Unified Threat Management

UTM appliances became a popular choice to combat security threats at the branch office level. Newer types of UTMs are emerging that can be setup on blade servers, with each blade combating a specific threat

Tuesday, December 04, 2007

Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

Organizations constantly have to cope with rising security threats with each passing day. There are so many different types of security threats that it's a challenge just to keep track of them. To combat this situation, the market reacted by introducing a wide array of security products. So much so that there's a product available for every type of security threat. At the first level are the broad range of security products for combating viruses, spam, web content and hacking. At the micro level, there are security products for various different channels and applications. So apart from security threats, organizations have to also worry about choosing the right mix of security products. As if that was not enough, they also have to manage so many different devices, ensure they're always up and running, constantly updated, etc. This is as big a challenge as combatiing the security threats themselves. That's where the concept of Unified Threat Management, or UTM comes into picture.

A UTM is a single device that provides protection against multiple security threats be it viruses, spam, network and host intrusions, etc. It's available as a hardware appliance, which can simply be plugged into the network and configured. Their simplicty and speed of deployment has made them extremely popular amongst organizations.

Types of UTMs
There are several different types of UTMs, which vary depending upon where they have to be placed on the network and how many security threats they need to combat. There are the all-in-on types of UTMs that can be placed at the first level itself to provide protection against everything. There are also some that are more suited as a second line of defense. These devices are equipped with a single utility such as only anti-spam, anti-virus or IDP.

There are some UTMs in the market that have lesser definitions of viruses and spam, and contain definitions of only those viruses which are active for an year or two. Such devices are good as a second layer of defense as they provide a very high degree of performance.

There are a number of free UTMs such as Endian and Untangle available which you can download from the Internet. These are complete OS and need to be installed on a system, as discussed earlier. These are free of cost and have almost all the tools required. But you have to configure it yourself and there's no support provided. But if you are looking for support then you can get that at a reasonable fee. However, if you're looking for deploying security in remote offices then Open Source UTMs can be a good choice, but only if you have the in-house technical support. These UTMs can be managed remotely from a central office through a Web based browser management console or using VPN. There are hardware appliances available but you can also find software hybrid appliances too. They comprise of a software or a complete OS which can be installed on a system and then placed on the gateway for protection; similar to the manner in which hardware UTMs are installed. The system that is used to deploy such kind of security layers should meet minimum software requirements of the organization.

A Unified Threat Management device securing your network at the gateway level in a typical enterprise setup

A word on security threats
The types of security threats have also matured and are becoming more dangerous. One kind of an attack involves plain monitoring of the network, and no damage is done to the software nor is any information stolen. The second and more dangerous types of attacks are done with a malicious intent of stealing sensitive information or damaging software.

Unfortunately, the trend is moving towards the second types of attacks. There are many studies that indicate that in the future, most of the security attacks will be done with a malicious intent.

TMs go beyond security
While the prime objective of a UTM appliance is to provide protection against security threats, that's not the only function it can perform. Apart from security, you can also configure UTM devices for bandwidth management, defining policies for a group or individual, etc.

New technology in UTMs
The number of security threats are only going to increase with time. So much so that there will be instances where a single UTM won't be able to handle the volumes coming from so differnet types of security threats. In essence what's needed then are dedicated appliances for different security threats, but with the condition that they shouldn't bring back the difficulties faced with managing them, which was the case earlier with multiple security devices. So one thing being worked upon is to have rack mountable blades, wherein each blade is dedicated for different jobs. For example, if one is for spam then the other will be for IDS/IPS and so on. The good thing is that all these can be controlled and managed from a single console. Another thing that has been developed but needs improvement is 'Zero Day' protection. Zero Day protection helps tackle Zero Day attacks, which involve exposing undisclosed and unpatched application vulnerabilities or holes to the outside world.

The pros and cons of UTMs
The best use for UTMs is at the branch office level where you don't have dedicated manpower to manage security. It could also be used at the head office for handling specific security threat. The other benefit of a UTM is that since it's a dedicated security device, it can handle a high number of transactions. However there are a few things to watch out for in UTMs as well. For instance, while they're easy to install, what do you do if there's a problem? If it goes down, then you're essentially vulnerable to multiple security threats, and need support at the earliest. In such a case, you're at the mercy of how quickly can the vendor rectify the problem or provide you a backup UTM.

What to expect in future
As attacks increase and become more intense, more and more security appliances will come up with new features and functionality. Now there are some dedicated appliances which are specially designed to block spyware and Trojans but also have anti-virus and anti-spam functionality. These devices are very good as a second line of defense as they can be placed behind the firewall. In the coming year expect a security appliance with a far higher performance, one that will provide better security and 100% protection from Zero Day attacks. Also one can expect UTMs to go personal and be available as software which can be installed on your system.

Page(s)   1