Network security: Using unified threat management (UTM)

Network security products vary in use and protection. If you're looking at security options to protect your network, read this description of unified threat management (UTM) to learn what UTM's advantages are compared to traditional security models.

The traditional network security model and associated limitations

The traditional network security model uses standalone devices for maintaining a secure network environment. These standalone network security products are generally deployed as software, running either on a PC or an appliance, and provide product-specific network security functions, like a firewall and VPN. While they do what they are designed for, they fail to provide the comprehensive security, network deployment flexibility and the performance necessary to combat today's ever increasing sophisticated cyber threats.

Standalo...

RELATED CONTENT Network Security Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation Preventing hacker attacks with network behavior analysis IPS Rogue access points: Preventing, detecting and handling best practices The TPM chip: An unexploited resource for network security Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in USB storage devices: Two ways to stop the threat to network security Network Security Monitoring and Analysis Network penetration testing guide Performing a penetration test Penetration testing strategies Penetration testing methodology and standards Types of penetration tests Network security forecast 2010: Startups cash out, uber-devices step up Mobile computing security concerns lead to more IPS, SSL VPN spending Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation How can I calculate perimeter firewall throughput? Network Security Best Practices and Products 2010 predictions: What's the worst network security threat this year? Best of 2009: Computer networking advice Network security forecast 2010: Startups cash out, uber-devices step up Mobile computing security concerns lead to more IPS, SSL VPN spending How do I change my security setting to allow ActiveX? What are two common devices that control outbound network access? 3Com acquisition confirms HP-Cisco battle for China Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ne network security products introduce these significant challenges:

1. Today's rapidly evolving cyber threats are more sophisticated and evade one or more standalone technologies. It's easier to target a standalone device that gives an attacker a clear passage to network.
2. There is always a cost and complexity factor associated with managing and maintaining an increasingly distributed network with no clear perimeter. This not only creates a security gap but also adds burden to already-taxed resources.
3. The performance and processing power required to provide complete content-level protection is difficult to achieve without purpose-built hardware.

Unified threat management is basically a firewall appliance that not only guards against intrusion but also performs content filtering, spam filtering, intrusion detection and antivirus duties traditionally handled by multiple systems. These devices are designed to combat all levels of malicious activity on the computer network.

An effective UTM solution delivers a network security platform that comprises robust and fully integrated security and networking functions such as network firewalling, intrusion detection and prevention systems (IDS/IPS) and gateway antivirus (AV) along with other features, such as security management and policy management by group or user. It is designed to protect against next-generation application layer threats and offers a centralized management through a single console, all without impairing the performance of the network.

[IMAGE]
Source: Fortinet

Advantages of using an UTM

Simply put, the convenience and ease of installation are the key advantages of threat management security appliances. There is much less human intervention required to install and configure these appliances.

The advantages of UTM include the following:

• Reduced complexity: The integrated all-in-one approach not only simplifies product selection, but product integration and ongoing support as well.
• Ease of deployment: Since there is much less human intervention required, customers themselves or vendors can easily install and maintain these products.
• Integration capabilities: The appliances can easily be deployed at remote sites without the help of any security professional. In this scenario, a plug-and-play appliance can be installed and managed remotely. This kind of management is synergistic with large, centralized software-based firewalls.
• The black box approach: Users have a tendency to play with things, and the black box approach limits the "damage" users can do. This reduces trouble calls and improves network security.
• Troubleshooting ease: When a box fails, it is easier to swap it out than troubleshoot. This process gets the node back online quicker. A non-technical person can do it, which is especially important for remote offices without dedicated technical staff onsite.

Some of the leading UTM solution providers are Fortinet Inc., NetScreen (acquired by Juniper Networks Inc.), Symantec Corp., Citrix NetScaler, WatchGuard Technologies Inc. and Elitecore Technologies Ltd.

[IMAGE] About the author:
Puneet Mehta is a CISSP Security Architect at SDG Corp., an e-security and e-business software services and solutions firm headquartered in Connecticut. Special expert security areas for Puneet include internetworking technologies, network security, e-business infrastructure architecture and implementation, single sign-on strategies and solutions, PKI design/implementation and encryption technologies. Puneet holds several industry-leading certifications. Among them are MCP, MCPS, MCP+I, MCSE, CCNA, CLP, Certified Internet Security Specialist, OCP, BS7799-2:2002, CISSP, CEH, and CPTS.
[IMAGE] Ask Puneet a network security question or view his Ask the Expert section on securing networks.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.