Battle to Have It All in Information Security, The

Enterprise Networks & Servers, Nov 2004 by Friedman, Jon

Integrated solution, or so-called best-of-breed approach? Should IT groups go for a coordinated outfit from one store, or pick up accessories from across the mall? This debate has been raging for many years across many fields of the IT landscape.

The best-of-breed approach offers the widest choice of vendors and products, and implicitly the ability to select a feature set that is perfectly tailored to the needs of the organization.

On the other hand, if the environment requires a set of complementary products to work together, integrated solutions from one vendor eliminate the need to make products work together, and simplify management and support.

Sometimes it is possible to look at industry trends and predict when the integrated approach will win out. One such situation is when simplicity and ease of use become the paramount concern for users. That is the primary reason for the triumph of office suites like Microsoft Office, Lotus SmartSuite, and Sun StarOffice over stand-alone word processing, spreadsheet, and presentation programs.

Another factor that moves markets toward integrated solutions is the convergence of related technologies, either because the technologies themselves have overlapping functions that can be merged, or because customers perceive a growing list of benefits to having the technologies integrated by the vendor, instead of during the implementation process.

Recently, Craig Mathias wrote about this phenomena in EE Times. Discussing Wi-Fi chipsets, he said: "I use the term 'consolidation principle' to describe how capabilities that initially appear in distinct products eventually get consolidated into higher-function implementations."

One area where this "consolidation principle" can be seen in operation today is in the market for security products. Individual perimeter security applications such as gateway anti-virus, intrusion protection, spam blocking, and content filtering, are increasingly being bundled with the old standby of network security, the firewall.

Part of the reason for this trend is that the proliferation of security threats is forcing organizations to deploy a wider range of defenses.

The other main factor is that IT groups perceive significant benefits in ease of use and manageability from integrated security products.

Until now, this perception of increased manageability from integrated products has been based largely on gut feel, or at best, on limited anecdotal evidence. Now some detailed data is available that for the first time quantifies the benefits of integration for security products.

The Tolly Group, an independent IT benchmarking organization, recently published a hands-on study that measured the effort required to deploy and manage an integrated perimeter security solution versus a selection of point products.

The findings were surprising. The allin-one approach wasn't just marginally better. Instead, it reduced implementation efforts by 66-75 percent. It reduced the number of hours required for ongoing administration by 45-58 percent.

Or to put it another way, the study found that it took three to four times the work to deploy a best-of-breed combination of products compared to a pre-integrated set, and from then on roughly twice the work to update and manage them for the life of the project.

The test compared the effort required to deploy and manage a comprehensive perimeter security solution during a 12-month period for a company with 1200 employees distributed among a headquarters and three satellite branch offices.

The comprehensive perimeter security solution included firewalls, virtual private network (VPN) connections, gateway antivirus, spam blocking, and content (URL) filtering.

The test engineers developed a list of 13 tasks related to deploying perimeter security products - tasks like defining networks and servers, creating a DMZ, activating security proxies, creating packet filter rules, and configuring a VPN tunnel between locations.

The test engineers also developed a list of 16 common tasks related to administering this environment over time - tasks like adding and removing users, adding an employee type with new security policies, setting up protection for a new server on the network, updating software patches and virus signatures, and configuring the automated backup of the complete system configuration.

The Tolly Group testers then defined three "solution sets" to compare, one integrated product and a selection of the best-known point products in their respective categories.

1. Astaro security Linux (as the integrated solution).

2. A team of Check Point (firewall and VPN), Trend Micro (anti-virus and antispam) and Websense (content filtering).

3. A team of NetScreen/Juniper Networks (firewall and VPN), Trend Micro (anti-virus and anti-spam) and Websense (content filtering).

The test engineers then worked their way through all 29 tasks for each set of products, stop-watch and clipboard in hand. As a final step, they extrapolated some of the figures to simulate a full year of activity.