Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Should UTM and Web security filtering software be used together?

Michael Cobb explains what is best for your business: either standalone security appliances or unified threat management devices.

Defense in depth is a well-known information security mantra. The term refers to multiple security methods that mitigate the risk of one defensive component being compromised or circumvented. An example would be having a network firewall and an intrusion detection system (IDS) protecting a network. The firewall's role limits access to the network to prevent intrusion, while the IDS finds intrusions in order to stop them from happening. This is also known as a layered approach and can involve different security products from various vendors, deployed to defend potential attack vectors within the network.

When you say "Web Security in a corporate setting," I'm assuming you mean providing security for inbound and outbound network traffic with spyware and malware protection, URL filtering and classification, and data leakage prevention (DLP). On the face of it, the defense-in-depth approach would suggest you should have both a unified threat management appliance, or UTM, and a Web filtering application in place to protect your corporate network. But information security has to operate in the real world, and you have to make the most of a limited budget.

Certainly more than just Web filtering should be deployed to protect your users. However, if the goal is limited to incrementally increasing the security of your infrastructure, then fine, there are some great products, including software, appliances and hosted models from vendors, such as Websense Inc., IronPort Systems (an independent unit of Cisco Systems Inc.) and Barracuda Networks Inc., to name just a few.

Adding yet another device to an enterprise network, though, is a management challenge. You will need to configure, monitor and update the product, and you'll have another vendor that needs to be contacted when support is required. Also, multiple devices, particularly those from disparate vendors, cannot be managed centrally and are not necessarily going to work together effectively.

For those who have a limited budget and need to protect against several types of threats at a reasonable cost, a UTM can solve a lot of these problems. A UTM combines multiple security devices, such as a firewall, VPN, antivirus and IDS/IPS, into one appliance. Many now have Web filtering, spam blocking and spyware protection capabilities, too. Unified threat management appliances reduce the number of physical devices on your network, as well as consolidate the number of vendors you have to deal with.

The products do, however, introduce a single point of failure, and with all the tasks that UTMs handle, performance is a legitimate concern. Also, if your chosen UTM doesn't have all the features that you need, you're going to have to invest in multiple devices anyway.

It's essential to weigh up these pluses and minuses to decide what's right for the business, either standalone security appliances or unified threat management devices. A larger network will require more of a distributed threat management approach. For example, a standalone, appliance-based, layered security architecture is certainly preferable in a critical environment, such as a data center or enterprise server farm. That's not to say, however, that a UTM couldn't be deployed to establish a trust boundary that protects an individual workgroup or branch office within an enterprise.

More information:

  • David Strom demonstrates the configuration options available in SonicWall's unified threat management product.
  • See which UTM products took home first prize in this year's Readers' Choice Awards.
  • Dig Deeper on Integrated security appliances and systems

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.