Transcript SSL VPN Vendor Landscape Storyboard-SAMPLE-flash - Info

Vendor Landscape: Secure Socket Layer Virtual
Private Network (SSL VPN)
Your workers are going remote, is your security?
Info-Tech Research Group
‹#›
Introduction
SSL VPN is critical for organizations that employ remote or mobile workers,
or aim to increase productivity by providing 24x7 corporate network access.
This Research is Designed For:
This Research Will Help You:
 Enterprises of all sizes where a portion of the
 Identify and rank vendor offerings in the SSL VPN
workforce is remote or mobile, and those interested in
maintaining the integrity of their corporate
infrastructure and data.
 Enterprises of all sizes that have an interest in
maximizing employee productivity and morale by
providing the ability to work from any location, any
time, with minimal disruptions.
space.
 Understand the nuanced differences in the product
offerings between different vendors.
 Aid in the selection process of an SSL VPN solution.
 Enterprises of all sizes that are looking to institute
disaster preparedness mechanisms to allow for the
continuity of worker activities even if primary worker
locations are unavailable.
Info-Tech Research Group
‹#›
Executive Summary
• The SSL VPN market is mature and stable at this point and is ostensibly split into two groups – those offering truly
enhanced functionality (Array, Citrix, F5), and those offering core capabilities at attractive price points (Barracuda,
SonicWALL, WatchGuard). Most buyers will focus on the latter decision points and so preference in this overview is given
to those criteria.
• Info-Tech Research Group has classified Barracuda Networks, SonicWALL, and WatchGuard as Champions within the
market space based on their combination of broad feature sets, attractive pricing, and stable on-going commitment to the
market space.
• Once value for money is taken into consideration, WatchGuard and SonicWALL become the most compelling options, by
virtue of their rock-bottom pricing. Barracuda Networks trails on the Value Index only slightly, but offers less functionality.
• Remote connectivity must be a core component of every enterprise’s disaster recovery, and any device access is
becoming increasingly important as the breadth of device types that access enterprise resources grows; carefully review
your SSL VPN use cases and select the solution that offers the best match.
Info-Tech Research Group
‹#›
Market Overview
How it got here
Where it’s going
• VPN technologies were originally developed in the early
1990’s as a low cost alternative to leased lines to allow
for WAN connectivity over distance.
• SSL VPN has allowed for the rapid growth in remote
work opportunities and is becoming a de facto
requirement of every enterprise.
• The earliest form of VPN, IPSec (IP Security), required
cumbersome software clients and lengthy configuration;
and while this worked fine for site to site connections, it
was less ideal for user-to-site connections.
• As SSL VPN becomes increasingly ubiquitous, it is
being bundled as a capability into other network edge
solutions at an ever greater pace; the days of the
dedicated appliance are numbered.
• SSL (Secure Sockets Layer) VPN introduced the
concept of clientless connections, allowing for much
simpler user-to-site connections.
• Powerful clients are now becoming optional
components of the SSL VPN solution. These allow
enhanced functionality, but do increase operational
and administrative complexity and blur the lines
between SSL and IPSec VPN.
SSL VPN capabilities are provided via a number of different channels, including software solutions,
dedicated single purpose hardware appliances and consolidated multi-purpose hardware
appliances. This review focuses exclusively on dedicated single purpose hardware appliances.
Info-Tech Research Group
‹#›
SSL VPN Vendor Landscape
This section contains:
• Info-Tech’s analysis of vendor offerings and rankings across
Features, Affordability, Usability, Architecture, Viability,
Strategy, Reach, and Channel categories.
• An overview of each vendor evaluated and a discussion of
their strengths and weaknesses.
• Info-Tech’s recommended use cases for each vendor’s
offerings.
Info-Tech Research Group
‹#›
The following features are available in every vendor’s offering
– do not use them to shortlist during the selection process
Vendors that did not offer a single, dedicated VPN appliance, or lacked an
appliance-based solution were not considered in this evaluation.
The Table Stakes
Single Management
Console
Clientless
Connectivity
Directory Support
Granular Access
Control
Comprehensive
Activity Logging
What Does This Mean?
The solution is managed from a single administrative
and reporting engine.
The solution is capable of connecting to the corporate
network via a Web portal, not an installed client.
The solution supports LDAP and is able to query and
be queried by Active Directory.
Administrators are capable of blocking access to
specific areas of the network using user profiles and
groups.
User actions are logged on the system and made
available for administrators to audit.
The products assessed in this Vendor
LandscapeTM meet, at the very least, the
requirements outlined as Table Stakes.
Many of the vendors go above and beyond the
outlined Table Stakes, some even do so in
multiple categories. This section aims to highlight
the products’ capabilities in excess of the criteria
listed here.
If Table Stakes are all you need from your SSL VPN solution, the only true differentiator for the
organization is price. Otherwise, dig deeper to find the best price to value for your needs.
Info-Tech Research Group
‹#›
Table Stakes aside, vendors were evaluated on their individual
advanced feature offering
Advanced features scoring
methodology:
Info-Tech scored each vendor’s features
offering a summation of their individual
scores across the listed advanced
features. Vendors were given 1 point for
each feature the product inherently
provided. Some categories, such as
Hardware/Application Acceleration, were
scored on a more granular scale with
vendors receiving a half mark if the
functionality required a licensing
upgrade.
Info-Tech Research Group
Features
What We Looked For
Tokenless Enhanced
Authentication
The appliance generates a unique password,
sent via e-mail or SMS, to combine with the
user’s password, circumventing keyloggers.
Personalized Web
Portals
The solution provides users with personalized
Web portals displaying access rights.
Emergency Licensing
For a fee, the vendor allows for a spike in
concurrent users during disasters.
Mobile Device Support
The ability to segregate and encrypt sensitive
data on mobile devices.
Host Integrity
Checking
The solution ensures the user has sufficient
security tools in place before allowing access.
Adaptive Access
Control
The solution uses endpoint analysis to
determine what clearance a user has.
Integrated Intrusion
Prevention System
The appliance has an onboard IPS.
Hardware/Application
Acceleration
The appliance is capable of performing WAN
optimization to deliver the best performance.
‹#›
SSL VPN Criteria & Weighting Factors
Product Evaluation
Features
The solution provides basic
and advanced feature/functionality.
Affordability
The five year TCO of the solution is
economical.
Usability
Architecture
Features
20%
30%
Usability
10% Architecture
Affordability
40%
The solution’s dashboard and reporting tools
are intuitive and easy to use.
Product
50%
The delivery method of the solution aligns with
what is expected within the space.
Vendor Evaluation
Viability
Vendor is profitable, knowledgeable, and will
be around for the long-term.
Strategy
Vendor is committed to the space and has a
future product and portfolio roadmap.
Reach
Vendor offers global coverage and is able to
sell and provide post-sales support.
50%
Vendor
Viability
10%
Channel
30%
30%
Channel
Info-Tech Research Group
Strategy
30%
Reach
Vendor channel strategy is appropriate and the
channels themselves are strong.
‹#›
Every vendor has its strengths & weaknesses;
pick the one that works best for you
Product
Features
Usability
Affordability
Vendor
Architecture
Viability
Strategy
Reach
Channel
Array Networks
Barracuda Networks
Check Point Security
Citrix
F5 Networks
Juniper Networks
SonicWALL
WatchGuard
Info-Tech Research Group
‹#›
Info-Tech Research Group Helps IT Professionals To:



Quickly get up to speed
with new technologies

Manage business expectations

Justify IT spending and
prove the value of IT

Train IT staff and effectively
manage an IT department
Make the right technology
purchasing decisions – fast
Deliver critical IT
projects, on time and
within budget
Sign up for free trial membership to get practical
solutions for your IT challenges
“Info-Tech helps me to be proactive instead of reactive –
a cardinal rule in a stable and leading edge IT environment.
•
- ARCS Commercial Mortgage Co., LP
Toll Free: 1-888-670-8889
Info-Tech Research Group
www.infotech.com
‹#›