A Complete Defense Package

The market for security products and services is booming. It’s one of the few areas of IT that can take pride in its growth. A publication of Forrester Research, a market research company, states that customers are happy to invest in IT security. It also indicates that North American and European companies will spend an average of 7.9% of their 2004 IT budgets on security. And analysts at IDC have found that the market for security applications grew by 22% in the third quarter of 2004 compared with the same period in 2002. According to IDC, the largest revenues are earned in the United States, where more than 45% of worldwide sales of applications occurred. IDC states that the solutions used most frequently are firewalls and virtual private networks (VPN).

Virus attacks keep getting more complex

The need for security is understandable. Reports continue to speak of spectacular virus attacks, even though a few years ago the Meta Group said that virus scanners had reached a market penetration close to 100%. Two reasons are responsible for this situation. First, the pests have become more sophisticated and use effective mechanisms against traditional defenses. For example, the current Atak virus recently opened a new round in the long-standing duel between harmful programs and virus scanners. It plays dead during analysis by a virus scanner. Second, the IT personnel in a company are often overwhelmed with the configuration of complex and integrated security solutions. As Severin Collins, sales engineer of F-Secure, a virus protection supplier, notes, “Even the correct configuration of a client firewall can be difficult in many companies. Network specialists normally manage firewalls. But the desktop team that’s responsible for the clients hardly knows anything about the required rules.” Collins also observes that many organizations still lack a strategic approach to security. “The main work must occur during the run-up to implementation, but unfortunately that’s not the case,” he says.

Everything from one source

The market is reacting to the increasing complexity of attacks and defensive technologies. Almost all well-known manufacturers now offer integrated security products. The solutions should cover users’ needs for security from one source and render the common best-of-breed approach unnecessary. The advantages of these complete offerings are found primarily on the administrative side. Integrated suites posses a central, uniform administrative interface that, to some extent, enables linkage to products of other manufacturers.
In general, such complete solutions arrange themselves around one problem area in IT, such as securing a gateway or a mail server. One product or device comprises all the functions needed at a particular place in the network. But because only a few manufacturers operate the same way in all areas of security, many of these packages consist of bundled products. A license agreement or the takeover of other firms gives suppliers access to technologies that compliment their own portfolios. That’s how almost all virus protection programs have been enhanced with firewall functions. Today, gateway solutions often include intrusion detection systems (IDS). The latest trend is toward integrated spam filters that capture garbage in the steam of incoming data early.

Problem: configurability

But the combinations of products and their uniform management consoles often produce disadvantages as well as advantages. To make the most of security software, a company needs to exactly tailor the configuration of the software to its own needs. That’s why the definition of rules for a company’s firewall is a task best left to trained specialists. Managing a complete suite from a central console often demands a reduction in the number of configuration options to avoid exceeding the capabilities of the interface.
Accordingly, Gerhard Langer, a consulting engineer at Ampeg GmbH, a service provider specializing in security issues, sees more of a place for out-of-the-box solutions in small and midsize companies than in the enterprise environment. “Midsize companies usually don’t have access to a staff of specially trained security specialists,” he says. That’s why simplified administration is an important consideration for such firms in providing a basic level of security. Langer finds dedicated products for precisely defined problems a better choice for larger enterprise environments because they can be modified to meet the requirements of an individual enterprise.
In his experience, developing a security strategy with a collection of individual products is not in theory any more complicated than with a complete solution. Nevertheless, he admits that using several individual products demands significantly more expert knowledge from administrators. In addition to the limited manageability of all-in-one products, Langer says they do not possess the maturity required by large enterprises. In terms of updates and patches, he states “many of the complete solutions can’t reliably support updating a system without requiring a reboot.” His judgment? “For corporate groups and large companies, the best-of-breed approach is indispensable.”

Clearly defined interfaces: the beginning and the end

Jochen Bauer, CEO of Inside Security IT Consulting GmbH in Stuttgart, Germany, sees it differently. He agrees that integrated suites do not offer the same configuration options as dedicated products, but he finds them appropriate in theory for use in enterprises. “Many offerings have only a uniform interface above individual components, which can be configured directly without using the administration console,” says Bauer. And Bauer sees something of a stumbling block in the structures that have grown up in large companies. “Corporate groups already use various security products. Whether to implement new components depends upon their ability to include clearly defined interfaces. That’s where dedicated solutions are often better,” he adds. Precisely defined interfaces enable seamless integration of new security products into the existing infrastructures. The consultant regards complete packages as more of a consideration when setting up completely new security infrastructures. In Bauer’s experience, whether a comprehensive suite or a best-of-breed mix is a better way depends a great deal upon the IT personnel. “If the required knowledge is available, best-of breed allows you to reach a higher level of security,” he says.
The trend toward complete offerings is sure to continue. After all, the development of trickier threats results in defense mechanisms that demand more and more effort. For most users, uniform and centralized administration tools are an increasingly important building block in sensible use of the products. And recent market consolidation will ensure that large suppliers will integrate high-performance technologies into their own portfolios by acquiring smaller, specialized companies.
Analysts are reacting favorably to these enhanced portfolios. For example, Forrester Research believes that the recent acquisition of antispam manufacturer Brightmail by Symantec will put pressure on its competitors and advance it to the most important player in the market. According to Forrester, suppliers of antivirus products that do not yet contain spam filters will now have to get on board.

Jan Schulze
Jan Schulze