Another day, another security alert. Microsoft's announcement in April that it had detected a massive 20 new flaws in its software was just the latest warning underlining why the IT security industry has to be ready to continually meet new threats.

With the rise of new threats has come a parallel increase in the number of solutions and the creation of defined categories in security offerings.

One of the fastest-growing categories is that of the security appliance - also called an integrated device or integrated security gateway. These are delivering more flexible solutions with a lower cost of ownership for customers and good opportunities for resellers to add value.

According to IDC, spending on appliances in western Europe increased by 23 per cent last year to £219m. Year-on-year growth in the fourth quarter of 2003 was an impressive 46 per cent, driven largely by uptake in the SME and branch-office sectors.

IDC says Europe is leading security appliance sales, representing 26 per cent of worldwide revenue for the sector. About 40,500 units were shipped in Q3 2003, the equivalent of a quarter of all units shipped globally.

IDC believes the firewall/VPN appliance market has reached maturity, now accounting for 85 per cent of all security appliances shipped.

Elsewhere, the intrusion-detection software appliance market is still immature, showing triple-digit growth, due to starting from a low base.

IDC predicts that by 2007 a whopping 80 per cent of all security offerings will be appliance-based.

Worldwide, Cisco leads the market with a 29 per cent share, followed by Nokia (18 per cent) NetScreen (14 per cent), SonicWall, WatchGuard, and Symantec.

Other vendors in this space include Astaro, Blue Coat Systems, Crossbeam, Fortinet, Immunix, Internet Security Systems (ISS), Network Appliance, Network Box and ServGate.

But IDC notes that vendors are characterised by targeting specific price bands, and therefore market share should be seen in relation to the band in which they mainly operate.

Of late the appliance market has been defined by consolidation. NetScreen acquired Secure Socket Layer (SSL) VPN vendor Neoteris; Check Point acquired firewall/VPN manufacturer Zone Labs; ISS bought content filtering firm Cobian; Blue Coat bought Ositis, the third-largest provider of anti-virus appliances; Symantec acquired SSL VPN vendor SafeWeb; and NetScreen itself was acquired by Juniper Networks.

Cisco, meanwhile, is in the process of acquiring distributed denial-of- service firm Riverhead and SSL VPN company Twingo Systems.

Typically an appliance is a box containing a firewall with a range of other security functions. IT departments like them because they can be 'dropped' into branch offices under a consistent security policy.

Meanwhile, enterprise-class functionality at a price that is attractive to SMEs is helping to drive significant growth in the low end.

Appliances come either as standalone, all-in-one blade or CD/software solutions. They usually run on a hardened Linux kernel or proprietary operating system (OS), doing away with the need to secure the underlying OS.

Alternatively, some vendors embed a firewall and OS directly into an ASIC, with consequent improvements in reliability and speed.

Appliances also can be categorised as either closed or open platforms, although there is some overlap between the two. Closed platforms offer all the security functions in a proprietary environment with the benefit of integrated processing across functions.

Symantec, Fortinet and NetScreen are examples of this approach, although NetScreen offers an open platform for anti-virus functionality.

Vendors vary in the degree of support they offer for cross-functional integration. Tighter integration must be weighed against the benefits of a best-of-breed approach.

Open platforms use licensed security functions from other vendors with integration across functions. A best-of-breed approach is maintained in addition to preserving legacy security investments where necessary. WatchGuard and Network Box are examples of this open approach.

WatchGuard's best-of-breed philosophy includes using Qualis on vulnerability analysis, McAfee on anti-virus and Safenet on VPNs. Network Box uses anti-virus software from Kaspersky Labs and content filtering from SurfControl.

Similarly, 3Com offers an all-in-one security solution called the Security Switch 6200. It is a high-performance security platform that supports multiple applications, such as Check Point NG FireWall-1/VPN-1, ISS RealSecure intrusion detection, anti-virus, content filtering, and more.

Understandably, each vendor champions the benefits of its chosen approach.

For example, Symantec, with its mid-range 5400, talks of the weakness of an open approach.

"This is integrated security with all the components from a single vendor. We are not making loose alliances with technology partners to provide solutions.

"We own the technology; this allows us to offer a single update to the customers and a single point of management," says Alastair Williams, EMEA appliance product manager at Symantec.

The upsides of the appliance are simplicity, ease of installation and reduced cost of ownership. In essence, a single appliance designed specifically for the purpose is far cheaper than a different product for each threat, and easier to manage.

Appliances are also seen as better at dealing with so-called 'blended threats', such as viruses launched on the back of spam.

Today appliances are addressing a wider range of functionality, to include anti-virus, VPNs, intrusion detection/prevention, email/spam gateways and internet filtering.