One of the most frightening facts in the security landscape is that both the diversity of threat types and their destructive power are simultaneously growing.
It is not a simple matter to combat security breaches. In the past, enterprise IT teams used a mix of tools to fight a variety of security problems. However, this approach became costly and unscalable, primarily because it was difficult to maintain the various non-integrated tools. Thus, IT teams began to consider high performance and highly reliable integrated security solutions.
While this has sparked the trend of a growing number of small- and medium-sized enterprises (SMEs) embracing Unified Threat Management (UTM) and related solutions, at high volume locations such as the data centers and demilitarized zones (DMZs) of large organizations, the voluminous traffic demands dedicated, single function threat management devices to meet high speed requirements.
At present, the best approach for distributed enterprises is to combine UTM solutions at branch locations with dedicated high-performance threat management devices at core central sites.
Understanding UTM
While point products can be used when superior performance is of utmost priority, deploying and managing an array of dedicated devices can be very costly. Aside from the initial capital expense to purchase the various units, IT teams may also have to contend with multiple user interfaces and administration tools. Therefore, in most instances when a balance can be struck between performance, cost and manageability, a UTM solution is the preferred choice. However, it is not as simple as merely going out and buying any UTM product. They vary greatly between vendors and a company is strongly advised to carefully consider the different features and technical specifications before risking the company’s infrastructure on a particular security solution.
Uniform quality of functionalities
A UTM device might not have a uniformly high quality set of features. Vendors may simply package together various antivirus, firewall, and Web filtering functions from a range of sources and third-party suppliers. Because of low-cost, or simply bad product design, a UTM device might contain poorly produced technology, ultimately resulting in an end-product with inconsistent quality and unreliable performance.
Because of the crucial role UTM devices play in protecting the enterprise, IT managers are strongly advised to seek the best-of-breed UTM products which offer functions sourced from market leaders to ensure effective defense against breaches.
Comprehensiveness
Having the right UTM product means enjoying a comprehensive range of functionalities, including reactive mechanisms complemented by proactive ones and network-layer mechanisms by visibility and control at the network layer.
A true UTM device should meet the above requirements, as well as have the following specific features: VPN, multi-layered firewall, multi-method intrusion detection and prevention, multi-protocol antivirus, anti-spyware, anti-phishing, anti-spam, and Web filtering.
Virtualization Technologies
An important feature of a robust UTM device is the ability to virtualize. Virtualization technologies incorporated in UTM devices enable administrators to assign different “virtual” UTM devices to different network segments or user groups. The entire system can then be managed through a single interface. This important feature helps administrators cope with different types of access requirements, compartmentalizing user groups and traffic types with their own security policies, in a safe and simple manner. Virtualization essentially simulates having multiple devices on the network, without the overhead and complexity of physically doing so.
Some of the virtualization technologies include:
Security Zones They represent logical sections of the network, segmented into logical areas. Security zones can be assigned to a physical interface, or the entire appliance can be assigned to a virtual system. In this latter arrangement, multiple zones share a single physical interface to lower ownership costs by effectively increasing interface densities.
Virtual Systems This is an additional level of partitioning that creates multiple independent virtual environments. Each of the virtual environments has its own set of users, firewalls, VPNs, security policies, and management interfaces. By allowing administrators to quickly segment networks into multiple secure environments managed through a single appliance, virtual systems enable network operators to build multi-customer solution with fewer physical firewalls and reduced administrative efforts. This reduces both capital and operational expenses.
Virtual Routers This feature enables administrators to partition a single device, which will then function as multiple physical routers. Each virtual router can support its own domains, ensuring that no routing information (and risk of traffic confusion) is exchanged with domains established on other virtual routers.
Virtual LANs They are a logical, rather than physical, division of a subnetwork that enables administrators to identify and segment traffic at a granular level. Security policies can specify how traffic is routed from each VLAN to a security zone, virtual system or physical interface. This makes it easy for administrators to identify and organize traffic from multiple departments and define what resources each can access.
Choices in Web Filtering Approach
Most of the UTM devices available today come with a Web filtering function. But IT managers must make sure which Web filtering approach best suits their organizations’ needs.
Some UTM tools are equipped with external Web filtering which redirects traffic from the device to a dedicated Web filtering server for policy enforcement. Other UTM devices come with integrated Web filtering that enables enterprises to build their own Web access policies by selectively blocking sites listed on a continuously updated database.
No matter which approach one prefers, the UTM device must allow an organization to rapidly deploy the chosen approach. In addition, it must enable IT managers to customize Web filtering profiles by using black lists, white lists, and a number of pre-defined and user-defined categories.
Dedicated Threat Management
Many large enterprises or companies with huge data centers need to deploy additional threat management tools such as firewalls, antivirus gateways and intrusion prevention systems to meet requirements for high capacity and high performance.
Some businesses might also need application- or system-specific threat management products to handle mission-critical applications, specialized security functions or division of ownership and responsibility within a large organization. Examples include email security gateways, Web application security gateways and remote access security gateways.
Juniper Networks’ UTM Solutions
At Juniper, we believe in unified management for both UTM and dedicated threat management devices to provide seamlessly centralized administration. Our solutions can also be quickly and cost-effectively deployed.
Our UTM products deliver multiple security features such as stateful firewall, IPSec, VPN, IPS, antivirus, anti-spyware, anti-adware, and anti-phishing in one single box. Juniper's UTM solutions are also backed by technologies from best-in-class partners including Symantec, Kaspersky, and SurfContral.
Kang Eu Ween is Enterprise Marketing Director at Juniper Networks APAC. |
