Government Computer News
Secures what ails you
Unified threat management offers multiple levels of protection in a single dose
Digg
De.licio.us
Slashdot
TechnoratiRFP Checklist
Unified threat management
Unified threat management appliances offer multiple security features, so you may need to combine multiple requests for proposals into one. Here are some questions to ask:
What is the setting for the UTM appliance? Does it reside on the edge of the network? At some remote location? Is it part of overall security or the only security? Each has its own advantages and disadvantages.
What features do you need? Decide on the features your agency’s UTM systems must have, including firewall, intrusion detection or intrusion prevention, content filtering, antivirus or anti-malware, anti-spam, and virtual private network. The more you include in a box from a single vendor, the less finger-pointing you’ll have to deal with. Also, will the UTM be replacing existing solutions? Remember that these multiple solutions should not replace existing firewalls and
antivirus protection.
What threats does your agency face? Are internal threats a problem? Does the UTM solution need to separate multiple communities?
How important is easy manageability? Do you need to minimize IT staff attention? If so, look for a system that caters to this environment.
What is the best way to detect malicious behavior on your network? Although pattern detection is customary to detect problems, identity-based security can eliminate attempted intrusions based on their origin, saving time.
Is performance an issue? If so, go with hardware-based processing, which is usually faster than software. Security-specific appliances are more secure than general-purpose boxes. Although it seems to run counter to commercial guidelines, hardened solutions often run on nonstandard platforms running proprietary operating systems.
What kind of reporting capabilities do you require? Is remote management possible? Do you want to use patterns to identify threats?
What are the government- and agency-required certifications for all the features of a UTM solution? General standards include CIPA, Health Insurance Portability and Accountability Act, Sarbanes-Oxley, PCI, Federal Information Security Management Act and Gramm-Leach-Bliley Act. Specific certifications include PIV or Common Access Card-based Defense Department PKI, DOD Directives 8500.1 and 8500.2, DOD Application Firewall Protection Profile, Federal Circular A-123, and DOD JITC-MoonV6 tested IPv6 security. Encryption standards include Triple Data Encryption Standard, Advanced Encryption Standard, Federal Information Processing Standard 140-2. Remember that vendors implement compliance on various levels, from software to hardware, and from component level to system level. Obtain specific information from vendors about the level of compliance they provide.
Do you need to be IPv6-compliant? Are the projects IPv6 compliant? If you work for a federal agency, you must implement IPv6 on network backbones by 2008, so look for IPv6 systems.
The truth isn’t much different. Agencies face multiple security threats: viruses and other malware, spam, phishing, intrusions, and more-sophisticated attacks.
That’s why UTM solutions include multiple components, including some combination of firewall, intrusion detection or intrusion prevention, content filtering, antivirus or anti-malware, anti-spam, and a virtual private network. They may also offer services such as bandwidth management. UTMs act on network traffic, including e-mail, HTTP and File Transfer Protocol.
The original UTM solution was oriented toward small and midsize businesses with limited resources. These enterprises couldn’t afford to buy multiple boxes to address each class of threat separately. They also couldn’t support large IT staffs to handle security or babysit multiple boxes. UTMs provide a good security answer.
Since that start, however, UTMs have surfaced in many other settings. Large enterprises frequently use them at remote sites that have limited IT staff — and limited security concerns. They also find extensive use at the edges of enterprise networks.
The usefulness for government agencies is similar. For small and midsize offices, including remote sites, UTM may be all the security necessary. For larger installations, edge and in-network use is common.
“Determine what applications you will be running: firewall, VPN, intrusion detection or intrusion prevention, gateway antivirus, and so forth,” said Charles Kolodgy, research director at IDC and originator of the term “unified threat management.” Using UTMs also reduces the number of systems that government agencies must support. Stacks of multiple components have evolved into integrated security appliances. Single-platform solutions are more attractive than multiple-platform solutions, from both security and support points of view.
Manageability is important for a system being built at the Army’s Dugway Proving Grounds in Utah. “The network staff here is two people,” said Brent Martinez, president of Secure Network Innovation, which is installing the system. “We appreciate that this solution doesn’t require a lot of attention to run perfectly.” What’s more, the reduced cost of a single solution is a significant inducement. As a bonus, finger-pointing by multiple vendors when problems occur is minimized with a single box handling all the jobs.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [happiness]](/images/1105logo_website.gif "Government Computer News [happiness]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
