Unified threat management: A perfect solution?
A 'perfect storm' has been brewing for a while, and UTM is resurfacing as a possible solution, says Watchguard's Rob Collins.
IT Managers and CIOs should all be re-assessing their gateway and data centre security in response to recent major trend shifts in cloud usage, ‘BYOX’ (bring your own device, application, etc), privacy requirements and increasingly sophisticated malware and attacks.
Suffice to say, a ‘perfect storm’ has been brewing for a while, where IT departments are losing control of their environments as ‘business’ chooses quick and easy ways to bypass the controls put in place, risking downtime, data loss and breaching the latest stricter privacy requirements.
While dismissed in the past for being only suitable for enterprise environments, unified threat management (UTM) is resurfacing as a solution for providing data centre and gateway data loss prevention (DLP), redundant connectivity and multi-device protection.
Cloud-based solutions are quick and easy to implement, but suddenly that single internet connection and firewall have become a critical business link. Lose the internet connection and the business loses access to its CRM, ERP, office suite, email, phone system and backup services.
UTMs are a great solution as they allow easy provisioning of multiple internet connections and 3G/4G backup. They can also be easily clustered to provide seamless failover in the unlikely event of hardware failure. They also keep users on track, ensuring their browser doesn’t stray into dangerous, offensive or unproductive parts of the internet.
Most data loss prevention solutions require monitoring end points and BYOD has made this almost impossible. Enterprise UTM solutions offer gateway DLP to inspect and control sensitive data traversing this central control point. A user who really wants to get data out will find a way, but by covering the common protocols, UTMs can prevent accidental and malicious data loss and ensure compliance with the latest privacy laws.
The recent outbreak of ransomware has highlighted the reducing effectiveness of signature-based anti-malware products. Various reports suggest the catch rate is now around 51% (FireEye, 2014) however WatchGuard’s own research would suggest this is being generous - for two five minute old samples on the 8 July 2014, the detection rate was closer to 25%.
So the question is: Do you run four anti-malware products in the hope one will protect you? The answer is in the new crop of behaviour-based anti-malware solutions that use emulation to see what an application tries to do, not what it looks like.
Again, good UTMs offer this service, so even a small business can enjoy this latest protection technique. Furthermore, they protect all the types of devices that users ‘bring’, including MAC OS and Android.
Protecting a company’s network from the perfect storm of clouds, BYOD and smarter cyber-crooks doesn’t have to be a challenge. A good UTM is all it takes. However if IT managers and CIOs aren’t convinced and still associate a UTM with being slow, there are other solutions in the market, capable of over 10Gbps, with all security features enabled.
Rob Collins is senior systems engineer, APAC for WatchGuard Technologies, a global leader of integrated security platforms, providing mission critical protection to businesses worldwide.