In-Depth

CA, SteelCloud Enter Crowded Appliance Market

Companies announce launch of antivirus, IDS boxes

• By Mathew Schwartz
• 07/16/2003

“These are boxes for managing malware threats,” notes Ian Hameroff, security strategist for CA. “[They] enable organizations who are looking for a very simple, straightforward device that they can install at their boundaries,” such as at the VPN. This fall, the two companies will release an intrusion detection system (IDS) appliance that uses eTrust Intrusion Detection version 3.

This is the first time CA has collaborated with an appliance manufacturer to release an antivirus or IDS appliance. “This is a Steelcloud-designed appliance where we've integrated CA technology into our appliance and our proprietary secure console,” says Brian Hajost, executive vice president of SteelCloud. Though not a well-known security name, SteelCloud has been building appliances for 15 years. “It's a little bit of a change for us, because typically we're building for someone under their own name,” Hajost notes. Due to non-disclosure agreements, he can’t say who.

The appliances will compete with the many security appliances already on the market from such companies as Aladdin, Checkpoint, Cisco, Finjan, Internet Security Systems, McAfee, NetScreen, Panda Software, ServGate Technologies, SonicWall, and WatchGuard. The market is booming; IDC reported the market was up 15 percent in the fourth quarter of 2002 from the previous quarter, the largest technology sector growth (sequentially) for the year. Firewall and VPN appliances make up a majority of that, but IDS is an up-and-comer.

The SteelCloud/CA console is built on a hardened version of embedded Windows, with a Web management front end. “These devices are completely headless—in fact, you cannot plug in a keyboard or mouse. We've physically hardened the box so that there's no way anyone could physically or electronically hack the box,” says Hajost.

Why run an antivirus appliance for the network? To save time and energy. Hajost says the boxes are “idiot proof.” The company bundles and tests all product and virus signature updates, then just pushes them out. “When you've got 500 firewalls around the world, and 500 antivirus gateways, it has to be streamlined.” One benefit, he says, is performance, since the software is running on hardware that was tuned for it. Another is manageability.

One competitive differentiator could be the Rapid Exchange Module (RXM). “It's kind of a plug and play, or swap and replace,” says Hajost. “One thing, especially on the IDS side, is you spend man hours, man days, man weeks setting up security policies.” Then if the box fails, administrators often lose all of those settings.

The RXM, however, is a Compact Flash module in the appliance, accessible from the back, that stores all configurable data for all rules and policies. “If an appliance ever had to be replaced, they can pop it out,” Hajost points out. Every appliance ships with the operating system; it just needs user data. “So you can come back up and running in just minutes, as opposed to going back to documentation, which can take hours, or requesting a back-up reload, which in a large organization could take half a day.”

The Compact Flash doesn’t replace a solid disaster recovery program; a site disaster will compromise both card and appliance, and so organizations need to continue to back up the data on the appliance to off site.

Will these appliances succeed in an already crowded market? “Virtually everyone out there is in the appliance business,” Hajost acknowledges, “and virtually none of those have a manufacturing facility that builds and integrates hardware.” Instead, they’re re-branded, just like HP and Sun re-brand computers others build for them. Dell of course has gotten ahead by building its own; SteelCloud and CA are testing that strategy with security appliances.