Security Appliances Come to Dodge - Page 2

 By Drew Robb
Page 2 of 2   |  Back to Page 1
Print Article

All Quiet

Stamp notes that appliances are best suited to filtering email and Web traffic. When traffic loads are unknown or less predictable, however, he advises going with software on a server.

"If the server is overloaded, you can generally stick another CPU or additional memory in there, but you are a bit more constrained with an appliance," Stamp said. "Appliances tend to be better when one can predict the load, and an organization generally knows how much email it gets in a day."

He also says that a general purpose security appliance might not be the best choice when the different types of traffic it filters are managed by different personnel in the organization.

"If you have an organization where email filtering is supported by a different team than the web content, you have a lot of finger pointing when something goes wrong," he said. "You need to determine ahead of time who owns the box and what procedures to follow for dealing with issues that arise."

Given those caveats, installing a security appliance still allows an organization to achieve a higher level of security without an excessive management headache.

"I currently feel we are fairly secure, because we attempt to be as proactive as possible," said Mueller. "I realize that there is no such thing as perfection with security, but by being proactive, I believe we are handling and protecting the needs of our customers as well as our co-workers."

Winning The Shootout

Perimeter security appliances incorporate a number of features that one would typically find in a security software suite. The advantage is that setting up an appliance is just a matter of plugging the device into the network rather than having to manage one or more dedicated servers and the associated software.

While a corporate data center may have the support staff to manage separate applications, appliances are a good match for smaller companies that don't have specialized IT security personnel. But they are also the best option for certain types of large enterprises.

"We have found that it has more to do with how distributed an environment is, rather than the size of the company," said Stamp. "Large retail chains like using appliances because they have many locations that have relatively small processing requirements."

The City of Encinitas uses Panda's GateDefender Performa 8100, but they do so in different ways. The appliance includes antimalware, antispam and a web content filter. It is designed for 25 to 500 users; 160 email messages per second and (SMTP); and 80 Mbps of HTTP traffic. Encinitas uses it as a frontline defense, but also runs host-based security software on all the servers and workstations.

"GateDefender offered us the ability to diminish not only viral-type threats, but also significantly reduce the amount of spam we are inundated with," said Mueller. "Just yesterday I saw that a staggering 73 percent of the email we received here at the City of Encinitas was spam. That's outrageous."

Before buying the product, Encinitas conducted a 30-day trial of competing appliances, and did in-house testing on both devices. Mueller preferred Panda due to its range of protection, ease of installation/uses, and the minimal amount of overhead processing time on incoming messages to the City.

Article courtesy of Datamation

Add to del.icio.us | DiggThis

This article was originally published on Mar 23, 2007
Get the Latest Scoop with Networking Update Newsletter