Changing the network security playing field

WatchGuard Technologies’ SSL VPN Expert Brian Nairn discusses with EDN Asia some of the current trends in the network security industry, and how the company is changing the playing field. Excerpts:

Please tell us more about the company, what it does, and which markets it focuses on.
WatchGuard Technologies has been around since 1996, and it’s primarily focused on firewalls. After migrating to UTM [unified threat management], we are now also focusing on specialized security appliances. We target the small- to medium-sized business [SMB] segment; but as a corporate strategy, one of the things that we want to do to expand and grow is to migrate up-market our product sets.

What are the outstanding features of WatchGuard Technologies’ security solutions?
From a UTM perspective, I think one of the things that have been important to us is having products that are feature-rich and easy-to-use, as well as having the best performance-per-price. WatchGuard is really trying to change the concept in SSL VPN from traditional secure mode access to more secure application delivery; that is, being able to deliver all sorts of applications to users’ desktops anytime, anywhere.

Over the past year, what are the major trends that have occurred over the network security industry?
Overall, and this has been happening for a long time now, there are a lot of technology consolidations and acquisitions. In my previous background, which was with a network access control (NAC) company, I’ve also seen a lot of consolidation in that industry as well. From an SSL perspective, we see SSL VPNs overtaking IPSec VPNs in popularity. Here, we are looking at about 14% CAGR globally, according to IDC.

How do you compare IPSec and SSL, and which technology do you think is more advantageous over the other?
One thing about IPSec is that all you’re doing is creating a very generic tunnel. You are not necessarily counting for the compliance of the remote devices connecting to the network. Once they have access, they have access to everything.

The great thing about SSL VPNs from a remote access perspective is you can publish applications. One of the things you can do is the encryption of the SSL portion up to an application, and then the SSL termination at the backend for http and https. One thing that is really advantageous is being able to publish applications, and you can do that within a browser, or Mac and Linux devices that are attempting to access Windows resources.

Some of the drawbacks with IPSec are firewall and network address translation issues. You don’t necessarily have that with SSL VPNs because you are doing standard https over TCP port 443. It allows you to get quick access, and it also allows you to be more secure.

How do you see the network security industry developing?
I see a lot of customers looking toward virtualization. From the SMB perspective, I see UTM really gaining a lot of popularity and acceptance in the market, but I don’t see that with enterprise customers yet—they are still very focused on having best-of-breed, single-client solutions, and things of that nature.

But, when you take those types of technologies and you think about virtualization, we see a lot of convergence. For instance, with the WatchGuard SSL VPN product, we are taking three traditional stand-alone technologies—the secure mode access, the traditional identity management, and a NAC—to be able to have that encrypted tunnel, but with identity management to validate who people are and do very robust things from an authorization perspective. So based on who someone is, and maybe what group they are a member of, you can provide different portal resources, and then the NAC will do the end-point integrity checking and ensure that a device is healthy before it connects to the network.

What are the challenges facing the network security market?
One of the things that I saw from a NAC perspective is if you don’t make it easy for your end-users to use and participate, you have to find a way to circumvent it. One of the ways that our products address some of those things is by giving users the ability to auto-enroll to the solutions and to self-service their accounts.

Other challenges include compliance and security regulations. Everybody has to deal with that.

How do you foresee the competition from firewall vendors? What do you intend to do to overcome it?
Firewall is an interesting space, especially in the UTM when you are dealing with the SMBs. So our strategy has been making the products easy to use, and adding complementary technologies to enhance UTM. What you want to be able to do is to elevate the playing field so that you’re not just competing on all the standard functionalities that all the competitors have.

There are technologies that we want to integrate into the UTM to sort of change the playing field, to provide a competitive differentiator that the rest of the competition doesn’t have. The same thing that we are doing at the SSL space—by combining the three technologies I mentioned we are changing the playing field by being more of a secure-application delivery vendor than just a pure-play SSL VPN vendor.

How important is Asia in WatchGuard Technologies’ business plans?
Asia is very important to our overall strategy. About 20 percent of our revenue comes from this market, and this is the fastest growing segment of our company. One of the things that I mentioned earlier is that not only that we want to migrate up-market, but we also want to expand and sell more to markets that are there.

Click here for more information on WatchGuard Technologies