Security approaches have traditionally included a motley collection of standalone products, but the solutions and threats continue to evolve and grow. While no single company can meet all your needs, you now have the option of working with a very small number of vendors to manage the core components of your security strategy. If you do decide to consolidate vendors, what should you be looking for?

I can answer that in one word: Integration.

Many people equate "consolidating vendors" with "integration." Working with fewer vendors will certainly provide you with the convenience of dealing with fewer sales reps and sources of technical support, but the solutions of many multi product vendors aren't remotely related to each other. If a vendor's security products aren't integrated from both a technology and management perspective, they might not be worth the investment, regardless of what name is on the package. This leads to proliferation of both agents and consoles to be managed, which prevents security events from working across systems (unless they happen in the brains of the operators) and slows down the most effective response.

Technology integration
Let's say there's an attack on your network. What happens? If a vendor's products for this scenario are integrated, the attack will trigger a chain reaction in which: 1) the attack is identified; 2) the vulnerability of the machines under attack is assessed; 3) any machines found to be vulnerable are quarantined, and 4) any vulnerabilities are remediated. The products automatically communicate with each other and put into motion a series of events to identify, contain and fix the problem.

Now if there's an attack on your network and a vendor's products for the scenario aren't integrated, what happens? All four of the above actions may have to be done manually by separate administrators, which can lead to human error and inevitable delays. A lot more work and potentially much less security, even though all the products might come from the same company.

In other words, the overall value of integrated security products is much greater than the sum of the individual parts. One plus one equals three or more.

Management integration
Policy or regulatory compliance is another great example of why integration is so important. Let's say you want to set a per-machine policy that says:

• Passwords have to be strong
• Specific Microsoft® patches have to be deployed
• Anti-virus software must be installed and current or the machine must be quarantined
• Only certain USB devices may connect to the machine
• Certain files must not be copied onto any USB devices

With a common management infrastructure, however, you can create these policies, and they are enforced automatically. Plus, you only need to request a single report that executive management and/or auditors will be able to digest.

All told, both scenarios might require half a dozen tools to set and monitor compliance. But scenario A (no integration or automation) is a messy proposition requiring a great deal of manual activity, which opens up the door to errors and delays. Scenario B (common management console) automates everything and aggregates the data you need exactly how you need it. This allows you, for example, to tell your CEO what the top 10 attacks were last month, what percentage of target machines were actually vulnerable, and how long it took you to remediate them.

One plus one equals three or more.

Dig a little deeper
The bottom line is that when humans have to carry information between consoles or governance issues, things happen more slowly and with less accuracy. Using fewer vendors, however, doesn't guarantee automation across systems. So if you do decide to consolidate vendors for specific security functions, make sure the ones you choose can:

• Manage the entire workflow of these kinds of scenarios
• Incorporate information from third-party systems
• Automate decision making and the transfer of information between systems