Law firm security gets positive verdict with UTM device

Deploying a UTM device, while not a panacea, can aid information security efforts from many angles, according to one law firm security officer.

Like most law firms, Guildford-based TWM Solicitors LLP deals with a lot of confidential information, and as it comes to rely increasingly on its IT systems to operate efficiently, information security has assumed a high priority.

The firm has six offices across Surrey, and its fee-earners are often working remotely while still needing access to office services. For law firm security chief Alan Barrett, who joined as head of IT at the firm five years ago, the challenge has been to deliver flexible IT services while also ensuring information is handled properly and not exposed to the wrong people.

When he arrived, the company was running WatchGuard Technologies Inc. firewalls for network security, but the devices were limited in what they could do, and coming to the end of their natural life. "They were standard layer three and four firewalls, so they couldn't handle application security," Barrett said.

This gave him the chance to look anew at how information security was practiced at the firm, and to introduce new measures for application control and data leakage prevention.

He wanted to replace the WatchGuard devices with a product set that had a more complete set of functions yet wouldn't place an additional administrative burden on him and his small team; this led him to consider unified threat management (UTM) products.

He talked to a range of potential vendors, including Cisco Systems Inc. and Check Point Software Technologies LTD. "We got into conversations with suppliers at [the Infosecurity Europe conference], but a lot of the companies didn't understand what we were trying to achieve," Barrett said. In the end, he decided to go with the FortiGuard product line from Fortinet Inc.

Fortinet agreed to lend TWM a system for a pilot project to help Barrett make a business case to the senior partners of the firm. "I had communicated to the management the benefits of putting it in, but [they said] there was no budget for a UTM device at that stage," he said. Nevertheless, even without a commitment Fortinet allowed him to install the FortiGate-310B appliance, with modules for antivirus, intrusion prevention (IPS), data leakage protection (DLP), Web filtering and VPN (IPSec and SSL) to use as a demo.

The DLP functionality made a big impression on the decision makers. Barrett demonstrated how easy it would be, for example, for a member of staff to send out confidential information, whether by accident or design, and how the FortiGate device would flag and prevent any policy infringement. That capability swung the decision and the firm's management approved the purchase.

Web filtering and Web 2.0 security
Today, eight months after the UTM implementation, TWM applies quite granular rules to determine who can view which kinds of websites. At its most basic, the Web filtering functionality is used to promote productivity by preventing office staff from surfing the Web or visiting social networking sites. Barrett said the application control feature of the FortiGate appliance also allows the company to block access to various types of activity, such as instant messaging, P2P, proxy avoidance, website chat, streaming media and many others.

On the other hand, some solicitors need the freedom to view sites that would normally be considered off-limits "We run divorces that can sometimes be unpleasant, and the fee-earner has to look at some unpleasant websites," Barrett said. "With FortiGuard, we can do different categories of blocking for different users."

Remote working
When the firm's solicitors are out of the office and need to access systems from any browser-based machine, they use the SSL VPN function. "Fortinet's integrated Java RDP client allows them to securely access the terminal servers without the need for complex client installation procedures," Barrett said. "It allows them to use our systems in almost the same capacity as if they were in the office."

For those members of the firm using BlackBerrys when out on the road, their browsing is also routed via the Fortigate appliance, partly in order to maintain policy and partly to keep down costs.

Policy management
The UTM approach has delivered real benefits, Barrett said, namely combining robust information security features with management simplicity: "In the past we would have individual systems to do IPS, Web filtering and so on, but now it's all in the one box."

Barrett said there is a balance between control and performance when setting policies; Complex rules can consume a lot of processor power. "With Web filtering and DLP we have set up what you might call sensible alerts. If someone sends a 100Kb file via FTP, then it's probably all right," he said. "If someone sends a 100Mb file, then alarm bells should go off."

Read more on Hackers and cybercrime prevention