Symantec Consolidates Security Tools in Appliance
- By Stephen Swoyer
- February 19, 2002
Tuesday unveiled a new network security appliance, Symantec Gateway Security, that consolidates the features and capabilities of separate Symantec point products.
According to Symantec group manager Howard Lev, Symantec’s new Gateway Security appliance, which brings together technology from at least four separate Symantec products, also provides a single, consistent management interface. The Symantec Gateway Security appliance is available in three models, the entry-level 5110, middle-tier 5200 and high-end 5300.
“We took all those separate products and we integrated them all together. So it’s got enterprise firewall technology, intrusion detection, VPN,” Lev explains. “Plus, we took the management console from Symantec enterprise firewall and we extended it to support these other features.”
Taken together, Lev says, the Symantec appliance’s small form-factor – 1U for the 5110 and 5200 appliances – and consolidated management facility could help to reduce some of the cost and complexity associated with network security administration.
“We’ve integrated this together, but it would be difficult to [compile a competitive mix of separate solutions] that was as easy to manage. This requires less administrative attention because it’s all integrated in one [appliance],” he says.
Symantec’s new Gateway Security appliance includes embedded implementations of its anti-virus solution (Symantec Carrier Scan); its enterprise firewall product (Symantec Enterprise Firewall); its intrusion detection tool (Symantec Intruder Alert); and its VPN solution (Symantec Enterprise VPN). In addition, the Symantec Internet Gateway builds upon the foundation of the Velociraptor firewall appliance, which Symantec acquired when it purchased Axent Technologies in December 2000.
“We started off with the Velicoraptor as a base and added in the anti-virus and the intrusion detection,” Lev says, adding that the close interoperability of security technologies enables the Symantec Gateway Security appliance to better address the new generation of so-called blended threats. “The individual security applications from separate vendors are not integrated and can’t interact with one another to identify and intercept blended threats,” he says.
Some stateful firewalls log questionable packets but still allow them to pass. The Symantec Gateway Security appliance performs on-the-fly packet analysis of incoming and outgoing packets. If it doesn’t like what it sees, Lev says, it’ll summarily drop the packet.
“It will open up the packets and make sure that they conform to the RFCs, so that you can stop things like denial-of-service attacks,” Lev says.
Many denial-of-service attacks involve sending either malformed data or oversized data packets to specific ports on a vulnerable server.
Symantec’s new gateway security appliance will support a maximum of about 1,000 users per device (model 5300), although Lev says that – because virus-scanning, in particular, is so processor intensive – customers should probably deploy anywhere from 500-700 per device. Multiple devices can be clustered together to support a maximum of about 5,000 users, he says, acknowledging, however, that Symantec charges an additional $4,995 per clustered device.
Despite the appliance’s clustering capabilities and purported ability to scale, Lev maintains that Symantec intends to market it primarily as a solution for small- and medium-sized business customers, as well as for branch offices or remote office locations in large enterprise IT organizations.
Suggested retail pricing for the Symantec Gateway Security appliance is $11,790 for the model 5110; $23,590 for the model 5200; and $51,990 for the model 5300.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.