Building and Selling an Integrated Security Solution

With the risk of experiencing some type of security incident or breach rising each year, corporate executives have expanded their definition of what constitutes adequate security protection to encompass all parts of the enterprise. No longer is a simple firewall and anti-virus software enough to satisfy the security requirements of most companies. Today, many companies want—and need—a more comprehensive approach to security that addresses all layers of the organization, from the perimeter, network core, server and host to the applications themselves.

“Let’s say you have people coming in on your SSL (Secure Socket Layer) VPN (Virtual Private Network). You need to be able to make sure their endpoint is secure and won’t be a tunnel into your network for worms, viruses and hackers,” explains Bill Jensen, a product marketing manager for Check Point Software Technologies Ltd. of Redwood City, Calif. “You also need to be able to protect yourself against them, and you want to have all of the information from the SSN VPN in a readable format along with the rest of your security products so you don’t have to hunt through 15 different syslogs on 15 different platforms.”

The best way to accomplish this type of integration is through a layered, integrated security solution. Typically, an integrated security solution includes many types of security technology that proactively secures routers, servers, desktops and network devices; VoIP (Voice over IP) security; secure mobility for handheld devices; real-time blocking of attacks and intrusions; secure access to wireless networks; and testing endpoints for compliance with security policies.

An integrated security solution provides much greater protection than simply employing a handful of point solutions, says Karen Devine, director of product marketing with RSA Security Inc. of Bedford, Mass.

“The sophistication of those who want to infiltrate your company is growing, so you can’t just protect one aspect and not expect them to come in another way,” she says. “A point solution that just protects one use case no longer cuts it.”

The integrated approach to security is growing in popularity, with good reason. The explosive growth of Web connectivity and networked e-business applications, as well as the popularity of telecommuting and wireless mobility, are just a few reasons why an integrated security infrastructure makes sense in today’s world, explains JoAnne Vedati, a product marketing manager with Blue Coat Systems Inc. of Sunnyvale, Calif.

Compliance with a host of government regulations, as well as compliance with internal security polices, also are major drivers for implementing an integrated security solutions.

“Offering an integrated security solution that’s been proven and tested means [customers] don’t have to worry that the solution won’t meet their internal security policies or if it will meet HIPAA (Health Information Portability and Accountability Act) or some other regulation they have to comply with,” says Joe Luciano, CEO of AccessIT Group, a solution provider based in King of Prussia, Penn. “It’s such a convoluted IT security world where people who aren’t even security specialists are making policies and compliance requirements that there is no way that one person working at a company with many responsibilities can do the research and testing to make sure all of the products work together and accomplish what they need. It’s peace of mind for the customer.”

These changing security requirements and pressures create significant opportunity for solution providers with the knowledge, expertise and training to understand how to create an integrated security solution that meets their customers’ specific needs—opportunities that inevitably lead to increased sales and greater customer loyalty.

“This type of solution pretty much creates customers for life,” Luciano says. “We have very minimal customer attrition, whereas prior to offering integrated solutions, customers felt free to switch providers at will. But because everything is integrated, it basically cements you into an account. You’re selling not only a box off a shelf, but a solution with a huge value-add, and services to go along with it.”

In many cases, the opportunity to offer an integrated security solution presents itself fairly easily, Luciano says.

“The sales process today is very different than it was five years ago. Today, the customer might come to you with an issue with his end-user security deployment, but the conversation quickly switches from endpoint security to perimeter security to internal security strategy and soon, it’s more of a security assessment,” he says.

Although solution providers specializing in security may have a leg up on earning this type of business, becoming proficient in security can be a great way for all solution providers to expand their areas of expertise and, in the process, gain new customers.

The opportunity is a particularly good way for solution providers with voice or data backgrounds to expand their horizons, says Laurie Usewicz, vice president of marketing and affinity sales at Westcon Group North America.

“Often, another solution provider will provide the security on their customers’ networks, particularly when a customer is moving to a converged network that’s IP-based. But if they know what questions to ask, they can earn the business instead of walking away or partnering with another reseller who can deliver the security portion of the solution,” she says.

To help solution providers become proficient in how to sell and service an integrated security solution, Westcon offers several services. A downloadable security checklist offers a list of questions to ask potential customers, while solution providers also can take advantage of pre-sales support, selling solution guides and security training, Usewicz explains.

Fast Fact: 47% of companies have experienced a worm attack that has compromised part of their network, while 23% have experienced an internal security breach.

Source: Enterprise Strategy Group

The Seven Layers of an Integrated Security Solution

• Perimeter Security (includes firewall, SSL gateway, user policy authentication including two-factor authentication, Token server, a VPN concentrator, and is VoIP-ready)
• Physical Security (includes IP surveillance)
• Network Core Security (includes secure routing and switching, multi-homing, secure wireless switching and traffic management)
• Server Security (includes malicious code-virus monitoring, antivirus and filtering traffic management, an intrusion detection/protection system, and user policy authentication)
• Host Security (includes host-based intrusion detection, malicious code/virus monitoring and anti-spam and user policy authentication)
• Application Security (includes threat management, content security, user policy authentication, malicious code/virus monitoring, and antivirus and filtering traffic management)
• Vulnerability Assessment and Management (includes Syslog analysis, security incident and event management, vulnerability assessment, security policy compliance and a visual policy editor)