- By John McCormick
- Aug 12, 2005
Blue Coat's proxy appliances protect small to enterprise networks.
Firewalls from 3Com range from $2,744 to over $19,000.
Cisco security hardware offers a wide range of functions for networks of all sizes.
Plug-and-play hardware offers advantages over software suites'with some caveats
Juniper provides firewalls as well as VPNs and intrusion detection devices.
Growing security needs place a proportionally growing burden on agency IT managers. As a result, many departments are turning to security appliances for antivirus, anti-spam, intrusion detection and prevention, firewall policy enforcement, even content filtering duties. Appliances are all-in-one, nearly plug-and-play network devices that you add to your infrastructure to quickly add security functionality.
And they aren't just for the enterprise environment. Many security appliances have been designed for small offices for the same reasons that enterprises like them. They don't necessarily require that an IT staff have advanced security skills to quickly protect the network.
But whether you buy a single-function security appliance, such as a firewall or anti-spam filter, or you choose the combined tools of a new breed of all-in-one unified threat management appliances, you should know that all of these same security functions could be performed with software loaded on existing servers. Which raises the question: Why should you consider buying another piece of network hardware?
The fact is there are several compelling reasons for deploying security appliances, and one major drawback, and they aren't just vendor hype. First of all, putting security functions on a separate box can eliminate the buck-passing that often happens when a breach happens but no one can pinpoint the weak line. We've all been there; the vendor claims problems were caused by your operating system, or your hardware, or your bad installation procedure or conflicts with other software. But when all you've done is plug in a vendor's hardware and preinstalled software, it can help eliminate finger pointing and allow you to get to the bottom of the problem.
Second, installing an appliance is usually quick and painless because with a lot of these security appliances, everything is preloaded and even preconfigured. Some offer basic appliances and plenty of options you can add later. In general, the plug-and-play benefits of an appliance are so compelling I'd be leery of recommending the add-on approach.
Appliances are also attractive because most servers are already overloaded with user demands that always increase. At worst, adding dedicated hardware increases overhead only slightly. And it almost often reduces the demands on your current hardware. Moreover, many appliances include an automatic update capability, which is a great timesaver.
So what's the downside? The biggest downside of using a security appliance is committing your perimeter security defenses to a box that will eventually fail. Fortunately, many support clustering and failover capabilities so the network stays protected. But that means that if you're shopping for an appliance, you're really shopping for two or more.Jack-of-all-trades
No matter how carefully you define threat management, having several different vendors providing security tools normally leads to overlap (and ongoing configuration headaches) or worse, to security gaps you may not even be aware of. In response, the latest trend in security appliances is toward unified threat management, which combines those various security tools in one more-or-less integrated package.
A UTM can include firewall, antivirus, intrusion protection, content filtering and even spam prevention tools. Some also include a router or wireless access point in the same hardware package. They have the potential for simplifying management chores and improving security by making certain every leak is plugged.
Having all security tasks managed by one vendor's product makes things easier. Still, many UTMs rely on software from more than one vendor, so it's important you ask vendors how they've designed their products to limit resource-wasting overlap and any gaps.
Performance is also an important consideration. Early UTMs made heavy processing demands that could bring a network connection to its knees. Antivirus tools can be very slow because a system can't properly scan incoming data packets without first caching them. Content filtering technology can also be resource-greedy, depending on how it is configured and what the requirements are.
Combining all these tools in one place can have a domino effect of processing delays, degrading overall performance. Therefore your appliance must be robust, particularly when you plan to roll out UTM functions gradually instead of all at once. This buy-as-you-need-it approach can save money initially; just don't underspecify the hardware capacity based on initial performance, then try to add other security software to the appliance later.
John McCormick is a freelance writer and computer consultant. E-mail him at: [email protected]