In-Depth

A Marriage of Convenience (and Security)

Many organizations have reached or exceeded their ability to support the growing security management headaches and are facing compromises. What we need is a complete suite of top-tier security technologies administered from a single, unified console. Is that even possible?

• By Rich Weiss
• 01/17/2006

Historically, information security professionals have adopted the best risk mitigation technologies, from multiple vendors rather than single-vendor product suites. Faced with trading-off security effectiveness for convenience, most have resisted compromising on protection. However, the proliferation of security-management architectures has driven increasing costs and complexity. Many organizations have reached or exceeded their capacity to support this administrative diversity. Risk mitigation is still the top priority, but compromise is being forced on security managers by budget and staffing realities.

This dilemma demands a fundamental change in the nature of the security business. An unprecedented combination is needed: a complete suite of top-tier security technologies administered from a single, unified management system.

To see how this could be achieved, let’s examine what “best security” really means. It could be the protection provided by a start-up company’s innovative new technology. Upstarts have, in fact, pioneered and driven the growth of several security categories (firewalls, IDS, and token-based authentication are good examples). They frequently win the most praise from analysts and the press, and some people automatically assume that such products are superior to those of established vendors.

But shouldn’t security quality judgments be based on more objective measures of efficacy? An ideal metric would capture a product’s ability to preserve data confidentiality, availability, and/or integrity in the face of all relevant attacks. Unfortunately, while thorough and objective testing of effectiveness against known attacks is useful, it’s nearly impossible to know how a product will perform against future attack techniques.

A vendor’s track record is a more practical and relevant metric. Ultimately, only results count. If a security provider has proven over many years that it has the “right stuff” to defend the enterprise in its areas of expertise, even as threats have evolved and become more sophisticated and creative, then it can well be considered “best of breed” in those areas. Furthermore, the vendor’s proven security DNA can often be replicated in related security categories.

While still challenging, it’s now possible to find a full suite of superior security products from a single vendor. Such a suite represents only half of the solution to the security vs. manageability trade-off, however. The other half is unifying the management of the suite’s administrative functions. In recent years, several vendors have tried to achieve this goal but have met with little success. Simply tying together disparate security management systems provides little value to administrators. To gain real value, you need a platform for end-to-end management of the network security infrastructure (branch offices, remote access, perimeter, LANs, and endpoints) with a consistent interface, administrative workflow, reporting function, and security update mechanism.

Such a unified, highly efficient management architecture must be conceived and designed in advance, not cobbled together after the fact. Just as a vendor’s track record is the right metric by which to judge the quality of its security, look for a track record of superior manageability from a vendor that offers to lighten your administrative load. Even better, find a provider with excellent track records in both security effectiveness and manageability and a management architecture purpose-built for efficient multi-product administration.