Virtual Appliances Boost Network Security
Unified security appliances help enterprises manage multiple security services, but keeping such devices up to date while incorporating scale is a challenge. Can virtualization help?
Securing the enterprise has always been the top job for harried network managers. However, network security has turned into a full-time endeavor, requiring more and more time to manage, implement and maintain. Simply put, most enterprise networks are subjected to threats which may evolve faster than traditional security solutions.
The increase in blended threats, as well as increased threat complexity, has led to the growth in zero day vulnerabilities that confound typical firewalls and associated appliances. What today’s enterprises need is increased agility, powered by security solutions that can evolve and scale as quickly as the growing threat environment.
To date, meeting the dual-pronged demands of scale and protection has proven to be a costly affair, with proprietary devices requiring frequent updates or replacement to meet both traffic and security demands. While software surely has an impact on those issues, it largely comes down to the limitations of proprietary hardware, which requires specialized support, physical upgrades and vendor maintenance/continuity services.
Virtualization's Security Benefits
A growing number of organizations are turning to virtualization to improve their network security. And vendors are starting to see the light of virtualization as well, especially as a methodology to get out of the hardware business and focus on their core competency, security software and services. Virtualization accomplishes that goal by abstracting critical software capabilities from the physical hardware – creating a level playing field where security software can readily scale, become more reliable and can be quickly re-implemented in case of failures.
The benefits offered by moving to virtual appliances are many fold for enterprise networks, especially when it comes to security services. For example, scale becomes a matter of just throwing more powerful hardware at the problem, a situation further simplified by the fact that most virtualization platforms do not run on proprietary hardware. What’s more, multiple security appliances can be hosted on a single piece of high-performance hardware, or even on a collocated system at a remote data center.
Another advantage is portability, enabled by the fact that virtual machines can be copied from one physical system to another. That capability brings continuity and disaster recovery solutions to mind, as most virtualization platforms incorporate failover and migration technologies that automate much of the recovery processes.
There is also the benefit of lower costs, as off-the-shelf commodity hardware is less expensive than proprietary devices.
Less Vendor Lock-in
Yet all of those benefits pale in comparison to the primary advantage virtualization brings to the security market – the elimination of vendor lock-in and the enablement of consolidation. Virtualization allows enterprise users to change platforms at a moment’s notice, and also helps bring a layered approach to security services to multi-vendor software users.
For example, an enterprise can build a host for multiple virtual appliances that uses AV from a choice vendor, while IPS/IDS comes from another vendor, and NGFW services are from yet another vendor. This scalable, multi-faceted approach to security offers a holistic ideology where the security solution adds up to much more than the sum of its parts.
Vendors are not blind to those advantages, and they are leveraging well-know virtualization platforms such as those available from VMware, Microsoft and Citrix to create a group of highly compatible products that can work in conjunction to secure even the most complex networks. Availability of virtual security appliances is on the rise, with research firm Infonectics predicting that the virtual security appliance market will double in size by 2017.
Vendors jumping on the virtual security appliance bandwagon include:
- Barracuda, with its Spam & Virus Firewall 300Vx
- Check Point, with its Security Gateway Virtual Edition (VE)
- Cisco, with the Nexus 1100 Series Virtual Services Appliances
- Citrix, with the NetScaler Gateway Virtual Appliance
- F5, with its Enterprise Manager Virtual Edition
- Riverbed, with the WAN Optimization for Virtual Environments (Virtual Steelhead)
- Silver Peak, with VX Series WAN optimization
- Vyatta, with the Brocade vRouter
The above list is only a sampling of the players looking to bring virtualization to their security products – others to watch out for include the likes of Symantec, Trend Micro, Dell-SonicWall and Palo Alto Networks.
One thing is certain, virtualization has taken hold in the security market and the market is poised for explosive growth, providing network managers with more choices, capabilities and hopefully, more time to work on other critical IT tasks.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with over 25 years of experience in the technology arena. He has written for leading technology and business publications, including PCWorld, ExtremeTech, Tom's Hardware, Entrepreneur and Forbes. Ohlhorst was also executive technology editor for Ziff Davis Enterprise's eWeek and formerly the director of the CRN Test Center.