Security Think Tank: UTM a key part of a well-rounded security strategy

Data breaches are a cyber security issue that simply won’t go away. If anything, they are growing in severity and complexity as organisations deal with the dual issues of criminals trying to harvest valuable personally identifiable information (PII) to sell on the dark web, and internal threats emanating from poor everyday security practices among staff that simply leave data vulnerable to theft, exposure and loss.

High-profile incidents such as the data breaches at clothing brand Under Armour and credit scoring firm Equifax are cases in point. These are just two examples of numerous data breaches in the past 18 months, and both share the same characteristic – they were worse than they needed to be.

Spending on the right countermeasures and putting them in the right parts of the network, to mitigate risk and reduce exposure, can reduce both the cost and reputational damage resulting from such a breach.

That cost is now reaching truly worrying levels. Ponemon’s 2018 Cost of a data breach study revealed that the average cost of a data breach has reached $3.68m, with each stolen data record costing an organisation upwards of $148 on average. Is it any wonder that, according to data from IDC, the global IT security spend in 2018 was $91bn, up 10% year on year?

Unified threat management (UTM) is one of the growing parts of that global security spend, as organisations look to a simplified and consolidated approach to bolstering data, user and network security. UTM tools are often packaged as ready-to-go network security appliances, intended to protect IT resources against combined security threats, including malware and attacks that simultaneously target separate parts of the network.

Moreover, UTM can be deployed either as an on-premise technology or as a cloud-based solution, lifting even more of the management overhead off the organisation. The latter is proving to be a popular option for smaller businesses, for example.

Using UTM to mitigate the risk and impact of a data breach involves employing a variety of tools under the wider UTM umbrella.

For instance, deploying a centrally managed firewall will go a long way towards securing the perimeter of an organisation’s IT estate. The oldest but most essential network security function, if configured and deployed correctly, a firewall will close off all but the most essential ports, reducing the number of attack points at the perimeter of the network.

In turn, data sources will face a lower risk – but not totally risk-free – of external unauthorised access. The organisation’s network will be more robust in the face of the exponential growth of devices and services connecting to it. Mobile devices, internet of things (IoT) devices and cloud computing services are prime examples of this growth.

A dedicated active firewall as part of a UTM deployment can reduce the risk of data breaches by providing a robust ring of protection. UTM firewalls can also offer advanced threat detection, such as intrusion detection and prevention (IDP), a form of intelligent traffic analysis that can trigger attack detection and prevention policies on rogue traffic, while still allowing legitimate traffic to flow freely.

In addition, the use of virtual private network (VPN) connections, managed through the same UTM platform, can protect an organisation’s network activity from unauthorised manipulation or eavesdropping. A VPN, as a virtual point-to-point hard pipe, provides a protected tunnel through which network activity can pass over the open internet, greatly minimising the risk of in-flight interception or manipulation of data and login credentials.

VPNs not only provide a secure way for external users to connect back to the core network, they can also provide a way to secure connections to wireless mobile devices and cloud services, reducing the number of security incidents involving these devices in the process.

web filtering is arguably the most powerful client-facing UTM tool that can be used to protect the organisation. By intercepting web requests at the point of initiation and using pre-defined and frequently updated whitelists and block lists of sites, an organisation can screen out and mitigate the threat posed by a significant proportion of phishing attacks, malware-infected emails and links, scams and other threats that could compromise user and data security.

The same applies with centralised antispam and antivirus solutions. A UTM-based approach to this provides a manageable and difficult-to-circumvent layer of data and file protection. It reduces the risk of data being compromised by malware corruption or ransomware hijacking, machines being disrupted by malware infection, and also by communications platforms being overrun by irrelevant and unwanted junk mail.

A centralised approach can counter any local client preferences or lapses in judgement and best practice. It can restore the messaging signal-to-noise ratio to a level where email is a net benefit to the organisation, rather than having inordinate amounts of storage space and end-user time wasted on junk mail, scams, threats and other security challenges.

All these aspects of a UTM system combine to provide a powerful and meaningful counter to malicious and inadvertent data breaches. However, it is not a solution that will prevent 100% of threats.

A UTM appliance or software platform combines many security functions into one solution, but it should still be part of a well-rounded security strategy that also employs user training and education, robust policies that are frequently re-evaluated and updated, and skilled practitioners to monitor and act when security challenges present themselves.