Report: Integrated Security Suites More Efficient Than Point Solutions

In a recent study that measured the time to deploy and manage an integrated security solution compared with two suites of point products, independent third-party engineers concluded that, from a time-to-deployment and management perspectives, many companies may be better off with a integrated security suite strategy than a best-of-breed security stategy.

The test exercises compared the effort required to deploy and manage a comprehensive perimeter security solution during a 12-month period for a company with 1,200 employees in a headquarters and three satellite offices.

The study examined common business security requirements such as firewall and packet filtering, VPN connectivity, and Internet content filtering -- including, anti-spam, anti-virus, and URL filtering.

The report concluded that systems administrators and IT managers need to tread carefully. While organizations can roll their own suite of security offerings, the degree of complexity and pain, which ultimately translates into dollar cost, seems to far outstrip any perceived advantage associated with best-of-breed point solution strategies.

"Time and time again, the complexity created by manually integrating multiple products became strikingly evident," analysts said.Specific test activities included installing and configuring security software packages, setting up administrative processes, updating and distributing software, and managing changes. The Tolly Group tested solutions offered by Astaro, Juniper Networks/NetScreen, and Check Point Software Technologies.

Both the Check Point and Juniper/NetScreen security offerings required the installation and management of Trend Micro and Websense second-party products -- for anti-virus and URL blocking respectively -- in order to be compared on equal footing with the all-in-one security package offered by Astaro.

The study determined that best-of-breed suites require at least 2.9 times more work than Astaro"s single integrated product to install and configure, and that ongoing support effort is at least 90% higher.

"Our staffing evaluation of the Juniper/NetScreen- and Check Point-anchored solutions shows that users pay a prohibitive first-year penalty when they elect to integrate several products into a security suite for SMB or larger networks," the report stated.

Other highlights of the report concluded:* After measuring 13 implementation steps, The Tolly Group found Astaro required just under 10 hours to install, versus 28 hours for the Juniper/NetScreen/Trend Micro/Websense bundle and 39 hours for the Check Point/Trend Micro/Websense bundle.

* Definition of 45 server and host entries required Astaro 90 minutes; Juniper/NetScreen 225 minutes and Check Point 450 minutes.

* Monthly backup of the complete system configuration across 4 sites: Astaro 8 minutes; Juniper/NetScreen 60 minutes; Check Point 2 hours.

* Total implementation and support effort over the first year: Astaro 71 hours; Juniper/NetScreen 137 hours; Check Point 184 hours, or a 160% hike above Astaro.