by Earl Follis, Ed Tittel

Leading-Edge UTM: What C-Level Execs Need to Know

May 13, 20146 mins
CareersData and Information SecurityEncryption

Network and boundary security are more important than ever for organizations of all sizes. A variety of security specialist firms now offer leading-edge virtual and physical devices for Unified Threat Management (UTM) to raise the security bar ever higher and respond proactively to zero-day threats.

As the complexity of cloud technologies and the adoption of mobile devices on corporate networks continue to grow exponentially, keeping users and data protected from a variety of security threats is now a mission-critical undertaking. Corresponding advances in Unified Threat Management (UTM) technology gives C-level executives a variety of options for managing multi-platform threats under a single pane of glass. UTM covers more than traditional core networks and applications. These tools also push threat monitoring to the edge of your network, also covering wired and wireless connections.

Given the sophistication of UTM products on the market, you no longer need a team of security engineers to actively — yet manually — monitor network threats. Comprehensive UTM tools are available to protect all computing platforms, applications and infrastructure components under a scalable threat management umbrella. UTM can be implemented via physical UTM appliances, virtual UTM appliances, or by combining the two. UTM service subscriptions are also available from some vendors.

UTM Offers Single-console, Converged Security

The “U” in UTM refers to a unified or combined threat management approach that manages and monitors security for applications, load balancers, firewalls and antivirus, anti-spam and intrusion detection systems. Cutting-edge UTM products offer an approach that converges security capabilities for servers, desktops, laptops and mobile devices into a single physical or virtual UTM environment.

One stated goal of UTM is the ability to enforce all threat management services across any device type while uniting data within a single interface and underlying database. This unification of threat data allows for correlation of threats, the capability to monitor UTM service level agreements (SLAs) and combined reporting from a single dataset.

[Feature: 10 Top Information Security Threats for the Next Two Years ]

[ More: Symantec Lays Out Advanced Threat Protection Roadmap ]

If your current UTM strategy relies on disparate, unintegrated software to protect different platforms, operating systems or applications, your IT department may be exposing your organization to significant increased risk. There’s a chance that, when real security threats occur in your environment, your technology staff might not recognize the scope or severity of those threats because they can’t easily correlate UTM activity across multiple security tools.

A single, logical view of your overall security environment and posture enables such correlation — and it promotes comprehensive, all-encompassing security policy enforcement. With that in mind, finding a solution that gives UTM protection to all your devices, networks, applications and platforms is key.

For instance, let’s say you have threat management software that monitors mobile devices on your network, with a separate antivirus and anti-spam tool for managing email. If an infected attachment to an email introduces a threat that begins to adversely affect users’ mobile devices, your security team might not make that correlation without integrated software covering both platforms. Integrated UTM software greatly increases the chances that concurrent threats can and will be correlated, either manually by your staff or, preferably, by the UTM software itself.

How to Deploy, Provision and Support UTM

As with any enterprise-capable software package, the ease of deploying, configuring and managing your UTM solution is a paramount consideration. For agent-based UTM solutions, look closely for the technique(s) used for distribution of the UTM agent. Avoid UTM solutions that require an explicit user action to initiate the agent installation process to fully protect computing platforms. Most users won’t or can’t follow such directions because they neither see nor appreciate the importance in having UTM protection on every device on the corporate network.

[ Analysis: The BYOD Mobile Security Threat Is Real ]

[ Also: 7 Enterprise Mobile Security Best Practices ]

Many users feel so empowered by bring your own device (BYOD) policies that they mistakenly believe that the security of their tablet or smartphone is solely their concern, not the company’s. Dissemination of clearly defined policies for user interaction with UTM software can partially alleviate this reluctance to abide by stated policies. For the rest of your users, you may need to blacklist unprotected devices to prevent those users from accessing company resources from their mobile device — unless, of course, they follow all guidelines for protecting company resources.

With most companies now supporting a mobile workforce, remote management and provisioning of UTM software becomes essential. For UTM solutions that require an agent to be installed on each server, desktop, laptop, smartphone or tablet, look for a tool that can automate the installation of those agents on devices targeted for UTM management. Though many companies are leery about consuming local computing resources required to run a UTM agent on each device, agent-based UTM management allows in-depth monitoring of threats, as well as the ability to make configuration changes remotely to devices being managed. These are essential ingredients to ensuring successful security regimes.

As UTM tools monitor the network from a lofty, network-wide perch, application management and control becomes critical to UTM. At first glance, this might appear to fall outside the purview of UTM tools — but considering that companies rely on applications to provide mission-critical services to their users, application management takes on special significance.

Examples of mission-critical applications that must fall under the UTM protection umbrella include email, Web servers, Web apps, mobile apps and the UTM software itself. Considering the network-wide scope of a ubiquitous UTM solution, UTM tools must also be able to monitor themselves to fully protect corporate applications from intruders, viruses and other malware. Be sure to insist upon this capability in your UTM candidate solutions as you evaluate contenders to protect computing assets.

[ Analysis: CIOs Look to Adaptive Security in Face of Evolving Threats ]

[ Tips: How to Test the Security Savvy of Your Staff ]

Just as most applications have moved or are moving to cloud-based services, several vendors offer UTM software as a subscription, rather than as physical or virtual appliances for outright purchase. Subscription pricing makes an attractive alternative, as it conserves capital budget while simultaneously offering free support and upgrades for the life of that subscription. Subscription-based security services may include physical devices, virtual devices, cloud-based threat management or a combination of all three. In any form or shape, though, a subscription boils down to a monthly fee.

Some UTM Tools Also Cover Device Management

In addition to dealing with UTM threats, some UTM appliances and software also offer device management options such as software asset management, hardware inventory, application performance monitoring and Web filtering. Once again, you can include them in your criteria when evaluating UTM tools. Licensing costs, infrastructure platforms and administrative overhead will all be lower if you can find a single platform that meets all such requirements.

Top-rated UTM solutions include UTM products from Sophos, Cisco, Fortinet, Palo Alto Networks, Smoothwall, Dell SonicWall and WatchGuard. Some of these companies have been in the threat management business for many years; others are relative newcomers. Develop a requirements list for your UTM evaluation and perform an objective analysis of each vendor under consideration.

Once you conduct an initial evaluation of tools that meet your criteria, you can then create an officially sponsored project to bring each solution into your development or test environment for further examination and verification. Only then should you start considering one particular tool.