| |
|
 |
| |
Unified
Threat Management is a promising technology in
the security market where firewall is intensively
used. The traditional firewall is replaced by
an UTM product that not only guards against intrusion
but performs content filtering, spam filtering,
intrusion detection and anti-virus duties.
There
was a time when an organization was worried
about the hackers. Firewall installation relieved
them from worries. But then there were new threats
in the form of viruses. Now the corporate started
innovating new measures like anti-virus gateways
that scanned for viruses followed by Web content
filtering, and later, spam filtering. This resulted
in a mess of systems that were costly to administer
and took up valuable rack space.
Firewalls
became ‘firewall appliances’. This
is where Unified Threat Management comes in.
Rather than administer multiple systems that
handle anti virus, content filtering, intrusion
detection and spam filtering, companies can
purchase a Unified Threat Management firewall
appliance that integrates all of the above into
a single rack mountable network appliance. The
multiple functionality of the Unified Threat
Management appliance can be the justification
for replacing older more basic firewalls.
|
| |
|
|
| |
Multiple
Solutions: One Threat Leads to Another
|
| |
There
is one other catch, a major one; blended threat
cannot be tackled by one solution alone. A blended
threat was not just a hobbyist or a lime light
savvy kid looking for a few moments of glory.
According to IDC, a leading global analyst group,
the perpetrators of malware have become more focused
and are gunning for quick and huge financial gains.
So any one solution proves to be highly insufficient
to protect your network.
|
| |
|
|
| |
| Some
Threats and the Solutions required for them. |
| |
Security
Threat |
Type
of Solution |
| 1 |
Virus |
Anti-virus |
| 2 |
Trojan |
Firewall,
Anti-virus, IDP |
| 3 |
Worm |
Firewall,
Anti-virus, IDP |
| 4 |
Spam |
Anti-spam |
| 5 |
Spyware
/ Adware |
Spyware
Blocker |
| 6 |
Unrestricted
Surfing |
Firewall,
Content Filtering |
| 7 |
Instant
Messaging |
Firewall,
Content Filtering |
| 8 |
OS Vulnerability |
Firewall,
Content Filtering, IDP |
| 9 |
Rogue Intruders |
Firewall,
IDP |
| 10 |
Hackers |
Firewall,
IDP |
| 11 |
Internal
Security Breech |
Firewall,
IDP |
| 12 |
Remote
Connectivity |
VPN, Firewall,
Anti-virus, IDP |
|
| |
|
|
| |
In
other words, for comprehensive security, multiple
solutions were required. However, stacking up
all the boxes did not prove to be a panacea. |
| |
|
|
| |
Multiple
Solutions Multiplied the Problems
|
| |
Multiple solutions, often failed to address the
problem. Moreover, they resulted in to a separate
set of problems that were unique to themselves.
Each and every solution would usually be of a
different make and sort with no interoperability
or compatibility. Every solution needs to keep
a tab on the multiple parameters which are often
duplicated for different solutions. So multiple
monitoring of the same parameters causes large
number of redundancies and adds to the mess.
All
solutions would have their own inhabitant database
of signatures and will need updates from time
to time. The system administrator should monitor
the status of update process. To top it all,
every solution will have a separate annual maintenance
contracts to keep them alive and working. Lastly,
every solution will have capital expenditure
of its own. In other words, while network security
might remain an illusion, multiple solutions
may lead to a totally new set of problems that
might prove to be another means of unwanted
expense to the organization
|
| |
|
|
| |
A
Logical Progression: Unified Threat Management Solution
|
| |
Unified Threat Management or UTM was defined in
2004 by the leading, global analyst group, IDC,
as the “all in one” security appliance
for the small to medium business and branch office
user market segments.
Initially, according to IDC,
an UTM appliance must consist of a real operating
system as its base and an installation process
that minimizes human intervention. The appliance
must have the ability to perform the function
of network firewall, network intrusion detection
and prevention (IDP) and gateway antivirus (AV).
These functionalities are a must for the appliance
whether or not they are utilized. An UTM appliance
may also include other features such as security
management and policy management by group or
user. The existing UTM appliances have added
anti-spam, VPN and, Multi-Link Module &
Load Balancing, to the list of services offered.
A single UTM appliance makes
it very easy to manage your security, with just
one device to worry about, one source of support
and a single way to set-up & maintain every
requirement of the network security solution.
It not only reduces the initial investment,
but also the running cost. Yet, all is not well.
Most of the UTM appliances focus only on IP
address based reporting and controls, while
the actual user stays invisible. This approach
is self-defeating.
During
2005, financial services giant Citigroup and
media powerhouse Time Warner had sensitive data
swiped from their “supposedly most secure”
databases. Smaller companies like Retailer DSW
Shoe Warehouse and credit card processor CardSystems,
were victims of cyber break-ins which lead to
their bankruptcy. The most disturbing threat
that came to light was the fact that an insider
was a party to these thefts. These internal
threats are likely to grow day by day, forcing
more companies to monitor the information accessed
and distributed among the employees. This major
flaw often goes undetected in traditional UTM
solutions.
|
| |
|
|
| |
Identity
Based UTM: The Solution
|
| |
Traditionally,
all the UTM solutions are bound to TCP/IP protocol
suite. The protocol suite only recognizes the
IP address of a machine on the network and not
the actual user. In the coming times the internal
threat will gain precedence over the external
threat, and in such a scenario, user identity-based
UTM solutions will be a step ahead of the pack.
In an identity based UTM the
access policies are connected not only to an
IP address, but also to a user name or a group
of users. So the decision, whether to allow
or deny, will be based on a user’s or
group’s access rights.
Unless
a UTM is able to recognize the user and then
provide the selective access according to the
user profile, any UTM solution is incomplete.
An Identity Based UTM should not only be able
to authenticate the valid users, but also should
be powerful enough to apply customized policies.
This will do away with the secrecy that exists
on the internal network. This is a completely
new approach from the traditional network security
solutions, which promotes user-centric network
security rather than IP address based security.
|
| |
|
|
| |
Conclusion
|
| |
A security solution is at its best when it is
properly configured. If the major problem of multiple
solutions was their maintainability and operability,
a UTM can rectify it by providing a single window
to the complete network security. Simultaneously,
an IP address based reporting can take away all
the advantages that a UTM is likely to deliver.
|
| |
|
|
| |
Important
Quotes
|
| |
|
|
| |
All
the advances in the security appliances have been
primarily forced by increasing level of threats.
Threats that started as viruses, now have graduated
into a full blown, blended threats. |
| |
|
|
| |
Blended
threat cannot be tackled by one solution alone.
The perpetrators of malware have become more focused
and are gunning for quick and huge financial gains. |
| |
|
|
| |
Multiple
solutions, often failed to rectify the problem.
Moreover, they ushered in a separate set of problems
that were unique to them. |
| |
|
|
| |
Most
of the UTM appliances focus only on IP address
based reporting and controls, while the actual
user stays invisible. This approach is self-defeating. |
| |
|
|
| |
Unless
an UTM is able to recognize the user and then
provide him/her selective access according to
his/her profile, any UTM is incomplete. |
| |
|
|
| |
Unified
Threat Management or UTM was defined in 2004 by
the leading, global analyst group, IDC, as THE
“all in one” security appliance for
the small to medium business and branch office
user market segments. IDC believes that, over
the next five years, the revenue generated by
the sale of UTM appliances will exceed that of
standard firewall/VPNs, effectively replacing
these products. |
| |
|
|
| |
An
Identity Based UTM provides user-specific security,
apart from the IP address based security. This
added advantage largely simplifies and quickens
the decision-making process. |
| |
|
|
| |
Major
Features of UTM - Cyberoam
|
| |
|
|
|
| |
 |
Identity
based Firewall |
| |
|
Gateway
level Anti Spam |
| |
|
Gateway
level Protection against Viruses, Worms, Trojans |
| |
|
Phishing
and Pharming |
|
| |
|
Bandwidth
Management |
|
| |
|
Multi-Link
Management |
| |
|
IDP
- Intrusion Detection and Prevention |
| |
|
Content
Filtering |
| |
|
VPN
– Secure Communication |
| |
|
Eliminates
Dependence on IP Address |
| |
|
Complete
Security in Dynamic IP Environments |
| |
|
One
Step Policy Creation |
| |
|
Dynamic
Policy Setting |
| |
|
Twin
Shield Security |
| |
|
Intelligent
and MIS Reports |
| |
|
Offers
integrated internet security with fine granularity
through |
| |
unique
user-identify based policies. |
| |
|
Intelligent
threat management with blended security supported
by |
| |
user-identity
controls |
| |
|
Offers
granular controls for flexibility and ease-of-use
that offset the |
| |
high
levels of complexity involved in any Unified Threat
Management |
| |
|
|
| |
|
|