October 6, 2008

Getting More With Less

By Eryin Halmen

NETWORK security consolidation could not have come at a better time as IT professionals concerned with security are finding themselves at the centre of a perfect storm caused by the convergence of three "threatening" conditions.

First, the slowing growth of IT budgets. According to a recent survey of IT decision makers by research firm Computer Economics, the average expected growth in IT budgets is only 2.5 per cent. And since IT budgets depend to a large extent on company profits, the slowing economy can only dampen this growth rate.

Second, the unfortunate trend towards complacency about network security and compliance issues, if not among security professionals, then among the executive staff who control the budget.

In a sense, network security has become a victim of its success in dealing with both new threats and new regulatory mandates such as Sarbanes-Oxley. There has been no headline-grabbing network-based attack for several years, so many executives may feel that security has been "taken care of". There is also a related tendency to concentrate on compliance issues at the expense of more traditional security issues since their bottom-line impact is more readily discerned and more in line with executive-level concerns.

Third, and perhaps the most important, the increasing complexity of network security - the growing sophistication of threats, an ever- increasing compliance burden, and vulnerabilities constantly exposed by new applications and technology.

Exploits are no longer so much focused on hacker reputation as on financial gain, and organised crime is moving in to take advantage of network security weaknesses. Of course, where profit is involved, innovation happens faster, so the scope and power of threats is changing more rapidly. The compliance burden is heavier as well, especially given the necessity of being able to prove that all possible steps have been taken to protect sensitive data, which needs extensive logging and auditing.

To top it all, the very success of IT in supplying new applications to support business innovation and competitive advantage - not to mention popular applications such as Skype and Facebook - has inevitably added new avenues of attack.

According to research firm Gartner, the most important way information security organisations can save money this year is by leveraging on the convergence of established security functions into network or host-based security platforms that provide multiple layers of security in a single product to protect against an evolving multitude of network and content threats.

In fact, the firm estimates that by 2010 only 10 per cent of emerging security threats will need tactical point solutions, compared with 80 per cent in 2005.

Furthermore, environmental consciousness is an issue customers are increasingly considering in the vendors they do business with.

According to research firm IDC, over 50 per cent of customers take the "green" stance of a vendor into consideration when selecting a supplier, and one-third rate the availability of green offerings from an IT supplier as "important" or "very important". This comes from the top of the management chain as well: Green IT is growing in importance for almost 80 per cent of executives.

Comprehensive threat coverage

The threats confronting companies today are both network and content- based. Network threats include denial of service (distributed DoS using "zombie" networks being particularly dangerous), eavesdropping and basic worms. These are dealt with using firewalls, intrusion prevention systems (IPSes) and virtual private networks (VPNs).

As for content-based threats, they include more sophisticated worms, viruses, phishing and pharming, spyware and e-mail spam, and need content inspection technology such as anti-virus, anti-spam and Web filtering.

The rising sophistication of attackers, driven in part by the increasing involvement of organised crime, is also boosting the frequency of blended attacks that combine both network and content- level threats.

By enabling knowledge sharing between counter-measures, consolidating one's network security with a unified threat management (UTM) platform can greatly increase your ability to detect and prevent not only standard attacks, but also sophisticated multi-vector attacks.

For instance, a consolidated system that couples a signature- based anti- virus engine with a proactive intrusion prevention engine will be more effective than a single-technique solution. Likewise, integrating Web filtering, anti-virus and IPS capabilities in a way that allows the various engines to correlate activity can increase the ability to fend off sophisticated attacks. This correlation enables the system to initiate defence during the earliest possible phase of the attack, cutting down the likelihood of success and reducing related damage.

Going green with consolidation

Consolidation naturally means more efficient power usage by your hardware, especially in the case of chassis and blade-based UTM solutions, and so lower electrical bills.

As an example of the potential cost reduction, consider just a small part of the network security infrastructure: the perimeter defence between the primary Internet gateway and the private network infrastructure. It is common to find a firewall, VPN concentrator, intrusion prevention system, gateway anti-virus system and Web filtering system deployed here in daisy- chain fashion: five devices, each providing a single-function security service. Using a conservative estimation of 300 watts per device, the power consumption for this security infrastructure totals 1,500W. By replacing these standalone systems with a consolidated network security system, a single 300W system can provide the same functions with only 20 per cent of the recurring power cost.

Consolidating your network security with an integrated UTM solution gives you better network protection, more efficient use of your capital budget, lower operational expenses by reducing the management burden as well as training, support and threat update costs, and preserves your investment by allowing you to add robust security functionality with little or no additional hardware. Added to these savings are the green benefits of consolidation, most notably a smaller carbon footprint across the entire lifecycle of the equipment.

In short, network security consolidation offers both economic and reputational advantages that make it one of the best investments IT departments of all sizes can make.

* The writer is country manager for Malaysia and Brunei, Fortinet Inc.

(c) 2008 New Straits Times. Provided by ProQuest LLC. All rights Reserved.