It's a simple fact that most companies will try to get away with the bare minimum of protection. After all there is no such thing as total protection; it will always come down to some compromise revolving around the amount of dollars in the IT budget.
But the acceptable minimum requirement is growing. Firewalls are a product that make perfect sense to any company that can easily understand the concept of perimeter defence. The firewall has evolved into a more complicated beast, with integrated, subscription-based services such as content filtering and VPN bringing greater protection and opening the door to recurring revenues.
The most wanted feature is anti-virus protection, now at the forefront of the security consciousness after a shocking year of blended threats. More medium level and above viruses were detected in the first quarter of 2004 than in the whole of 2003, according to Network Associates.
The sustained assault has elevated anti-virus protection to the top of the pyramid and is now commonly featured within the firewall itself and not just on individual PCs.
These extra features are turning the firewall from a single-sale appliance into a handy earner. Updates require regular contact with the customer and an ongoing consulting role; in a security environment that is constantly changing, a company's protection must take account of new threats and the company's own growth.
A basic updating service requires little more than a customer service centre and an engineer to carry out the update, which are largely automated. 'That's very easy money,' says LAN 1's managing director, Daniel Lee.
He recommends that a good reseller should have at least 100 sites to provide a solid income stream based on the annuity of renewed licences.
The more features the better the margin, and the SME market has been willing to pay. But the downside is added complexity; knowing how to integrate each appliance into a custom network is an issue for resellers, says Lee.
The pace of technological improvements combined with the growing demands of the market threaten to outstrip the knowledge base of resellers. Without well-briefed staff running installations, protection of each layer using the latest products is hit and miss. 'Training is going to be the key,' says Lee.
Another trend is the narrowing of security products on the market; competing products in each new range are selling the same sets of features. The commodification of security appliances is not happening as quickly as other areas of IT - margins are holding at around 15 percent, says Lee - but the trend emphasises that a reseller is safer in consultation and design.
One newcomer to the firewall scene that does stand out is Watchguard's Firebox X. The range of multifunction boxes differ only in the number of features, each of which can be unlocked by a licence key.
Customers can buy a low-specc'ed box and upgrade as needed without the disruption to business caused by a forklift upgrade, says Watchguard's regional director for Australia and New Zealand, Sven Radavics.
The only requirement, a 40-second reboot, is much less painful than the average two or three year technology refresh.
Features include VPN, content filtering and URL filtering, with anti-virus in the pipeline.
The security on demand model echoes IBM's own approach to utility computing and could give Watchguard the edge in the highly competitive firewall space.
One of the big advantages to resellers is that an upgradeable firewall ties in a customer for several years rather than losing out to a competitor that can offer better features or a lower price the next time an upgrade is needed.
Another plus is that the single renewal for each box has been replaced with individually renewed services, says Radavics.
For the reseller it means taking high margins on a full firewall upgrade with minimal work; for the end-user, a better deal from a TCO perspective.
Although the Firebox X range has only been out since the beginning of February the results have been interesting. John Labza, managing director of Firewall Systems, a distributor specialising in security, says that companies purchasing a firewall used to buy what they could afford, not what they needed.
Now customers are going for lower specc'ed models of the Firebox X range knowing that they can upgrade only when it is absolutely necessary.
This initial cost saving often turns out to be more expensive in the long run. Buying a low-end system and then an upgrade in 12 months time is less cost-effective than spending up on a bigger system from the start.
However this is all good news for resellers, and good news too for customers who need to stagger their IT purchasing over a more affordable time frame.
Keep in control
Management is the next issue vendors are racing to address. In the face of blended threats, the time it takes to update defences once a new threat is discovered is crucial.
This has put pressure on vendors who play the best-of-breed game and handed some advantage to companies selling all-in-one appliances. 'Integration' is a buzzword that closely follows any mention of management in the business world, and as any reseller in any field knows, integrating products from several vendors is never as easy as promised.
But many vendors are adding management to their portfolios in a bid to stay relevant.
'Anyone who is serious about playing in this area has to try and tackle the management issue,' says Fortinet's Peter Sandilands. While vendors may have already switched onto the holistic security game plan, Sandilands adds that resellers and customers have been slower to take the next step.
Instead, firewalls are viewed as a perimeter device, anti-virus as a desktop problem; failing to address the two as key parts of a united defence plan leaves companies in a weaker position, says Sandilands.
Fortinet's answer is the all-in-one appliance, a trend that Sandilands believes is unstoppable. And Fortinet is pushing hard the compatibility of its management software with its own hardware over a security package that tries to bring together products from multiple vendors.
Checkpoint Software, a vendor that built its reputation on the quality of its firewalls, is moving into similar territory. Global vice president Jerry Ungerman was in Australia this month talking to partners and customers about two products, one addressing the defence of internal networks and the other web portals and content delivery.
Ungerman says that, apart from updates against application-level attacks, the network layer 'is pretty well protected for enterprises'. Although 70 percent of the company's revenues come from VPN sales, Ungerman admits that some old partners still view Checkpoint as a firewall specialist 'that never really graduated into VPNs'.
Now the challenge is in delivering products that move beyond the perimeter and in addition to the web portal and internal network products already mentioned, Checkpoint has introduced its own answer to centralised security management based on the Zonelabs product which the vendor acquired late last year.
Several distributors, including Dovetail Distribution's general manager, Max Fredericks and LAN 1's Lee, confirm the popularity of the all-in-one appliance. Customers who already own some level of protection are implementing a second, all-in-one appliance for the added features and doubling up on protection, says Fredericks.
The security specialist says the all-purpose Fortinet products have been selling well particularly because they bring anti-virus forward to
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
