Trend

UTM: All for one

Unified threat management combines several security technologies into a single appliance, says Atanu Kumar Das.

Unified threat management (UTM) is being adopted by most enterprises. It integrates multiple security features such as anti-virus, firewall and intrusion detection into a single appliance. Vendors have realised that users want one solution that can take care of all their security concerns, and hence the growth of UTM has been quite encouraging.

According to IDC, the UTM segment is the fastest-growing segment in the security appliance market. IDC believes that by 2008, UTM security systems will comprise a majority of the $3.45 billion combined firewall/VPN and UTM market—outpacing traditional standalone firewall/ VPNs with a 58 percent share.

According to Jon Kuhn, Product Line Manager, SonicWall, “The Indian market for UTM is just evolving. Until recently, most vendors were supplying stateful packet inspection technology solutions, which, while adequate to handle past threats, do not provide adequate protection for today’s environment. Taking advantage of the lack of market awareness of UTM, some vendors are selling incomplete UTM solutions (not covering all threats on all protocols), flawed solutions (that have significant security loopholes), or solutions whose performance degrades drastically when all UTM services are enabled. The loser in this situation is the customer since he is paying for protection or performance that ultimately is not being delivered.”

Adds Jagdish Mahapatra, Regional Manager, Channels, Cisco India & SAARC, “The prime concept of UTM is integrating security for best results. Today’s enterprises are aware that it is best to deploy UTM solutions to save themselves from downtime, and it is quite encouraging that SMBs are also following the same track.” According to Frost & Sullivan, Cisco had over 50 percent share in India in the security space during Q1 2005.

Need for overall security

Gartner estimates that the current 5 percent downtime attributed to security vulnerabilities will triple by 2008 unless firms work on security in their home-grown software development, and demand a highly-secure product when buying commercial software.

A UTM platform allows administrators to manage networks, and detect and fix intrusions much faster, thereby reducing downtime. User education is important for the adoption of UTM.

“Our effort has been on educating the market about UTM, and providing a spectrum of protection at a single price point,” Kuhn explains.

The key to UTM is the ability to detect and prevent multi-point and blended threats. For this, there needs to be a solution that can collate and correlate information, and then take preventive measures.

Mix of correct technology

The prime concept of UTM is integrating security for best results Jagdish Mahapatra Regional Manager Channels Cisco India & SAARC

According to Trend Micro’s Niraj Kaushik, Country Manager for India & SAARC, “Trend Micro is dedicated to making the world safe for exchanging digital information.” In the UTM space, the company offers products such as the InterScan Web Security suite which provides the first line of defence against multiple Web-based threats by blocking attacks at the gateway. It guards against viruses, spyware, grayware and phishing, and offers optional security modules to combat malicious mobile code and manage employee Internet use. The suite integrates with optional damage clean-up services to remove threats and restore infected files. As a fully integrated solution, it is easy to deploy, manage and maintain. In addition, the Network VirusWall stops network worms and vulnerability exploits. To prevent infection, it enforces security policies by blocking non-compliant devices from network access (for re-mediation). It isolates infected network segments and automates remote clean-up in case of outbreak.

States Kartik Shahani, Sales Director, India, McAfee, “We are probably the single largest company to have solutions in the space of vulnerability management/ assessment and IPS, and a roadmap for end-point security for desktops. In the IPS space we have leading-edge technology on the network and the host. The essence is to be able to converge the strengths of different technologies and provide protection.”

Combating the threat

The majority of computer threats and attacks are created by software vulnerabilities present in all areas of a networked corporation. Attacks come in all shapes and sizes using widely- available tools and information found freely on public networks.

Attackers using today’s threat measures count on an organisation’s failure to patch systems on a regular basis, remote sites that are left unchecked, internal departments that easily spread attacks, downloaded multimedia programmes, unsuspecting users, and the typical holes in firewalls. Vulnerable systems are not only easy to find, they also assist an attacker in replicating threats throughout a network. Attacks are created and changed daily to confuse security administrators and inflict the maximum damage.

This ever-changing array of dynamic threats and attackers adds a whole new layer of complexity for organisations. Securing data from external and internal threats across distributed and often highly complex architectures is challenging. To combat these attacks without slowing traffic, UTM solutions provide high-speed threat protection at the gateway, control applications and bandwidth, and most importantly, offer a platform that is constantly adapting to protect computers from today’s ever-changing threats. The platform scales and creates a trusted network across all ports, virtual LANs and connected wireless LANs to block and prevent threats originating inside corporate networks, and between networked departments or data centre zones.

atanu@expresscomputeronline.com