Choosing the right UTM appliance
Dave Mitchell shows you what to look for when choosing a threat-management appliance
Small and medium-sized businesses (SMBs) can't afford to skimp on network security. Why? It would make them a top target for cybercriminals. Attacks on SMBs are expected to increase during 2016, which means they must think like enterprises if they want to survive.
Unified threat-management (UTM) appliances, which now provide a huge range of security measures, are the perfect solution to this problem. Even better, vendors are creating ranges of affordable products specifically aimed at SMBs, without compromising on features. Many have just ported their enterprise software onto the smaller boxes so you get all the same security benefits on less powerful hardware.
What's the point?
Point solutions for single security services such as antivirus or web filtering are impractical for SMBs, because they're both expensive and complex to manage. It gets worse if you're using multiple products from different vendors, as they each have their own management interfaces and won't talk to each other.
UTM appliances are ideal for SMBs with limited IT expertise, since they amalgamate every security service in a single unit. Many UTM appliances are managed via a unified web interface, or an application that provides full access to all of their features.
Deployment is simple and, as all of the internet traffic will be passing through a single point on the network perimeter, it's simple to apply security policies to all of your users. Keeping the appliances updated is easy, too, with functions for downloading and applying the latest signatures.
The sheer range of security options available on these appliances can be overwhelming. However, they all start out with a standard SPI firewall augmented to support IPsec and SSL VPNs for secure site-to-site and mobile user connections. Next up is antivirus scanning, which checks web, FTP and email traffic for viruses and spyware, blocking suspect items at the gateway.
Intrusion-prevention services (IPS) are equally important. These use signatures provided by the vendor to catch attacks such as SQL injections and cross-site scripting. Web filtering should also be on your shopping list: it allows you to decide which websites your users are allowed to visit.
URL category filters are also available. If you want to stop users playing web games at their desks, just block the category and watch productivity increase. Many have options for blocking social networking sites, such as Facebook, but if you have a solid business case for using these, you should instead apply application controls.
These are more granular and vendors include options for hundreds, and in some cases, thousands of common applications and categories. With these, you could allow staff to access the company Facebook account, but not play games or videos.
Licence to perform
UTM appliances are long-term investments, meaning you won't want them running out of steam as your userbase expands and gateway traffic increases. All vendors quote performance figures with different security services enabled, but don't be drawn in by firewall throughput rates.
These are maximised because they're tested using lightweight UDP packets, which don't represent real-world usage. Tools such as antivirus scanning and IPS place more stringent demands on hardware -- use these lower figures as a baseline when sizing the appliance for future demand.
Vendors offer subscription-based licences to enable the various security services, and it pays to research these to ensure you're getting the ones you need. Out of the box, appliances only have their firewall and VPN support enabled; additional licences are required to activate features such as gateway antivirus, web filtering, IPS, application controls and anti-spam.
Subscriptions usually run for one- or three-year terms and you can make big savings by opting for the longer period. Make sure you've done your homework on future bandwidth requirements, though, as few vendors offer licensed performance upgrades on existing hardware.
If users start complaining about poor internet-response times, don't be tempted to turn off security services. You may be able to get a deal with the vendor to upgrade to a faster model at a reduced cost.
Wireless for all
You won't encounter any issues securing your wireless services on most UTM appliances. This is good news for businesses with a mix of wired and wireless clients, as it means they can apply the same security checks and restrictions to all traffic.
More appliances are coming with an integral wireless access point (AP), but check the standards they support as these vary considerably. Sophos' XG 135w supports fast dual-band 802.11ac, but Barracuda's F80 only supports basic single-band 802.11n.
Even appliances without an integrated AP can manage wireless traffic. Both WatchGuard's T30 and Dell SonicWALL's TZ300 will recognise the respective vendor's own external APs and instantly provision secure wireless services.
Enterprises that are caught with their data-security pants down can afford to pay the fine and learn lessons, but that's not often the case with SMBs. A data breach will cause irreparable damage to their reputation and only the lucky ones will survive.
Compared to recovery costs, UTM appliances represent a comparatively small outlay. They offer a remarkable range of features for the price.
This article originally appeared in PC Pro issue 259.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now