Position the argument for better network security contextually by considering your customer's organization and the UTM device you've chosen in this segment of A Manager's Guide to Unified Threat Management, which originally appeared in Information Security magazine.
Saying that UTM offers better management is a contextual argument depending on both the device itself and the organization. Most UTM devices, with their SMB orientation, have sacrificed depth and breadth of management to give the same "flavor" to each function within the device. Where device and function management are occasional tasks, such as in firewalls and antivirus systems, this compromise may not be noticed.
In larger enterprises, features such as IPS and e-mail security require their own consoles and management style. These features may also be handled by different functional units. Combining every UTM feature into an all-in-one console can be a show-stopper.
Of course, not every UTM device forces every function into the same GUI mold. These devices merge more seamlessly into the existing management structure in an enterprise where multiple units are responsible for different aspects of security, or where management-heavy features such as IPS are in play.
Having separate management systems has its disadvantages. For example, if your firewall and IPS are using different management systems, you may open a hole in the firewall and forget to adjust the IPS to properly handle the new services. Or, more commonly, you'll make the same change in two places, but have a simple error, such as having different subnet masks, that gives the two changes different semantics.
A clear plus for UTM is when network policy and objects can be shared across UTM features. For example, if a subnet requires inbound FTP services, policies permitting and inspecting this would have to be matched on both a firewall and an IPS, while the definition of the subnet would also have to match.
Anytime two things have to be matched or coordinated, there is the chance for failure -- and a UTM device without some type of unified scheme to share policy and object information is ripe for human error.
A Manager's Guide to Unified Threat Management
Introduction: Be prepared
Consolidation and Cost
About the author
Joel Snyder is a senior partner at Opus One, an IT consulting firm in Tucson, Ariz., and a technical editor for Information Security.
This tip originally appeared in Information Security magazine.
This was first published in January 2007