For many IT shops, security tools from Cisco Systems Inc. and Symantec Corp. serve as the backbone of their intrusion defense programs, if the results of an exclusive SearchSecurity.com survey are any indication.
Some IT professionals, however, have found that those vendors' products aren't always a good fit for the size and scope of their enterprises. Others have discovered they can repel the bad guys just as well using free open source technology.
Bryan Rood, IT manager for Milpitas, Calif.-based Quantros Inc., a company whose products and services are tailored for the healthcare industry, uses a Cisco PIX Firewall and Symantec AntiVirus Corporate Edition. Both are solid tools, he said, but through experience his department has found that the Cisco firewall may be too much for his two-person IT department, which manages 57 employees and their workstations.
"The PIX firewall is working well," Rood said, noting that the product has a built-in intrusion detection system (IDS). So what's the problem? "We're only using about 50% of what [the product] has," he said. "We don't have the human resources to use the rest."
Therefore, it might be more feasible to switch vendors than to hire someone to manage the unused functionality. "We don't have a complete list of alternative vendors, but there is a discussion going on based on the cost of Cisco compared with other vendors," Rood said. "We might make a change in the next two or three months."
No one vendor
The overall responses suggest that while Cisco and Symantec are among the top intrusion defense vendors, IT professionals aren't dependent on any single vendor.
Asked which vendors' intrusion detection/prevention products they use, nearly 43% said Cisco; 34% said Symantec; 30% said Snort and other freeware; close to 26% said McAfee and Microsoft; and almost 20% said Check Point and Sourcefire.
Asked who they consider their primary intrusion detection/prevention vendor, 20% said Cisco; nearly 15% said Symantec; 12% said Snort and other freeware; and 18% check either "none" or "other."
Asked why they chose a specific set of vendors, close to 21% of respondents said the vendor choice fit into their respective infrastructures; 19% cited superior security functionality; more than 16% said the product was already installed as part of another device; and 14% cited cost.
Eric Nooden, information systems manager for Rockford Gastroenterology Associates Ltd. in Rockford, Ill., is one IT professional who has chosen a variety of tools from both mainstream vendors and the open source community to secure the 107 Windows-based network devices in his 100-employee company. Open source tools like Snort have been especially effective for Nooden, the company's lone IT administrator.
To fight spyware, Nooden uses the tool included in Symantec AntiVirus Corporate Edition. But he's not married to the vendor's product.
He has also used the open source Spybot Search & Destroy tool and has permission to buy the Spy Sweeper tool from Boulder, Colo.-based Webroot Software Inc.; though he's holding off on the purchase to see how well Symantec performs.
For IDS, he uses a Snort box that cost nothing to set up and has worked well.
"We haven't had anything come blasting through the firewall except for some attacks targeting our Citrix server -- stuff like cross-site scripting," he said.
But up to this point, the security needs of his network haven't necessitated the purchase of a more robust commercial IDS product.
"By getting tools from the open source community, I've been able to put together a fairly successful intrusion defense program," he said. "Open source is inexpensive and can easily be loaded onto older devices."
Spending the same or more in 2006
Despite his success using open source, Nooden said his company may invest in more mainstream devices sometime in the future. One piece of software he's interested in is the CiscoWorks VPN/Security Management tool.
"We plan to add another doctor this summer," he said, "and if we start using new technology for things like virtual colonoscopies, there may be more need for storage and security. But right now it's on the maybe list."
Still, as the company's medical technology expands, he's hopeful upper management will understand the need to spend more on security.
Other respondents indicated they'll be spending the same or more on various security tools in the coming year. For example, 56% said they'll spend the same or more on a network-based intrusion prevention system (IPS), compared to 18% who are spending less or aren't spending at all. Sixty-two percent said they plan to spend the same or more on network-based IDS this year, compared to 18% who are spending less or aren't spending at all.
Michael Smith, network security architect for a Chicago-based telecommunications equipment company with 4,400 employees, 5,000 workstations, 1,000 servers and a mix of Windows, Solaris and Linux systems, said his department plans to spend "a little bit more" on security in the coming year.
His enterprise uses a Cisco firewall and IDS and turns to Symantec for AV. Like numerous other large enterprises, his company is generally more satisfied with these vendors' feature-rich products than are smaller companies with fewer IT workers. When asked to describe the effectiveness of his particular arsenal of intrusion defense tools, Smith called them "pretty solid."
Nevertheless, his tools don't provide what he'd consider the perfect intrusion defense. He said he would like to improve the flow of network intelligence and bolster incident response capabilities. That's why his company is among those planning to spend more this year on intrusion defense technology.
"We get volumes and volumes of reports. We can't spend all our time looking through logs, which is why we may invest more in a centralized analysis tool," he said. "Our biggest tech challenge is filtering thru the noise."