The patient is more alive than dead or Rumors of the death of Windows sluices are somewhat exaggerated.
About 20 years ago, ordinary servers or even office computers were used as network gateways. Simple packet filters did not know anything about the application layer of the OSI model, did not know how to analyze a variety of content, and even more so - to recognize network attacks. The development of combined security solutions began with products for Windows, but over time they were replaced by specialized hardware gateways. Even Microsoft refused Forefront TMG (nee ISA Server), retaining, however, extended product support until 2020. We also did not stay away from the new market trends, creating a line of devices running FreeBSD. Nevertheless, we continue to support our Windows-solution, having recently released its update . We do this not out of pity for the “old man” - he is still in demand among customers and is selling well. Therefore, we loudly declare: rumors about the death of software security gateways for Windows are, to put it mildly, exaggerated.
Comprehensive products for protecting the corporate perimeter spill all the functions related to ensuring network security from one bottle: intrusion detection and prevention system, firewall, VPN service, anti-virus content check, as well as web session monitoring and other useful things. In small companies, these solutions provide employees with joint access to the Internet, i. able to NAT, http-proxy with authentication, etc. Such universal security gateways are called UTM (from the English. Unified threat management) or NGFW - next-generation firewalls. Marketers distribute them to different classes: NGFW designed for large enterprises, and UTM - for small and medium businesses. In fact, the functionality of the products is the same and different abbreviations indicate their market positioning, as well as the ability to withstand serious loads. It is quite difficult to set up a complex solution from scratch, so a gradual transition to hardware gateways with preinstalled software was quite logical. To create them, it is much more convenient for vendors to use open source operating systems and the open source products written for them and, in theory, this should have completely buried UTM solutions for Windows. However, some of them managed not only to survive, they are doing well and are not going to die.
Having released a line of new devices, we not only support the solution under Windows , but also continue to actively develop it. Customer surveys show that it has a number of competitive advantages, and the operating system for most customers is not a decisive factor when choosing a product. Many years ago, due to numerous vulnerabilities, sysadmins considered Windows an inappropriate platform for organizing a gateway, but this myth has practically died - Microsoft has long brought its server operating systems to mind. As for usability, modern UTMs are configured via a web interface (in Windows, the administration console can also be used) and the layer between them and the server hardware is no longer serious. Nevertheless, many surveyed customers note that in their corporate IT infrastructure everything is built on Windows and, all other things being equal, a solution for the familiar platform administrators is preferable.
')
Another interesting question: why, instead of a specialized piece of hardware, do customers prefer to buy a license for a software product? For small companies, the price becomes a decisive factor: hardware UTM costs several tens of thousands of rubles, and you can use existing computers to install a software solution, or even run it on a virtual machine without the cost of hardware. Many government organizations and educational institutions used Microsoft Forefront TMG before, but changes in Russian legislation required a certified product to work with personal data and filter illegal content (a certificate of conformity issued by the FSTEC of the Russian Federation is required). At the same time, such customers already had a server and an operating system; they simply had to replace an imported product with a domestic one. Another important factor is the habit: if the admin already has experience with some solution, then he prefers to install it to his clients or new employers.
We phoned those who continue to use solutions under Windows with one question “Why?”. Respondents noted ease of installation and use, as well as good integration with Active Directory. They also mentioned as an advantage the built-in content filter NetPolice (especially educational institutions often mentioned it), the availability of detailed Russian-language documentation and extended technical support. And not a single person told us that the solution under Windows is the last century and it would be time for us to abandon it. While the product is in demand, we will develop it.
What is UTM?
Comprehensive products for protecting the corporate perimeter spill all the functions related to ensuring network security from one bottle: intrusion detection and prevention system, firewall, VPN service, anti-virus content check, as well as web session monitoring and other useful things. In small companies, these solutions provide employees with joint access to the Internet, i. able to NAT, http-proxy with authentication, etc. Such universal security gateways are called UTM (from the English. Unified threat management) or NGFW - next-generation firewalls. Marketers distribute them to different classes: NGFW designed for large enterprises, and UTM - for small and medium businesses. In fact, the functionality of the products is the same and different abbreviations indicate their market positioning, as well as the ability to withstand serious loads. It is quite difficult to set up a complex solution from scratch, so a gradual transition to hardware gateways with preinstalled software was quite logical. To create them, it is much more convenient for vendors to use open source operating systems and the open source products written for them and, in theory, this should have completely buried UTM solutions for Windows. However, some of them managed not only to survive, they are doing well and are not going to die.
Supply and demand
Having released a line of new devices, we not only support the solution under Windows , but also continue to actively develop it. Customer surveys show that it has a number of competitive advantages, and the operating system for most customers is not a decisive factor when choosing a product. Many years ago, due to numerous vulnerabilities, sysadmins considered Windows an inappropriate platform for organizing a gateway, but this myth has practically died - Microsoft has long brought its server operating systems to mind. As for usability, modern UTMs are configured via a web interface (in Windows, the administration console can also be used) and the layer between them and the server hardware is no longer serious. Nevertheless, many surveyed customers note that in their corporate IT infrastructure everything is built on Windows and, all other things being equal, a solution for the familiar platform administrators is preferable.
')
Another interesting question: why, instead of a specialized piece of hardware, do customers prefer to buy a license for a software product? For small companies, the price becomes a decisive factor: hardware UTM costs several tens of thousands of rubles, and you can use existing computers to install a software solution, or even run it on a virtual machine without the cost of hardware. Many government organizations and educational institutions used Microsoft Forefront TMG before, but changes in Russian legislation required a certified product to work with personal data and filter illegal content (a certificate of conformity issued by the FSTEC of the Russian Federation is required). At the same time, such customers already had a server and an operating system; they simply had to replace an imported product with a domestic one. Another important factor is the habit: if the admin already has experience with some solution, then he prefers to install it to his clients or new employers.
What do customers say?
We phoned those who continue to use solutions under Windows with one question “Why?”. Respondents noted ease of installation and use, as well as good integration with Active Directory. They also mentioned as an advantage the built-in content filter NetPolice (especially educational institutions often mentioned it), the availability of detailed Russian-language documentation and extended technical support. And not a single person told us that the solution under Windows is the last century and it would be time for us to abandon it. While the product is in demand, we will develop it.
What do you think?
Source: https://habr.com/ru/post/352478/
All Articles