Blended Threats, Unified Response
Sep 1, 2007 12:00 PM, By Sandra Kay Miller
Despite the sage advice not to put all your eggs in one basket, a recent study found that 43 percent of companies rely on a single strategic vendor for network and computer security.“I think that what these results demonstrate is that the best-of-breed approach we've followed in security for many years isn't working,” explains Andreas Antonopoulos, a Certified Information Systems Security Professional (CISSP). He is senior vice president and a founding partner of Nemertes Research Group, the Illinois-based company that completed the study.
As individual threats — such as viruses, spyware, spam, rootkits and denial-of-service attacks — began to wreak havoc within organizations, separate solutions emerged to address each type of threat. In professional forums, a debate has raged about whether to use multiple best-of-breed vendors versus a single strategic vendor to cover all security bases. Initially, the consensus leaned toward point solutions since their products were often cutting-edge technologies. Additionally, these solutions were offered by smaller, often privately-held companies, thus being more flexible in both deployments and responding to new threats.
Larger strategic security vendors countered by including additional bolted-on functionalities developed in-house to their core products. Initially, this tactic failed to meet users' needs effectively.
As different types of threats increased, so did the number of disparate systems that required deployment, management and licensing — anti-virus, anti-spam, anti-spyware, IDS, IPS, Web filtering — there was an appliance or application for each threat. Nemertes' study found that organizations were ending up with too many point solutions within their infrastructure, which had little or no capability to integrate with each other. Antonopoulos explains the methodology was not cost-effective. “If you would try to integrate all of the point solutions yourself, it would be more expensive than if you bought a fully integrated solution that addresses multiple threats,” he says.
Andreas Kenstalis, IT manager for a sports equipment distribution center, has run the gauntlet of point solutions before settling with a strategic vendor to protect his data center. “Over the years, our company amassed an assortment of security systems, but they became a nightmare to manage individually, and my budget couldn't support the upgrade cycle.”
Security vendors began to take notice.
Instead of developing second-rate features to address emerging threats within their own companies, large strategic vendors began acquiring point-solution vendors and integrating their highly effective code into the core product and developing strategic partnerships with other security vendors who already delivered a world-class product.
Further driving the adoption for integrated security products was the shift toward integrated malware. Converging or “blended” threats have become the norm as spam delivers spyware and malicious Web sites can install rootkits and keyloggers. Organizations were spending money on multiple systems to cover constantly evolving threats.
Forrester analyst Natalie Lambert points out that standalone spyware packages are being integrated into endpoint security suites, which also include anti-virus protection, personal firewalls and IPS. These security suites provide an integrated, holistic approach to endpoint security and are easier to administer than multiple point solutions. In addition to comprehensive security coverage, users are getting more bang for their buck.
Security heavyweight Marcus Ranum, inventor of the proxy firewall and chief security officer at Tenable Security, Columbia, Md., thinks it all boils down to money. “Most businesses prefer to use a strategic vendor because of reasons that have nothing to do with making it more secure. It's more because they get better price leverage,” he says.
Ranum contends that most security products do a poor job at intentionally interoperating outside of the vendor's portfolio, leaving customers with little choice. Antonopoulos attributed this to the fact that security is an “arms race,” unlike all other facets in technology. “With security, you're competing against an external foe who is innovating just as fast as we are. New threats are emerging all the time, which results in the security market innovating at a faster pace than any other in the industry,” he says.
What that means for customers is the inability for the security industry to standardize or “commoditize,” Antonopoulos explains. “For example, if you take a server today, you can plug any type of hard drive into it. You don't need to worry about what drive works with what server — it's completely interoperable, but I can't get just any spam vendor and have their software work with my anti-virus management console. It's just not going to happen.”
While the Utopian dream of complete interoperability among security vendors appears far off in the distance, unified threat management (UTM) solutions and integrated security suites continue to grow in popularity. In his 2007-2011 forecast, Romain Fouchereau, International Data Corp. (IDC) security research analyst predicted, “The UTM security appliance market will continue to grow as a valid security solution for both the SMB and the enterprise market due to its adaptability and ease of integration.”
IDC has coined the term “secure content management” (SCM) as a superset of security features integrated into a holistic solution capable of addressing multiple threats. They predict that the SCM market will reach $10.5 billion by 2009.
Security stalwarts continue to demand defense-in-depth as vulnerabilities in popular security suites continue to make headlines, but Antonopoulos explains that the decision to deploy an integrated security solution from a strategic vendor boils down to balancing risk with budget. “Smaller companies often do not have the staff with the skills to effectively manage multiple security solutions from different vendors as compared to larger enterprises with the resources to dedicate personnel to a specific system,” he says. “They may have all these fancy alerts and notifications coming out of their systems and lots of monitoring going on, but there aren't any trained people watching it.”
Antonopoulos argues that a single vendor may not have the multiple layers of defense that multiple point solutions provide, but defense-in-depth becomes a moot point if a strategic solution offers better utilization and management.
He also countered that with multiple interoperable security tools within a strategic solution, users have the added advantages of a unified place and process for management and reporting as well as a single point-of-contact for support. “You could make your environment much more heterogeneous to make sure it's harder to break through the barrier of layers, but then you can't manage it because it's too heterogeneous,” Antonopoulos says.
“Since we made the decision to move to a strategic vendor, I have a single console to manage and don't have to worry about making sure all my signatures, filters, service packs and firmware are all up to date on multiple systems,” Kenstalis says. “We are definitely more secure.”
Want to use this article? Click here for options!
© 2014 Penton Media Inc.
Today's New Product
In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.