UTM Plus - The Future

The advent of the Internet and Broadband technology has totally altered the way in which corporate network security is viewed. Two years ago, firewalls and e-mail filtering were all that security managers needed to stop most threats in their tracks. Today, companies must possess anti-virus and anti-spam software, as well as anti-phishing and anti-Spyware solutions (to name but a few).

The list goes on, and it will continue to lengthen as long as IT systems remain the preferred target of hackers, spammers and anyone else with a motive and desire to penetrate a given organisation's network.

Network security is constantly evolving in line with the ever-changing threats. With the legacy approach, each threat is handled by a separate system, but this leaves room for infiltration. For instance, installing an anti-virus engine on the e-mail server is a standard part of any network security plan.

However, this doesn't protect a company when a virus passes straight onto the desktop because a user accessed their web mail account or a remote POP3 account. Alternatively, they may have downloaded a file using FTP, or logged-on to a web page containing a virus.

It follows, then, that there is a defined need for proxies to stop this happening, and for the server hardware to run them. Added to that is the necessity for routing to ensure that traffic is directed through the proxies and tied down to the desktops to stop people bypassing them.

The IT industry has come up with a solution: take the different applications and integrate them on one gateway product. This addresses the internal security problems, but also controls and protects wherever and whenever traffic enters the network. Step forward United Threat Management (UTM) systems.

With a unified approach you can install a single solution that incorporates the Best-of-Breed technologies from multiple vendors all on a single hardware platform. This reduces capital expenditure, decreases integration costs and produces a more secure and manageable system wherein all components work together.

The single gateway product

What defences should the client organisation put in place to manage today's threats? The minimum requirement should be:

• an industrial strength firewall that is powerful and boasts application proxies (some application firewalls revert to a generic or SOCKS proxy for some applications, and will not provide sufficient protection);

• intrusion detection and prevention (or ‘deep packet inspection') - this needs to be tightly integrated with the firewall to ensure ports needing to be opened on that firewall are policed for malicious activity, and must also be zero latency: some systems allow one or more packets through the net before blocking malicious traffic, which can then be exploited by viruses and worms;

• VPN: you need a compliant and compatible implementation of the most used solutions, with the inherent ability to upgrade to the next standard that will inevitably materialise;

• anti-malware - this covers anti-virus, anti-spam, anti-phishing, anti-Spyware and anti-hoax, etc as well as all of the e-mail protocols (SMTP, POP3 and IMAP4) and HTTP/FTP... there is no point in allowing malware onto your servers or the LAN if that can be avoided!;

• content filtering - this performs three important tasks... It prevents offensive material from being downloaded, protects the company from known malicious sites and improves overall productivity.

The UTM approach has forced a rethink on perimeter security. Even ‘old school’ firewall vendors are bolting on anti-virus so that they don’t look as though they’ve been left behind

Finally, many companies now require the ability to handle multiple Internet links, traffic sharing, Voice-over-IP and dynamic routing protocols. All of this functionality must come with simple and manageable reporting, as it is important to be able to measure and monitor the systems that have been implemented.

UTM... and beyond

The UTM approach has forced a rethink on perimeter security. Even ‘old school' firewall vendors are bolting on anti-virus and the like so that they don't look as though they've been left behind - but is the UTM device really the answer to every security manager's prayers?

On its own, it can indeed be a great piece of technology, but simply installing a piece of technology is not sufficient to keep a network safe. Without 24x7 monitoring, regular updates and effective management, your network runs the risk of being compromised.

UTM Plus can provide you with the established security parameters, and a little bit more besides. Security systems must be actively monitored, and alarms set for those occasions when safety parameters are exceeded. That shouldn't just be the case for attacks, but also for processes and hardware performance - thereby allowing IT staff to ensure defences are working correctly. No matter how good a system may be, it's no use if it doesn't work.

UTM Plus is updated very quickly (within one minute, in fact, anywhere in the world) using PUSH technology. There is no reason to wait for protection updates once they are available. With PUSH technology, it becomes the supplier's responsibility to keep your system up-to-date, immediately as the next level of protection is available.

A good supplier will ensure that systems are updated because they are alerted to threats, meaning that they can maintain and manage your system and keep defences up-to-date with the very latest applications.

PUSH technology also allows for automated detection and protection, reducing the window of vulnerability - in some cases, at least - to a matter of minutes. As UTM Plus systems are monitored, any attacks are immediately reported, new threats identified and solutions created and put into action.

Working as one solution

PUSH technology ensures the updates do not dominate your bandwidth as PULL - those relying on users to download updates - can, and do. It only employs bandwidth when sending updates. It does not rely on pre-set schedules to work, or web sites to be up. It doesn't require system logs to be checked, or for update systems to be debugged. Quite simply, it takes the strain out of maintenance.

The emergence of the new threats has certainly forced a rethink so far as network security is concerned. Threats are activated at the push of a button, so companies most certainly need instant forms of protection.

UTM is already here, but UTM Plus is the next step to ensuring complete, managed security, anywhere in the world and at any time of day. It represents comprehensive, proactive and intelligent protection.