Manager's Guide: Management

Position the argument for better network security contextually by considering your customer's organization and the UTM device you've chosen in this segment of the guide.

Position the argument for better network security contextually by considering your customer's organization and the UTM device you've chosen in this segment of A Manager's Guide to Unified Threat Management, which originally appeared in Information Security magazine.

Saying that UTM offers better management is a contextual argument depending on both the device itself and the organization. Most UTM devices, with their SMB orientation, have sacrificed depth and breadth of management to give the same "flavor" to each function within the device. Where device and function management are occasional tasks, such as in firewalls and antivirus systems, this compromise may not be noticed.

In larger enterprises, features such as IPS and e-mail security require their own consoles and management style. These features may also be handled by different functional units. Combining every UTM feature into an all-in-one console can be a show-stopper.

Of course, not every UTM device forces every function into the same GUI mold. These devices merge more seamlessly into the existing management structure in an enterprise where multiple units are responsible for different aspects of security, or where management-heavy features such as IPS are in play.

Having separate management systems has its disadvantages. For example, if your firewall and IPS are using different management systems, you may open a hole in the firewall and forget to adjust the IPS to properly handle the new services. Or, more commonly, you'll make the same change in two places, but have a simple error, such as having different subnet masks, that gives the two changes different semantics.

A clear plus for UTM is when network policy and objects can be shared across UTM features. For example, if a subnet requires inbound FTP services, policies permitting and inspecting this would have to be matched on both a firewall and an IPS, while the definition of the subnet would also have to match.

Anytime two things have to be matched or coordinated, there is the chance for failure -- and a UTM device without some type of unified scheme to share policy and object information is ripe for human error.


A Manager's Guide to Unified Threat Management

  Introduction: Be prepared
  Consolidation and Cost
  Performance
  Complexity
  Management
  Flexibility

About the author
Joel Snyder is a senior partner at Opus One, an IT consulting firm in Tucson, Ariz., and a technical editor for Information Security.

This tip originally appeared in Information Security magazine.

This was first published in January 2007

Dig deeper on Threat management and prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close