This content is part of the Essential Guide: Tackle endpoint defense issues to obtain the best endpoint security
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Integrated security suite advantages and drawbacks

Can an integrated security suite provide advantages in cost and performance? We look at key focus areas for security practitioners as security tools increasingly converge.

The convergence trend has redefined multiple product areas, from network access control to log management. While an integrated security suite of tools has its strengths, the convergence of tools also means that controls may overlap and functions go unused. Security analysts need to take a good look at what their current vendors offer, and then carefully determine whether an integrated security suite can provide benefits over standalone tools in terms of cost, performance and operations management.

Endpoint convergence

The first area where major tool convergence has occurred is at the endpoint. Very few organizations are relying on traditional antivirus tools alone for desktops and servers, and with good reason. More capable tools and controls include whitelisting, endpoint forensics analysis and evidence acquisition, intrusion detection and prevention, and incident response automation. Many vendors offer converged products in this space, and organizations need to limit the number of distinct endpoint security agents they're installing to conserve resources, especially in virtualized and cloud-based environments. Symantec Endpoint Protection offers antivirus, whitelisting and behavioral heuristics analysis, along with a host-based firewall. McAfee Complete Endpoint Protection from Intel Security offers the same, along with some data loss prevention capabilities and integration with their ePolicy Orchestrator console. Sophos Endpoint Protection includes all of the same tools, and all three integrated security suites also incorporate some reputation analysis for Web traffic filtering.

If you want endpoint incident response or forensics, however, you may be looking at a product like Carbon Black, Mandiant Intelligent Response, Cylance Protect, CrowdStrike Falcon or EnCase Enterprise. For now, it's likely that you'll still need more than one endpoint agent to accomplish all of your security goals, but that will likely change very soon.

NAC and other integrated security areas

Network access controls and related defenses is another area of major convergence activity, but sometimes consolidation can raise performance issues. Traditional firewalls could only process and control traffic using layer 3 and layer 4 of the stack, as well as base protocol identification. Behavioral monitoring, traffic capture and analysis, SSL termination and inspection, and other security functions made their way into these systems with the advent of the next-generation firewall (NGFW). Companies like Palo Alto Networks introduced application inspection and profiling, protocol anomaly detection, and user-integrated policies into the traditional network access control platform; Fortinet, Check Point Software Technologies and Cisco have done the same. More of the NGFW network platforms are also integrating malware inspection and sandboxing through partnerships with companies like FireEye, although most of the leading players (Cisco, Blue Coat Systems and Fortinet, for example) have their own malware sandboxing engines as well.

What if you want integration between endpoint security and network tools? Palo Alto Networks Traps and Cisco's Advanced Malware Protection and FirePOWER services both offer a more unified strategy of integration that may afford security analysts more value in terms of controls and consolidating vendors and product sets.

Security information and event management and log management tools are also largely converged now, and many of these platforms from vendors like LogRhythm, AlienVault and Splunk are starting to offer deeper analytics processing and machine learning capabilities too.

As security market consolidation continues, vendors may bundle a range of products from top performers to also-rans into a single package or integrated security suite of tools. With proper vetting, converged tool suites can offer significant benefits in terms of cost, performance and operations management. However tools overlap is a common occurrence. To avoid spending valuable resources on shelfware, you need to check your inventory and vendor management practices first. Then compare needs vs. wants, and look at an integrated suite of security tools as a viable option.

Next Steps

Learn more about the benefits of integrated endpoint security suites

Does your organization need an integrated endpoint security suite or set of point products?

A closer look at the capabilities and limitations of antimalware suites

This was last published in December 2015

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)