Criteria for Evaluating Network Security Solutions

Malicious content is ubiquitous. So how will you keep it off your network? Criteria for evaluating network security solutions include scalability, customizability, manageability, comprehensiveness and accuracy.

If you are managing the IT department in a small or midsized business (SMB) then you are in a challenging position.  It’s your job to keep your network and devicessecure but you have limited resources. 

You can deploy a range of security applications, from anti-malware and anti-spam scanners to vulnerability scanners and patch management systems. There are many options on the market to choose from. 

Start your product evaluation with a strategy aimed at implementing a comprehensive network security strategy that meets your policy requirements. As part of this process look for security applications that are scalable, customizable, manageable, comprehensive and accurate.

Before we delve into the key characteristics of network security solutions it is important to point out the scope of applications we are discussing. Of course anti-virus, anti-spam, anti-phishing and firewalls fall into this category. Security is more than blocking malicious content though.  To mitigate a range of security risk use a combination of inventory management, patch management and vulnerability scanning procedures as well. These can help ensure you know what is running on your network, it is kept up to date and properly configured.

In all cases, from anti-virus to vulnerability management, you will want to assess your tools by the five key criteria.

Scalability: Will Your Tools Grow with You?

Businesses grow in many different ways, especially when it comes to IT infrastructure, applications and data volumes.  Tools that work with network traffic will need to scale as your network traffic grows. These include anti-virus and data loss prevention solutions.  Have your prospective vendors provide server requirements for a range of workloads. You may find some tools scale well within a single server, e.g. by adding memory, while others may require additional processors or clusters of servers to meet your requirements.

Consider architectural impacts from scaling your network security solutions. For example, when you add another server to run your security application can the servers run with a load balancer distributing the workload or will you have to configure the network to divide the workload by network segment?  The more you have to change your network configuration and architecture to accommodate security applications the more difficult it will be to scale and manage your network.

Dan Sullivan is an author, systems architect, and consultant with over 20 years of IT experience with engagements in systems architecture, enterprise security, advanced analytics and business intelligence. He has worked in a broad range of industries, including financial services, manufacturing, pharmaceuticals, software development, government, retail, gas and oil production, power generation, life sciences, and education.  Dan has written 16 books and numerous articles and white papers about topics ranging from data warehousing, Cloud Computing and advanced analytics to security management, collaboration, and text mining.

See here for all of Dan's Tom's IT Pro articles.