Leading-Edge UTM: What C-Level Execs Need to Know

As the complexity of cloud technologies and the adoption of mobile devices on corporate networks continue to grow exponentially, keeping users and data protected from a variety of security threats is now a mission-critical undertaking. Corresponding advances in Unified Threat Management (UTM) technology gives C-level executives a variety of options for managing multi-platform threats under a single pane of glass. UTM covers more than traditional core networks and applications. These tools also push threat monitoring to the edge of your network, also covering wired and wireless connections.

Given the sophistication of UTM products on the market, you no longer need a team of security engineers to actively - yet manually - monitor network threats. Comprehensive UTM tools are available to protect all computing platforms, applications and infrastructure components under a scalable threat management umbrella. UTM can be implemented via physical UTM appliances, virtual UTM appliances, or by combining the two. UTM service subscriptions are also available from some vendors.

UTM Offers Single-console, Converged Security

The "U" in UTM refers to a unified or combined threat management approach that manages and monitors security for applications, load balancers, firewalls and antivirus, anti-spam and intrusion detection systems. Cutting-edge UTM products offer an approach that converges security capabilities for servers, desktops, laptops and mobile devices into a single physical or virtual UTM environment.

One stated goal of UTM is the ability to enforce all threat management services across any device type while uniting data within a single interface and underlying database. This unification of threat data allows for correlation of threats, the capability to monitor UTM service level agreements (SLAs) and combined reporting from a single dataset.

[Feature: 10 Top Information Security Threats for the Next Two Years ][ More: Symantec Lays Out Advanced Threat Protection Roadmap ]

If your current UTM strategy relies on disparate, unintegrated software to protect different platforms, operating systems or applications, your IT department may be exposing your organization to significant increased risk. There's a chance that, when real security threats occur in your environment, your technology staff might not recognize the scope or severity of those threats because they can't easily correlate UTM activity across multiple security tools.

A single, logical view of your overall security environment and posture enables such correlation - and it promotes comprehensive, all-encompassing security policy enforcement. With that in mind, finding a solution that gives UTM protection to all your devices, networks, applications and platforms is key.

For instance, let's say you have threat management software that monitors mobile devices on your network, with a separate antivirus and anti-spam tool for managing email. If an infected attachment to an email introduces a threat that begins to adversely affect users' mobile devices, your security team might not make that correlation without integrated software covering both platforms. Integrated UTM software greatly increases the chances that concurrent threats can and will be correlated, either manually by your staff or, preferably, by the UTM software itself.

How to Deploy, Provision and Support UTM

As with any enterprise-capable software package, the ease of deploying, configuring and managing your UTM solution is a paramount consideration. For agent-based UTM solutions, look closely for the technique(s) used for distribution of the UTM agent. Avoid UTM solutions that require an explicit user action to initiate the agent installation process to fully protect computing platforms. Most users won't or can't follow such directions because they neither see nor appreciate the importance in having UTM protection on every device on the corporate network.

[ Analysis: The BYOD Mobile Security Threat Is Real ][ Also: 7 Enterprise Mobile Security Best Practices ]

Many users feel so empowered by bring your own device (BYOD) policies that they mistakenly believe that the security of their tablet or smartphone is solely their concern, not the company's. Dissemination of clearly defined policies for user interaction with UTM software can partially alleviate this reluctance to abide by stated policies. For the rest of your users, you may need to blacklist unprotected devices to prevent those users from accessing company resources from their mobile device - unless, of course, they follow all guidelines for protecting company resources.

With most companies now supporting a mobile workforce, remote management and provisioning of UTM software becomes essential. For UTM solutions that require an agent to be installed on each server, desktop, laptop, smartphone or tablet, look for a tool that can automate the installation of those agents on devices targeted for UTM management. Though many companies are leery about consuming local computing resources required to run a UTM agent on each device, agent-based UTM management allows in-depth monitoring of threats, as well as the ability to make configuration changes remotely to devices being managed. These are essential ingredients to ensuring successful security regimes.

As UTM tools monitor the network from a lofty, network-wide perch, application management and control becomes critical to UTM. At first glance, this might appear to fall outside the purview of UTM tools - but considering that companies rely on applications to provide mission-critical services to their users, application management takes on special significance.

Examples of mission-critical applications that must fall under the UTM protection umbrella include email, Web servers, Web apps, mobile apps and the UTM software itself. Considering the network-wide scope of a ubiquitous UTM solution, UTM tools must also be able to monitor themselves to fully protect corporate applications from intruders, viruses and other malware. Be sure to insist upon this capability in your UTM candidate solutions as you evaluate contenders to protect computing assets.

[ Analysis: CIOs Look to Adaptive Security in Face of Evolving Threats ][ Tips: How to Test the Security Savvy of Your Staff ]

Just as most applications have moved or are moving to cloud-based services, several vendors offer UTM software as a subscription, rather than as physical or virtual appliances for outright purchase. Subscription pricing makes an attractive alternative, as it conserves capital budget while simultaneously offering free support and upgrades for the life of that subscription. Subscription-based security services may include physical devices, virtual devices, cloud-based threat management or a combination of all three. In any form or shape, though, a subscription boils down to a monthly fee.

Some UTM Tools Also Cover Device Management

In addition to dealing with UTM threats, some UTM appliances and software also offer device management options such as software asset management, hardware inventory, application performance monitoring and Web filtering. Once again, you can include them in your criteria when evaluating UTM tools. Licensing costs, infrastructure platforms and administrative overhead will all be lower if you can find a single platform that meets all such requirements.

Top-rated UTM solutions include UTM products from Sophos, Cisco, Fortinet, Palo Alto Networks, Smoothwall, Dell SonicWall and WatchGuard. Some of these companies have been in the threat management business for many years; others are relative newcomers. Develop a requirements list for your UTM evaluation and perform an objective analysis of each vendor under consideration.

Once you conduct an initial evaluation of tools that meet your criteria, you can then create an officially sponsored project to bring each solution into your development or test environment for further examination and verification. Only then should you start considering one particular tool.

Earl Follis has worked as a technical trainer, technical evangelist and network administrator. He's also the co-author of numerous books, and his primary areas of technical interest include networking, operating systems, cloud computing and unified monitoring. Ed Tittel is a full-time freelance writer and consultant who specializes in Web markup languages, information security and Windows OSes. He is the creator of the Exam Cram Series and has contributed to more than 100 books on many computing topics.

Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.

Read more about security in CIO's Security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags Unified Threat ManagementUTM managementsecuritymobile securityciscoTechnology TopicsUTM toolssophosDellUTM environmentTechnology Topics | Security

More about CiscoDellFacebookFortinetGooglePalo Alto NetworksProvisionSonicWallSophosSymantecWatchguard

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Earl Follis and Ed Tittel

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place