Print Full Article Print This Page Download the PDF E-Mail This URL

The security industry is experiencing a trend toward consolidation. Not only are vendors merging, they're looking to release products that pack a number of functions into one neat package. We've seen this trend recently with desktop firewalls; over the next year we expect a merger of desktop firewalls, VPN clients and security policy enforcement products.

Many desktop firewalls should work just fine with the VPN clients we tested. The problem is that you have to manage VPN clients and desktop firewalls separately, and you also need to make sure that the firewall is running before you let a remote user access the LAN. InfoExpress and other firewall vendors offer a VPN enforcement add-on (InfoExpress won our Editor's Choice award in our review of desktop firewalls, "No Desktop Is an Island"). These add-ons verify that the firewall is active when a tunnel is detected. If the firewall isn't running, the connection is dropped. Some VPN gateway manufacturers have partnered with desktop firewall vendors and give away trial copies or guarantee compatibility with the VPN client. Of course, you should check to make sure that the client software actually does work with your desktop firewall before you launch a major rollout.

The danger of a multipurpose tool is that it may be a jack of all trades, master of none. You may get a mediocre firewall with a VPN client, for example. When dealing with security, you want the best products available, but the hassle of separate VPN, firewall, host IDS and antivirus programs can be a big administrative headache. As the industry consolidates, you'll need to evaluate your situation and decide whether to go with an easy all-in-one solution or stay with the multivendor approach.