Article

Security needs bring redundant systems back in style (Page 2)

Margie Semilof

BACK TO PREVIOUS PAGE

'Best of suite' not 'best of breed'

The biggest danger, however, is buying products with all of these security features from

    Requires Free Membership to View

one vendor, Blum said. "It's a violation of the principals of layered defense."

[Buying security products from a single vendor is] a violation of the principals of layered defense.


Dan Blum, analyst, Burton Group

,

A company can get more for its security money by purchasing from fewer vendors, but a "best of suite" strategy is preferable to a "best of breed" one, he said. For example, an IT executive may want to buy a device from Cisco or Checkpoint Systems Inc. for the perimeter, but they may choose another vendor for intrusion detection. "If you buy that from the same vendor as is providing your perimeter products, maybe both products will make the same mistakes," Blum said.

Some customers in IT agree that while it may be appealing to have a single appliance to manage and maintain, there is the concern that that device may also be a single point of failure. Security is about limiting your exposure. If you go to one source, and someone attacks that source, you're out of luck, said Bill Randall, director of MIS infrastructure at Red Robin Gourmet Burgers Inc., in Greenwood Village, Colo. "You still need to have redundant systems," he said.

Different pieces for different needs

Randall said his company uses individual appliances for some tasks. For example, it uses an intrusion prevention system from 3Com Corp.'s TippingPoint Technologies Inc. division, but he believes there are many more vulnerabilities than just the network edge. "For antivirus and spyware, it's easy to integrate whatever solution you're using for your end users [at the desktop] and just extend it out," he said.

Related links

Microsoft shifts toward hybrid firewall approach

 

Opinion: The weakened state of the network perimeter

Other users agree that it's not always possible to control all security from the network perimeter. One reason is because that in some environments, such as a university setting, it's hard to make a universal policy about what is and is not allowed to come into the network.

The IT staff at a college has no clear knowledge of what is being used by everyone on campus and is therefore reluctant to take any action that will break something for someone, said Joe Strecker, an IT manager of the computer resources group at J.L. Voss Veterinary Teaching Hospital at Colorado State University, in Fort Collins, Colo.

Strecker prefers to zero in on an individual machine. "Even if the border is well sealed, there are still people bringing in laptops from home, so individual machines must be hardened," he said.

Step one: Do a self-evaluation

Burton Group's Blum suggests that in developing a security strategy, IT managers should start with a risk management assessment of their company that looks at people, processes and technology. In terms of technology, he recommended developing a security architecture in which the target starting period is a few years away.

Blum warned that there may be political reasons within a company that dictate the selection of certain vendors. And in some cases, it may be mandated that a product has to interoperate with specific platforms, such as SAP, Linux or Windows, he said.

Regardless of individual cases, though, securing the perimeter of a network goes far beyond "set and forget."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: