Archives || Search || About Us || Advertise || Feedback || Subscribe-
-
Issue of April 2006 
-

[an error occurred while processing this directive]

  -  
 
 Home > Vendor Voice
 Print Friendly Page ||  Email this story

The argument for UTM

While point solutions were once effective at protecting corporate networks, they no longer suffice as individual protective layers. With blended and internal threats becoming commonplace, Unified Threat Management is gaining acceptance in the enterprise. By Shubhomoy Biswas


Shubhomoy
Biswas

Threats against computer systems are more than a quarter century old, yet new and complex attacks by hackers (blackhat) continue to wreak havoc on today’s connected corporations. For more than two decades, firewall technology—and more recently point solutions such as virus detection and prevention, encryption and patch management—have helped to protect corporate information assets from computer criminals.

Security experts agree that a single weak link in security can compromise an entire security implementation. Organisations therefore need a unified approach that protects their networks and business users from blended attacks and technology misuse while decreasing operating costs. This ever-changing landscape of security threats has created a demand for Unified Threat Management (UTM) appliances.

The Need For UTM

UTM refers to a security device that provides broad network protection by combining multiple security features—firewalling, anti-virus, intrusion detection and prevention, and content control and filtering—on a single hardware platform. (The UTM acronym was coined by IDC.)

Industry analysts note that the rapid rise in blended threats combined with widespread access to information has greatly contributed to a need for the flexible, highly integrated functionality that UTM delivers.

Blended Threats

Organisations are struggling with viruses and malicious attacks that are incredibly complex, and are deployed with a multifaceted approach to obtain their desired results. These new blended threats package a combination of virus and worm technology into an extremely elusive attack vehicle.

One of the blended threats, Mydoom, utilised e-mail as its infection vehicle and delivered a payload that took advantage of millions of computers worldwide to launch a denial-of-service attack on a target company. It was estimated that in the first five days of the Mydoom outbreak, over $60 billion of damage occurred.

In addition to security threats from blended attacks, administrators also face increased network slowdowns and a lack of prioritisation of traffic moving through the network. Many of these slowdowns are due to having too many users engaged in non-productive activities such as using Kazaa, peer-to-peer, instant messenger and multimedia applications. While running these types of applications contribute to productivity losses and bandwidth consumption, they also open holes into the internal network.

Another challenge for organisations is increasing use of the Internet for business and personal purposes by internal users. This has given rise to a number of problems associated with a lack of control over Internet usage such as loss of productivity, bandwidth drainage, or legal liability through access to inappropriate or illegal content. Unregulated Internet access can also open the internal network to threats such as spyware, malicious mobile code, key loggers, VoIP attacks, phishing and fraudulent Web sites. Access to information must be controlled on a per-user basis to maintain network integrity.

To keep their networks updated in order to address network threats and productivity issues, companies have deployed point solutions throughout their networks in the hope of covering all potential threats. One area that IT managers are utilising point solutions in is protection against internal attacks.

Enemy Within

According to FBI studies, more attacks are propagated and launched internally than externally. Companies are deploying internal intrusion detection systems that place monitors or agents on multiple department segments, and e-mail anti-virus systems that prevent viruses from moving.

IT administrators also have concerns over threats from remote or distributed environments such as when workers are in a hotel, a Wi-Fi hot spot, or are travelling abroad, and are exposed to threats getting into the corporate network when they launch a VPN client. To eliminate this threat, organisations are deploying separate VPN solutions for remote users to segment that traffic from the larger network.

To handle concerns over wireless security, businesses are implementing separate wireless networks to segment wireless traffic from the internal network, and content filtering solutions to decrease productivity issues as well as eliminate spyware. Companies use spam-filters to block out spam, and firewall port-monitoring to restrict viruses.

Finally, IT managers are constantly applying patches for servers, workstations, routers, switches and firewalls. While patches can solve issues with the existing software, they are often applied too late, or never. Proper use of patches requires time-consuming staging and testing. Is is therefore desirable to avoid the need for patches with patch protection that can be installed at the network level.

While point solutions have proven effective in the past, it’s becoming increasingly evident that they do not provide sufficient, timely and unified protection against today’s threats. These widespread threats are not only the source of unnecessary financial drain for the modern enterprise, but they cause immense productivity losses and take up a large amount of an IT administrator’s time.

Point security solutions simply cannot keep up with protecting against these complicated threats and productivity issues, and tend to be difficult to deploy. These cannot be managed centrally, and require manual updating, which gives rise to increased operating complexity and overhead costs.

Advanced Network Security

UTM is an emerging trend, an evolution of the traditional firewall into a product that not only guards against intrusion but also performs content filtering, spam filtering, intrusion detection and anti-virus duties traditionally handled by multiple systems

Organisations today are looking for an integrated and unified approach to network security. They want to unify the management of all of these different security and productivity technologies into one unit. This is where UTM comes in.

UTM is an emerging trend in the firewall appliance security market, an evolution of the traditional firewall into a product that not only guards against intrusion but also performs content filtering, spam filtering, intrusion detection and anti-virus duties traditionally handled by multiple systems.

For Effective UTM

Effective UTM requires:

  • Low total cost of ownership. Total system costs must be less than the expected loss if there are security breaches due to lack of control. The solution must decrease the time to protection and ongoing overhead to achieve a lower total cost of ownership. Security threats are constantly changing, and the system must adapt to these changes on a constant basis with little to no user intervention.
  • Coordination. Security breaches can occur between mismatched technologies, so whenever possible layer the security approach. Since many threats have multiple attack signatures, one layer prevents a certain portion of an attack while another layer catches the rest. The network’s security posture must adapt in unison for comprehensive protection.
  • Reduced complexity. To achieve maximum security, solutions must be easy to implement, and the components must work well together; if not, incident detection (and resolution) becomes difficult if not impossible. Vital considerations include time-to-response and automation of appropriate protection.

UTM addresses these and other requirements by bundling together key information and security functions, and providing simplified administration. Efficiently packaged and effectively delivered, it reduces the cost and increases the reliability of a company’s security programme.

Security for computer networks has come a long way from the advent of firewalls in the early eighties. Yet, with the complexity of attacks ever changing in sophistication and speed, security has never been more important.

While existing point solutions were once effective at protecting corporate networks, they no longer suffice as individual protective layers. Today, corporates need a distributed and effective front against the modern threats facing information networks.

They need UTM.

The author is Country Manager, Sonicwall India.
He can be contacted at sbiswas@sonicwall.com

 
     
- <Back to Top>-  
Untitled Document
 
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.