Central control to the rescue
Relief for security administrators who oversee enterprises with a myriad of separately controlled security devices and VPNs could come in the form of consolidated management and control features embedded in the latest offerings from Check Point Software Technologies Ltd. and Internet Security Systems Inc. (ISS).
This week Check Point will introduce VPN-1a, the final release of its VPN Next Generation overhaul. VPN-1a offers automated client license and software updates, network visualization, and bandwidth and SLA (service-level agreement) monitoring, said Mike Lee, product marketing manager at the Redwood City, Calif.-based company.
Also this week through the unveiling of its new RealSecure Protection Systems platform, Atlanta-based ISS will attempt to merge management of customers' intrusion-detection, anti-virus, scanning, VPN, and application protection into one box designed for desktops, networks, and servers, according to ISS officials.
A new set of integrated management-oriented security solutions could deliver on the ease-of-use promise that older security product "suites" never could fulfill, said Charles Kolodgy, research manager at Framingham, Mass.-based International Data Corp.
"There's always been this need for consolidation," Kolodgy said. Although a wide variety of product choice is a good thing for users, it can result in a piecemeal approach to security, he said. "Most enterprises need to have much more coherent, consistent usage of their security solutions," Kolodgy said.
Check Point has tweaked its architecture to become more flexible to scale, has expanded controls to allow administrators to apply policy definitions to individual users, and has succeeded in making security less obtrusive, analysts said.
"You can't have 24 different security consoles each managing its own narrow function -- it just doesn't scale," said Bob Lonadier, an analyst at Framingham, Mass.-based Hurwitz Group. "It becomes a management nightmare unless you have centralized policy creation and enforcement."
Slated to be available in the second quarter, VPN-1a aids network performance by providing VPN gateway fail-over and greater QoS (quality of service) via the support of DiffServ, the industry standard for IP QoS, Lee said.
VPN rollouts fuel private vs. managed debate
A telco giant and a hardware vendor both leapt into the VPN market last week, signaling that the stakes for private networks remain high.
WorldCom is billing its IP VPN Select Access Edition as a "customer-managed" solution that will enable enterprises to design, manage, and monitor their own VPNs. The package will use Cisco Systems Inc.'s Secure Policy Manager software, which allows users to establish and manage network security policies.
Business managers must weigh the merits of internal VPN management versus outside means to assist overburdened security and IT managers, said Bob Lonadier, an analyst at Framingham, Mass.-based Hurwitz Group.
"IT managers spend 90 percent of their time putting out fires, so they don't have time to think about QoS [quality of service] that is being provided for their environment," Lonadier said. "Most are just so overwhelmed at this point that they would probably welcome outsourcing something as complicated as a VPN."
Current telco customers could warm to the idea of receiving secure links between branch offices and traveling employees in addition to their voice and data needs, he added.
The Select Access Edition will offer connectivity to WorldCom's global IP network and Cisco's SMARTnet technical support service. A fully managed VPN service is planned for roll out later in the year.
Meanwhile, Juniper Networks Inc., a Sunnyvale, Calif.-based hardware maker, rolled out a set of interfaces and software enhancements aimed at delivering multiple IP services, including VPNs.
Juniper's new MPLS (multiprotocol label switching) technology will enable service providers to offer fully outsourced VPNs, obviating the need for enterprises to manage their own private networks.
» posted by ITworld staff
InfoWorld
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
