There are a wide variety of threats to network security, so most organizations have a wide variety of tools and technologies in place to protect against them. In some cases it may be an attempt to implement the very ‘best-of-breed’ for each product category, but for many organization it is just the way things have evolved. They needed to separate their internal network from the public Internet, so they bought a firewall. They wanted to stop the flood of unsolicited emails, so they deployed an antispam appliance. They needed to protect against viruses and worms, so they implemented antivirus software. The list goes on. As each new threat emerges, a new security technology is developed to combat it and organizations eager to defend their networks get out the duct tape and chewing gum and cram the new tool into their crowded security arsenal.
There are some advantages to having separate products. For one thing, you do not have a single point of failure for network security. If the firewall fails to block some malicious traffic, hopefully the intrusion detection system (IDS) or antivirus software will pick it up and protect you. If your antivirus vendor has not yet released new pattterns to detect the latest threat, hopefully your antispam solution will at least block the unsolicited emails with the infected attachments in the mean time.
You also have an opportunity to implement the best security money can buy in each area. The vendor with the best firewall may not have the best antispyware solution. By purchasing separate products, you can evaluate products against the requirements of your network and get the products that are best for your situation.
There are also problems with this approach though. Each new product comes with its own price tag, its own learning curve, and its own issues in terms of getting it to play well with the rest of the products on the network.
For each area of network security, you have to evaluate the available products and negotiate with the vendors to get the best deal. In many cases that means paying some form of per-device, or per-user licensing fee that often has an annual subscription or maintenance payment required. The process of evaluating, negotiating, and maintaining licenses for a variety of security tools can be cumbersome.
Once the products are evaluated, negotiated, and purchased, the IT department has to figure out how to deploy, configure and administer them. Each vendor has their own unique style and conventions. The terminology used by each product and the look and feel of the management interface will vary, and personnel will need to acquaint themselves and be familiar with each product.
Another challenge for the IT department, but one that hopefully is minimized or eliminated during product evaluation, is how to integrate each new security tool with all of the previous security tools and the network at large. Each product may have its own scanning engine, or its own agent software to be deployed on each device. Consideration has to be given to how each tool will operate and possibly to the order of operations- or where to place it in the network chain to ensure it receives the data it needs to monitor, without hindering or impacting the rest of the network.
There is a potential solution though. A new breed of security tool has emerged to integrate network security into a single device. UTM, or Unified Threat Management, appliances combine various functions of network security into one solution. With UTM, there is only one negotiation and investment to make. A UTM solution is often much cheaper than the sum of its parts, especially for small and medium organizations that don’t have the volume necessary to get steep discounts from the vendors.
A UTM appliance typically reduces the number of scanning engine, possibly to one, so that there is less impact or delay to network traffic. The integration of the various tools also allows for more collaboration or cooperation to help identify and block blended threats that may come in through multiple methods.
One of the biggest advantages, again especially for small and medium businesses that don’t have massive IT department resources to dedicate to security, is the increased efficiency and simplicity of maintaining security. IT personnel only have to learn one management console. They only have to monitor one device. They only have to maintain and update one appliance.
There are potential downsides as well. For one thing, if the UTM device goes down, so does all of your network security. If your UTM vendor is slow providing updates for the latest threats, your network is exposed. If a vulnerability is found within the appliance, an attacker may be able to circumvent all of your security at once.
UTM is worthy of exploring though, especially for small or medium organizations. Take a look at your security needs, your available resources, and the potential risks of a UTM solution and evaluate whether or not UTM might be the way to protect your network.
For more about UTM, check out this blog post that discusses more about the pros and cons of UTM solutions.
Tags: Perimeter Security by Tony Bradley
Comments Off
