Managing IT security software and appliances isn't getting easier. Most companies operate under what seem to be ever-changing, ever-growing risks to their IT systems--whether it's denialof- service attacks choking network and application availability or a teenager from Estonia using MPack to crack their defenses. Then, of course, there are the typical worms, viruses and daily barrage of other "mundane" threats that have plagued companies for nearly a decade.
The conventional approach to defending systems has been to deploy dedicated security products at each layer of the IT infrastructure: network and application firewalls, intrusion detection and prevention sensors within the DMZ, and vital internal network segments. Also, content filtering is used on Web gateways to ensure that employees don't access forbidden or malicious Web sites.
Despite the best efforts of most enterprises, losses stemming from security breaches remain high. The average annual loss associated with security breaches reached $350,424 this year, up more than double from $168,000 in 2006, according to the 2007 Computer Security Institute Computer Crime and Security Survey.
To protect system availability and the confidentiality of private information, organizations spend three percent to 10 percent of their annual IT budgets on security.
In an effort to reduce cost and improve manageability, vendors began combining into a single appliance various levels of security defenses including network firewalls, virtual private networks, intrusion detection/ prevention systems, Web content filtering and anti-spam. Identified as unified threat managers, or UTMs, these devices initially were aimed at small and medium businesses, but their capacity and manageability have been increasing steadily.
UTM vendors include Crossbeam, Fortinet and Secure Computing, while conventional network equipment makers such as Cisco and Juniper also provide networking equipment with security capabilities built in. Cisco's 3800 integrated services routers, for example, include firewall, IP security, secure-sockets-layer VPN and intrusion prevention, and Juniper's ISG series provides a fully integrated firewall, VPN, and intrusion detection and prevention.
"A growing number of Fortune 500 companies are expressing interest in Cisco's 3800 UTM series, not for their core networks, but to manage the security and networking of their branch offices more easily," says Greg Shipley, CTO at security consultancy Neohapsis. "This gear has firewall, intrusion prevention and more built right into the router. So why not incorporate it as part of your normal network refresh?"
UTM appliance revenues for the first quarter of this year reached $271 million, up nearly 30 percent from first quarter 2006, according to IDC. The bulk of these devices will be the primary line of defense for small and midsize enterprises, and for larger companies aiming to ease security management and costs associated with locking down branch locations. "As to whether these devices are enterprise ready--that is, do they adequately protect the primary network perimeter?--the answer is not always clear," says Joel Snyder, partner at IT consultancy Opus One. "But there are areas in which they certainly can provide security and reduce complexity."
Richard Isenberg, director of security for CheckFree, would agree. "When the term UTM first surfaced, the technology was geared toward the low end of the market," he says. "But vendors have built more scalability and high availability into these devices. Still, you have to do your homework."
Ask Your Network Architect:
Are there firewalls, IPS sensors or other security technologies on your network that could be consolidated into single appliances?
Ask Your CFO:
Will the budget allow for devices that could reduce costs of securing and managing network traffic?