its new Centri firewall as part of an enterprise-wide solution to enforce a security policy.

Microsoft's interest in providing more firewall functions should come as no surprise, says Rob Enderle, an analyst at Giga Information Group. It's been clear since Microsoft introduced its first version of Proxy Server that it would add firewall functions.

Microsoft's decision could hurt makers of firewall software, such as Raptor Systems. In February Raptor announced a low-end firewall, called "The Wall," targeted at small and mid-sized companies. The Centri firewall from Global Internet.Com also targets that space; sometime Microsoft ally Cisco Systems announced last week it's buying Centri and Global Internet.Com's software group.

Firewall companies are eager to repeat the message that Microsoft won't compete with them, though Microsoft has often been accused of breaking such promises in the past.

"We don't see Microsoft eating into our market," said Emily Cohen of Check Point Software Technologies, the top-selling firewall firm that does 40 percent of its business in NT sales. " [Customers] buy us as an industrial-strength sell. Microsoft readily acknowledges that [ Proxy Server's firewall capability] is not intended to be a full-blown enterprise solution. We are working with them on having our system manage theirs."

Even if Microsoft jumps into firewalls, said Ted Julian of research house International Data Corporation, it will do so only on Windows NT. "Even if you assume they're coming out with both guns blazing, there's still the Unix market. That's not a bad place to be today--it's the bulk of the market."

But for a vendor like Raptor, Microsoft's entry could begin to pinch. Raptor did the first NT firewall in February 1996, and it quickly accounted for 80 percent of Raptor sales.

"It could compete with [Raptor flagship firewall] Eagle," Raptor's Rob David acknowledged. "It's not clear whether [Microsoft's product] is a full firewall. Just because it has proxy services doesn't mean it's a firewall."

Gina Dubbe, vice president of sales for firewall vendor Trusted Information Systems, said she views the Microsoft initiative as complementary. TIS announced today that its firewall will integrate with Hewlett-Packard's Open View enterprise management system.

And in a release late today, TIS said it is developing security management tools that will work with Microsoft's new version of Proxy Server and the next version of its NT Server, saying Proxy Server's new security architecture will complement TIS Gauntlet firewall. Microsoft is using the TIS firewall on its campus.

However, Dubbe thinks Microsoft's move may affect other firewall vendors.

"We think Microsoft is addressing security with the seriousness it deserves. If you take their baseline efforts and combine them with an application firewall like Gauntlet, it will protect corporations today," said Dubbe. "We give real security for the real world."