Oct 06 2009

Unified Threat Management

UTM devices save money and simplify management.

Cisco ASA Aids Security

Windows 7: Securing Removable Drives

Unified Threat Management

SonicWall UTM

When Jesse McKneely moved into the infrastructure management position at Birmingham-Southern College about five years ago, he was surprised by what he didn't see – a suite of security tools that he considered basic to protecting the network and the college's students.

McKneely immediately began evaluating the IT department's security needs and vetting solutions. Eventually, he chose to implement SonicWall's NSA E7500 unified threat management (UTM) device, an all-in-one security appliance that provides firewall, antispyware, intrusion prevention, antivirus and content-filtering protection.

The solution made sense for McKneely, a self-described one-man shop when it comes to network security for the college in Birmingham, Ala.

“I can't have four or five different products to manage,” he says. “We needed one solution that would address our requirements, which meant keeping spyware and adware off the network while giving college students and faculty the freedom that an academic institution demands.”

McKneely is just the kind of user that UTM devices were built for. These network devices, which generally combine a firewall, virtual private network (VPN), intrusion detection and antivirus capabilities into one device, are particularly well-suited for organizations with a limited IT staff. Manufacturers such as Check Point, Fortinet, Juniper Networks, McAfee, SonicWall and WatchGuard offer the hardware.

Because the products have multiple applications in one appliance, the organization simply plugs one box in at a remote site and manages the device from a central location.

UTM products are expected to make up 33.6 percent of the total network security market by 2012, compared with 22 percent in 2008, according to IDC.

What's more, IT can buy just the features it needs without investing in multiple hardware devices. UTMs can be configured to handle the security applications users need, such as URL filtering and antispam protection, says Charles Kolodgy, research director for security products at IDC. The appliances are modular, allowing organizations to add more security later as their needs evolve.

In the case of Birmingham-Southern, McKneely plans to add enforced client antivirus capability to his UTM solution at some point. With that in place, every computer connected to the network would have a spyware client.

For John Muggli, physical network manager at the combined College of Saint Benedict and Saint John's University network in St. Joseph, Minn., moving to a UTM was almost an accident, but a happy one.

“At the time, we were looking for a replacement for our existing firewall because our bandwidth was exceeding the capabilities of the box we had,” he says. “We looked at a lot of options and picked the Fortinet FortiGate 3600, which had a great firewall but also had a lot of other features that we ended up finding valuable.”

The Fortinet product Muggli chose was, in fact, a UTM. The combined colleges rely heavily on the system's firewall, antivirus and intrusion prevention/detection, and were happy to upgrade to a pair of FortiGate 3600A units, which have increased performance significantly and added more advanced security features.

“With the previous version, we couldn't see what was inside an encrypted packet, but the newer version will. That's important, because if somebody with an infected PC attempts to access our system, the firewall will be able to terminate the encrypted session, unencrypt it, examine the packets and re-encrypt it,” Muggli explains.

For many, the next step is adding virtualization to UTM devices, Kolodgy says. The addition of virtualization will allow users to more easily turn security features on and off. It will also allow them to use products from different manufacturers so they can pick the best of breed for each function.

Finding the Right UTM Fit

  • Choose a tool that focuses on the capabilities that are most important to your organization.
  • Pick a manufacturer whose technology roadmap matches yours.
  • Test drive the management console and make sure it's a good fit for your organization.
  • If you have strong preferences for specific security features from certain manufacturers, factor that into the mix.
  • Consider the performance specifications of the appliance. The more applications you use, the greater the workload on the device.
  • Evaluate the networking features in the box. Can you use the UTM to replace a router or wireless access point? If so, the solution will be more cost-effective.
  • Look at the subscription process for the applications you need, not just the initial price of the box.