Ironically, Benjamin Aronson has to sneak in through a back door to sell security appliances to small and midsize businesses.

No, he's not hacking into their systems to prove they're vulnerable. But his attempts to sell security products directly often fail. "When they hear security, they see dollar signs," says the president and CEO of solution provider Aronson & Associates. "A lot of small-business owners still believe these appliances cost thousands of dollars and that they have to monitor them to keep them up to date."

Most of them, however, have heard enough nightmarish stories about a company losing critical data due to some disaster that they will buy backup and disaster recovery solutions. So Aronson sells them the data protection they want, in the form of SonicWall's continuous data protection (CDP) product, thus getting his foot in the door. Then he starts nudging it open a bit more.

"What I've found is that people to whom I've sold a SonicWall CDP, I'm also able to sell a SonicWall security appliance," he says. "I do a little evaluation and talk to them about the benefits of security. I'm able to show them how inexpensive it is and how grand the protection is. That makes the sale so easy."

Too Many Choices
Although SMBs need security as much as larger businesses do, they can be overwhelmed with the choices and management of ever-changing components: network firewalls, intrusion detection, content monitoring, antispyware, antispam and more. Although manufacturers have introduced unified threat management (UTM) appliances that combine many security functions, "UTMs haven't taken off to the extent that people thought they would," says Natalie Lambert, analyst of client security and client management at Forrester Research.

Today, stand-alone security appliances still dominate in the SMB market, she says, because of their low cost and simplicity. More integrated products, however, are rising in popularity. A recent Forrester study found that 30 percent of SMBs want security provided by an all-in-one device, and 24 percent want the functionality integrated into networking gear.

"What we're seeing is a convergence between the two (the stand-alone device and the UTM), particularly in the SMB space," says Joe Levy, chief technology officer at SonicWall. Some traditional UTMs are expensive because they weren't originally designed as integrated appliances, he says. In contrast, SonicWall designed its appliances from the ground up, creating a basic engine for a line of products that range from the low end to the high end. "We have a sub-$500 product that has the same set of UTM capabilities as a product that's more than $10,000," he says.

But any one preconfigured product is unlikely to fit the needs of all clients. The best strategy for solution providers is to study various manufacturers' offerings and build their own portfolio of best-of-breed security products, says Chris Squier, technology solutions engineer for security at Ingram Micro. "I recommend that resellers leverage their manufacturer and Ingram Micro contacts for information," he says. "You should understand what works and what doesn't ... and when you find the vendors that you like, that's what you lead with" when a client needs specific solutions.

For Ingram Micro customers, the choices are many: Ingram Micro carries UTM appliances from Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee, SonicWall, Symantec, Trend Micro and WatchGuard Technologies.

Custom Appliances
Darren Patoni, president of The I.T. Workshop, has built a good business by customizing security products to suit the exact needs of each client. As an example, integrating content filtering into the gateway is great for educational institutions that want to protect school kids from questionable content. But for a large business with 1,000 users or more, content filtering on the gateway could inhibit performance. Patoni likes the Secure Services Gateway (SSG) firewall from Juniper Networks because it integrates several functions but is also flexible.

The product is an integrated firewall, VPN and router, with optional wireless interfaces. VARs can add functions as the customer needs them, says Stephen Philip, Juniper Networks' senior director of security product marketing.

"Solution providers want to put their customers onto a flexible platform, so that when the customers come back in a year asking for antivirus or antispam, they can say, 'The platform I put you on can actually do that. We just need to get you a subscription,' " Philip explains. That builds trust and helps the solution provider become a proactive secur ity advisor, adds Doug Erickson, Juniper Networks' director of worldwide alliance and channel development. "As you get more in-depth with your SMB customers, they need you to act more as the IT arm for that SMB, and they require many more of your professional services."

In fact, solution providers can play a key role in educating SMBs about the basics of security, says Squier of Ingram Micro. Offer classes for their users and training in security best practices. "You start with offering those things as services, and what happens is you start to become a trusted advisor," Squier says. "Then they're not going to bicker with you over price because they realize you are a partner with them and that you're taking their security needs to heart."