Lock up your data

An increasing number of security vendors are offering integrated solutions, but sometimes more can be less. Daniel Stanton finds out what approach businesses in the region are taking.

  • E-Mail
By  Daniel Stanton Published  February 27, 2006

|~|padlock200.jpg|~|Best of breed or all in one? IT professionals face a tough choice when looking at security solutions.|~|As threats to corporate data intensify and become more sophisticated, protection has become more complex and strategic, but choosing which strategy to adopt is proving far from simple.

Many companies are choosing to consolidate their security solutions, either by using an integrated security platform, an all-in-one box, to take care of their security or by using a unified threat management system (UTM), which observes the security status of the system and manages several security solutions. Even if a company decides to use UTM, they still have to choose whether to use single vendor or best of breed solutions within it.

A growing number of vendors are beginning to offer UTM systems, but some users query whether this is the e best approach to enterprise security.

“I don’t think many people are capable of delivering a unified system here in the Middle East as far as configuration goes,” says Tamer Gamali, chief information security officer at the National Bank of Kuwait, which uses solutions from more than one vendor, including ISS, Cisco and Symantec.

Even so, the bank, which, like other financial institutions, focuses on security not only for protecting its data, but also its reputation, is continually honing its security infrastructure and is trying to unify some of its systems. “If it’s all from one vendor it’s easier for integration and monitoring,” Gamali says. “Individual units are matching best of breeds in some ways.

“My concern is the cost of getting someone to do it (deliver a unified system) and consulting and support. We get a lot of value-add from our strategic partners in terms of consulting. Some of the smaller companies can’t give you that. But a lot of the larger companies end up buying the smaller companies anyway.”

One of those companies on the acquisition trail is Symantec. In the last 12 months it has snapped up behaviour-based security and anti-phishing developer wholeSecurity, compliance specialist Sygate Technologies, anti-spam specialist BrightMail, instant messaging security specialist IMLogic, BindView, SafeWeb… the list goes on.

Vikram Suri, country manager of southern Gulf and Levant for Symantec, says, “If you look at the technologies that are part of our UTM model we’ve got some best in class and some best of breed technologies in this appliance.”

He says that consolidating a security system makes it more manageable and reduces running costs. “If it’s an integrated system there’ll be one update required for the entire system so if it’s a software upgrade or if it’s an update of new signature, all you will need to do is upgrade the box just one time,” says Suri. “Therefore the cost is in fact lower in the UTM model as opposed to higher when you’re trying to upgrade and update individual products in the network environment.”

David Michaux, the CEO of ScanIT, a consultant on IT security, is firmly in favour of best of breed. “I like to see the best of breed of each product. To a large extent the big security players actually allow for their unified threat management systems to hook up with the various different technologies, not just their own technologies,” he says.
He believes that companies in the Middle East will need better skills among their staff if they are to make best use of their security solutions.

“Companies here are buying in amazing technology but not really investing in the people to maintain and to keep the technology running. It’s like everyone here is driving around in Ferraris but no one has a driving licence.”

He adds, “The big companies here, the airlines, the telcos, these guys, they have their stuff together, they know what they’re doing. And they are able to take the best of breed and configure it properly because they have the right teams in place.”

Patrick Hayati, divisional director for McAfee in the Middle East, does not believe that businesses should use a single ready-made solution. “Some people will say that it is easier to install and easier to manage, but security has no price,” he says.

He also says that management programmes, such as McAfee’s ePolicy Orchestrator (ePO) are often compatible with other solutions, despite the popular perception that vendors try to discourage users from implementing rival products.

“Many of the top-tier applications work very well together. EPO can manage competitors’ products as well as our own,” he says.

He is sceptical of the benefits of integrated security platforms: “There aren’t that many benefits because it creates a single point of failure and a single point of penetration for hackers.”

Hayati also believes that it is cheaper and easier to upgrade individual solutions working together than it is to upgrade a single box solution: “It’s easier to upgrade the different components and it’s easy to ensure that you have best of breed in all areas.”

K Ibrahim Sherif, managing director of Rabita Information Technology, which distributes Panda software in Saudi Arabia takes the contra view, saying that an integrated unit can be more efficient. “If you install too many products in one system it will take more resources, there could be a problem with product compatibility and some products will need to be updated. If it is an integrated product it will take up the entire update,” he says adding that since his company started supplying Panda’s integrated security solution in 2004, the company has built a customer base of 150, mostly SMEs in manufacturing, retail and construction.||**|||~|waechter200.jpg|~|Waechter: Some companies have a lot of ideas but don’t implement them.|~|Einstein Johnson, systems administrator at Mednet UAE, a health service provider, uses NOD32, Eset’s unified anti-virus system, as part of the company’s security solution. “The technology is doing very well, it’s doing much better than the previous anti-virus which we used one year back.”

Mednet runs three servers and uses customised software to manage its security. Johnson says that one of the benefits of using individual packages is that upgrades tend to be small and quick to implement.

Neo Neophytou, managing director of Eset Middle East, says, “The truth is that not all of the products of one company can be the best of breed. They cannot be 100% optimum in all areas.”

Jed Isbell, general manager of distributor ATS, agrees. “With the growth in IT technology, the areas of securities vulnerabilities are increasing 10-fold,” says Isbell. “As such, security consolidation is not a viable proposition as no one vendor can provide you with the solutions required to address all the immediate end-user concerns.”

Philipp Waechter, Middle East branch manager for onSpirix, the IT consultancy, believes that an all-in-one solution is often the best option for smaller companies who lack the means and technical expertise to design their own systems.

“Some companies are dreaming of the perfect solution so they have a lot of ideas but they don’t implement them,” he says. “With this all-in-one solution you make sure that from day number one they have it in place which is better than having best of breed solutions but not properly implementing it or waiting too long.” onSpirix recommends Fortinet, the current worldwide leader in UTM unit sales.

Kalle Björn, system engineer at Fortinet, says, “The monitoring really is an important thing if we’re talking about enterprise customers. Basically, you need to know what’s going on and you need to be continuously updated, so you require a system and a solution that gives you a continuous view of any kind of attacks or situations that are happening on your network.”

He says that there could be compatibility problems if products from different vendors are used together as a complete solution. “If you have two separate companies’ code running on the same box, obviously the companies are not willing to share the full code with each other so you might have issues in some cases with that approach,” says Björn. “Everything that is running on our box is basically Fortinet’s products.”

SonicWall has also seen the market for unified solutions growing. Shahnawaz Sheikh, SonicWall’s regional sales manager for the Middle East and Africa, says: “Any solution that we sell in the market now is UTM.”

The solution works by recognising the signatures of possible threats, and the company’s Sonic Alert Team works 24 hours a day to detect signatures and download them to appliances. IT managers can access reports from a main database, the Global Management System, to learn the status of any attacks that have been detected.

Rivoli Group, a luxury goods importer and distributor in the UAE uses SonicWall’s unified protection system for VPN. Uday Manon, systems administrator for the group, says that an important factor in his decision to use the solution was its ease of management. “SonicWall is really user-friendly, it’s very easy to configure. The support is also very good,” he adds.

Mashreqbank recently invested in technology from SonicWall to protect its ATM systems in the UAE. The bank bought 100 units of SonicWall Firewall total security platform, a solution that provides layered protection through an integrated deep packet inspection firewall.

Another solution, CA’s (formerly Computer Associates) Integrated Threat Management system, warns and reacts to threats, as well as logging and updating information from attacks.

Bjarne Rasmussen, CA’s vice president of technology services, says: “CA’s eTrust security solutions offer best of breed technology as stand-alone products or as a full integrated solution, enabling organisations to unify and simplify the management of their security environment through centralised administration and policy definition of all the eTrust products.

“Organisations are able to quickly define and implement security policy as well as comply to regulatory requirements for security auditing, while monitoring the IT security environment on a day-to-day or even hour-to-hour basis.”

Intrusion detection seems to be losing popularity with businesses for practical reasons. David Allen, director of global field marketing for 3Com, says: “People have realised that the cost of running intrusion detection is quite phenomenal in terms of the management overhead, ie having people to assess each threat and then take an action on that to actually resolve it.

“The thing about UTM is that you have to have intrusion prevention. If you’re not operating with intrusion prevention, your network is inherently insecure.”||**|||~|shahnawaz200.jpg|~|Sheikh: Any solution that SonicWall sells now is UTM.|~|Arun George, Technical Manager of TippingPoint, a division of 3Com, has been managing several security implementation projects, including a recent Emirates Airlines deployment. The airline installed an array of TippingPoint Intrusion Prevention Systems, which are monitored from a centralised management zone.

He believes customers select solutions based on three perspectives: security, cost and resources. “Enterprise customers with sufficient resources and staff always consider security to be of prime importance and hence follow rigorous evaluation criteria before selecting the best-of-breed solution. However, most SMB customers consider cost and resources as a priority, before security and hence prefer integrated security appliances as the answer to fulfil their needs.”

He adds, “Exploits are now targeted towards the upper layers of OSI (open systems interconnect). Hence layer two to seven inspection of every data-packet in the network, without compromising speed is equally important. Integrated appliances, with two or more technologies on the same box, find it difficult to perform simultaneous inspections while guaranteeing the multi-gigabit speed that enterprise customers seek.”

Cisco has also developed a threat prevention solution, its self-defending network. Anwer Koteb, regional systems engineering manager for Cisco, says: “Every design to an enterprise for the past 12 to 18 months has been built around the self-defending network.”

However, he says that Cisco’s solution is not designed to be a ready-made package but should be adapted to meet the needs of each enterprise.

Cisco’s architecture allows for third-party products to be used in conjunction with their own. An element of the solution is network admission control (NAC, see box-out), which is an intelligent network infrastructure that can grant or deny users access to parts of a network based on their identity and that of their computer. Should a computer or piece of data fail to meet integrity tests, it is placed in a quarantined area of the network until it can be assessed for malevolent content.

Trend Micro has taken an all in one approach especially to meet the needs of the SMB sector. It recently announced a new ‘worry-free security’ initiative aimed at helping smaller businesses in the Middle East with little or no IT support to secure their networks.

“For small businesses, the burden of managing unpredictable threats can be immense,” said Steve Quane, general manager of Trend Micro Small and Medium Business operations. “Often companies do not have a full IT support team, and even if they do, they may not have dedicated security experts. These organizations want a single solution – with one single install and one product to manage – that can help them secure their business automatically.”

Trend’s initiative features three strategic components: automatic threat protection, all-in-one, integrated defence against a variety of threats, and zero administration. Together, they provide an automated security solution that protects businesses but does not require round-the-clock IT support.

Hatem Ali, senior territorial technical manager for ISS in Egypt, Levant and the Middle East, believes that all enterprises require best of breed protection, but says that network performance can suffer if systems are linked together without proper management.

“The latency of the slowest appliance will be the latency of the whole system. Every vendor has his or her own management package that doesn’t really cover the whole process,” he says.

This is the point where responsibility for running a successful system passes to the user, Ali says. He adds, “Security is not a box you plug in, it’s more a process.”

Richard Gayle, managing director of London Global Associates, which provides IT auditing, training, and consultancy, believes that many businesses believe that their security solutions will do all of their work for them.

“We’re very pragmatic in the measurement and the delivery of security and what we don’t like in the region is a lot of the IT security solutions vendors telling their customer base that if they have firewalls, gizmos, anti-virus solutions, malicious code countermeasures to stop pop-ups and anything else the business is absolutely assured from security breaches,” he says. “We don’t believe that.”

The prevailing view seems to be that an all-in-one system is better than nothing, but that even consolidated security systems should use best of breed solutions if they are to offer the best protection. This is good news for small specialist vendors who can concentrate on innovative new products to fill the gaps left by the big vendors. Meanwhile, purveyors of UTMs can work on ways to allow their solutions to work with best of breed technologies and still sell the basic architecture.

Whichever system a company uses, it needs people within the business who can interpret and manage it. No business should assume that installing an expensive system is all it needs to do.

It is clear that there is a high demand for IT engineers in the Middle East with the skills to put together a bespoke security system. At present, demand for skilled IT professionals far outstrips supply, but perhaps the pressing need for optimum security solutions will see an additional investment in staff training and development. Then business IT in the Middle East really would be in safe hands.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code