News Stay informed about the latest enterprise technology news and product updates.

Microsoft shifts toward hybrid firewall approach

Sidestepping the debate about whether hardware or software firewalls provide the best security, Microsoft has decided to go for the best of both worlds.

Looking to sidestep the debate as to whether hardware- or software-based firewalls provide the best security, Microsoft has decided to go for the best of both worlds.

The software company

[The edge] is where Microsoft will be going.

Jon Oltsik, senior analyst,

Enterprise Strategy Group

and an OEM partner, Network Engines Inc., in Canton, Mass., said this week that Microsoft's Internet Security & Acceleration Server 2004 technology will be available on Network Engines' NS Series of firewall appliances. Network Engines will also add some of its own diagnostic features.

"We expect that customers will have a Cisco or Checkpoint firewall at the network edge for basic packet filtering, and as part of an effective defense strategy they need to protect their applications," said Steve Brown, director of product management, security business and technology at Microsoft.

There are some customers who simply prefer an appliance over software in any situation. Microsoft's ISA Server 2004, a software firewall, is used by customers mainly as an application firewall, but there are many customers -- particularly small and medium-sized businesses -- who use it at the edge. The United Service Organization (USO), a non-profit organization that delivers help and services to the U.S. military, has tested the appliance and is now using it to protect the IT perimeter.

Bruce Townsend, the USO's chief financial officer, said the appliance has given the organization the confidence to place more of its software on the edge, and as such has reduced reliance on the VPN and on terminal services.

Trepidation about a software-only firewall

Emilio Soto, an IT administrator at the USO, said he might have had second thoughts about using ISA Server 2004 without hardware too. "With software, anyone who can do a program can break in," Soto

For more information

Read a view on the weakened state of the network perimeter


See why Microsoft thinks software firewalls are effective

said. "You want a strong piece of hardware on there."

Soto said the firewall was easy to set up. "When we first installed it, we had to add only five or six lines of code and it was running," he said.

"In a Windows-only shop today, this firewall is competitive with some of the big firewall players, but in a large, multi-platform, multi-bandwidth shop, this may not be the best edge solution -- but [the edge] is where Microsoft will be going," said Jon Oltsik, a senior analyst for information security at Enterprise Strategy Group, a Milford, Mass., consulting firm.

Some of the appliance firewalls that compete with ISA Server 2004 are made by Watchguard Technologies Inc., SonicWall Inc. and Fortinet Inc. But Microsoft has a packaging advantage given that it can more easily integrate with its own products, Oltsik said.

Pricing for the Network Engine appliance starts at $3,750.

Dig Deeper on Endpoint security management tools

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.