Essentially appliance based security is any form of security that can run on a dedicated box. The most common of which is a firewall, but there are also offerings for content filters, virus-checkers, intrusion detection and many other security applications.

Some vendors are offering a combination of these security products in one box and selling them as Universal Threat Management (UTM) devices, whereas others supply them as blades that can be slotted into a system. As Chris McKie, VP of Communications for Watchguard said in an interview with SecurityVibes,

“I guess you can say that the Firewall has died but it certainly has risen again as a unified threat management appliance capable of handling web-filtering gateway anti-virus, IPS, and IDS as well as handling extra features such as VPN-SSL.”

Many of these applications have been run on a server but as virus checkers, firewalls and other security applications have evolved and grown in complexity, it has become harder to run them on a server due to lack of memory, processing power and their impact on other applications also running on the server. In addition, the more applications you run on a server the less flexibility each of the applications have and the greater the risk of upgrades and service packs affecting other components such as the security software.

It makes sense where-ever possible to run applications on a dedicated black box with a mini operating system thus freeing up memory and process power for the application itself. The potential cost and management gains are also enormous. Consider a site with 200 servers and instead of having 200 copies of anti-virus software (one for each server), you have the AV software on a box at the internet gateway...ditto firewall, content filtering, VPN. You can instantly see a saving of licenses and resources in on-going updates and configuration changes on the servers and easier management of the security appliance. So what’s the downside?

Management Challenges
However although the benefits are obvious, there are several hidden challenges. The first is management – there are more boxes to manage. Imagine an organisation with 100 branch offices. All things being equal, this would equate to a minimum of one hundred UTM devices which need roughly the same configuration, on-going remote management and updates.Some vendors have tools to help with management and reporting so it is best to check with them about it.

Layered Defence Methodology
One of the reasons that software such as firewall and Anti-virus software ended up on each server was because they were failing to work 100% at the gateway. So for example although you’ve off-loaded the AV software to a faster device, it is still letting some bits of malware through. The same applies to the firewall so again would you really want to remove the extra firewall and AV layers from your servers?

Appliance Based Bottlenecks and Loss of Distributed Processing
As you can see from the diagram in this article, there is a potential bottleneck at the gateway. The larger the organisation the more bits of data will be going in and out of that gateway. If you move to a fully appliance based environment, your appliances will be having to process every piece of data whereas before when for example AV was on each server/workstation the processing was done at the server/workstation and one final problem...

...your appliance becomes a single point of failure...which means you'll need a minimum of two in a cluster configuration.

Summary
Like all innovations, it is incumbent on your organisation to examine the risks of using any new process to streamline security. Appliance based security can certainly help with security management but it also has a potential downside. In addition, for organisations looking at using cloud based security, security appliances could be a boon for a simple organisational defence layer in case of cloud failure or a distraction because cloud based security can do it so much better.

References
Security Vibes Video: Evolution of the Firewall
Security Vibes Video: UTM and XTM in Action