Unified Threat Management (UTM) is one of the hottest industry topics in recent years. People think it’s a “magic bullet” that can tackle all information security problems, especially for small- and medium-sized enterprises. On the other hand, some people have reservations. In this article, we will examine how a 5-in-1 UTM system can help protect enterprise networks at a reasonable cost, and understand the advantages and limitations of such a system.
Many security vendors in the market claim to offer UTM solutions. However, what is a UTM system? A UTM device is defined as a firewall with extra protection features to avert DoS / DDoS, viruses and other malicious programs, spam mail and phishing attacks. Web filtering (blocking unauthorised addresses) may also be featured.
Before the current UTM “revolution,” enterprises had deployed multiple security software programs that included firewalls, anti-virus software, anti-spam appliances and URL gateways. These programs and devices have their own specific purposes. However, implementing so many separate systems is not cost effective. Enterprises dedicate vast amounts of resources to manage individual security appliances. IT staff would need to be trained on each user interface, with differing commands and settings across devices. Maintenance costs and troubleshooting delays would further increase with additional devices added to the mix.
The beauty of the UTM approach is streamlined management without sacrificing comprehensive security features — thanks to a unified operating system and management console. UTM solutions can provide an all-in-one security architecture with features equivalent to that offered by multiple security appliances. This can dramatically save time from having to be trained on multiple software programs, as well as increasing responsiveness and effectiveness of system administrators in managing attacks. UTM also enables swifter migration, more centralised management, with reduction in operating costs. Deploying a UTM platform is actually a business consideration rather than a pure IT decision.
UTM solutions are designed to ease the workload of IT personnel. It is easy to manage and also saves cost. While UTM optimises IT resources, it must be properly implemented to be effective. An improperly configured UTM device can actually create more problems than it solves.
Some enterprises implement UTM without thorough planning. These companies might activate all the available features, thereby creating bottlenecks on their corporate networks. To prevent this problem, companies should divide their networks into different segments by usage, and turn off unnecessary features. For example, if an enterprise uses only a Web server and an email service, policies can be set up to block access by any other protocols. Moreover, only Web pages and email messages need to be checked. By carefully adjusting the features, network loading can be optimised. Enterprises should therefore choose flexible UTM products that allow granular definition of security policies and customisation of features, to ensure the network would not be overloaded and resources effectively utilised.
All UTM providers claim that their products efficiently tackle a wide range of enterprise security concerns. However, this is probably only valid if the vendor provides timely update of security information to identify the latest threats. Also, if vendors self-develop their own anti-virus, anti-spam and anti-phishing solutions, it is possible that these in-house solutions are not appropriate alongside the existing firewall. Unproven products can actually introduce extra risk by lulling an enterprise into a false sense of confidence, when in reality the security is inadequate. It is imperative that a company deploy a proven, reputable solution instead of a UTM device that has all the right marketing keywords on the package.
Finally, it is important to remember that a UTM system is only part of a total security infrastructure. Policies such as Web access control, identity recognition as well as resources management should also be implemented, otherwise there are significant gaps in the security posture that can be exploited by attackers and malware.
Organisations today are looking for an integrated and unified approach to network security — unifying the management of all of these disparate security technologies and productivity technologies into one unit. This is where Unified Threat Management (UTM) comes in. UTM is an emerging trend in the firewall appliance security market — an evolution of the traditional firewall into a product that not only guards against intrusion — but performs content filtering, spam filtering, intrusion detection and anti-virus duties traditionally handled by multiple systems.
UTM is a compelling and natural consolidation point in the evolution of information asset protection. Part technology and part packaging, it responds to the growing challenge of protecting information assets in the 21st century. Effective unified threat management requires:
Total cost of ownership: Total system costs must be less than the expected loss if there are security breaches due to a lack of controls. The solution must decrease the time to protection and ongoing overhead to achieve a lower total cost of ownership. Security is constantly changing and the system must adapt to these changes on a constant basis with little to no user intervention.
Coordination: Security breaches can occur between mismatched technologies, so when possible, layer your approach to security. Since many threats have multiple attack signatures one layer prevents a portion of an attack, another layer catches the rest. The security posture of the network must adapt in unison for comprehensive protection.
Reduced complexity: To achieve maximum security, solutions must be understandable to implement and components must work well
together, or incident detection (and resolution) becomes difficult, if not
impossible. Vital considerations include time-to-response and automation of the appropriate protection.
Unified Threat Management addresses these and other requirements by
bundling together key information and security functions, and providing simplified administration. Efficiently packaged and effectively delivered, it reduces the cost and increases the reliability of a company’s security program.
Source: SonicWALL
The author is Managing Director, Juniper Networks