The patient is more likely alive than dead or Rumors about the death of gateways under Windows are somewhat exaggerated

    About 20 years ago, ordinary servers or even office computers were used as network gateways. Simple packet filters did not know anything about the application level of the OSI model, they did not know how to analyze a variety of content, and even more so, to recognize network attacks. The development of combined security solutions began with products for Windows, but over time they were replaced by specialized hardware gateways. Even Microsoft has abandoned Forefront TMG (nee ISA Server), while retaining, however, extended product support until 2020. We, too, did not stand aside from new market trends by creating a line of devices running under FreeBSD . However, we continue to support our Windows solution by launching an update the other day.. We do this not out of pity for the “old man” - he is still in demand among customers and is selling well. Therefore, we declare loudly: the rumors about the death of software security gateways for Windows are, to put it mildly, exaggerated.

    What is a UTM?

    Comprehensive products for protecting the corporate perimeter pour all the functions related to ensuring network security from one bottle: an intrusion detection and prevention system, a firewall, a VPN service, anti-virus content checking, as well as monitoring of web sessions and other useful things. In small companies, these solutions provide employees with joint access to the Internet, i.e. can NAT, http-proxy with authentication, etc. Such universal security gateways are called UTM (from the English. Unified threat management) or NGFW - the next generation of firewalls. Marketers carry them into different classes: NGFW are intended for large enterprises, and UTM - for small and medium-sized businesses. In fact, the functionality of the products is the same and different abbreviations indicate their market positioning, as well as the ability to withstand severe loads. Setting up a comprehensive solution from scratch is quite difficult, so the gradual transition to hardware gateways with preinstalled software was quite logical. For their creation, it is much more convenient for vendors to use freely distributed operating systems and open source products written for them, and, in theory, this should have buried UTM solutions for Windows completely. However, some of them managed not only to survive, they are doing well and are not going to die. this was to bury UTM solutions for Windows completely. However, some of them managed not only to survive, they are doing well and are not going to die. this was to bury UTM solutions for Windows completely. However, some of them managed not only to survive, they are doing well and are not going to die.

    Supply and demand

    By releasing a line of new devices, we not only support the solution for Windows, but we continue to actively develop it. Customer surveys show that it has a number of competitive advantages, and the operating system for most customers is not a decisive factor when choosing a product. Many years ago, due to numerous vulnerabilities, system administrators considered Windows an unsuitable platform for organizing a gateway, but this myth has practically died - Microsoft has brought its server OS to mind long ago. As for ease of use, modern UTMs are configured via the web interface (the administration console can also be used on Windows) and the layer between them and the server hardware no longer matters. However, many of the customers surveyed say

    Another question is more interesting: why instead of a specialized piece of iron, customers prefer to buy a license for a software product? For small companies, price becomes a decisive factor: hardware UTM costs several tens of thousands of rubles, and you can use existing computers to install a software solution or even run it on a virtual machine without the cost of hardware. Many government organizations and educational institutions used Microsoft Forefront TMG before, but changes in Russian law required a certified product to work with personal data and filter illegal content (a certificate of conformity issued by the FSTEC of the Russian Federation is required). At the same time, these customers already had a server and an operating system; they just had to replace the imported product with a domestic one.

    What do customers say?

    We phoned those who continue to use Windows solutions with one “Why?” Question. Respondents noted the ease of installation and use, as well as good integration with Active Directory. They also mentioned as an advantage the built-in NetPolice content filter (educational institutions often recalled it), the availability of detailed Russian-language documentation, and extended technical support. And not a single person told us that the solution for Windows is the last century and it is time for us to abandon it. While the product is in demand, we will develop it.

    What do you think?

    Also popular now: