An integrated approach to security
The buzz around integrated security devices has been there
for a while now. Seenu Banda, Founder, President & CEO of NetDevices,
talks to Anil Patrick R about the benefits and things to watch out for
when it comes to this class of devices.
Todays enterprises use separate security devices
for different security areas. Why should they switch to integrated devices?
Unified devices can provide several benefits to the enterprise, including ease
of management and configuration, reliability, and significant cost savings.
Management of multiple devices and vendors is a nightmare that network managers
worldwide face; this issue is avoided by using unified devices. In fact, such
devices can support a wide range of networking applicationsnot just security.
An important feature that network managers should look for is remote management.
advantages can SMBs derive from these devices as compared to a distributed security
These devices are equally suited for SMBs. Since a unified device hosts multiple
applications, the number of people required to maintain and manage them is reduced
substantially as the management tools for these applications are common. This
means that training costs are reduced. Thus, an SMB gets several advantages
from unified deviceslower costs, lower manpower requirements, and of course,
simplicity in managing the device.
Many large enterprises adopt a layered approach for firewalling
(multiple firewalls from different vendors). Can integrated security devices
be used to craft layered defences?
Certainly. Unified devices usually run various security applications such as
firewall, IDS, IPS and anti-virus. The advantage of a device that is built for
multiple applications is that network managers can avoid typical problems such
as configuring discrete devices and security policies separately as the policies,
once defined, can be replicated across the different security applications.
Doesnt the integrated approach create a single point
of security failure for the entire security infrastructure?
This is certainly a vital issue that all enterprises face with unified devices.
One of the ways we have addressed this is by separating the management plane
from the control and data planes. This ensures that the network manager can
look into the device, diagnose problems, and get the device running even if
one of the services has gone down. Such a feature is essential for any unified
devicethe lack of it means an unacceptably high single point of risk for
an enterprises infrastructure.
Are there any standards, existing or proposed, for integrated
security that organisations should consider when buying these devices?
Buyers should look for adherence to existing standards such as VPN encryption
methods, AES and 3DES, as well as strong signature libraries for intrusion defence
(IDS/IPS). Buyers should also see how security checks and data processing are
interleaved across multiple security services integrated into a multi-service
device. For example, once data is gathered for IDS on extracting or normalising
a URL address, is this data then passed on to the next content security service
or does the process need to be repeated? This impacts the scalability of the
device and assures that the same data gathered is used across all services uniformly.