Layers Help Secure Net Traffic

Regular maintenance is crucial for best results.

Taking a layered approach to securing Internet traffic is the right way to handle a fundamentally insecure technology. However, whether organizations opt to purchase several software products or a complete system in a box, thorough, routine maintenance is the key to the systems success.

For IT managers, the choice today is between one-stop appliances with customized operating systems, software and hardware and specialized software products that use load balancing, clustered computing, caching and proprietary algorithms to quickly scour incoming and outgoing traffic for potential or known security concerns.

Appliances from manufacturers including Blue Coat Systems Inc. are often the easiest to install and maintain over several years. This is because they come as a turnkey solution—a hardened operating system and (usually) tamper-resistant cases, custom software and special application-specific integrated circuits that speed packet inspection. These appliances range in price from $1,500 to $10,000.

Blue Coats history is worth noting. The company started life as Cacheflow Systems Inc. and spent the dot-com era fine-tuning hardware to speed Internet access. After the dot-com bubble burst, Blue Coats technicians discovered caching technology could also be used to speed security processing by quickly checking to see if packet and connection information contained malicious information. This discovery sent Blue Coat in an entirely new direction.

Software products including Aladdin Knowledge Systems Ltd.s eSafe 4 (see review) take a similar approach to Blue Coats but let companies use their own (and therefore usually much less expensive) hardware.

As we noted in the review, eSafe 4 boots up a customized version of Red Hat Inc.s Red Hat Linux, then loads the eSafe 4 application on top. This procedure guarantees that eSafe 4 starts with a basically secure operating system. This is vital to ensure security enforcement.

Appliances and software-based systems must be updated over time.

For long-term maintenance, the laurels go to appliances because appliance vendors know exactly what hardware configuration is in use by every customer. Even though some upgrades require physical changes to the appliance, this is a far cry from the uncertain behavior of software products running on anything with a processor and a power supply.

But in our work with Linux-based applications, we have consistently been impressed with Linuxs ability to neatly adapt to hardware platforms. Weve also seen that Linux is no more difficult to administer than Windows in many data center operations.

Given the open-source access that enables vendors such as Aladdin to gain the inside scoop to locking down the base, we see no reason why software-based security products should not approach the same level as appliances in ease of use and reduced maintenance costs in the near future.

Senior Analyst Cameron Sturdevant can be contacted at cameron_sturdevant@