For a long time now, suppliers of routers and switches have been talking about the convergence of security and networking infrastructure products and technologies. The basic argument is that all these security appliances exist on the network because routers and switches were not fast enough to deal with processing security overhead without impacting network performance.
But in recent years, we've seen the companies that make routers and switches talk about the eventual reintegration of security within next-generation routers and switches that are fast enough to keep up with the task. Case in point is the Secospace USG5500 series from Huawei Symantec that combines routing, switching, firewall, virtual private networking (VPN) and content inspection in one integrated platform. The company says the Secospace USG5500 series can support the Secospace USG5500 and can support up to 64 ports of Gigabit Ethernet and 14 ports of 10 Gigabit Ethernet interfaces-enough to achieve 30 Gbps firewall throughput-while still providing anti-virus, anti-spam, IPS and URL filtering capabilities.
Launched at the recent RSA Conference 2011 event, Jane Li, general manager, North America, Huawei Symantec, says the Secoscape USG5500 series is part of a larger trend that is seeing network infrastructure be able to effectively handle more tasks thanks to multicore processors and faster Ethernet pipes.
But the question that IT organizations are going to have to wrestle with is how fast is fast enough? Brute force attacks on security devices are overwhelming existing firewalls and intrusion prevention systems (IPS). By consolidating everything into the network, won't it just be a matter of time before these attacks again overwhelm routers and switches no matter what their current capabilities?
Everybody agrees that there is an opportunity to consolidate security appliances. But security vendors such as Check Point and SonicWALL are making a case for security gateways that are still distinct entities apart from routers and switches because of the inevitability of network and security performance overhead issues.
The challenge IT organizations are going to have to address is trying to find the right balance between cost and performance. There's no doubt that consolidation of security appliances is at hand. But the degree to which an IT organization wants to consolidate its security and network infrastructure is not easily ascertained. And with that consolidation comes some interesting nuances about to what degree IT organizations want to consolidate the network and security responsibilities of different specialists on the IT staff.
At the end of the day, it may come down to how you view security. If you have critical assets that can easily be attacked, then dedicated security appliances make a lot of sense because an ounce of prevention is still worth more than a pound of security cure. But if you're just trying to secure your overall IT environment at a reasonable cost, then maybe the time to consolidate security and network infrastructure has finally arrived. In either scenario, it's going to be a case of balancing risks versus costs, which is always what it comes down to when it comes to any conversation related to security.