Maksim Kabakou - Fotolia
Security Think Tank: Focus UTM capabilities on security and business needs
How can organisations best use unified threat management tools to help stem the tide of data breaches?
Navigating the plethora of security products on the market to select the right tools to protect your network from attack can be a daunting, time-consuming and costly task. Increasingly, the choice is between multiple tools to provide a range of different capabilities and a single solution that integrate the same capabilities into one platform.
A unified threat management (UTM) system fits into the latter trend, bundling a number of security functions into a single, centrally controlled system to simplify the management of technologies required to combat threats to your organisation.
The services offered by a UTM system typically include network firewall, antivirus, anti-spam, intrusion detection and prevention, content filtering and virtual private network (VPN) support. Depending on the given system, other functions may also be offered such as data loss prevention (DLP), sandboxing and endpoint security.
There are several advantages to simultaneously running all these services on the same platform – ease of use, less administrative overhead and potential cost savings being the most obvious.
In addition to the convenience and efficiency of configuring, managing and monitoring a single system, a UTM system provides enhanced visibility and protection. Rather than managing a patchwork of isolated point solutions, the same functions are consolidated into one system that can apply policies consistently across each and correlate information to provide comprehensive insight into threats from a single pane of glass. Equally, response to threats that target different parts of the network can be managed from the same console.
Yet the very same feature that enables UTM to provide a layered, unified approach to detection and prevention of threats can prove to be its downfall – a single, integrated platform can also serve as a single point of failure, causing multiple services to go down. To mitigate this possibility, organisations should supplement UTM with a secondary or standby service, or otherwise ensure their UTM system is supported by redundant configuration.
Emma Bickerstaffe, ISF
To optimise the potential of a UTM system, organisations need to determine which of its functions to enable with reference to the threats faced by the business and whether the respective functions offered by the UTM system meet security and business requirements.
Consideration should also be given to the capacity of the UTM supplier to add new functions and improve the functionality of existing ones as threats evolve. The performance of the UTM platform should be tested prior to adoption to ensure it has the capacity to handle the loads, which existing and new features can generate.
Initially, UTM systems were designed primarily for small to medium businesses, but suppliers are increasingly promoting UTM as a viable and beneficial option for large enterprises. Regardless of your organisation’s size, there are several factors to evaluate when determining if adopting a unified threat management system or running dedicated, individual security tools is the most effective approach to mitigating data breaches.