In this second blog of our three-part series on cyber security, we talk about the benefits of UTM, or unified threat management.
While last month’s post on end-point protection highlighted how mobility, more dispersed office locations and the boom in cloud applications have created more points of infiltration, this month we talk about how organisations can better manage and respond to the growing and constantly evolving nature of these threats.
In simplest terms, UTM involves the bringing together of multiple security functions which were historically managed separately by often cumbersome, hard-to-use and expensive ‘point’ solutions.
What are the core components of a UTM solution?
A simple concept to grasp, intrusion prevention is about pinpointing possible threats and responding to them quickly. Its core function is identifying ‘virulent’ activity, logging key information about the threat, blocking it and the reporting on the incident.
An important part of the process is anti-virus scanning. Anti-virus is now more commonly referred to as ‘anti-malware’, with the growing type of malicious threats now being deployed. Some of the more common include ransomware, worms, Trojan horses, phishing, adware and spyware, and malicious browser helper objects (BHOs).
But there many others, while all of the different threat types continue to morph and evolve.
With this in mind, organisations should consider Advanced Threat Protection (ATP) to help stay as close to the curve as possible, as well as an Intrusion Protection System (IPS).
Timely and accurate reporting on the precise security status of an organisation is obviously a critical plank of an effective security solution. There are many ways to approach reporting, but the basic principles boil down to extract, transform and load (ETL). ETL is then managed in coordination with an information storehouse and then using certain reporting tools. The best UTMs also produce reports on how your network is being used, which can make it easier to pinpoint vulnerabilities.
Then we arrive at ‘filtering’. Keeping it simple, there are two types of filtering: application firewalls, and web filters.
The application firewall is normally built to regulate all network traffic on any layer and it is able to control specific applications or services. Inputs or outputs not meeting the firewall’s policy configuration are identified and blocked.
Web filters, on the other hand are programs that scan information residing on web pages and filter according to whether there is malicious code, scams or inappropriate content. Email filters provide another line of defence tracking and removing viruses and spam, while also allowing systems administrators to better organise mail servers.
Gartner’s Magic Quadrant, Sophos and the cloud
In its most recent Magic Quadrant for Unified Threat Management (UTM), research firm Gartner noted a trend towards more holistic threat management systems, predicting that by 2020, a quarter of all SMBs will use a ‘multifunction’ firewall.
Gartner named British security specialists Sophos, US-based Watchguard, and Israel’s Checkpoint Software as the three leading vendors in the cyber security space.
In particular, it cited the fact Sophos’ security portfolio features strong capabilities around cloud and virtualised deployments, with its UTMs available as virtualised appliances with integration on the AWS and Azure IaaS platforms. Gartner added that this contributed to Sophos being the security vendor of choice for SMBs, especially “those that value ease of use, security features and firewall/endpoint integration”.
Sophos Labs is also respected as one of the leading-front line research facilities tracking, deciphering, and reporting on the latest malware as soon as its released into the wild.
At Brennan IT, was have seen a sharp rise in the number of small to medium enterprises in Australia looking to deploy security solutions that properly address today’s complex and fast-moving security landscape, but that are also manageable in terms of cost and manpower.
Partnering with Sophos has meant we’re able to provide a constantly-updated enterprise-grade suite of UTM tools which companies of any size can deploy and manage via a single pane of glass, all on the one easy-to-understand software licence.
And we continue to invest in the Brennan IT cloud, which has become a core plank in our security offering to Australian companies looking to balance security and manageability. Companies can also have their security solutions hosted on-premise, or across a hybrid environment, with the added support of Australia’s two most trusted network providers, Telstra and Optus.
Feel free to contact one of our expert engineers today to start a conversation about building a security framework that addresses your specific risk profile, while removing all of the hassle.