Author: Chino Barreto, Dayton Technology Group
February 2010
Contributing author: Krystal Kiser, Dayton Technology Group
According to the International Computer Security Association (ICSA) there are over 10,000 identified viruses with 500 new ones being produced on a monthly basis. With numbers like this it is safe to say that no computer user is immune from virus, malwares or other potentially destructive attacks. Some will even go as far as saying that is not if you are going to be affected by one of these attacks but simply when. On the average it will cost a single end user between $100.00 to $300.00 per instance and corporations between 10 to 150 times that every time a computer goes down due to an “infection”. It is alarming to say the least and for some even mortifying to know that all can be lost in a matter of seconds if not careful.
What can we do in order to protect us from being the next “victim”?
Well there are number of ways – the least of which is refraining from using your computer often and avoid the internet all together. Two options that aren’t realistic in today’s cyber dependent world. So we then turn to other solutions in the forms of software packages, firewalls, anti spam appliances, web content filtering devices, syslogs and other devices that even being expensive dwarf when compared to the cost of recovering from a downed computer.
It would be accurate to say that a few years back (even as early as 5 years back) true computer network protection was left to the major internet service providers or those companies with deep enough pockets to afford them. That was the case mostly because of the cost of the many different appliances needed to protect cyber assets. There was the firewall to prevent hackers from breaking into a network, anti spam boxes to protect from malicious or unwanted emails, anti virus software to protect against virus and malwares and even a web filtering device to keep those sites deemed un-needed or un-wanted from being viewed or accessed along with the cost of continued support and maintenance and the fairly large and specialized team of technicians to install and monitor it all. A much needed solution who’s cost over time only increases as new devices or software solutions need to be added due to all the new vulnerabilities being discovered on a daily basis.
Fast forward a few years and all that has once again mainly due to the now emergent unified threat management (UTM) systems that have been slowly making their way into the IT mainstream. UTM refers to a comprehensive network security product that includes protection against multiple threats. A UTM device will typically include a firewall, antivirus software, content filtering and a spam filter into a single integrated package. With a UTM device implementation the end user, large or small, has the ability to eliminate the use of multiple specialized appliances in favor of one that does it all. This cuts the cost of ownership, provides a quicker return of investment and opens up valuable rack space needed for implementation. All this without the traditional network performance degradation the older legacy devices can cause as they are added in a seemingly never ending chain of components. And that is just on the front end. On the back end the principal advantage of using a UTM is the ability these components have to adapt to the ever looming always evolving myriad of threats that a network can be exposed to in the modern day environment. The end result being the ability for an organization to have their system tailored to address them all from an individual deployment perspective.
There are several UTM device manufacturers to choose from in the market place. All have their merits with some more than others. The one thing to keep in mind is that no single offering will work in all possible network environments. It is up to each user to do the research as to what will work best for their specific circumstances. The technology is very complex but the implementation is usually simple and straightforward. First, gauge the total actual network throughput needed for the number of users on that network (keep in mind the total throughput of a particular device is affected by the way the different filters are applied to the required traffic). Then factor in the cost of licenses needed for the different desired features you are looking at (most have a base renewable license in order to utilize a service – some will require additional licenses after a certain number of users is reached – lastly, some will also charge extra for VPN, VDOMS and VLAN implementation). Finally, look at the actual physical requirements for your deployment before making the final decision (of particular importance is rack mountablility, operational noise levels and temperature thresholds). This simple 3 step approach will allow you to narrow down the choices to a more manageable field and minimize confusion due to advertising hype and overrated specifications which will result in long term deployments with significant return on investment in the form of reduced costs of ownership over the life of device implementation. .
Sources:
Cisco
Fortinet
ICSA
Trend Micro