In the last UTM shootout we did, exactly a year back in September 2008, we
found that most features were common across UTMs. Actually, there were less
differences in features and more in technologies used. Basic tools such as
anti-virus, anti-spam and anti-spyware were common on all UTMs, but features
like caching, VPN, high availability were less common. High-end UTMs like
Cyberoam's CR 1500i could handle 10,00,000 concurrent connections and is no less
complex than a high-end data center server. Most high performance UTMs come
bundled with multi-processors providing tremendous processing power and huge
storage space. We even tested one with a quad-core CPU and it proved to be a
real performer in tests.
So, does buying a high-end UTM really alleviate all your concerns? Before
buying a security solution you need to figure out your organization's
requirement and then choose the best solution for it.
The trends we saw last year and continue to see even now that IT managers are
buying UTMs that primarily aid in monitoring and reporting. They have become a
major tool for supporting security audits, by providing structured access and
security of data. This in turn strengthens an organization's case for different
security compliances such as HIPPA, CIPA, BS 7799, etc as they would be using a
reporting and monitoring tool with additional security functionality. If the
main anti-virus appliance fails at the gateway they can use this as a failsafe
option.
Apart from UTMs there are various other security solutions available. For
stopping spam, you can have dedicated appliances. Such appliances are suited to
large enterprises where the number of users is large and security of data is a
prime concern. Similarly, if you want to have a secure branch office connection
or a remote user connecting to head office, having a UTM would make sense.
However, if the number of concurrent connections is large, then having SSL-VPN
appliances would make more sense.
Services on Cloud
Cloud Computing is getting hotter each day, but the technology behind this
is nothing new. For details on what it is and how one can deploy Cloud Computing
visit http:// tinyurl.com/ lrshbnasp. There are security solutions available on
the cloud which one can use on pay-as-you-use basis. Let's take a simple
example. You have a mail server in your enterprise, but lack an anti-spam
solution. You can buy an anti-spam appliance but does that really make sense.
Yes, it does for a large enterprise but for others it might not. You need to be
aware of the bandwidth requirements and the ability of the appliance to handle
the load. So one should subscribe to an anti-spam solution deployed on the cloud
and not care about the hardware or software being used. The billing is done
based on usage. There is a free anti-spam solution deployed on the cloud called
Safentrix. If you want know more about it and how one can integrate it to the
mail server then visit the link: http://tinyurl. com/nhd97q.
End-point security
Next is end point security, the anti-virus or anti-spam solution deployed at
the user's desktop. For enterprises, vendors like Symantec provide an end-point
security solution which costs less as compared to buying a single user license
for all users. By just deploying a gateway level security solution, threats
generated within your enterprise can not be controlled. One of the ways in which
security can be compromised is by transferring data through USB drives. For such
threats, there should be a mechanism to alert the administrator about an attack.
There are devices that can be plugged into a network to monitor it for malicious
activity. And as soon as a threat is detected, the device notifies the
administrator about it. The licensing of these devices is quite interesting. You
can buy a device and place it on the network for continuous monitoring or you
can rent it for a couple of months to scan your network and neutralize all
threats.
Information no longer resides inside the four walls of an organization, given
the business outsourcing scenario. Any leakage of information can cause you to
lose not only money but also credibility. So, apart from securing PCs from
viruses, spyware, etc it very important for an organization to defend against
all vulnerable ends. And this is now becoming a big concern for many
enterprises. Data loss protection or DLP is the term used to describe the theft
of sensitive or critical data from an organization. However, there are number of
ways to solve this issue. But before that, you first need to figure out the
amount and type of data your organization wants to protect. This might comprise
an organization's strategies, client confidential data, etc. Such data can get
stolen only if someone tries to copy it to a portable media or send it via
Internet to a third person. To steal data one needs the right to access that
data. The most common solution to this problem is to stop users from carrying
portable media inside the organization. The other measure an organization can
opt for is to block all ports on a user's system. The second method seems to be
pretty practical, because even if someone gets inside the premises of your
organization with the intention of stealing data, he will not be able to connect
to the system. The third option is mail server configuration. The IT manager can
configure the mail server in such a way that any mail that comes with an
attachment shall be blocked.
The issues are endless when it comes to DLP. Even if you block the port and
scan all emails that go out of the organization, one can still use a third party
email service provider, for example Gmail. This would make you think of blocking
the Internet itself. But such a solution would work only for organizations that
mostly work offline. So what solution should one opt for? There are couple of
vendors who offer customized solutions for such organizations.
Enterprise policies
The most important aspect is to clearly define a policy and stick to it.
However, security solutions alone aren't enough. You also need well-documented
security policies, and moreover you need to conduct regular assessments of your
network. Having a written policy is always a good idea and we can't stress
enough on its importance. But even more important is to visit them regularly and
keep updating. For instance, consider a scenario where despite having a
documented policy you keep getting recurring security threats. In such a case,
you need to find a solution to the threat and update your security policy
defining how to combat it in future. Besides documentation, you also need to
conduct regular assessments of the security of your network. Since your IT
infrastructure isn't static, do not expect your security requirements to remain
the same. Security threats are increasing, and so is your IT infrastructure.
Beyond a certain point, even policies and re-assessments may not work. That's
where you need to start exploring security standards. Today, two key standards
exist for information security. These are BS7799 and ISO27000 series. There are
quite a few organizations that haven't deployed these standards. Amongst the
two, the ISO standard is more popular.