Firewall Vendors Need To Bring More To The Table

Traditional firewalls are becoming more and more useless as we extend our networks and build VPN tunnels to remote staff and business partners. But there's a business opportunity for firewall vendors to expand their footprint by expanding their feature set.If you're in the trenches, as I am, then there's a good chance that in order to satisfy business requirements, you've had to extend your network to a great deal of third parties. As I look now at my Cisco VPN Concentrator, which I'm proud to say I've been running in production for 9 years, I see that I've built more than 30 VPN site-to-site tunnels to various VIP homes, remote sites, and other business partners.

But bringing all of these folks onto the internal network introduces a world of challenges with boundary security, and its driving me nuts. I suspect you have the same problem I do. You've had to build or manage tunnels to firewalls that you may or may not control. If you're lucky enough to control them, you're probably split tunneling Internet-bound traffic directly out the far end of the tunnel. So now you have to deal with all of the viruses and spyware that business partners and employees are pulling in through their BitTorrent clients.

Check Point, et al., are reacting to the breakdown of the traditional network barrier by packaging better SmartDefense and more agent technology into NGX. But more needs to be done. In order to fully protect and analyze attacks in my environment, I need the following mix of products:

• Client virus protection • Client spyware protection • IDS/IPS • Network behavioral analysis • Data leak prevention • Firewall • SMTP Spam and virus gateway • In the cloud content acceleration, and • Malware filtering

As you can imagine, for even a small environment of, say, 500 users, you can easily rack up a bill of $200K trying to build up these capabilities, and that's just in up-front capital costs, never mind ongoing support and maintenance.

But there's an opportunity here for firewall vendors to help organizations of all sizes, but particularly SME's, with their real world challenges. I'd like to see Check Point, Cisco, and Juniper make a few strategic acquisitions and package more functionality into their base firewall offerings. I understand that it's impossible to get seven best of breed solutions in one box. But SME's especially don't need best of breed, they generally need a base level of functionality, and you can't tell me that the Check Point's, Juniper's and Cisco's of the world don't have the resources needed to make that happen. Most SME's can't afford an enterprise NBA tool, but I'd bet they would pay extra for a base level of functionality if it were packaged into a firewall they already are buying.

If Nokia can figure out how to engineer a smartphone that does seemingly everything, then surely Cisco can figure out how to engineer an appliance that will do more for SME's without cannibalizing its existing enterprise offerings.