An integrated approach to security

Seenu Banda

The buzz around integrated security devices has been there for a while now. Seenu Banda, Founder, President & CEO of NetDevices, talks to Anil Patrick R about the benefits and things to watch out for when it comes to this class of devices.

Today’s enterprises use separate security devices for different security areas. Why should they switch to integrated devices?

Unified devices can provide several benefits to the enterprise, including ease of management and configuration, reliability, and significant cost savings. Management of multiple devices and vendors is a nightmare that network managers worldwide face; this issue is avoided by using unified devices. In fact, such devices can support a wide range of networking applications—not just security. An important feature that network managers should look for is remote management.

What advantages can SMBs derive from these devices as compared to a distributed security architecture?

These devices are equally suited for SMBs. Since a unified device hosts multiple applications, the number of people required to maintain and manage them is reduced substantially as the management tools for these applications are common. This means that training costs are reduced. Thus, an SMB gets several advantages from unified devices—lower costs, lower manpower requirements, and of course, simplicity in managing the device.

Many large enterprises adopt a layered approach for firewalling (multiple firewalls from different vendors). Can integrated security devices be used to craft layered defences?

Certainly. Unified devices usually run various security applications such as firewall, IDS, IPS and anti-virus. The advantage of a device that is built for multiple applications is that network managers can avoid typical problems such as configuring discrete devices and security policies separately as the policies, once defined, can be replicated across the different security applications.

Doesn’t the integrated approach create a single point of security failure for the entire security infrastructure?

This is certainly a vital issue that all enterprises face with unified devices. One of the ways we have addressed this is by separating the management plane from the control and data planes. This ensures that the network manager can look into the device, diagnose problems, and get the device running even if one of the services has gone down. Such a feature is essential for any unified device—the lack of it means an unacceptably high single point of risk for an enterprise’s infrastructure.

Are there any standards, existing or proposed, for integrated security that organisations should consider when buying these devices?

Buyers should look for adherence to existing standards such as VPN encryption methods, AES and 3DES, as well as strong signature libraries for intrusion defence (IDS/IPS). Buyers should also see how security checks and data processing are interleaved across multiple security services integrated into a multi-service device. For example, once data is gathered for IDS on extracting or normalising a URL address, is this data then passed on to the next content security service or does the process need to be repeated? This impacts the scalability of the device and assures that the same data gathered is used across all services uniformly.