Published: 01 Feb 2007
All-in-one security suites offer an array of advantages versus best-of-breed.
As a security professional, you want the best. All else being equal, why wouldn't you want the leading antivirus protection, perimeter firewall and antispam filtering? Your computer and network resources deserve nothing less and it will help you sleep better.
The problem is that all else is not equal. For some companies, a suite of security products from a single vendor is a home run and offers many advantages over implementing separate, best-of-breed products from different vendors.
One of the biggest factors in favor of unified threat management (UTM), or an all-in-one security suite, is money. We have limited budgets with which to secure and defend network resources. Purchasing a suite from a single supplier is typically cheaper than buying individual products by a substantial margin.
Some vendors even include functionality such as antispam or antispyware at no additional cost, making the purchase of a separate solution seem frivolous. The economy of scale and the ability to negotiate a single licensing agreement and a single support contract can save a significant amount of money over the product's life.
A suite can also reduce support costs. Most enterprise-class security suites provide some level of centralized administration through a single console, enabling support personnel to manage products with relative ease. The reduced complexity and increased efficiency with a single management console means fewer hours needed to maintain the tools and less money spent on training personnel.
In addition, a suite promises better integration between products and with the network. Security threats continue to converge; it is important for products to communicate effectively with each other to detect and protect against emerging threats.
In contrast, separate products performing signature-based analysis of the same traffic puts a heavier load on the computer's processor and increases the opportunity for conflict between scan engines. Also, one vendor may update its software sooner than another, leaving portions of the network vulnerable to new threats.
Security products from companies such as Micro- soft or Cisco Systems may not provide best-of-breed protection, but the simplicity and efficiency of integrating them with existing Microsoft systems and Cisco network infrastructure may be a compelling reason for some companies to use them.
Establishing a relationship with a single vendor rather than multiple ones has its benefits as well. When something goes wrong or you have a question, you usually will receive quicker responses. Without competing vendors, there is less opportunity for suppliers to simply point fingers and blame another.
There is, of course, a downside to the UTM approach. Relying on one vendor to protect the network also puts all of your eggs in one basket. As with virtually anything in business, and particularly within information security, the choice comes down to understanding the value of the systems or data you are trying to protect and evaluating how much risk you are comfortable accepting.
For some companies, the additional security provided by the layered defense of best-of-breed products is worth the cost. The additional expense needs to be justified by a realistic analysis of the cost of security breaches to the business.
A security suite generally isn't going to offer the very best features and capabilities, but the cost-effective protection it does provide will be more than enough for most companies.