The Pros and Cons of Security Appliances

By Andrew Garcia  |  Print this article Print

Are you deploying security systems? Who isn't? Don't miss eWEEK Labs' analysis of the benefits--and bottlenecks--of all-in-one security appliances.

This year was the worst ever for worms and viruses, and it doesn't look like the onslaught will slow next year. As IT managers scramble to implement increased protection, integrated security appliances that combine myriad security functions certainly sound like the answer to their prayers. eWEEK Labs' tests show that implementing an integrated appliance will drastically ease ongoing security management and reduce network complexity, yet add a possible bottleneck for performance and availability. Symantec Corp.'s Gateway Security 5400 series and Internet Security Systems Inc.'s Proventia line are the newest entries on the market, with Symantec and ISS hoping to leverage their respective anti-virus and intrusion detection expertise to convince customers that their products are the solution to the bigger security problem.

One of the biggest drawbacks to these products is that they are a single point of failure in the network architecture. To ensure reliability, these devices must be deployed in tandem, requiring a hefty upfront cash outlay.

The Swiss Army knife approach is not new, but until now it has been focused on the low end of the market. Appliances targeted at small businesses, from security vendors such as SonicWall Inc. and WatchGuard Technologies Inc., have for years successfully integrated virtual private networking and stateful inspection firewalls with simple content filtering and rudimentary anti-virus capabilities. However, these devices do not provide the performance, reliability and manageability levels that enterprise customers demand for their complex, mission-critical networks.

A new generation of attacks, however, can span multiple packets, requiring the firewall to cache packets and assemble the whole data stream before making policy decisions. This store-and-forward proxy mechanism necessitates drastically different hardware capabilities and tuning parameters than are required for stateful inspection-based engines.

No matter what the architecture, costs for these appliances can escalate quickly. Although the starting price for the Symantec Gateway 5400 series is about $3,500 for a low-end firewall-only model, beefing up the hardware and layering on additional security services can increase the price to upward of $60,000 for a redundant pair.

While these integrated appliances show promise, eWEEK Labs recommends getting your house in order before purchasing a multifunction appliance. Such an investment crosses into the purview of several IT entities: The network group, the security group and the corporate messaging group all need to be onboard for the implementation.

The multifunction appliance should be deployed in conjunction with some existing services; administrators should continue to maintain their internal anti-virus and network-based intrusion detection/intrusion prevention architectures. However, content and network filtering devices will be replaced outright, which may be a battle if a particular device is already working well.

Click here for the full story.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.


Submit a Comment

Loading Comments...