Data from Aberdeen Group’s 1Q 2012 Business Review indicate 21 per cent of UK-based organisations plan to make major technology investments in IT Security initiatives, such as data protection, identity and access management, endpoint or mobile security, and network security this year.
As IT leaders in the UK decide which investments are best for their respective organisations, they may find value in learning which network security solutions are being deployed by top-performing companies to cope with the ever-evolving security threat landscape.
The results for selected network security technologies from an Aberdeen study of more than 160 organisations are shown in Figure 1.
As indicated by the light blue bars, all respondents have deployed network firewalls, while more than 4 out of 5 have also deployed technologies such as email monitoring and filtering (86 per cent), intrusion detection and prevention (82 per cent) and web monitoring and filtering (82 per cent).
Meanwhile, the blue and red lines superimposed on the light blue bars in Figure 1 indicate the percentage of the leaders (top fifth) and laggards (bottom 30 per cent) from Aberdeen’s study that have deployed these selected network security technologies.
In general, leaders have consistently deployed these technologies to a higher degree than have laggards.
The gap between the two lines indicates which technologies have the strongest correlation with top performance, such as intrusion detection and prevention.
But what about organisations for which network security consists solely of a firewall? Is this an effective strategy? For this analysis, Aberdeen looked at 27 companies whose network security is based on firewalls alone, with no intrusion detection or prevention and compared them with 119 companies whose security includes firewalls and a range of other network security solutions.
The leading performers from Aberdeen’s study are also included for reference.
Based on survey responses, Table 1 summarises the following averages for each group, normalised as a percentage of annual turnover:
- Total cost of IT Security-related incidents, such as costs not avoided
- Total cost of IT Security initiatives, including estimates for all related costs for people, process and technologies
- Total annual investment in IT Security, based on the sum of the above
Compared to leading performers, for example, we see the firewall-only group actually spent four times more in total, due in part to being less efficient.
The leaders typically manage their IT Security initiatives at higher scale and lower cost. But the biggest difference is due to the firewall-only group being less effective.
The firewall-only group bore the burden of higher costs not avoided compared to companies who deployed greater security defense-in-depth.
For a detailed view of the analysis see the report: Network Security: Firewalls Alone Are Not Enough.
Network security solutions are evolving to reflect changing technical requirements; the result is some overlap and a bit of marketing-driven confusion, but the major categories include:
Firewalls plus advanced Intrusion Prevention Systems
Research shows that, with multiple open paths through traditional network firewalls, most companies augment those with complementary technologies, such as intrusion detection and prevention solutions on the network, and anti-virus or anti-malware solutions at the endpoints.
This is designed to address what traditional firewalls cannot. A growing problem is that the traditional, signature-based approach for these complementary technologies is under significant stress in its own right, which is why advanced capabilities such as behavioural analysis and behavioural inspection of packets to decode protocols will become increasingly important.
Unified Threat Management (UTM)
The term unified threat management was coined to describe a single network appliance combining multiple network security technologies, typically:
- Intrusion detection and prevention
- Virtual private network
- Monitoring and filtering of email and web content
- A unified management interface
Next-generation firewalls typically integrate firewall and intrusion detection and prevention capabilities. They are distinguished by leveraging stateless protocols to increase application-specific visibility and to enable application-specific and identity-specific policies and controls.
Network security initiatives for all organisations should adopt a comprehensive, defense-in-depth approach to protecting their platforms, networks, applications and data.
Aberdeen’s analysis confirms the prevailing wisdom that network security based on traditional firewalls alone is not enough.
Derek Brink is vice president and research fellow, IT Security research for Aberdeen Group