Though Microsoft (MSFT)
says it doesn't plan to compete with firewall vendors, its plans to add firewall security features to the latest version of its Proxy Server software could shake up the firewall software market.
Proxy Server 2.0 goes into beta testing in July and will add to security
features in version 1.0, where it handled access control and generic
security functions. But Microsoft officials declined to elaborate on
the new features until the beta of version 2.0 is out.
Firewalls are designed to block intruders from getting onto a company's
internal networks via the Internet. If Proxy Server 2.0 adds many security
features, it could hurt sales of firewall software for Windows NT in
particular, and NT has been the market's hottest segment.
Although Microsoft officials declined to discuss pricing, they noted that the customer base for Proxy Server has been small businesses with a single Internet connection shared by 20 or 30 people.
Proxy Server 1.0 allows firewall and filtering software vendors build
services on top of the $995 Microsoft product, which lacks such common
firewall features as packet filtering, network address translation, and
"We will continue to be complementary with firewall vendors," said
Microsoft's Lloyd Spencer. "So far, all the firewall vendors we work with
view this as positive, a way to complete what we have today."
Microsoft's move is the second major firewall development in a week--last
week Cisco Systems paid $40 million for
staff and a firewall from Global
"We are interested to see that as validating the perception that it's a
significant market, a big opportunity," said Elizabeth Kaufman,
business development manager for Cisco. "The challenge [from Microsoft] is
more for point product vendors than for Cisco." Cisco will market its new Centri firewall as part of an enterprise-wide solution to enforce a security policy.
Microsoft's interest in providing more firewall functions should come as no
surprise, says Rob Enderle, an analyst at Giga Information Group. It's been clear
since Microsoft introduced its first version of Proxy Server that it would
add firewall functions.
Microsoft's decision could hurt makers of firewall software, such as Raptor
Systems. In February Raptor announced a low-end firewall, called "The
Wall," targeted at small and mid-sized companies. The Centri firewall from Global Internet.Com also targets
that space; sometime Microsoft ally Cisco
Systems announced last week it's buying Centri and Global
Internet.Com's software group.
Firewall companies are eager to repeat the message that Microsoft won't
compete with them, though Microsoft has often been accused of breaking such
promises in the past.
"We don't see Microsoft eating into our market," said Emily Cohen of Check Point Software Technologies,
the top-selling firewall firm that does 40 percent of its business in
NT sales. " [Customers] buy us as an industrial-strength
sell. Microsoft readily acknowledges that [ Proxy Server's firewall
capability] is not intended to be a full-blown enterprise solution. We are working with them on having our system manage theirs."
Even if Microsoft jumps into firewalls, said Ted Julian of research house
International Data Corporation, it will
do so only on Windows NT. "Even if you assume they're coming out with both
guns blazing, there's still the Unix market. That's not a bad place to be
today--it's the bulk of the market."
But for a vendor like Raptor, Microsoft's entry could begin to pinch.
Raptor did the first NT firewall in February 1996, and it quickly accounted
for 80 percent of Raptor sales.
"It could compete with [Raptor flagship firewall] Eagle," Raptor's
Rob David acknowledged. "It's not clear whether [Microsoft's
product] is a full firewall. Just because it has proxy services doesn't
mean it's a firewall."
Gina Dubbe, vice president of sales for firewall vendor Trusted Information Systems, said she views the
Microsoft initiative as complementary. TIS announced today that its firewall will integrate with Hewlett-Packard's Open View enterprise
And in a release late today, TIS said it is developing security management
tools that will work with Microsoft's new version of Proxy Server and the
next version of its NT Server, saying Proxy Server's new security
architecture will complement TIS Gauntlet firewall. Microsoft is using the
TIS firewall on its campus.
However, Dubbe thinks Microsoft's move may affect other firewall vendors.
"We think Microsoft is addressing security with the seriousness it
deserves. If you take their baseline efforts and combine them with an
application firewall like Gauntlet, it will protect corporations today,"
said Dubbe. "We give real security for the real world."