Antivirus: Is all-in-one a safe bet?

Antivirus: Is all-in-one a safe bet?

The problem with recommended system requirements detailed on the back of software boxes is that they will only get you so far - laboratory environments don't exist in the real world. Integrators rarely (if ever) encounter a "clear installation" or "greenfield site" - an IT environment being completely fresh from the ground up. Almost always integrators spend their time patching together a quilt of existing infrastructure (hence the name) - compensating for that little NetGear box that jump-started the business when it was only two people before it grew to a headcount of 15 or 20.

Because of this, the choice of a single-vendor security solution over a mixed-bag approach has no easy answer. Or rather, it has a very easy answer. Which path you choose depends entirely on the environment your dealing with. Let's say, for example, you run a Citrix solution in part of your organisation. It's all servers which makes the AV solution easy to change, but do you replace all your routers now because you're looking to replace your firewall?

The good news is that making these decisions is where resellers and distributors operate with authority. While it is a vendor's responsibility to ensure that its products interoperate with complementary systems in a laboratory, Mitchell Hooper, Tecksel's SonicWALL specialist, says it is up to an integrator to scope the real-world project properly before weighing up their own knowledge against what the customer has in their environment.

This process can be aided by a distributor with a sound technical understanding of its range's abilities, according to Greg O'Loan, marketing manager for Express Data. He says a reseller should be able to go to their distie and say, "I've got expertise in this, this and this and the customer is running this and this. What's the best solution and how can I head off potential conflicts in the environment?"

Meanwhile, there do appear to be considerations in each approach which, in a general sense, makes them more suited to certain environments or to customers with specific priorities.

Overhead vs. performance

Today, ease of management has become an equally important consideration to customers as the ongoing expense of maintaining the system and its technical effectiveness, according to Hooper. The fact that you can buy a multifunction security device and switch on the features as required - turn on the firewall but leave the AV dormant until your existing licences expire, for example - is a huge advantage. It also means the customer, and reseller, can reduce the number of vendor relationships they have to manage - instead of a separate contract for the AV, the firewall and so on, there is one encompassing all elements. O'Loan points out this can also have benefits from a support perspective. "The advantage of having an AV, firewall, encryption and content filtering sourced through a single vendor is that you know who to blame when you've got a problem," he says. "The biggest risk for a reseller is who's going to be there not just if something is faulty but when the configuration has gone wrong - the reseller has ordered the wrong licences, say, or they've blown some flax memory in the router."

However, O'Loan does question whether any single-vendor solution is flexible enough to cater to the specific needs of a customer's environment. "Who can say that one vendor can be the answer to everyone's problem?" he asks.

And here lies the crux of the argument for fans of the multi-vendor approach. It's about vendors sticking to what they're good at, says Rohan Wilkinson, LAN Systems' system engineer for security. An all-in-one solution is typically easier to administer because it has a single interface from which to configure it, usually with a friendly GUI (graphical user interface). But while it may do everything that the individual security devices do, it's not going to do them as well. Joel Montgomery of Trend Micro likens the one-stop shop to a general practitioner. "A GP is proficient in many areas of medicine, however if a patient requires more in-depth knowledge and care, a specialist is the preferred option. Being a best-of-breed vendor, we like to call ourselves the specialists of the industry," he says. What's more, Tim Rosser of Rosser Communications, a VPN/firewall and data communications specialist, says a single-vendor solution takes away the safety net of a layered system. "A security threat that is missed by one application is often picked up by another," Rosser says.

Wilkinson says there is also an element of dumbing down, which occurs when a series of independent applications are bundled together by a single vendor. Multifunctional security appliances, such as those of Symantec and Cisco, typically stem from the acquisition of several different independent applications. While the idea of pulling the separate elements into a tidier solution has merit, the risk is that very often the integration does away with the features and functionality that the original device or applications was best at. "If it was originally a firewall and you've now incorporated an AV into it, you're now doing multiple things on that one box," Wilkinson says. "Therefore, you're taking away the resources of that single-process device and getting it to do more processes, which means you're going to need more hardware or your performance is going to suffer." Some vendors have tried to avoid this by rebadging an existing product from a market leader, like SonicWALL's appliance which runs the McAfee AV range, but alterations to performance are inevitable.

The other consideration of the single-vendor approach is that, having acquired the products, it does take a considerable amount of time to neatly mesh them and in that transition phase more problems may be created than solved. Wilkinson says it is probably quicker to make APIs available so integrators can get the third-party application working with other products. But eventually, hopefully, the vendor integrates them more tightly and the hiccups give way to a more refined solution. On the other hand, a report circulated by IDC in June this year outlined significant benefits to an organisation by adopting standardised interfaces. A single-vendor policy brings consistent management to all the security products and the increased functionality of central consoles has also had a positive effect in this area.

Economic realities

Aside from the technical aptness of one solution over the other, there are economic considerations to take into account. Does a multi-vendor approach require more integration, thus generating more services revenue than an all-in-one appliance? And if an all-in-one box can be maintained by the administrator with minimal input from a reseller, are resellers doing themselves out of a service fee?

Can a reseller achieve a better rebate by sourcing three or four products through one vendor, as opposed to three or four suppliers, and can they secure a better price by going for a bundled approach?

O'Loan advises that in making these decisions the reseller should always keep their mind firmly fixed on the customer and the long-term value of the relationship. "It is true that the reseller is the number-one influence in the customer's purchasing decision but the customer is going to have things in mind already and they are going to bounce the reseller's suggestions off other resellers, information on the Internet and their peers," he says. It is simply not worth jeopardising a valuable customer for the sake of a rebate. "Is a rebate anything compared to the services that you can charge on a solution that you know is going to work, is going to make the customer happy and maintain the relationship in the long term?"

Similarly, a reseller may charge four times as much in services for a multi-vendor solution because it takes them longer to work out how all the products fit together. This, however, has less to do with the complexity of coupling together a mixed solution as it is about the integrator working outside of their comfort zone. Wilkinson says that multi-vendor solutions, where the vendors have certified partnerships, are only marginally more difficult to set up than the supposed plug-and-play systems.

In the final analysis, if resellers venture into uncharted territory by adopting a multi-vendor approach, they have to consider the risk of providing a less-than-perfect solution and damaging their credibility with the customer.

Need, cost and greed, says Tecksel's Hooper, are the major considerations in a security purchase. According to the SonicWALL specialist, need is the easiest of the three to deal with because it's genuine. The Privacy Act makes it so, along with the hundreds or thousands (opinion varies widely on the true number) of Internet-borne viral strains popping up each week. Cost, on the other hand, is variable depending on the way the sale is pitched and the relative value of the data the customer wishes to protect. A reseller may choose to offer a 25-user SonicWALL box for $1,800 to do the same job as a dedicated server that costs $4,000, thereby reducing the up-front cost, or they may convince the customer that a higher up-front cost will reap greater savings in the long term. If the customer is still undecided, they can resort to slightly more brutal tactics by doing the maths on what it would cost the customer's business if it were hacked. After all, it hardly seems logical to quibble about spending $2,000 on a security system to protect an infrastructure (including hardware, software applications and man hours during downtime) worth $50,000. What resellers should avoid at all costs is the greed element, winning a customer's business at all costs. This is where you start eating away at your margin, and ultimately undercutting your own value. By all means skim $50 off the price if it means clinching the deal, Hooper says, but don't throw away your livelihood in the process.

Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments