Network vendors make security buyouts

Network vendors make security buyouts

Network hardware companies continue to snap up technology they can use to make security a standard feature in the switches and routers that comprise the basic network plumbing inside businesses.

The trend continued this week as Juniper Networks grabbed security vendor Funk Software for $US122 million. Citrix Systems then bought its way into the application firewall market by acquiring start-up Teros, and Force10 Networks acquired stealthy intrusion-prevention, intrusion-detection system (IPS/IDS) vendor MetaNetworks.

"You can't separate security from infrastructure anymore," says Lawrence Orans, principal analyst with Gartner. "When the present batch of network infrastructure gear on the market was on the drawing board, it was before Blaster and Sasser and heavy-duty malware and worm threats. You now need to have infrastructure that can quickly maintain your network through worm storms and other forms of malware attacks."

This week's security acquisition trifecta follows 12 months of buyouts where Cisco acquired six security vendors, 3Com acquired IDS/IPS stalwart TippingPoint Technologies, Juniper bought application security firm Peribit and Citrix bought SSL VPN vendor Net6.

More evidence of network gear assimilating security features can be found by following the money. Infonetics Research reports that third quarter of 2005 sales of secure routers, which consist of WAN routers with VPN/firewall features, jumped 21 % from the previous quarter, while the overall router market grew at just 8 % (US$859 million for the quarter). Of the US$189 million in sales of Layer 4-7 switches last quarter, half came from switches with built-in SSL features.

Juniper's buyout of Funk is in an effort to add switch-port enforcement of policies as an option in Juniper's Unified Access Control (UAC) scheme. UAC verifies that computers meet security policies before they gain network access and that users can reach only those resources for which they have been authorised.

UAC supports policy enforcement using Juniper Layer 3 firewalls placed around the network at strategic points. By using 802.1X authentication supported by Funk products, Juniper will be able to enforce security policies at Layer 2. So if users try to access resources without authorisation or if their machine fails a security scan, they can be stopped at the access switch or redirected to isolated virtual LANs.

While Juniper's first move was at Layer 3, "we intended all along . . . to provide an option to use existing switching infrastructure that supported Layer 2 enforcement points," says Hitesh Sheth, Juniper's vice president of enterprise products and solutions.

Layer 2 enforcement is the cornerstone of Cisco's latest version of its Network Admission Control (NAC) enforcement, as well as Microsoft's Network Access Protection (NAP) in cooperation with switch vendors. These methods use a mix of software and switch hardware to detect dangerous clients and close network access at the LAN-port level.

Juniper lacks access switches in its product line. That had been a criticism of its access-control plan, because Layer 2 enforcement would require cooperation of switch vendors, which would be unlikely in the case of Cisco.

Instead, Juniper is pursuing a standards-based means to impose policies via switches. Funk paves the way with its 802.1X support and its support for standards being developed by the Trusted Computing Group industry association that is working on open interfaces to support secure connections to networks, among other projects.

"Most people have a more pervasive switch architecture than they do a security infrastructure, so it makes sense to try to leverage that," says Rob Whitelely, an analyst with Forrester Research.

The drawback is that many businesses have not upgraded to switches that support 802.1X, so they cannot use the Layer 2 option until they do so. The expense and disruption of upgrading switches has been a criticism of Cisco's NAC initiative. Juniper can offer customers Layer 3 enforcement by overlaying protection on existing networks until customers upgrade to 802.1X switches.

With its buy of Teros, Citrix gets the start-up's Security Application Gateway, a software-based security appliance that the company says can block attacks against corporate web-based applications. The application firewall inspects HTTP and XML traffic streams for suspicious activity and unauthorised protocol schemas, and can block or filter such attacks.

This XML inspection and security capability will be rolled into NetScaler's line of application acceleration switches, according to Wes Wasson, vice president of marketing, Application Networking Group, Citrix. In addition to securing XML traffic, he says, the Teros technology also could be used in the future on Citrix NetScaler switches to accelerate and optimise XML applications.

The Teros buy also brings Citrix up to speed with top rival F5 Networks, which acquired application firewall vendor Magnifire for $29 million last year, as well as other application acceleration/firewall vendors, such as NetContinuum.

As for Force10's acquisition of MetaNetworks, the deal will give the 10G Ethernet switch start-up its first IPS/IDS capabilities, which it will offer as an appliance, and later build into its 10G Ethernet switches. MetaNetwork's website says its security hardware can perform stateful firewall packet inspection and IDS/IPS capabilities on 10G bit/sec traffic streams without slowing packets. The gear is used in government deployments for securing high-speed networks, the company and Force10 say.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments