Testing multiple solutions in a lab environment designed to simulate a
medium-sized enterprise revealed that choosing a variety of best-of-breed
products and integrating them -- a common practice in many areas of IT --
"may not be the best option when it comes to security," said Charles
Bruno, executive editor at Boca Raton, Fla.-based The Tolly Group.
"Going into it, we anticipated a level of complexity," Bruno said.
"What we found was the difference in the time it took to deploy the
different solutions was striking."
The Tolly Group looked at a solution comprised of Juniper Networks/NetScreen
and Check Point Software Technologies solutions, as well as an integrated
offering from Astaro Security Linux. The Juniper and Check Point products were
augmented with Trend Micro antivirus and Websense URL-blocking tools.
All told, the report estimates that the Astaro offering would take 72 hours
to install and support during the first year of operation, while the
Juniper/NetScreen option would require 139 hours and the Check Point option 184
hours. The integrated solution was also faster when it came to defining server
and host entries and on monthly backup of the system configuration.
That time translates to cost, Bruno said, and adds up to a
"penalty" during the first year of deployment. "Network admins
are still going to have to decide whether a best-of-breed option is right for
them," he added.
Jim Hurley, VP at Boston-based Aberdeen Group, said security professionals
often prefer best-of-breed offerings, despite the added work of integration.
However, the waves of consolidation that have hit the security industry have
produced more all-in-one solutions that are being looked at more closely.
The test simulated a 1,200-person company with three satellite offices
running VPNs, firewalls, antispam, antivirus and URL filtering tools. Bruno said
the study may hold a lesson for larger enterprises "We've shown that in
this case at least, an integrated solution can save a lot of time," he
said.