WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Three years ago, the $879.4 million electronic bill payment and presentment provider CheckFree was in hypergrowth mode. "Our infrastructure was constantly getting overwhelmed," says security director Isenberg. The company kept adding appliances, servers, firewalls and intrusion detection systems, but the management burden "grew immense. It just wasn't scalable," Isenberg says. Eventually, CheckFree had amassed 20 separate intrusion detection system sensors, 20 switches and 26 firewalls.
The firewall and intrusion detection system architecture became so cumbersome the company couldn't get the throughput it needed. "We just couldn't keep up," says Isenberg. So CheckFree went seeking a high-availability, unified solution.
The search culminated in deployment of "We had to do more to protect our environment. We were getting attacks, and as soon as we cleaned one, another virus hit."
Crossbeam's X-series, which combines firewall and intrusion prevention capabilities. "We saw that we could consolidate all those boxes into only seven chassis," Isenberg says. The move also solved the longer-term challenges of the company's scalability. "Today, if we start to experience growth, we no longer have to add appliances and devices. We just add the blades we need. No cable moves, no change control, not another failure point added to our network."
Another benefit: There are now fewer systems to patch, upgrade and manage. "Each device was a separate console, so CheckFree had to add people continuously to manage," Isenberg says. Overall, savings came to about $194,000 a year, with a capital return realized within three years.
Whether unified threat management appliances prove powerful enough to serve as your primary network defense, as they do for Cook County and CheckFree, they can help most organizations cut operating and management costs, reduce points of network failure, and trim software licensing and maintenance fees.
Before making the move, it's essential to determine where UTM makes the most sense for your organization, based on volume of network traffic and potential security technologies to be converged. Experts say the performance demands of larger businesses may be too much for UTM appliances to handle, despite published vendor performance specifications. "You absolutely have to test these devices with your specific network conductions and the exact modules--antivirus, intrusion detection and prevention systems, content filtering and so on--to get a feel for how it will operate in your environment," says Joseph Blankenship, director of marketing at security services firm Vigilar.
During the evaluation, you'll see whether or not the UTM appliance can handle the demands of being the primary line of defense for your network. "Some of these products come with huge performance hits," Snyder warns. "You may get a new IPS signature and all of a sudden performance goes to hell." The reason: Vendors that specialize often provide better results. "IPS vendors will tend to do a better job at developing signatures than vendors who do many things," he says.
Adds Neohapsis' Shipley: "Many large enterprises won't move to UTM for their main network because they have the resources to maintain best of breed. But that changes when looking at the price, performance and benefits equation for remote offices, where these devices don't pose a performance problem and provide good security."
Before any move to UTM, experts suggest evaluating the following attributes carefully: dnetwork traffic performance demands; deffectiveness of the intrusion prevention system (nothing is worse than too many false positives or negatives), to provide for failover and high availability;
VPN capabilities for secure site-to-site access manageability.
"You want aggregated manageability; you don't want to have to log into multiple devices individually to apply changes or updates," says Sonnenschein's Hansen, who ranks manageability high on the list. "That defeats the point."
Ask your CSO:Can a UTM appliance serve as your network's primary line of defense?
Tell your network architect:
Consider adding UTM appliances, or network routers and switches with built-in security, into network equipment refresh plans.
"These devices take 15 minutes to configure and to integrate into your console. It takes us more time to get the paperwork done and stage the box than to configure it ."Can a UTM appliance serve as your network's primary line of defense?