The warning from networking and managed VPN firm Blue Ridge Networks comes as network-equipment providers are enjoying unprecedented sales of Unified Threat Management (UTM) products that group firewall, anti-virus, intrusion protection and other security applications onto VPN appliances.
While the firm acknowledges the benefit of using a single vendor for organizations' IT security needs, it argues that these all-in-one VPN appliances "sacrifice security for the sake of convenience" and fall short of delivering the ultimate benefit of a UTM solution - security made simple.
According to the company, the promise of UTM can be best achieved by actually integrating these and other security services onto a separate platform from the VPN appliance. It argues that it is not good enough to merely have them share disk space and then push those services to an organization's perimeter devices over the high-security VPN.
"The idea behind the all-in-one appliance may seem logical at first, but a VPN gateway enhanced with multiple disparate applications amplifies its vulnerability," claimed Tony Russo, CEO of Blue Ridge Networks.
"The difference in approach originates from the business philosophy of the vendor. If you're a network equipment vendor and bolt security applications onto your VPN appliance, you cannot deliver the same high-level protection as a security-first company that puts the customer's information assets first and foremost."
"Another of the fundamental flaws that we see with the network equipment vendors shaky UTM strategy is that they are stacking security services onto VPNs that have numerous documented vulnerabilities. Take a look at the NIST National Vulnerability Database sometime and you'll see what I mean. The customer's solution ends up being like a fortress with a gaping hole where the front door should be," claimed Russo.