RealTime IT News

Old UTM is Still New in Network Security

They'll always be with us in the wooly corners of the Web: attackers bent on breaking your network system, stealing your data, pilfering funds, or letting their fingers do the walking through your e-mail and IM threads.

Research firm IDC, in its security trends forecast for 2006, said chief security officers, as well as other executives whose job it is to evaluate risk, must account for the broadening scope of emerging threats. At the same time, it warned that many organizations are simply unprepared to handle such multi-layered threats, even if they are aware that the sophistication of attacks is increasing.

IDC's numbers show that some of the major security challenges to manage are: wireless devices used in enterprise network configuration management; senior executives that don't make security policy a priority; a patchwork approach to security policy; an always-on environment with an increasing volume and complexity of network traffic, followed by the one nobody wants to talk about: budgets too small to meet enterprise security needs.

Small wonder that companies are looking for the equivalent of a Moss-Covered Three-Handled Family Credenza to help fix the mess.

That might help explain why Unified Threat Management appliances, or UTMs, are still a big trend this year, after breaking out in 2005. At the same time, all the major security vendors (hardware and software -- Symantec, Cisco, Microsoft, Checkpoint and Juniper, to name a few), are gearing up with similar forms of UTMs in the form of Network Access Control systems.

iPolicy Network's products may help explain why UTMs are hitting a sweet spot with customers. They combine firewall, intrusion prevention and URL filtering functionality all within a single appliance.

This helps system administrators enforce security policies for over 500 intrusion prevention firewall appliances across an enterprise network. For multi-national customers, this is a huge challenge.

iPolicy's differentiator - or secret sauce you might say, is a technique it calls Single Pass Architecture, which examines packets up and down the stack -- from layer one through layer seven , but only once. In this way, it's not slowing down the network while in search of dodgy packets.

When an organization needs to enforce a crazy-quilt of real-time security processes and keep the apps performing with blazing speed, speed matters.

How fast a sniff? iPolicy claims that network security managers can maintain the performance of their high speed networks from 100 megabits to 4 gigabits per second, while mitigating DoS/DDoS  attacks, blocking worms and Trojans, stopping blended threats and preventing undesirable content from entering the network, attacks that readily penetrate conventional firewalls.

The product lines are geared for all sizes too: carriers, network wholesalers, enterprises as well as small to medium-sized businesses.

Arun Chandra, president and CEO of iPolicy, said the scalability of the offering is what many customers find critical.

"Enforcement is distributed, but management is centralized," he told internetnews.com. That means you don't need to bring all the security with you; the management system gives you a wide level of corporate control.

"You have to be able to empower your local level security managers, so what we do is have a co-management technology, where the location managers can also co-manage the same security profile," Chandra said.

Scott Montgomery, vp of product management for security firm Secure Computing, said UTMs were all the rage in the late 1990s. Firms such as Network Associates offered products with lots of moving parts for a proactive approach to network perimeter security.

But tech buying decisions were also very different in the late 1990s, lest we forget the go-go, dot-com boom years as well as the Y2K code remediation craze leading up to the millennium. Budgets were loose, and "there was no such thing as a premium on rackspace, or co-locations" for that matter, Montgomery added.

"I also think that, although the execution of the idea was poor from a multi-product suite idea back then, the fundamental idea wasn't bad. That's why you're seeing UTM devices" streamlined for today's challenges: space and budget mostly.

The UTMs have to easily integrate with the legacy stuff. Thanks to service oriented architecture and extensible architectures, they can.

The devices also dovetail with another trend Gartner sees with deep packet inspection, intrusion prevention system (IPS) technologies and network stateful firewall technologies. They make up what Gartner calls the Next Generation Firewalls (NGFW).

If you're a vendor with network-level firewall capabilities and deep packet inspection in an integrated product that continuously provides new features to answer new threats, you're ahead of the curve, Gartner said.

Even a year ago, IDC reckoned that UTM market revenue would exceed standard firewall/VPNs sales at a compound annual growth rate of about 70 percent and hit $1.9 billion by 2010.

So although the current rise of UTMs may feel a lot like a 2006 version of the late 1990s, Montgomery added, "these ones actually work."