Radified Community Forums
Rad Community Technical Discussion Boards (Computer Hardware + PC Software) >> Norton Ghost 2003,  Ghost v8.x + Ghost Solution Suite (GSS) Discussion Board >> Security Suite:  More Than the Sum of Its Parts?

Message started by Pleonasm on Aug 18th, 2006 at 12:00pm

Title: Security Suite:  More Than the Sum of Its Parts?
Post by Pleonasm on Aug 18th, 2006 at 12:00pm
Is a suite of security products more than the sum of its parts?  Is there an advantage to using a security suite (e.g., Norton Internet Security) versus a collection of independent component parts (e.g., AntiVirus, Firewall) from different vendors?  I had wondered.

Symantec claims that there is a distinct benefit to a security suite – namely, it provides integration across the layers of security.  For their perspective, read on.

Consumer security suites bring together multiple layers of protection in order to secure a system. This notion of Multilayer Security is well accepted by the security industry at large. The approach is considered necessary so that threats leveraging different vectors of attack can be blocked, and to mitigate the damage that a compromised system is exposed to. To this end, suites bring together several protection layers, typically starting with antivirus, antispyware and a 2-way firewall, and also including other technologies like intrusion protection, antiphishing, antispam, vulnerability assessment, and parental controls depending on the package. But, are security suites more secure than a combination of individual products? …

The one aspect of multilayer security that is not widely embraced and discussed, but that is key in opening the potential for suites to deliver better security, is the level of integration across security layers. This is where true security suites can really make a difference. Take the two most fundamental layers in a security product: antivirus and firewall. How can integration between these two technologies provide better security? Outbound firewalls control whether applications running on a computer can send information out to the Internet. They try to determine whether an application attempting a connection is a safe application that should be allowed access or a malicious application that should be blocked. Firewalls on their own are illequipped to make this decision and constantly seek to improve their ability to allow or block access automatically. In a suite, and with some integration, AntiVirus technology can help the firewall tremendously in this process. Let’s say that a Trojan found its way onto a system, and is calling "home". The firewall will see the Trojan establishing a network connection, and will need to decide whether to allow it, block it, or ask the user what to do. If the firewall can instruct the antivirus program on that system to check whether it matches a signature, and the antivirus program sees that this is a Trojan and can pass that information to the firewall, the firewall can now take automatic action and block the network connection. The system is more secure, since the communication from the Trojan was blocked; the system overall is more usable, since this happened without relying on user action. Integrated security layers can improve the overall security of a system. Unfortunately, many security suites in the market don’t provide a level of integration that really makes a difference.

Delivering integrated security layers is just as important as embracing a multilayer security approach, and is an important consideration when trying to decide whether to use a security suite versus individual products, or when making a product selection amongst suites.
Source:  http://www.symantec.com/home_homeoffice/blog/detail.jsp?blogid=suite_security&profileid=laura_garcia-manrique

NIPS (Network Intrusion Prevention Systems) technology complements and works in tandem with firewalls in providing the first and last line of defense in a layered security solution. NIPS technology offers two main benefits, preventing remote code execution by exploitation of vulnerabilities and blocking malware from phoning home. Technically, NIPS inspects packet headers and payloads, blocking bad traffic and allowing good traffic to get through without ever requiring user interaction and complementing what firewall and antivirus technology alone can do. …

With NIPS complementing a firewall, all network traffic going past the firewall will be examined, decoding protocols looking for suspicious patterns. If a pattern is found, the network packet is dropped and the connection disconnected, blocking the attacker from further penetrating the system. The effectiveness of NIPS technology is that it is a clean kill. No artifacts of the attacker are allowed to persist on the disk, and no cleanup is required.

With these clear benefits, and overall effectiveness, NIPS technology becomes an important component of a desktop security product, strengthening and working in tandem with antivirus and firewall technologies for a more complete and effective system defense.
Source:  http://www.symantec.com/home_homeoffice/blog/detail.jsp?blogid=network_intrusion&profileid=laura_garcia-manrique

Title: Re: Security Suite:  More Than the Sum of Its Part
Post by Rad on Aug 21st, 2006 at 12:26pm
I can see their point. They'd be able to see where the gaps might lie, and take steps to fill them. Integration, especially in the area of internet security, can be a valuable thing.

I tend to like picking-n-choosing my particular apps, tho.

Title: Re: Security Suite:  More Than the Sum of Its
Post by MrMagoo on Aug 21st, 2006 at 12:37pm
Also, using only products from one company leaves you dependent on that company, and wide open to any exploits targeting that company sepcifically.  This probably isn't a concern in the case of a strong, trustworthy company like Symantec, but something to think about when securing  your computer.

Title: Re: Security Suite:  More Than the Sum of Its Part
Post by Pleonasm on Aug 21st, 2006 at 1:46pm
I find it surprising that Symantec hasn’t highlighted the “integration benefit” of a security suite in their marketing messages; nor, to the best of my recollection, have the published reviews of security software by independent magazines.

Title: Re: Security Suite:  More Than the Sum of Its Part
Post by Pleonasm on Aug 21st, 2006 at 3:05pm
I should also say that prior to finding the material reproduced in the initial post, I always thought that a security suite should and could in theory integrate across functions (e.g., anti-virus and firewall) to enhance the level of protection, but didn’t know that it was actually being done in practice.  I had incorrectly believed that Norton Internet Security, for example, was no more than Norton AntiVirus + Norton Personal Firewall + Norton Privacy Control + Norton AntiSpam + Norton Parental Control, all packaged into one bundle for the sake of marketing and sales.

The “integration benefit” of a security suite also lessens the value of the comparisons of anti-virus tools found in the PC press.  Comparing anti-virus Product A to Product B, for example, won’t account for the “integration benefit” that a user experiences in the real world when using the product in the context of a suite.  That’s not a minor point, but one that I have yet to see discussed within product reviews.

Radified Community Forums » Powered by YaBB 2.4!
YaBB © 2000-2009. All Rights Reserved.