In the world of network security, unified threat management (UTM) appliances have emerged recently as an effective means to consolidate security functions into a single device and help resourced-strapped organizations manage IT security functions with less administrative overhead. In most cases, these tools combine firewall, antivirus, and intrusion detection and prevention capabilities into one offering. First-generation UTM devices are being deployed in companies of all sizes. However, most are commonly found in mid-size businesses and at branch offices of larger enterprises. Despite a growing number of UTM deployments, critics still complain that many of the devices simply do not do enough, requiring that companies invest in add-ons to improve security across the board.
However, help is on the way. The latest generation of UTM offerings promises to go above and beyond the call of duty, protecting the heart of enterprise networks as well as hardening other parts of the infrastructure. These bigger, bolder devices enable administrators to prevent users from visiting certain Web sites, secure social networking applications, and roll out Secure Socket Layer virtual private network (SSL/VPN) connections to remote sites. They also enable centralized management of multiple UTMs, facilitating greater control of the network as a whole.
Filtering Web content at the firewall
As a primary feature, advanced UTMs incorporate Web application firewalls that protect against attacks such as cross-site scripting, directory traversal, and SQL injection. They also let administrators define acceptable use policies to filter which Web sites users can visit when they are surfing through the corporate network. This latter feature is critical because inappropriate Web surfing can introduce security threats into any organization by opening the corporate network to spyware, viruses, and other malware. By refusing access to these sites, advanced UTM reduces the likelihood of spyware ever breaching the network perimeter.
The latest UTM goes beyond the call of duty, preventing users from certain websites, securing social networking, enabling roll out of remote SSL/VPN, and centralizing management of UTM.
There are other benefits to Web filtering, too. Because the process enables companies to block Web sites in high-risk categories, it greatly reduces a company’s potential legal liability. Reducing risk lowers the likelihood that a company will violate federal laws or other regulations. Case in point: pornography. If a company uses advanced UTM to block access to all porn sites, executives do not have to worry about users downloading illicit material on company time. This feature even helps organizations guarantee compliance with government regulations concerning privacy—a protection that can save time and money for years to come.
Protecting popular applications
Web filtering is not the only bonus of advanced UTM. The devices help make networks more secure by protecting social networking applications, too. The most popular of these applications are instant-messaging (IM) and peer-to-peer (P2P) file-sharing applications including KaZaA and Morpheus. New UTMs enable administrators to set up protocols under which user activity with these applications is monitored and judged. Advanced UTM does not stop these applications—instead, the name of the game is control.
The benefits are threefold. First, of course, these protocols can monitor file-sharing activities to prevent users from unknowingly accepting malicious files into the network. Second, limits ensure that individual users do not sap valuable network bandwidth. Finally, UTM limitations on social networking tools help limit liability, ensuring that users do not download or trade copyrighted material that may lead to lawsuits. Protecting assets and interests alike—that’s what advanced UTM is all about.
Incorporating add-ons
To enhance the capabilities of advanced UTM, users should integrate SSL/VPN protection and Voice over Internet Protocol (VoIP) security as add-ons. With an SSL/VPN integrated into a UTM solution, IT can enable remote access for remote employees quickly and securely without having to distribute and install complex VPN client software. While not as robust as a standalone SSL/VPN gateway, it is a quick and inexpensive way to implement the technology without compromising network security.
On the VoIP side, additional protection at the UTM enables users to include VoIP servers under the umbrella of threat protection and establish service protocols to guarantee that even when demand for bandwidth is high, quality will not suffer. The benefit of this latter feature is obvious: By using UTMs to monitor latency, administrators can ensure that users never lose VoIP calls. Consequently, companies can utilize VoIP to accomplish the kind of cost reduction it is intended to achieve.
Benefits of centralizing management
The crowning achievement of advanced UTM is the capability these appliances provide for centralizing management of other devices protecting a network. For years, UTMs required separate management servers to function in this diffuse environment. However, now with this advanced approach, users can administer a host of devices and sites through the same console without the traditional prerequisite of dedicated hardware to run a management server. Advanced UTM appliances have the ability to run management software on the same hardware that enforces policy—making UTM deployment and management cheaper and simpler.
Centralized consoles also store and distribute security policy for an entire infrastructure, eliminating the need to maintain each site or gateway separately, reducing administrative burden and errors. Through these console dashboards, network administrators can define and manage firewall security, network address translation, Quality of Service (QoS), and VPNs, as well as use the technology to centralize security updates.
In some cases, dashboards even offer version control of security objects and policies for audit purposes and quick rollback. In short, advanced UTM offers the ability to manage more with less—an advantage in any network.
Check Point approach
Clearly, advanced UTM devices are far more sophisticated than their predecessors. UTM-1 appliances from Check Point Software Technologies offer all their features and more. These appliances deliver proven and uncompromising security while streamlining deployment. They offer the ability to centralize management across a network. What’s more, they are supported by SmartDefense Services—a real-time signature update service that maintains the most current preemptive security for any device within a Check Point infrastructure.
Most notably, UTM-1 can be deployed with its included setup wizard in less than 10 minutes—a boon of truly simplified security for companies that have minimal IT resources. Years ago, out-of-the-box UTM features such as Web filtering, social networking security, VoIP protection, and SSL/VPN would have been fantasy in the world of network security. Today, that fantasy is reality.