Secures what ails you

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Edmund X. DeJesus
 

Connecting state and local government leaders

By Edmund X. DeJesus

|

Unified threat management products can put a lot of your security tools into one, easy-to-manage package.

Unified threat management sounds like a miracle cure. Have security problems? Just use UTM for fast relief! Supports your security seven ways!The truth isn't much different. Agencies face multiple security threats: viruses and other malware, spam, phishing, intrusions, and more-sophisticated attacks.That's why UTM solutions include multiple components, including some combination of firewall, intrusion detection or intrusion prevention, content filtering, antivirus or anti-malware, anti-spam, and a virtual private network. They may also offer services such as bandwidth management. UTMs act on network traffic, including e-mail, HTTP and File Transfer Protocol.The original UTM solution was oriented toward small and midsize businesses with limited resources. These enterprises couldn't afford to buy multiple boxes to address each class of threat separately. They also couldn't support large IT staffs to handle security or babysit multiple boxes. UTMs provide a good security answer.Since that start, however, UTMs have surfaced in many other settings. Large enterprises frequently use them at remote sites that have limited IT staff ' and limited security concerns. They also find extensive use at the edges of enterprise networks.The usefulness for government agencies is similar. For small and midsize offices, including remote sites, UTM may be all the security necessary. For larger installations, edge and in-network use is common.'Determine what applications you will be running: firewall, VPN, intrusion detection or intrusion prevention, gateway antivirus, and so forth,' said Charles Kolodgy, research director at IDC and originator of the term 'unified threat management.' Using UTMs also reduces the number of systems that government agencies must support. Stacks of multiple components have evolved into integrated security appliances. Single-platform solutions are more attractive than multiple-platform solutions, from both security and support points of view.Manageability is important for a system being built at the Army's Dugway Proving Grounds in Utah. 'The network staff here is two people,' said Brent Martinez, president of Secure Network Innovation, which is installing the system. 'We appreciate that this solution doesn't require a lot of attention to run perfectly.' What's more, the reduced cost of a single solution is a significant inducement. As a bonus, finger-pointing by multiple vendors when problems occur is minimized with a single box handling all the jobs.The first step in selecting a UTM solution is to determine which threats you are most concerned about. For most agencies and departments, the priority is blocking outsiders from entering the network via the Internet. However, significant threats can also come from inside the network. If this is a concern, you'll want insider-threat prevention features. Going a step further, you may have multiple workgroups with different security levels at your facility. Solutions that provide virtual ' or physical ' separation of access between workgroups can help isolate threats and allow administrators to customize security.Most solutions protect based on pattern detection. They know, for example, what features of an e-mail look dangerous and what port probes are suspicious.However, identity-based security is an increasingly important concept. This means making decisions about what to do with data based on who sent it, not just the nature of the data.With UTMs, this means, for example, the ability to identify the origin of e-mail and recognize that it's not from a trustworthy source, regardless of how innocent the e-mail may seem. Identity-based security can also be more efficient: If you know a source is untrustworthy, you don't have to bother scanning e-mail originating from there.With all the jobs UTMs are handling, performance is a legitimate concern. Sure, you want to throw barriers in front of the nasty stuff that wants to get onto your network. But you also want legitimate traffic to get through without hindrance. Throughput is not so significant for ordinary office settings. But if your UTM is guarding access to a significant application or data source, speed is a major factor. Typically, hardware-based processing ' including application-specific integrated circuit acceleration ' is faster than software.Performance is one of the major concerns for the Dugway system. Martinez said dozens of isolated video cameras and other instruments feed images and data back to the network for analysis and through a Fortinet UTM appliance for security. Under such circumstances, a speedy solution is required to keep those bits flowing smoothly.You want the UTM to not only stop the intruders but also tell you about it. That's why reporting capabilities are important. You should be able to control the level of detail so you can track important indicators that will allow you to monitor trends in attempted attacks, possibly pointing to the need for advanced measures. There may also be a pattern of internal access from employees, deliberate or not. Many threats involve a wolf knocking at the door and an unwitting little pig undoing the latch.How security-specific is the UTM solution? 'Some UTM solutions are general-purpose boxes that happen to be running the client applications,' said Robert Whitely, a senior analyst at Forrester Research. The box ' and the operating system it's running ' may not be particularly secure. A computer running a conventional operating system is a computer subject to all that operating system's vulnerabilities. This may work for a lot of customers whose security needs aren't that demanding.However, federal agencies and departments often demand a more hardened solution. Many vendors offer nonstandard hardware platforms running proprietary solutions. For instance, Juniper Networks offers its ScreenOS operating system ' a far less obvious target for attack than, say, Windows or Linux. Selecting a hardened solution instantly improves the security of an agency's network.Obviously, any federal agency or department is required to consider certification issues. 'We had a stack of dozens of regulations to satisfy when we started,' Martinez said. Because UTMs serve multiple purposes, this means dealing with multiple certifications for a single piece of equipment. 'Most UTMs have industry certification for individual applications, but not for the system as a whole,' Kolodgy said.However, it's the second aspect of certifications that can sting you most. 'Vendors implement compliance at different levels,' Whitely said. This is a kind of marketing game that vendors play and of which you need to be aware. Don't expect vendors to be forthcoming about this information: You'll have to grill them to clarify their level of compliance.Because UTMs are often deployed at the edge of a network, agencies should give careful consideration to required changes for IPv6 that might catch them short. The federal government has specified that federal agencies must implement IPv6 ' the next-generation Internet ' on network backbones by June 2008. There is no special funding available for the transition to IPv6, so many agencies are using ordinary procurement for new or updated equipment to make the transition.To meet this deadline ' or any extensions ' agencies must ensure that UTM solutions are already IPv6-compliant. 'This will save them from guaranteed obsolescence,' Whitely said.As usual, agencies should scrutinize potential UTM solutions for scalability, reliability and integration with existing systems. Scalability is especially significant for growing agency offices that rely on UTM for their main security protection. Integration is also critical. 'How well do the security appliances handle networking?' Kolodgy asked. 'Most include routing, some can do switching, many have wireless access points, and some allow network printing and storage.'In short, many key considerations come down to how the vendor has implemented features: high-level or low-level compliance, hardware or software. Do your homework with vendors, and you'll find a UTM solution that will cure what ails you.

Unified threat management

Unified threat management appliances offer multiple security features, so you may need to combine multiple requests for proposals into one. Here are some questions to ask:

What is the setting for the UTM appliance? Does it reside on the edge of the network? At some remote location? Is it part of overall security or the only security? Each has its own advantages and disadvantages.

What features do you need? Decide on the features your agency's UTM systems must have, including firewall, intrusion detection or intrusion prevention, content filtering, antivirus or anti-malware, anti-spam, and virtual private network. The more you include in a box from a single vendor, the less finger-pointing you'll have to deal with. Also, will the UTM be replacing existing solutions? Remember that these multiple solutions should not replace existing firewalls and
antivirus protection.

What threats does your agency face? Are internal threats a problem? Does the UTM solution need to separate multiple communities?

How important is easy manageability? Do you need to minimize IT staff attention? If so, look for a system that caters to this environment.

What is the best way to detect malicious behavior on your network? Although pattern detection is customary to detect problems, identity-based security can eliminate attempted intrusions based on their origin, saving time.

Is performance an issue? If so, go with hardware-based processing, which is usually faster than software. Security-specific appliances are more secure than general-purpose boxes. Although it seems to run counter to commercial guidelines, hardened solutions often run on nonstandard platforms running proprietary operating systems.

What kind of reporting capabilities do you require? Is remote management possible? Do you want to use patterns to identify threats?

What are the government- and agency-required certifications for all the features of a UTM solution? General standards include CIPA, Health Insurance Portability and Accountability Act, Sarbanes-Oxley, PCI, Federal Information Security Management Act and Gramm-Leach-Bliley Act. Specific certifications include PIV or Common Access Card-based Defense Department PKI, DOD Directives 8500.1 and 8500.2, DOD Application Firewall Protection Profile, Federal Circular A-123, and DOD JITC-MoonV6 tested IPv6 security. Encryption standards include Triple Data Encryption Standard, Advanced Encryption Standard, Federal Information Processing Standard 140-2. Remember that vendors implement compliance on various levels, from software to hardware, and from component level to system level. Obtain specific information from vendors about the level of compliance they provide.

Do you need to be IPv6-compliant? Are the projects IPv6 compliant? If you work for a federal agency, you must implement IPv6 on network backbones by 2008, so look for IPv6 systems.

















Block that threat













Talk to me







Is it certifiable?








Future: Tense?





Unified threat management products







Secure Computing

(408) 979-6100

www.securecomputing.com 		Sidewinder Network
Gateway Security 		Self-defending firewall with most security functions in a single appliance, incorporates real-time, sender-based reputation scores from TrustedSource global intelligence service.
SonicWALL

(888) 557-6642

www.sonicwall.com 		SonicWALL Pro 2040 Rackmounted appliance providing business-class performance, optimized for networks of as many as 200 nodes or 50 network locations, with gateway, antivirus, anti-spyware and intrusion prevention.
SonicWALL

(888) 557-6642

www.sonicwall.com
SonicWALL Pro 4060 		High-performance gateway with enterprise-class firewall and VPN performance, gateway antivirus, intrusion prevention and anti-spam.
Symantec

(408) 517-8000

www.symantec.com 		Symantec Gateway Security Integrated stateful inspection firewall,
antivirus, IPsec VPN, intrusion detection,
intrusion prevention and content filtering, with multiport local-area network switch, router and Internet link protection with automatic detection and failover capabilities.
WatchGuard

(206) 521-8340

www.watchguard.com 		Firebox X Core e-Series Stateful packet firewall, VPN, proactive
zero-day attack prevention, anti-spyware, anti-spam, antivirus, intrusion prevention and URL filtering.


NEXT STORY: William Jackson | E-voting assurance efforts make progress

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.