Whether you're considering a multifunction appliance, a broad suite of software or a combination of both to secure your Windows infrastructure, security consultants say there is one key principal to keep in mind: Don't rely on a single vendor for everything.
The issue comes to the fore as more market-leading vendors introduce devices that offer a simple way to ward off all types of security breaches with a single device.
Networking powerhouse Cisco Systems Inc., San Jose, Calif., has become the latest to deliver a multifunction security appliance, which is loaded with a firewall, gateway antivirus, spyware and adware protection, intrusion protection features and other threat-defense services. The ASA 5500 sits at the network's edge, blocking unwanted incoming traffic. It can also be used inside a corporate network by IT managers who want to block access to certain data center assets.
Cisco, whose executives said at the recent Interop 2005 conference that the technology will eventually be included in the company's line of Catalyst switches, is not the first to bundle different capabilities together. Companies such as Fortinet Inc., Internet Security Systems Inc. and Symantec Corp., have also done it.
The choices are many
With threat levels and regulatory diligence increasing, administrators responsible for Windows-based systems are starting to favor security products that guard the perimeter, the desktop and the data center. But with a such a wide array of choices, selecting one can be a daunting task.
Microsoft has its own security arsenal, including new, free patch management tools, such as Windows Server Update Services (WSUS), now in a release candidate beta and due out in June. There is also its Network Access Protection technology, which restricts the access of a computer to a network until its health can be verified. Microsoft has pledged to build it into the Longhorn OS platform, as well as a firewall, antispyware and antivirus technologies.
There are also systems software companies, security software companies and vendors traditionally known for network appliances that offer the same promises of security protection, and they are converging around the issue of policy management, according to Dan Blum, an analyst at the Burton Group, a Midvale, Utah-based consulting firm.
Networking vendors are now providing security suites in much the same way that the big systems management vendors, such as IBM and Computer Associates International Inc., are doing. And the approach is also similar to what security software specialists, such as Symantec and McAfee Inc., offer for desktops, Blum said.