The argument for UTM
While point solutions were once effective at protecting corporate
networks, they no longer suffice as individual protective layers. With blended
and internal threats becoming commonplace, Unified Threat Management is gaining
acceptance in the enterprise. By Shubhomoy Biswas
Threats against computer systems are more than a quarter century
old, yet new and complex attacks by hackers (blackhat) continue to wreak havoc
on todays connected corporations. For more than two decades, firewall
technologyand more recently point solutions such as virus detection and
prevention, encryption and patch managementhave helped to protect corporate
information assets from computer criminals.
Security experts agree that a single weak link in security can compromise an
entire security implementation. Organisations therefore need a unified approach
that protects their networks and business users from blended attacks and technology
misuse while decreasing operating costs. This ever-changing landscape of security
threats has created a demand for Unified Threat Management (UTM) appliances.
The Need For UTM
UTM refers to a security device that provides broad network protection by combining
multiple security featuresfirewalling, anti-virus, intrusion detection
and prevention, and content control and filteringon a single hardware
platform. (The UTM acronym was coined by IDC.)
Industry analysts note that the rapid rise in blended threats
combined with widespread access to information has greatly contributed to a
need for the flexible, highly integrated functionality that UTM delivers.
Organisations are struggling with viruses and malicious attacks that are incredibly
complex, and are deployed with a multifaceted approach to obtain their desired
results. These new blended threats package a combination of virus and worm technology
into an extremely elusive attack vehicle.
One of the blended threats, Mydoom, utilised e-mail as its infection vehicle
and delivered a payload that took advantage of millions of computers worldwide
to launch a denial-of-service attack on a target company. It was estimated that
in the first five days of the Mydoom outbreak, over $60 billion of damage occurred.
In addition to security threats from blended attacks, administrators also face
increased network slowdowns and a lack of prioritisation of traffic moving through
the network. Many of these slowdowns are due to having too many users engaged
in non-productive activities such as using Kazaa, peer-to-peer, instant messenger
and multimedia applications. While running these types of applications contribute
to productivity losses and bandwidth consumption, they also open holes into
the internal network.
Another challenge for organisations is increasing use of the Internet for business
and personal purposes by internal users. This has given rise to a number of
problems associated with a lack of control over Internet usage such as loss
of productivity, bandwidth drainage, or legal liability through access to inappropriate
or illegal content. Unregulated Internet access can also open the internal network
to threats such as spyware, malicious mobile code, key loggers, VoIP attacks,
phishing and fraudulent Web sites. Access to information must be controlled
on a per-user basis to maintain network integrity.
To keep their networks updated in order to address network threats and productivity
issues, companies have deployed point solutions throughout their networks in
the hope of covering all potential threats. One area that IT managers are utilising
point solutions in is protection against internal attacks.
According to FBI studies, more attacks are propagated and launched internally
than externally. Companies are deploying internal intrusion detection systems
that place monitors or agents on multiple department segments, and e-mail anti-virus
systems that prevent viruses from moving.
IT administrators also have concerns over threats from remote or distributed
environments such as when workers are in a hotel, a Wi-Fi hot spot, or are travelling
abroad, and are exposed to threats getting into the corporate network when they
launch a VPN client. To eliminate this threat, organisations are deploying separate
VPN solutions for remote users to segment that traffic from the larger network.
To handle concerns over wireless security, businesses are implementing separate
wireless networks to segment wireless traffic from the internal network, and
content filtering solutions to decrease productivity issues as well as eliminate
spyware. Companies use spam-filters to block out spam, and firewall port-monitoring
to restrict viruses.
Finally, IT managers are constantly applying patches for servers, workstations,
routers, switches and firewalls. While patches can solve issues with the existing
software, they are often applied too late, or never. Proper use of patches requires
time-consuming staging and testing. Is is therefore desirable to avoid the need
for patches with patch protection that can be installed at the network level.
While point solutions have proven effective in the past, its becoming
increasingly evident that they do not provide sufficient, timely and unified
protection against todays threats. These widespread threats are not only
the source of unnecessary financial drain for the modern enterprise, but they
cause immense productivity losses and take up a large amount of an IT administrators
Point security solutions simply cannot keep up with protecting against these
complicated threats and productivity issues, and tend to be difficult to deploy.
These cannot be managed centrally, and require manual updating, which gives
rise to increased operating complexity and overhead costs.
Advanced Network Security
UTM is an emerging trend, an evolution of the traditional
firewall into a product that not only guards against intrusion but also
performs content filtering, spam filtering, intrusion detection and anti-virus
duties traditionally handled by multiple systems
Organisations today are looking for an integrated and unified
approach to network security. They want to unify the management of all of these
different security and productivity technologies into one unit. This is where
UTM comes in.
UTM is an emerging trend in the firewall appliance security market, an evolution
of the traditional firewall into a product that not only guards against intrusion
but also performs content filtering, spam filtering, intrusion detection and
anti-virus duties traditionally handled by multiple systems.
For Effective UTM
Effective UTM requires:
- Low total cost of ownership. Total system costs
must be less than the expected loss if there are security breaches due to
lack of control. The solution must decrease the time to protection and ongoing
overhead to achieve a lower total cost of ownership. Security threats are
constantly changing, and the system must adapt to these changes on a constant
basis with little to no user intervention.
- Coordination. Security breaches can occur between
mismatched technologies, so whenever possible layer the security approach.
Since many threats have multiple attack signatures, one layer prevents a certain
portion of an attack while another layer catches the rest. The networks
security posture must adapt in unison for comprehensive protection.
- Reduced complexity. To achieve maximum security,
solutions must be easy to implement, and the components must work well together;
if not, incident detection (and resolution) becomes difficult if not impossible.
Vital considerations include time-to-response and automation of appropriate
UTM addresses these and other requirements by bundling together key information
and security functions, and providing simplified administration. Efficiently
packaged and effectively delivered, it reduces the cost and increases the reliability
of a companys security programme.
Security for computer networks has come a long way from the advent of firewalls
in the early eighties. Yet, with the complexity of attacks ever changing in
sophistication and speed, security has never been more important.
While existing point solutions were once effective at protecting corporate networks,
they no longer suffice as individual protective layers. Today, corporates need
a distributed and effective front against the modern threats facing information
They need UTM.
The author is Country Manager, Sonicwall India.
He can be contacted at email@example.com