When you say "Web Security in a corporate setting," I'm assuming you mean providing security for inbound and outbound network traffic with spyware and malware protection, URL filtering and classification, and data leakage prevention (DLP). On the face of it, the defense-in-depth approach would suggest you should have both a unified threat management appliance, or UTM, and a Web filtering application in place to protect your corporate network. But information security has to operate in the real world, and you have to make the most of a limited budget.
Certainly more than just Web filtering should be deployed to protect your users. However, if the goal is limited to incrementally increasing the security of your infrastructure, then fine, there are some great products, including software, appliances and hosted models from vendors, such as Websense Inc., IronPort Systems (an
Requires Free Membership to View
SearchMidmarketSecurity.com members gain immediate and unlimited access to breaking SMB industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchMidmarketSecurity.com today!
Michael S. Mimoso, Editorial Director
independent unit of Cisco Systems Inc.) and Barracuda Networks Inc., to name just a few.
Adding yet another device to an enterprise network, though, is a management challenge. You will need to configure, monitor and update the product, and you'll have another vendor that needs to be contacted when support is required. Also, multiple devices, particularly those from disparate vendors, cannot be managed centrally and are not necessarily going to work together effectively.
For those who have a limited budget and need to protect against several types of threats at a reasonable cost, a UTM can solve a lot of these problems. A UTM combines multiple security devices, such as a firewall, VPN, antivirus and IDS/IPS, into one appliance. Many now have Web filtering, spam blocking and spyware protection capabilities, too. Unified threat management appliances reduce the number of physical devices on your network, as well as consolidate the number of vendors you have to deal with.
The products do, however, introduce a single point of failure, and with all the tasks that UTMs handle, performance is a legitimate concern. Also, if your chosen UTM doesn't have all the features that you need, you're going to have to invest in multiple devices anyway.
It's essential to weigh up these pluses and minuses to decide what's right for the business, either standalone security appliances or unified threat management devices. A larger network will require more of a distributed threat management approach. For example, a standalone, appliance-based, layered security architecture is certainly preferable in a critical environment, such as a data center or enterprise server farm. That's not to say, however, that a UTM couldn't be deployed to establish a trust boundary that protects an individual workgroup or branch office within an enterprise.
More information:
This was first published in February 2009