Looking to sidestep the debate as to whether hardware- or software-based firewalls provide the best security, Microsoft has decided to go for the best of both worlds.
The software company
"We expect that customers will have a Cisco or Checkpoint firewall at the network edge for basic packet filtering, and as part of an effective defense strategy they need to protect their applications," said Steve Brown, director of product management, security business and technology at Microsoft.
There are some customers who simply prefer an appliance over software in any situation. Microsoft's ISA Server 2004, a software firewall, is used by customers mainly as an application firewall, but there are many customers -- particularly small and medium-sized businesses -- who use it at the edge. The United Service Organization (USO), a non-profit organization that delivers help and services to the U.S. military, has tested the appliance and is now using it to protect the IT perimeter.
Bruce Townsend, the USO's chief financial officer, said the appliance has given the organization the confidence to place more of its software on the edge, and as such has reduced reliance on the VPN and on terminal services.
Trepidation about a software-only firewall
Emilio Soto, an IT administrator at the USO, said he might have had second thoughts about using ISA Server 2004 without hardware too. "With software, anyone who can do a program can break in," Soto
Soto said the firewall was easy to set up. "When we first installed it, we had to add only five or six lines of code and it was running," he said.
"In a Windows-only shop today, this firewall is competitive with some of the big firewall players, but in a large, multi-platform, multi-bandwidth shop, this may not be the best edge solution -- but [the edge] is where Microsoft will be going," said Jon Oltsik, a senior analyst for information security at Enterprise Strategy Group, a Milford, Mass., consulting firm.
Some of the appliance firewalls that compete with ISA Server 2004 are made by Watchguard Technologies Inc., SonicWall Inc. and Fortinet Inc. But Microsoft has a packaging advantage given that it can more easily integrate with its own products, Oltsik said.
Pricing for the Network Engine appliance starts at $3,750.