Unified security provides better defense at lower cost
As network security threats grow in sophistication, enterprises are demanding greater protection for their information assets along with more efficient, cost-effective ways to administer their security systems. To meet these objectives, an increasing number of enterprises are adopting a new class of security devices that provide a unified solution.
In the following interview, Tom Russell, senior director of Cisco Systems’ Security Technology Group, discusses the advantages of unified security devices, clarifies misconceptions, and provides insight about Cisco’s leadership in the overall security market.
Info Security Products Guide:What is unified security?
Tom Russell: Unified security, also known as unified threat management, typically combines multiple threat-mitigation techniques such as firewall, antivirus, and intrusion-prevention-system technologies into a single device.
Info Security Products Guide:Why are unified security devices compelling for today’s information security needs?
Tom Russell: Individual threat-mitigation techniques have traditionally been implemented as separate services on standalone devices. However, deploying a single mitigation technique is no longer sufficient to guard against today’s increasingly sophisticated threats. In response, a growing number of enterprises are turning to unified security devices, which enable them to integrate a broad range of threat-mitigation techniques on a common platform.
Unified security not only offers a better defense against threats but also reduces deployment and operations costs. For instance, capital expenditures decrease because with multiple security services deployed on a single device, multiple boxes aren’t required. On the operations side, which generally consumes a larger portion of the overall lifecycle expense, it’s much easier and less costly to manage a single unified security device than multiple standalone devices, each with their own management interface, training requirements, and logistics.
In addition, unified security makes it possible to administer an integrated policy system, which minimizes training requirements, boosts productivity, and reduces the likelihood of policy-related errors that could compromise security.
Info Security Products Guide:While the demand for unified security products is growing, what concerns about this approach still exist?
Tom Russell: By far, the greatest concern is the level of security provided. A unified security device might have a “breadth” of services — encompassing a firewall, antivirus protection, intrusion prevention, and virtual private network (VPN) connectivity, for example — but not the “depth” in each service needed for robust security. A solution may be proficient in firewall technology, for instance, but may not have the depth of intrusion-prevention-system technologies necessary to thwart complex attacks. Enterprises considering a unified security device should evaluate the vendor’s level of expertise across the entire range of security technologies.
A second concern is performance. Since unified services involve numerous complex security inspections, processing can get bogged down and performance can suffer dramatically when all the services are run concurrently.
Why unified security?
Combines threat-mitigation techniques into a single device for greater protection
Reduces capital expenditures because multiple threat-mitigation techniques can be deployed on a single device
Relieves burden of managing multiple standalone devices
Standardizes hardware, management, and operations, reducing complexity as well as deployment, training, and operation costs
Info Security Products Guide: What makes Cisco’s architecture unique when it comes to integrating best-in-class security applications? Are users able to take advantage of all these applications without any degradation in performance?
Tom Russell: Cisco has been developing and deploying best-in-class security on standalone devices since the early 1990s, starting with the PIX family of firewalls. We offer one of the best-selling firewall and intrusion-prevention-system technologies on the market, as confirmed in numerous industry analyst reports. Consequently, it was a natural progression for us to apply our expertise to the development of unified security solutions, combining market-proven technologies into a single device.
When we developed the Cisco ASA 5500 Series Adaptive Security Appliances, we had two primary guiding principles: provide only best-in-class security, and maintain optimum performance levels when all threat-mitigation techniques are enabled and inspecting data concurrently. True to the first principle, the Cisco ASA 5500 Series combines market-proven firewall, intrusion-prevention, network antivirus, and IP Security (IPsec) and Secure Sockets Layer (SSL) VPN technologies in a single platform.
For optimal performance, we’ve taken a two-pronged approach. First, Cisco employs multiprocessor technologies and dedicated engines that help ensure high performance during inspection activities. In addition, Cisco has developed software that takes advantage of a common flow of data during inspection activities. A single policy framework “cracks the packet” only once for multiple inspection techniques. Security inspections can be performed more efficiently, resulting in high performance in both User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) environments.
Info Security Products Guide: How are unified security devices typically deployed?
Tom Russell: Unified security devices are frequently deployed on the perimeter of the network, usually in place of a firewall. In this location, these devices often provide a VPN or apply security techniques such as access-control, intrusion-prevention, or antivirus services before releasing the flow of data into the network. However in many locations throughout the network, a more tailored set of services may be more appropriate due to purpose, architecture, or business needs and would still drive many focused solutions.
In contrast to other unified security devices, the Cisco ASA 5500 Series unified security platform, with both richness in depth and breadth of services, can be deployed in any location throughout the network. For example, it’s used for critical asset protection in data centers focused on firewall and intelligent protection switching (IPS) services, at the perimeter delivering a complete suite of mitigation and access-control services, and as a standalone remote-access concentrator scalable to thousands for IPsec and SSL VPN services. A cost-effective solution, the Cisco ASA 5500 Series is also deployed in remote offices and in small and medium-sized businesses where its integrated services protect against threats from local Internet connections.
The integrated Cisco approach to services enables the Cisco ASA 5500 Series to be the strategic platform for any role within a company’s security framework. In addition, its centralized policy management makes it easy to disable or activate security services to meet the needs of the enterprise.
Info Security Products Guide: Does Cisco’s present leadership in the security market give it an unfair advantage in gaining a large share of the unified security market with the Cisco ASA 5500 Series?
Tom Russell: The market will decide which vendor has the best solution for unified security. Any advantage that Cisco enjoys is a result of providing marketing-leading standalone security solutions for many, many years. By integrating those proven technologies into the Cisco ASA 5500 Series, we are able to offer our customers a very powerful solution.
In part, our success can be attributed to the ease with which Cisco customers can implement unified security. Customers who have Cisco standalone devices can easily integrate, or migrate to, the Cisco ASA 5500 Series without costly and time-consuming modifications to their existing security policies or disrupting their protection. For instance, a configuration file from a Cisco PIX firewall can be loaded into the Cisco ASA 5500 Series and, with a simple change of interface names, it will function identically.
Similarly, the Cisco ASA 5500 Series can be easily integrated with existing Cisco remote-access clusters, enabling customers to fully benefit from their existing investments while migrating to a unified security solution.
Tom Russell is senior director of Cisco Systems’ Security Technology Group. Tom has been in the networking and security industries for over 28 years and with Cisco Systems for the past 10 years. He currently is Senior Director of Product Management and Technologies within Cisco's Security Technologies Group. He and his team have focused on developing numerous programs supporting Cisco's Self-Defending Network initiative such as Firewalls, Intrusion Prevention Systems, SSL VPN's, Anti-X techniques and Network Admission Control. Before joining the Security Technology Group at Cisco, Tom lead the product management team for Cisco's 7500 series router family.
