Why should I have firewalls from more than one vendor in my network?

You shouldn’t!

Every now and then I meet customers whose company policy is to use firewalls or other security devices from two or even more vendors. Always they justify this decision with security. However according to Gartner over 99 % of all firewall breaches are caused by misconfiguration, not by firewall flaws. Gartner gave this statement already in 2008. Since then firewalls have got a lot more features that actually increase the risk for misconfiguration if you don’t know what you are doing.

In this light using firewalls/security gateways from more than one vendor seems to be more risky than consolidating all in one.

Following is my top list of reasons why one vendor is better than several.

  1. Personnel needs to be trained for only one vendor solution, instead of several.  Lack of knowledge increases the risk for misconfiguration.
  2. It’s easier to keep your software up-to-date with one vendor solution.
  3. Centralized management is easier to deploy with one vendor solution.
  4. Different policies are easily comparable and can be consolidated or migrated when they are all from the same vendor.

What should be taken into account when selecting a security vendor.

  1. Real security. Make sure vendor’s products are regularly tested by an independent test lab.
  2. If you have more than one gateway, make sure your vendor supports good and secure centralized management.
  3. In case you need help the vendor should provide credible technical support that is also easily reachable.

Disclaimer: I work for a security vendor, Check Point Software Technologies myself, but this text is entirely my own and does not represent opinions of my employer.