In our last post, we discussed the importance of creating a multi-layered security environment using a variety of different security tools and controls. The idea is to create a highly redundant defense that can withstand gaps or weaknesses in any single component.
Deploying too many tools can actually diminish your overall security, however. With dozens of different solutions in place, organizations can often become overwhelmed by the sheer number of logs and security alerts they must monitor and evaluate. According to one recent survey of IT professionals, 99 percent say they get more security alerts than they can possibly investigate.
Unified threat management solutions (UTM) can help organizations reduce alert fatigue and other management challenges involved with building a layered security environment. UTM solutions consolidate multiple security functions in a single appliance, allowing administrators to monitor and manage a wide variety of security-related tasks from a single dashboard.
Deployed at the network perimeter, UTM appliances can act as a firewall to restrict network access. However, they also incorporate additional features, including:
Intrusion detection and prevention. IDP systems use a variety of monitoring techniques to inspect network traffic for malicious activity or policy violations. The system blocks malicious traffic from entering the network and reports it to the network administrator for further analysis and action.
Antivirus and antimalware. Integrated software detects and blocks known viruses as well as more novel threats such as zero-day attacks, ransomware, keyloggers and browser hijackers. With most UTM solutions, antivirus and antimalware software is automatically updated with the latest threat signatures and security intelligence.
Application awareness. With this feature, administrators can monitor and control application usage, and enforce security policies at the application layer. For example, you can create a whitelist of trusted applications as well as a blacklist of untrusted apps that are always blocked.
Virtual private networking. UTM appliances allow organizations to establish VPN connections with remote or mobile employees. They support strong encryption to ensure data privacy across these connections.
Access control. Administrators can create identity-based network access policies for individual users, delivering increased control over network activities. These policies ensure that users only have access to the network resources they need to do their jobs, reducing the risk of insider threats. Policies changes set through the UTM dashboard are propagated throughout the network, eliminating the need to reconfigure multiple security devices.
Content and spam filtering. Content filtering allows your administrators to block risky websites, as well as sites such as social media and gaming sites that are known to be major time-wasters. Spam filtering goes even further by blocking spam emails from getting through your network and hitting your inbox.
Data loss prevention. DLP solutions can prevent sensitive information from leaving the company by email, and unauthorized users from downloading or copying data onto USB devices or other unsecured endpoints. These solutions scan email headers, body content and attachments to enforce a range of best-practice security measures.
Load balancing. Because UTM appliances may monitor multiple network links, load balancing features distribute traffic between multiple servers to ensure that they do not get overloaded. Failover features also allow traffic to be automatically routed to another server in the event of a link failure.
Traffic shaping. UTM’s traffic shaping capabilities allow you to manage and distribute bandwidth based on business priorities. For example, you can allocate maximum bandwidth for video conferencing while imposing limits on YouTube videos.
Cyberthreats have become more frequent, sophisticated and malicious with the mass transition to remote operations. Although organizations are increasing their security investments to cope with new threats, it is possible to have too much security. UTM solutions can help organizations improve their security posture with centralized control over multiple security measures. Call us to learn more about using UTM to protect your business.