In these complicated times, technological simplicity is always best. Often, networks rely on scores of disparate hardware boxes to secure traffic as it comes from the Internet at large into the network. Even at some of the smallest companies, administrators might have 10 or 20 separate boxes lined up, each of them requiring separate maintenance and management. This approach to security is expensive, hard to manage, and inefficient. Consolidating network defenses into one platform is cheaper, better, and easier.
One way to accomplish this level of consolidation is through security virtualization, a process that transcends physical limits by creating many virtual devices on a single hardware device. The practice has been around for decades. For example, virtual storage uses software that can make multiple hard drives act like one large virtual drive. Virtual networking employs a similar idea. With the help of Virtual Local Area Networks (VLANs), organizations can prevent remote users from accessing mission-critical data until they upgrade to acceptable security standards. Virtualized security applies the same approach.
With a virtualized approach operating from one device, security provisioning takes mere minutes
Security virtualization today
At the same time, hardware has evolved in an effort to consolidate multiple servers into larger blade-style servers. The advantage of a blade server is clear in larger environments with benefits such as space savings, better redundancy, and easy extensibility. This development means more computing power, packed into a smaller space, and provides a powerful platform for security virtualization. Security virtualization as an approach means a more effective means of tapping into this power and effectively allocating it. As the network multiplies in complexity, administrators can add virtual security devices to secure these networks and easily add blades to scale performance. If one of the blades falters, administrators simply can pop it out and insert a new one.
In the software sphere, a number of Managed Security Solution Providers (MSSPs) offer virtualized security as a monthly subscription service, as well. In these latter cases, MSSPs are responsible for evaluating, integrating, and managing the virtualized security hardware.
For this service, some of these companies charge as much as $500 to $1,000 per month.
Why security virtualization?
What makes security virtualization so valuable? Think of it this way: If you are a shepherd, it is easier to watch one sheep than it is to watch 50. A single virtualized security server can replace up to 250 physical boxes. This means maintenance and routine updates are easier, since network administrators do not have to worry about upkeep on dozens of devices.
With fewer security boxes to set up, provisioning a virtualized security offering can be done in very little time. The old way, with a number of firewalls and other boxes, the process took some system administrators days or weeks. With a virtualized approach operating from one device, security provisioning takes mere minutes. As more processing power or network bandwidth is required for a network connection, administrators can make these upgrades with nothing more than simple software commands to the server—never physically altering the equipment at all.
Additional benefits
It is no secret that the most important byproduct of this hardware consolidation and simplified provisioning is lower cost. Do the math: fewer boxes and a diminished need to maintain and provision the technology means huge savings in expenditures and in human resources. What’s more, as the network grows, instead of purchasing new boxes to secure the fledgling areas, network administrators simply can add more blades, creating additional savings (since blades cost far less than full-fledged security tools). Measured with standard total cost of ownership (TCO) metrics, security virtualization just makes sense. The approach also saves space in the server room—with fewer boxes to run, network administrators gain real estate for other pieces of hardware.
With the exception of the new VPN-1 VSX NGX version from Check Point Software Technologies, most of the virtualized security products on the market today compromise a lot of functionality in the name of virtualized security. However, VPN-1 VSX provides comprehensive security with virtualized firewall, VPN, and intrusion prevention functionality. It also includes critical networking and ease-of-use features like dynamic routing support and the ability to operate in bridge mode, as well as key ease-of-use features such as streamlined management and a virtual system wizard.