The number of threats to network security is rising steadily. Where once there were just viruses, worms and denial-of-service attacks to contend with, these have now been joined by a host of other offenders. Some of the more recognisable of these include information leakage and theft, phishing, spam, spyware, and a growing number of targeted attacks.
Today's organisations are having to spend more time and resource on keeping their business secure. According to the DTI Information Security Breaches Survey 2006*, 64% of UK businesses suffered from a security breach in 2005, and the average cost of the worst breaches rose to £12,000. This total not only includes direct financial loss but also covers the cost to remedy the problem and the cost incurred through business disruption.
Each type of threat warrants its own solution, however, the number of potential security issues has increasingly made the construction and management of network defences a complex, costly and time-consuming chore. The response of security vendors has been to look at technologies that can minimise the risk. As a result, the last year has seen significant innovations made in firewall technology in the form of Unified Threat Management (UTM).
All in one
With UTM, the goal is straightforward; the simplification of an overall security solution. UTM converges different preventative security applications (often referred to as ‘point products') into a single package. Generally, this also means the consolidation of point products into a single device; hence the term ‘unified' threat management.
Unfortunately, some UTM products take simplification too far - not to mention security effectiveness - and don't provide the full range of capabilities that are required by modern businesses. Although the concept and promise of UTM makes sense, not all UTM products have the same capability to make good on that promise.
Different vendors offer different combinations of applications on their appliances but it is usual to see some combination of the following technologies available to install:
- Stateful Inspection Firewall - Protect your business by inspecting information at the packet layer, not just the header;
- Gateway Anti-Virus - Protect your business from viruses at the perimeter of the network, before they reach the desktop or server environment;
- Anti-spam, worms and spyware - Protection from these threats is also offered at the network's perimeter;
- Content Filtering - Ensure your employees are using the Internet in a way that fits with company policy by restricting web access;
- Intrusion Detection and Prevention (IDP) - Detects and prevents threats at both the application and network layer;
- Quality of Service (QoS) - You have control over which resources (bandwidth, equipment, wide-area facilities, and so on) are being used.
Most vendors only offer a few of the components within their UTM solution; however some, such as those from Juniper Networks, offer all components as a bundle in a single product or as modular components that can be added as needs dictate. This latter type of unified firewall product tends to also enjoy the dual benefits of higher throughput rates at a lower cost.
The benefits
The immediate benefit is that there is now only one device on the network which requires installation, rack space and ongoing management. By combining technologies, multiple appliances can be consolidated. Fewer appliances equal potential cost savings, lower management overhead and a quicker return on investment.
The case for deploying a dedicated UTM-enabled security device is compelling for most organisations. When considered as part of an upgrade or new installation, a UTM upgrade makes even more sense, purely because less hardware is required. In some instances though, UTM devices can offer even greater benefits, particularly where multiple security applications and appliances are deployed, if existing rack space is at a premium, or if IT support staff are spending a large amount of time managing disparate technologies.
In summary
With the increase in the number of security threats facing the market, businesses of all sizes could profit from UTM technology and the simplicity it offers. However, it is having a particular impact on small- to medium-sized enterprises, which traditionally have fewer support staff because a single, comprehensive security device can free up business resource to concentrate on core activities and not just IT security.
The cost of UTM devices, when compared with similarly specified solutions, is falling. In addition, UTM appliances offer greatly improved throughput than older firewalls. The combination of these factors and the reduced management overhead means that there is no better time to embrace UTM technology.
* The DTI Information Security Breaches Survey 2006 (published April 2006) is available at www.security-survey.gov.uk.