Security Zone: Best of breed versus single vendor solutions creates challenge and opportunity

The concept of an eclectic mix of security appliances, OS and hardware that seeks to maximise security architectures through diversity may be outdated thinking.

The concept of an eclectic mix of security appliances, OS and hardware that seeks to maximise security architectures through diversity may be outdated thinking.

Should we select a multiple vendor 'best of breed' product and software approach to security architecture? A design that when combined with a security event management platform seeks to provide a near real time security monitoring across multiple disparate devices?

Or might we consider a single vendor approach? One that provides a security intelligent design, derived through a homogeneously engineered approach, leveraging the power and potential of security appliances and software similarities that collaborate over a 'metaphorical' single form factor and OS. Does this actually improve security over and above a disparate architecture?

Often it is an anathema to many security folk to have a single vendor platform that by default permits any given vulnerability to be replicated across the architectural fabric, which by definition functions on the same or similar operating system and hardware platforms. Disparate vendors may remove the simplicity of a widespread vulnerably contagion, however, this may not mean an improved result if the correlation of events by devices remains separated to such an extent that the true security posture of the enterprise remains relatively unknown! Add to this mix the pertinent fact that the IT security team's skills often never quite reach an order of magnitude to adequately tackle the array of completely separate devices and software involved and we may observe that the very creation of deliberately engineered diversity, may ironically increases exposure to risk.

Below are a few considerations to guide any business weighing up the options and decision making dilemma.

Multiple Vendor Approach


Permits best of breed for each point solution

May reduce the risk and of vulnerability contagion

Potential of improved security if accurate correlation of events is achieved

No single vendor lock- in


Architectural complexity increases difficulty in containing and restricting breaches

Testing and proof of concept of disparate platforms and architectures increases time to deployment

Multiple vendor procurement rarely delivers optimum commercial benefits

Higher costs of IT security training, with team's rarely achieving SME (subject matter expertise) across every device

Single Vendor Approach


Potential to increase security posture, with homogenous event capture and single management view

Reduced operational IT training and maintenance costs, with the increased ability to achieve SME (subject matter expertise) level for chosen technology

Easier to quarantine breaches

Maximise the return on capital expenditure by leveraging assets across the security infrastructure through feature enablement

Single platform decreases evaluation, testing, proof of concept, and time to deployment

Provides commercial economies of scale that procurement may leverage


Potential of increased risk and speed of vulnerability contagion across a single platform

Single vendor lock in

The decision cannot purely be made on security considerations alone. Financial impact on the capital investment and operational expenditure will also have a role to play. Inevitably a balance must be drawn with regard to return on investment in terms of the achieved level of security and total cost of ownership. Therein lays the magic that the strategic thinker needs to bring to the table. Food for thought for any of today's challenged decision makers.

Steve Maslin is an Independent Security Strategist and Business Consultant with CISSP

Read more on IT strategy