Taking a holistic approach to IT security

The growth of hybrid threats means organisations are being forced to take a holistic approach to IT security. Steve Gold looks at the options available to the harassed IT manager.

The hybrid threat

IT security has changed immeasurably over the last decade, not least because of the evolution of hybrid threats, which combine discrete problems such as viruses with other types of malware, such as network attacking program code and self-propagating worms, which can cause major headaches for IT managers.

Because of the development of hybrid threats, IT security systems have had to make a quantum leap in their approach, tackling security issues on several fronts, and requiring much more frequent updates to respond to new threats, which can spread rapidly across the Internet using email, Web pages and Internet Relay Chat.

Different vendors have evolved different strategies in dealing with these multiple security problems.

US vendors such as Symantec www.symantec.com use tried and tested methods, whilst newer arrivals such as Scandinavia's F-Secure www.f-secure.com and Russia's Kaspersky Labs www.kaspersky.com, have developed their own methodology.

As with most things in life, different vendors' IT security solutions have their own advantages and disadvantages, and customers can choose between them, based on their requirements as to which software and systems they want to protect.

One area of IT security that has evolved rapidly in the last few years has been the firewall industry. Originally seen as a protection system installed at the perimeter of a network, all vendors now acknowledge the need to integrate a firewall control system within the heart of the network.

This effective expansion of the firewall to embrace all aspects of a company's network can pose something of a headache for the hard-pressed IT manager, since the heart of the network often consists of legacy and/or proprietary systems that do not take kindly to integrating with firewalls.

Coupled with the fact that no single vendor can lay claim to offering the best in class IT security products, it comes as no surprise that most organisations' IT security systems are a mixture of products from several suppliers, with consequent higher-than-expected running costs and lower overall effective performance.

A few enlightened IT security vendors have tackled this potential problem area by actively supporting close integration with third-party systems and software, but this strategy does not sit happily in what has become a highly competitive industry.

An integrated approach

One company that has taken the integration approach to its logical conclusion is Crossbeam Systems www.crossbeamsystems.com which, as well as taking a multi-vendor approach to IT security, has integrated them into a series of rack-mounted appliances on the customer's site.

This strategy means that organisations can install and maintain a self-healing system at a single point in their IT systems and rely on that system to secure their IT resources against a variety of security threats and issues.

Equally important, claims Crossbeam, is that its strategy allows customer companies to integrate multi-vendor IT security software and hardware with load balancing technologies and other systems. This helps to maintain the smooth working of IT resources.

Crossbeam originally pitched its IT security offerings at the large-sized enterprise end of the market with its X-Series of self-healing systems.

Recently, the US-headquartered firm has released its C-Series for the medium-to-large-sized companies.

The C30, for example, is a security services switch based on the firm's X-Series technology, but scaled down to a stackable form factor to offer high port density and multiple layers of defence to mid-sized firms.

Despite its smaller size, the C30 security services switch takes the interesting approach of compressing the functions of multiple appliances, load balancers, switches and cables into a single- or dual-device system.

According to Crossbeam, the hardware and software solution can be equipped with individual security engines or in layered, all-in-one bundles, such as solutions for network access (combining firewall with intrusion detection and prevention), mail (combining firewall, spam and content scanning, plus antivirus) and Web content (combining firewall, Port 80 control and antivirus).

This means that the switch supports dynamic capacity management, increased processing power and traffic overflow capabilities, thanks to its integral load-balancing capabilities that can direct traffic to separate application hosts.

Crossbeam's X- and C-Series offerings are billed as offering a one-stop, one-point approach to IT security, effectively extending the multiple anti-virus engine approach to the entire IT security paradigm.

According to Stuart Wright, Business Development Manager with HarrierZeuros www.harrierzeuros.co.uk, the Hampshire-based independent systems integrator that sells and supports Crossbeam's products in the UK, the X- and C-Series take a holistic approach to a customer's IT security needs.

This whole-of-system approach - which encompasses anti-virus, firewall, intrusion protection, virtual firewall, VPN and URL filtering issues on an integrated basis - is relatively different apprach in the IT security industry, he says.

Some suppliers, such as Cisco and IBM, have taken a multi-vendor view to IT security, but few have been able to offer multiple vendor offerings on a closely integrated basis like Crossbeam.

Thanks to this single system approach to supporting multi-vendor IT security offerings, Wright says that Crossbeam's offerings have a rapid return on investment (ROI) for customers.

In plain English, this means the cost of installing an X- or C-Series system is rapidly paid back - typically within 12 to 18 months - in the form of reduced direct and indirect costs.

The ROI with Crossbeam's systems, says Wright, is faster than the competition, which is good news for customers, as is the fact that the X- and C-Series are Linux-based.

Interestingly, Wright says that many of business customers' inhibitions about using Linux-based systems in concert with their Windows-based technology is disappearing.

Customers are starting to realise the real advantages that Linux has over Windows, such as lower software costs, and reduced IT security problems, he said, adding that, as company's IT staff are becoming more security aware, they are also beginning to realise the advantages of Crossbeam's X- and C-Series offerings.

These advantages, he said, can help organisations reduce the running costs of their firewall installations, as well as supporting fast throughput and intrusion detection as standard features.

Although HarrierZeuros offers a number of alternative solutions such as those from Cisco, Nokia and NetScreen, Wright claims that Crossbeam's offerings can actually reduce the number of Check Point firewall or ISS intrusion Detection licenses required by a customer, as well as the number of separate platforms required, and so reduce the total costs of ownership.

On top of this, he says, Crossbeam's X- and C-Series can run best-of-breed security applications simultaneously at the high speeds necessary for fast network throughput.

But will integrated IT security offerings, such as those from Crossbeam, satisfy the needs of business organisations who are probably more interested in their own bottom line than protecting their IT resources from all types of attack?

It looks like it - research just released by IDC www.idc.com suggests that the server appliance market - and in particular, firewall and VPN appliance sales - are doing extremely well in the UK and Western Europe.

According to the IT research company, revenues from the server appliance market were $132.4 million for the fourth quarter of 2003, up 46.2 per cent on the same quarter in 2002.

IDC says that, whilst growth had been slowing in the server appliance market, it has now picked up again, as vendors are continually evolving their products to meet the changing needs of the market.

Interestingly, IDC adds that, whilst intrusion detection (IDS) appliances continued to show good growth over the year, quarter-on-quarter growth slowed slightly in the fourth quarter of 2003, to 23.5 per cent.

The research firm's fourth quarter report says that the market will have to wait and see whether IDS appliances will move beyond being a niche product and reach mass market acceptance.

The bigger picture

Despite taking an integrated and multi-vendor approach to IT security, it's important to realise that there are still other aspects of an organisation's security that need to be addressed.

These include controlling employee access to the Internet, preventing staff from surfing to inappropriate Web sites and thereby opening an organisation up to issues of legal liability, as well as the obvious negative publicity that can ensue from such situations.

Because of the wide-ranging aspects of modern IT security, would-be IT security customers are advised to undertake a risk analysis on their IT systems before installing a security system of any type, regardless of which vendor's offerings they eventually plump for.

Web sites such as www.security-risk-analysis.com can help companies in their risk analyses, but the support of a good reseller or systems integrator is paramount in this regard.

Even when a company's IT security systems have been installed, there is still a need for ongoing reviews of the IT security needs of the company.

A good vendor, systems integrator or reseller in the IT security space will also go a long way to helping an organisation with its reviews, which should be carried out on a regular basis.

Good IT security, then, is a lot more than taking a holistic approach to security - it has become a state of mind.