News Stay informed about the latest enterprise technology news and product updates.

Gearing up for next generation of SSL VPNs

This week Permeo debuts a Layer 5 SSL VPN, and one industry observer says it signifies a new generation of more mature, manageable, secure virtual private networking products.

Application security vendor Permeo Technologies Inc. Monday launched a new SSL VPN, and it could be the first of a huge wave of SSL VPNs poised to wash over the market.

Austin, Texas-based Permeo launched Base5 Secure Sockets Layer VPN with what it calls a "unique session layer approach." Base5 operates at Layer 5, the session layer, and traditional SSL VPN products are implemented at Layer 7, the application layer.

Rita Selvaggi, vice president of marketing and sales at Permeo, said traditional SSL VPN products require client software installations, multiple access modes and administrative privileges when delivering access and security services to an unmanaged device.

Selvaggi said the Layer 5 approach, coupled with Base5's "zero-touch" deployment model, avoids those management difficulties.

"Rich connectivity means we can support any TCP or UDP application without admin privileges required of the client and without any permanent client download," Selvaggi said. "Base5 has fully integrated end-point security with one single management console."

In addition, Selvaggi said, Base5 has a policy enforcement and management framework that fully integrates SSL VPN, information control, browser security, malware protection and host integrity checks.

Robert Whiteley, an associate analyst at Cambridge, Mass.-based Forrester Research Inc., said Permeo has simplified and automated management of the large quantities of granular user information that SSL VPNs provide. In fact, Whiteley said this product's maturity signifies a coming second wave of SSL VPNs.

According to Whiteley, the first generation of SSL VPNs emphasized multiple access methods and end-point security. The second wave, Whiteley said, will be more focused on making the software easier to maintain and manage, and is policy-driven by nature.

"The difference between the waves is a big deal, but not in terms of features and functions. It's more in terms of maturity," Whiteley said. "It's showing that SSL VPNs are ready for mainstream adoption because now they are easier to manage and easier to deploy."

Whiteley said these more mature products will be pushed by an increase of extended networks in cases such as extranet partners and distributed workforces, with a need to gain access from unmanaged devices.

Typically, Whiteley said, if a person wanted to work from home or have an extranet partner, a network admin couldn't guarantee his or her computer was totally secure. Therefore there was a huge push to make sure this is all done in a clientless mode, and Permeo's universal console makes it easier to scale it up to all users instead of a small subset.

For more information

Read our exclusive: VPN market makes room for IPsec and SSL.

Download our free white paper on IPSec vs. SSL VPNs.

Whiteley said other vendors in this space previously relied on third-party providers for a majority of the end-point security products. Whiteley said Permeo cut down on costs by building it all in-house with a more integrated fashion.

Permeo may have an edge now over other vendors, but it's likely just a matter of time until other vendors catch up. Whiteley said he expects to see other SSL VPN vendors, including Juniper Networks Inc., Aventail Corp., Whale Communications Ltd. and F5 Networks Inc., battling Permeo in the near future.

The face of this product's ideal user, according to Whiteley, will change over time. He said it's now best for large enterprises with distributed workforces. But as it moves toward the mainstream and, as the cost points come down, medium and small businesses will also find it attractive.

Permeo's Base5 SSL VPN will be available in April 2005. Pricing is based on concurrent user licenses, starting at $50 per seat for all features, including remote access and end-point security.

Dig Deeper on Network Security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.