|
Cover Story
Protecting the enterprise network core
From the edge, UTM appliances have moved into the core of
the enterprise network especially in banking and online trading. By Abhinav
Singh
 When
Unified Threat Management (UTM) appliances gained entry into the network security
market they were primarily meant for the SMB segment and were deployed at the
edge of the network and used for securing remote branches. There were doubts
that once different functionalities such as anti-virus, firewall, and IPS are
combined in a single box it will not perform properly. This was why enterprises
continued to use point solutions for many years. That myth is slated to be broken
as the UTM appliances have matured to the point where they are being widely
adopted by enterprises.
Take the case of Syndicate Bank, which has gone ahead with Fortinet’s 5020
series UTM appliance to secure its core banking application. Similarly Geogit
Financial Services Ltd is securing its main trading engine using a UTM appliance.
There are half a dozen other enterprises that are in various stages of evaluating
UTM to protect their core networks. Spice Telecom is planning to secure its
telecom infrastructure using UTM appliances. Punjab National Bank is also evaluating
UTM appliances to protect its core-banking set-up.
As per IDC statistics, the UTM market in India was worth $14.72 million in CY
2006, 23 percent of the overall security appliance market. There’s room
for growth as UTM appliance vendors attempt to make an impression upon the Indian
enterprise.
Meeting high throughput requirements
UTM appliance vendors such as Fortinet, Juniper Networks and SonicWALL are bringing
out high-end UTM appliance boxes that suit the requirements of enterprises.
Although many enterprises were using UTM appliances to secure their branch level
networks there is a shift toward securing data centres and other core IT infrastructure.
Vishak Raman, Country Manager, Indian and SAARC, Fortinet says, “The average
deal size with enterprise customers for high end UTM boxes is now touching more
than Rs one crore. Many UTM boxes are going into the core network of these enterprises
besides the branch offices. High end UTM boxes offer enterprise customers higher
throughputs to support a large data centre environment.”
Fortinet is offering UTM boxes, aimed at managed service
providers that give them the capability to offer virtual UTMs from the same
box (FortiGate 5001). Based on the blade architecture each blade can have 250
virtual UTMs and each box supports up to 14 blades. Such boxes are expected
to help Managed Service Providers (MSPs) as they manage the security infrastructure
of their customers.
Initially UTM appliances were confined to the SMB segment
because they did not have the throughput for an enterprise environment. With
enhancements and additional features enterprises are taking UTM to the core
of the network.
|
 "UTM
appliances can manage a 400-node network efficiently
and they offer enterprises greater
granularity of control"
- Prasad Babu
Director for Systems Engineering and Sales Operations, Juniper Networks
India Pvt Limited
|
Prasad Babu, Director for Systems Engineering and Sales Operations,
Juniper Networks India Pvt Limited, says, “Nowadays UTM appliances are
meeting the requirements of core enterprise networks. In most core environments
throughputs of over 200 Mbps are required and nowadays UTM appliances can manage
a 400-node network efficiently. UTM appliances are offering enterprises greater
granularity of control which is a must in a consolidated IT environment.’
Harish Chib, Vice President, Business Development, Cyberoam
says, “Nowadays UTM appliances are geared up for enterprises and can protect
hosted Web sites, Custom Web Applications and database servers hosted in data
centres. Any attacks such as buffer overflow, Denial of Service (DoS), un-authorised
access attempts can be controlled via UTM Appliances deployed in core sensitive
applications.”
SonicWALL, which earlier had low-end UTM boxes, with lower
throughputs now has plans to introduce high-end boxes targeted mainly at enterprise
customers who can utilise their higher throughput capabilities to secure the
core of the enterprise network. Shubhomoy Biswas, Country Manager, Indian and
SAARC SonicWALL, BV says,” Data centre operations demand higher throughputs
and since now many UTM boxes are designed to cater to higher throughputs they
are expected to find a place at the core of the enterprise network. Since many
enterprises had earlier been using low and mid level UTM boxes at their branches
and at the periphery level they are expected to adopt high-end UTM boxes at
the core of their enterprise as well.” SonicWALL will introduce the NSA
E7500, a high-end UTM box, to cater to enterprise customers by end 2007. Biswas
says,” The NSA E7500 will be a multi-core UTM appliance, which is specially
designed for enterprise class networks, and data centres, which will have the
capability to deliver enterprise class deep packet inspection without significantly
impacting network throughput. The UTM will deliver deep packet inspection and
application firewall for every packet and every protocol over every interface.”
At the same time a large number of enterprises that are going in for IT consolidation
want to consolidate their security infrastructure by using UTM appliances. Mahesh
Gupta, National Business Development Manager, Network Security, Cisco Systems
says, “There is an absolute need for consolidation and virtualisation of
security components in the core networks and in data centre environments. UTM
is helping enterprises answer these questions with unified management, resulting
in clear operational and financial savings.”
Bhaskar Bakthavatsalu, Country Sales Manager, India and SAARC, Check Point Software
Technologies says,” The security purchase decision for any enterprise is
based on mitigating security risks. There has been a move towards an extensible
and tightly integrated security architecture that is ready to meet numerous
security threats through UTM appliances that ensure productivity and business
continuity and also provide the ease of manageability and scalability of the
security infrastructure.”
| UTM designers are taking advantage of virtualisation
in a number of ways, as there are cases where the applications that combine
to form the UTM appliance were designed for different operating systems.
Virtualisation provides an alternative to porting by enabling each application
to execute in a virtual machine (VM) running its native operating system.
Designers can structure applications to pass packet and state information
in a pipeline configuration. Secondly VPN and firewall applications are
the first line of defence at the boundary of a secure network or sub-network.
A vulnerability exploited in one application may impact the entire UTM.
Creating independent virtual machines for different applications can effectively
partition and protect the appliance from systemic failure as a result of
a cascading malfunction. Finally virtual machines can form a secure barrier
between the operational and management components of the UTM. For example,
analysis, configuration and statistical functions executing within a separate
VM can maintain their own security and access control settings. A separate
management partition can also control live software updates to the UTM by
creating a new virtual machines. Once up and running, the virtualisation
features can aid in migrating the connections and state information to the
new software. |
UTM in the network core
|
 "The
throughput is good and there
is perfect interoperability between different functionalities in a UTM
box amongst each other"
- Atul Kumar
Assistant General Manager, Department of Information Technology, Syndicate
Bank
|
An enterprise running core applications cannot compromise
on security issues and will go to any extent to protect its IT network. That
is why standalone products will continue to co-exist with UTM appliances at
the core of an enterprise network. Atul Kumar, Assistant General Manager, department
of Information Technology, Syndicate Bank says, “We are using UTM appliances
both at the gateway as well as the core of our banking network. We found that
the throughput is good and there is perfect interoperability between different
functionalities in a UTM box amongst each other.” Moreover it is easy to
upgrade and add modules to a UTM box unlike the case with standalone systems.
Syndicate Bank’s core banking initiative links about 1,500 branches across
the country and four UTM boxes secure the core banking system at its data centre
in Mumbai and at its DR site. The cost of managing the system is now one third
of what it used to be with the earlier standalone systems. However the bank
has not done away with its standalone systems and they have been deployed at
less critical zones with the core of the network now being handled by UTM boxes.
Spice Telecom has also gone in for UTM boxes (FortiGate-300A systems from Fortinet)
and although it is not being used at the core of the network, the company is
using it to scan any incoming traffic mainly through the Internet and also on
its Intranet. All incoming traffic to its corporate office is secured using
UTM boxes. The scanning of inbound and outbound traffic results in throughputs
in excess of 300 Mbps. The company is impressed with the some recently introduced
high-end UTM boxes and looks forward to protect its core network at the data
centre using UTM boxes. Bhaskaran R, Senior Manager IT, Spice Communications
Limited, explains,” We found that the high-end UTM boxes which have been
recently introduced by some UTM vendors can provide us with higher throughputs
and can manage our 600 node network. We found that even some ISPs and MSPs in
India are using high end UTM boxes and this has instilled the confidence to
evaluate such boxes to secure our core data centre operations in the near future.”
Although Spice Telecom has felt that the high end UTM boxes will ease manageability
as it will get different functionalities in one box, it feels that it will not
bring in much change in its TCO as Bhaskaran says, “The subscription charges
of UTM are based on the number of nodes a enterprise wants to secure and the
prices are currently on the higher side. Although we can negotiate for a price
during the initial deployment, the subscription charges are on par with standalone
security devices which are equally expensive but the catch here is that the
ease of manageability through a single console is highly advantageous which
is what these UTM boxes offer.”
In another instance Geogit Financial Services Ltd is securing its online trading
engine using UTM boxes as it was finding it challenging to manage heterogeneous
standalone system. Geojit is running a FortiGate-800 box at its data centre
in Kochi to secure its network core. Geojit has a network which comprises of
VSAT links, leased lines, VPN, etc. All the branches are networked to the head
office in Kochi for online information dissemination and risk management. The
total number of transactions executed daily over the company’s network
is more than a lakh.
A culture of co-existence
Enterprises are however not doing away with their standalone
systems and they are not letting go of their best-of-breed single-function appliances.
A high percentage of them are purchasing UTM products to augment security within
the network core and best-of-breed solutions act as an extra layer of security.
The appeal of integrated UTM appliances has coincided with demand for higher
throughput. Many security devices apply checks to less than half of the available
bandwidth through the appliance. As the amount and types of traffic continue
to increase in the enterprise network, these appliances will need to support
higher packet volumes as well as peer even deeper into application-level protocols.
Kumar says,” Since we are a bank and security is of utmost importance we
did not completely do away with the standalone systems and decided to continue
with them but in less critical areas.”
Sunil Pillai, Business Head, Select Technologies, says, “UTM boxes have
not replaced point secu rity solutions completely in the enterprise segment
as there is a apprehension amongst them that if all the security threats are
managed under one box, how efficient can the box be to handle different threats
as each threat is considered to be a separate line and will the box give the
customer the same performance.”
|
