IT DRILLDOWN
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

More Newsletters | Edit Profile
 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Youth in IT: How CIOs Can Engage the Next Generation
 June 10
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

Essential Technology

 

Unified Threat Management, Demystified

Considering unified threat management (UTM) appliances that combine many security jobs? Here's some advice from CIOs who've tried these all-in-wonders on for size.
 

By Bill Snyder

March 24, 2008CIO — Protecting the secrets of a uranium enrichment plant should be enough to keep any CIO very busy. But when Sarbanes Oxley mandated even tougher controls on databases containing key financial information, David Vordick, CIO of USEC, a $1.9 billion public company that operates a gaseous diffusion plant in Paducah, Kentucky, knew he was going to get even busier.

MORE ON SECURITY
Five Questions to Ask Security Appliance Vendors
The Future of Information Security

His security defenses are complex and multi-layered; and while simplicity is generally a good thing, it's not Vordick's priority. "Our philosophy is defense in depth. That means looking at multiple (security) products from multiple vendors. We can not be dependent on any one layer," he says.

Not every CIO has the same worries as Vordick, of course. But as regulations like SOX and PCI standards place increasing demands on IT's security capabilities, more and more companies are choosing to simplify network defense by using a security appliance that combines hardware, software, and networking technologies. U.S. companies spent $3.85 billion on network security appliances in 2006, an expenditure expected to nearly double by 2011, according to market researcher IDC.

As USEC designed its security architecture, Vordick and his team had a wealth of options. They could have chosen to install one or more UTM (unified threat management) appliances, devices that handle multiple threats from a single chassis, or opted for a series of single function, best of breed appliances.

USEC choose a best-of-breed database security appliance by Guardium, plus point products from other vendors, largely because the defense in depth strategy meant that the convenience of deploying and managing a single device was outweighed by the fear of creating a single point of failure, Vordick says. Moreover, USEC sought a security appliance that would serve as a check on IT employees with privileged database access who might seek to view or change data without proper authorization, an atypical function for a UTM.

The choices regarding network security appliances are complex, but your decision won't just come down to a technology issue, says John South, senior security consultant for Plexent, a Dallas-based IT service management company. "The real question is how do we get our business done and still protect the corporation?" he asks.

Here are some of the issues South suggests you consider regarding security appliances: How does security fit into my overall architecture, and where is the boundary of my network? How many people will it take to support my choice; do I have the staff or can I count on support from the vendor? If I choose a UTM, do I know that the services are well integrated and the device is ultra-reliable; if I choose a series of point products, will the overall solution be able to handle a blended threat, and do the separate devices work well together? Does the appliance, best of breed or UTM, offer adequate reporting capabilities?

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Evolve your data center on proven technology. The Brocade DCX.

Secure your virtual and physical environments with the same software.

Get Control of Mobile Data (and More)

The Business Value of Symantec Data Center Foundation Solutions

How Plug-in Integration with Global Suppliers Quickly Multiplies the Value of SAP Investments

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services

Case Study: Auto insurer accelerates backup and recovery

Case Study: Bay State Health reduced the timeframe for recovering critical patient data

Webcast: Build secure, scalable enterprise networks.

2008 Annual Google Communications Intelligence Report

Comparing Google and Other Leading Messaging Security Solutions

Webcast: Best practices in application security: How do you stack up?

IT productivity challenges: Google surveyed IT professionals

Regulations Shift Focus on Outbound Email Security

Global Crossing is the most viable alternative for voice, video and data.

The New Foundation of Storage: Xiotech's Intelligent Storage Element

3M saved $3M on printing. Learn how HP can help your business

Survival of the Fittest: Disaster Recovery Design for the Data Center

Windows Server 2008: To Upgrade or Not to Upgrade?

Data Loss Prevention Starts at the Endpoint

Performance Brief: Mobile Application Acceleration

Strategies for centralizing data backup

Green IT: Reducing Your Carbon Footprint with Citrix

The Best IT Strategy for a Company with Global Operations

Eliminate network threats and downtime with Juniper Networks. View demo.

Choose a mobile device platform with familiar programs and simplified management

How to simplify mobility and reduce the cost of supporting mobile workers

Getting the Most from your Data Protection Solution

Mitigating Risk with Security Assessments

Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response

Business Value of Performance IDC Whitepaper

Foxwoods Resort & Casino dramatically reduced both backup and recovery times

Top 10 Questions to Ask when Choosing a Secure File Transfer Solution

Webcast: The Keys to Enhancing and Securing your Enterprise Network

An Executive Guide to Understanding Hosted and Managed Messaging

Configuration Audit and Control for Virtualized Environments

Enterprise Business Security: Protect Data, Accelerate Growth

The Case and Criteria for Combining Application Acceleration and Security

Q4 2007 Email Threats Trend Report from Proofpoint and Commtouch

Webcast: Research insight into how organizations are using virtualization

3 Reasons to Invest in Integration Technology Now

A CIO's View of Server Virtualization

Let's Get Virtual: A Look at Today's Server Virtualization Architectures

Increase conversions on your site with the help of EV SSL.

Extending PCI Compliance to the Mobile Workforce

A proven approach to WAN optimization

Wireless Vulnerability Management: What It Means for Your Enterprise

Wide-area data services enable todays global enterprise

Discover PMI's credentials and career path tools