Security in a box

Greater security needs place a proportionally greater burden on agency IT managers. As a result, many are turning to security appliances for antivirus, anti-spam, intrusion detection and prevention, firewall policy enforcement, even content filtering. These all-in-one, nearly plug-and-play network devices can quickly deliver security functions.But such appliances aren't only for the enterprise environment. Many small organizations are seeking scaled-to-fit versions of these appliances for the same reasons that enterprises like them: They don't necessarily require that an IT staff have advanced security skills to quickly protect the network.[IMGCAP(2)]Whether you use a single-function security appliance, such as a firewall or anti-spam filter or the combined tools of a new breed of all-in-one unified threat management appliances, you should know that all of these security functions could be handled with software loaded onto servers. This raises the question: Why consider another piece of network hardware?There are several compelling benefits and one major drawback to be derived from deploying security appliances. First, putting security functions on a separate box can eliminate the buck-passing that often happens when a breach occurs but no one can pinpoint the weak link. We've all seen that: The vendor claims problems were caused by the operating system or hardware or a bad installation procedure or conflicts with other software.When all you've done is plug in an appliance with its pre-installed software, it can help eliminate finger pointing and let you get to the bottom of things.Second, installing an appliance is usually quick and painless. With a lot of these security appliances, everything is pre-loaded and pre-configured. Some offer basic appliances and plenty of options that can be added later.Third, all-in-one appliances are attractive because most servers are already overloaded with ever-increasing user demands. At worst, adding dedicated hardware only slightly increases overhead. Often it reduces the demands on hardware. Moreover, many appliances include an automatic update capability, which is a great time-saver.So what's the downside? The biggest drawback of using a security appliance is committing your perimeter security defenses to a box that eventually will fail. Fortunately, many of them support clustering and failover capabilities, so the network stays protected. But that means that if you're shopping for an appliance, you're really shopping for two or more.[IMGCAP(3)]No matter how carefully you define threat management, having several vendors provide security tools typically leads to overlap and ongoing configuration headaches or worse: security gaps of which you may not even be aware. In response, the latest trend in security appliances is unified threat management, which combines those various security tools in one more or less integrated package.Unified threat management may include firewall, antivirus, intrusion protection, content filtering and spam prevention tools. Some also include a router or wireless access point in the same hardware package. They potentially can simplify management chores and improve security by making certain every leak is plugged.Having one product manage all security tasks makes things easier. Still, most unified threat management can rely on software from more than one vendor, so it's important to ask vendors how they've designed their products to limit any gaps and overlap that wastes resources.Performance is another important consideration. Early unified threat management efforts made heavy processing demands that could bring a network connection to its knees.[IMGCAP(4)]Antivirus tools can be very slow, because a system can't properly scan incoming data packets without first caching them. Content filtering technology also can be resource greedy, depending on how it is configured and what its requirements are.Combining all these tools in one place can produce a domino effect on processing delays, degrading overall performance. Therefore, the appliance must be robust, particularly when unified threat management functions will be rolled out gradually instead of all at once.This buy-as-you-need-it approach can save money initially; just don't underestimate the hardware capacity based on initial performance, then try to later add other security software to the appliance.