The security industry does a great job scaring its customers. We talk about threats becoming ever more threatening. The perimeter dissolving. The plethora of risks from inside and outside the company. Villains trying the defenses. It’s all a bit scary, as it should be.
If we’re right, which we think we are, there’s really just one way to deliver the protections needed: as a platform. The security industry is fundamentally a cat-and-mouse game. Historically, protection has gotten better, attacks have been fended off, but villains continue to get smarter, new attacks emerge and result in damages, and the cycle continues and never ends. The air-tight protection of yester-year becomes as leaky as a fish net. How can we deliver true protection and keep up with the cycle?
Here comes Security as a Platform (SaaP). It has three elements:
This SaaP defines WatchGuard’s approach to unified threat management (UTM). We focus on building the best platform so we can introduce new, world-class security services quickly. We have a friendly and uniform management framework that allows all security services to work together and provide reporting data seamlessly. And, our platforms have sufficient head room so as we add new services you don’t need to upgrade hardware. But, if you do need a bigger box due to other growth factors, everything is compatible for easy upgrades.
On the surface, WatchGuard looks just like a standard multi-function box. Underneath, it packs uncompromising world-class security services and unparalleled performance. We can make this promise because of how we’re architected.
What should you do if you’re thinking of upgrading your gateway security? Here are some tips to consider when evaluating vendor solutions:
Coined by IDC analyst Charles Kodology in 2003, the term, UTM, or Unified Threat Management applies to multi-function firewalls that combine many security technologies into one easy-to-manage appliance. Today’s UTM appliances typically consolidate firewall and VPN capabilities along with URL filtering, spam blocking, intrusion prevention, gateway antivirus, application control, and a centralized management, monitoring and logging function. Traditionally, these discrete functions were handled by multiple point solutions. The multi-layered security approach of UTM appliances provides broad protection against all kinds of network threats.
So now you’re in the market for a smart UTM system that can deliver broad protection, but what to look for… A UTM appliance can vary significantly from vendor-to-vendor, which can only make an accurate evaluation somewhat cloudy. While UTM security vendors may seem to offer a similar checklist of core technologies and features (firewalling, IPS, etc.), when evaluating vendors, recognize that there is enormous disparity between UTM solutions in the following five critical areas:
1. Quality of the features/capabilities. The most prevalent approach among UTM vendors is to rely primarily on homegrown technologies for their gateway AV, URL filtering, application control (if they have any), anti-spam, and other security services. However, we believe that no single company will ever be able to adequately research and develop the best technology for each discrete security problem. A shortcoming of the homegrown approach to multi-layered security, is that these UTM vendors end up producing a watered down security solution at each layer. We believe this practice contributes to the reluctance of some organizations to even choose a UTM solution for their security. It’s also why we here at WatchGuard use a best-in-class approach to delivering the smartest UTM appliances available; integrating the leading technology provider for each security layer – Websense for URL filtering, Mailshell for anti-spam, and so on.
You’ll also want to be sure that your account for security needs if you’re working in a virtualized environment. As Neil McDonald of Gartner said, “…Unless you put virtualized security controls—virtual sniffers, virtual firewalls, all the same controls you’d use on a physical server, inside that network, you don’t see what’s going on.”
2. Security performance or UTM performance. A high performance packet throughput device, even one with custom ASIC processors, can fail over when a full suite of unified threat management tools are enabled. Many security vendors who freely tout their raw throughput numbers are not so quick to publicize their UTM throughput numbers— the performance of the firewall once all the UTM security services are turned on. Once you activate the UTM security functions—such as those necessary for PCI DSS compliance (AV, IPS, etc.)— the performance evaporates in many competitor firewalls. By the way, our UTM performance is up to 3 times faster than UTM performance from most of the other vendors.
3. Manageability and ease of use. We see it all too often with competitor solutions–poorly integrated management processes needlessly introduce complexity to administration. Improperly configured gear undermines security. Why not just make a security solution that’s as easy as possible for administrators of all skill sets to manage. One that provides state-of-the-art centralized management capabilities and innovative ease-of-use technologies, features that help administrators:
Something to also consider when evaluating the manageability of your UTM is whether there are premium charges for certain functionality that should be provided as standard options. Look for simple, easy-to-use management in your UTM appliance.
4. Flexibility. Security vendors differ conspicuously in the flexibility of the solution they market to customers. For instance, some UTM products can only add security services by physically bolting on software cartridges, or blades. Such an architecture only provides a limited number of slots for which to add in security services, forcing you to tradeoff one security function for another when enabling UTM capabilities. We believe lack of flexibility is a serious shortcoming of many of the competitor firewall solutions on the market. Many UTM/NGFW vendors have taken a short-sighted route of designing a security appliances to tackle only the threats of the current day.
Flexibility should also extend to ownership. Through firmware updates and software upgrades, UTM customers should be able to boost security services, subscriptions, and capabilities on the fly, without ever having to swap out hardware—further extending the life of the appliance. UTM appliances should also have a high degree of network systems interoperability. This way, regardless of the network topology mix (Cisco, Juniper or other), your UTM appliances will provide maximum interoperability.
5. Reporting and Visibility. Network visibility and security go hand-in-hand—and when it comes to achieving regulatory compliance (PCI DSS, HIPAA, CIPA, etc.), auditability is required. So, why would a security vendor not include visibility and reporting tools? Yet, many vendors charge extra for these capabilities, often requiring purchase of a separate product just for reporting.
Network security poses one of the most preponderant challenges confronting organizations today. Spyware, spam, viruses, Trojans, web exploits, and blended threats evolve and spread with alarming speed and regularity. Moreover, the emergence of new business enablement technologies exposes new attack surfaces. We see it with the growth in IP networks and proliferation of web 2.0 applications, devices (BYOD), and web technologies in the workplace. We see it with increasing reliance on cloud-based infrastructures (SAAS, PAAS, IAAS). Along with the exciting potential to cultivate work efficiencies and business opportunities, these technologies also generate more potential headaches for IT administrators.
Boosting your network security solutions with a UTM appliance is smart! Ensuring these five UTM appliance traits are part of your UTM appliance selection is even smarter. Also be sure to check out our whitepaper – Defining, Evaluating, and Designing Best-In-Class Network Security.