Nov 01 2006

Appliance Alliance

Unified threat management packages can simplify your multilayered network security, but these all-in-one appliances aren't for everyone.

Businesses that do anything on the Internet — which is just about every business these days — are under attack. First it was viruses, then worms, Trojan horses and spam, followed by an expanding array of exploits, SQL injection and phishing.

As these threats appeared and evolved, most businesses acquired defenses one by one. In many companies, this organic evolution resulted in a collection of boxes and services that aren’t integrated with one another and that all use different management systems. Unified threat management (UTM) tools attempt to simplify that multivendor morass by having a single appliance that implements a firewall’s intrusion protection plus a range of other security functions, including virus protection, content filtering, and spam, phishing and spyware blockers. [See BizTech, March 2006]

Management Ease

The simplicity of integrating multiple security functions into one device is what has Marian College in Indianapolis eyeing UTM appliances, says Andrew Smith, a professor of business administration at the college, which has about 500 employees. The move to a UTM appliance “will help our relatively small but overworked IT staff by integrating all of these jobs,” he says.

UTM proponents also tout the cost advantages of buying one device and paying a bundled subscription fee for updates — a necessity for any security appliance to keep pace with constantly evolving threats — which can be less expensive than paying for separate subscriptions for virus protection, spam filters, spyware blockers and the like, all from different vendors.

The drawback to UTM appliances is that they provide security functions from only a single vendor and don’t allow users to choose best-of-breed defenses from among the wide range of dedicated security applications available. Businesses operating in highly sensitive industries, such as financial services, often require the most robust protection they can find for each of several security functions, such as intrusion prevention, content filtering and virus protection, rather than a single, all-in-one device.

“By definition, security cannot be handled in universal terms,” says Richard Steven Hack, a security consultant to small businesses in the San Francisco metropolitan area. “These devices may be good to simplify management for a small business office network, but they cannot satisfy larger needs, and they cannot replace more [dedicated] solutions flexibly deployed.”

Not for Everyone

“Having one single piece of equipment to handle these multiple threats might be easier when staff is at a premium or at smaller companies such as mine,” notes Hilton Lima, an IT supervisor, who runs a 70-user network for the Miami office of a multimillion-dollar international bank. “I am somewhat wary of having all my eggs in one basket. But if my company had any small branch offices, I would certainly look into it.”

George Carey, an IT specialist with United Coatings, a manufacturer of roofing, architectural and industrial coatings with 65 employees in Spokane Valley, Wash., echoed the eggs-in-one-basket metaphor, noting that having a single point of failure for all security functions exposes a company to a potentially catastrophic breach if a UTM appliance is the sole defense against all attacks.

“If this magical security device fails, or is improperly updated, all network security is lost,” he cautions. “From past experience, every software vendor provides flawed software at some time or another. This happens with Microsoft all of the time, anti-virus vendors occasionally and even with Cisco routers.”

Using dedicated security appliances from multiple vendors can expose a company to more of these intermittent lapses that all vendors suffer, Carey acknowledges, but it eliminates the possibility of “the single catastrophic security breach that would occur if a single [UTM] product were to fail.”


CEO takeaway
If your IT staff recommends a UTM appliance to bolster security on your company network, here are some key questions to ask:
• Have you done an adequate risk assessment, and do each of the individual functions of the UTM device we’re considering meet our protection needs?
• If not, what additional desktop and server-based protections will we add or continue to deploy to augment the UTM functions? UTM appliances may provide adequate protection against intruders and spyware, but even proponents acknowledge the benefits of teaming them with server-based spam protection and other dedicated resources, if budgets allow and security requirements demand.
• Do the vendors we’re considering provide 24/7 support, and is there training available for the staff who will manage our UTM defenses?
• Will the UTM appliances we’re considering work with our existing security hardware and services or will we need to scrap a previous investment?