Unified threat management, demystified

Protecting the secrets of a uranium enrichment plant should be enough to keep any CIO very busy. But when Sarbanes Oxley mandated even tougher controls on databases containing key financial information, David Vordick, CIO of USEC, a $1.9 billion public company that operates a gaseous diffusion plant in Paducah, Ky., knew he was going to get even busier.

His security defenses are complex and multilayered, and while simplicity is generally a good thing, it's not Vordick's priority. "Our philosophy is defense in depth. That means looking at multiple (security) products from multiple vendors. We can not be dependent on any one layer," he says.

Not every CIO has the same worries as Vordick, of course. But as regulations like SOX and PCI standards place increasing demands on IT's security capabilities, more and more companies are choosing to simplify network defense by using a security appliance that combines hardware, software, and networking technologies. U.S. companies spent $3.85 billion on network security appliances in 2006, an expenditure expected to nearly double by 2011, according to market researcher IDC.

As USEC designed its security architecture, Vordick and his team had a wealth of options. They could have chosen to install one or more UTM (unified threat management) appliances, devices that handle multiple threats from a single chassis, or opted for a series of single-function, best-of-breed appliances.

USEC choose a best-of-breed database security appliance by Guardium, plus point products from other vendors, largely because the defense in depth strategy meant that the convenience of deploying and managing a single device was outweighed by the fear of creating a single point of failure, Vordick says. Moreover, USEC sought a security appliance that would serve as a check on IT employees with privileged database access who might seek to view or change data without proper authorization, an atypical function for a UTM.

The choices regarding network security appliances are complex, but your decision won't just come down to a technology issue, says John South, senior security consultant for Plexent, a Dallas-based IT service management company. "The real question is how do we get our business done and still protect the corporation?" he asks.

Here are some of the issues South suggests you consider regarding security appliances: How does security fit into my overall architecture, and where is the boundary of my network? How many people will it take to support my choice; do I have the staff or can I count on support from the vendor? If I choose a UTM, do I know that the services are well integrated and the device is ultra-reliable; if I choose a series of point products, will the overall solution be able to handle a blended threat, and do the separate devices work well together? Does the appliance, best of breed or UTM, offer adequate reporting capabilities?

And if you're thinking of combining functions in a UTM, consider this: Services like firewalls, VPNs, and intrusion detection are not particularly compute intensive, but are latency intolerant. Anti-virus, URL filters, and the like are compute intensive, but much more tolerant of latency. Mixing the two classes of services on your network can slow down applications that are sensitive to latency, says South.