LAS VEGAS -- According to speakers at Interop 2005, blended threats present increasing risks to networks and are
among the most significant and dangerous problems to guard against in the near term.
But one major question arose: Does the best approach for stopping blended threats involve numerous best-of-breed products or a single, comprehensive device?
The key speakers at Tuesday's session entitled "Combating blended threats with blended countermeasures" were Phil Kwan, director of product management for Sunnyvale, Calif.-based Fortinet Inc., and Vincent Weafer, security response senior director for Cupertino, Calif.-based Symantec Corp.
Kwan said blended threats, which combine the characteristics of viruses, worms, trojans and malicious code, are often carried into an enterprise network via spam in order to elude customary lines of defense. In most cases, they ultimately seek to exploit a known vulnerability within an operating system.
Both Kwan and Weafer agreed that blended threats are best combated with a comprehensive all-in-one security device.
Kwan said the new generation of combination security devices combines network-based security features with real-time updates and a layered approach that culminates firewall, IDS/IPS, antivirus, antispam and Web content filtering capabilities.
Weafer endorsed the all-in-one approach because it enables all the different threat defense mechanisms to work together with greater efficiency.
"There's a benefit of having these things correlate," Weafer said. "Simply bundling [services] isn't the answer."
However, moderator David Piscitello, president of Chester Springs, Pa.-based consulting firm Core Competence Inc., had a different opinion. He said he doesn't believe there will ever be one device that fulfills all corporate network security needs, which is why companies should pursue a best-of-breed strategy that focuses on each firm's specific security needs.
Michael Noakes, a network engineer with the U.S. Department of Defense, said he agreed with Piscitello's opinion.
"There are just too many limitations involved with just having one set of eyes on your network," Noakes said. "We're better off with various security measures because what one vendor doesn't catch the other one will, and visa versa."
Noakes said the Department of Defense has several best-of-breed devices and services deployed on its network. In fact, for issues such as antivirus protection, it layers two vendors' products to provide a higher standard of security.