skip navigation
Home » Content » P-Guides, Articles and Reviews

Best Practices for Threat Management Implementation

Download

E-Guide Threat Management Implementation.pdf (1.71 MB)


Date Published: May 27, 2008
Length: 1,493 words

Many companies now address the threats endangering their IT infrastructures with integrated and/or unified threat management solutions rather than a complex of disparate point products that make administration daunting and expensive.

This expert eGuide takes a look at the challenges of implementing effective unified threat management (UTM) strategies and shows you how to select the best solution for your organization.  Discover how to ease your company's UTM implementation burdens. 

Meeting the threat management challenge:
Integrated and unified solutions
Many companies now address the threats endangering their IT infrastructures with integrated and/or unified threat management solutions rather than a complex of disparate point products that make administration daunting and expensive.

Of late, these threat management solutions have distilled into two major types:

  • Network-focused unified threat management (UTM), which typically starts with a network firewall and adds at least intrusion prevention and antivirus scanning.  UTMs may also include a virtual private network (VPN) tunnel, email and Web filtering, antispyware, and antispam capabilities.
  • Endpoint-focused integrated threat management (ITM), which protects desktops, servers, and gateways by combining an antivirus engine with broader protection against malware (spyware, spam, phishing, botnets), system and application firewalls, intrusion prevention, and email and web filtering.

Depending on the vendor, UTM and ITM solutions are available as software to be installed on existing network or endpoint devices or as standalone appliances. 

Regardless of form factor, both approaches share some fundamentally important management capabilities that can speed deployment, make monitoring and managing IT security easier and less costly, and reduce compliance hassles.

Easing management burdens
When multiple security capabilities are combined in a single solution - unified or integrated - so are their management functions. 

Coordinating policy management tasks across several point products requires working with each product's interface and understanding the different network objects used in its policy definitions.  UTM and ITM solutions, by contrast, provide a centralized management console and a network-aware security policy engine.  That means the security policies related to all the functionality included in a UTM or ITM can be configured using one interface.  This is vastly simpler, less costly, and less error-prone than managing point products.

What's more, this same UTM or ITM console can be used to schedule scans and audits, monitor logs, manage alerts, and respond to events.  Because one console management environment is tracking so much security functionality, blended threats can be spotted sooner and neutralized.
Simplifying deployment
Deploying one UTM or ITM takes less time and effort than deploying a variety of security solutions, especially when that deployment involves remote offices and facilities. 

Software-based UTM and ITM solutions come with deployment tools to make the process easier and help IT staff avoid involving end-users.  Supporting what's been deployed is simpler, too, since several vendors of point products have been replaced with one UTM or ITM vendor.

Lightening the compliance load
Increasingly, today's UTMs and ITMs also can communicate and correlate event data into a single analysis.  This is valuable for the after-event forensic examination that determines what happened and why.  In addition, it provides the evidence of standards or regulatory compliance that auditors demand.  Some UTMs and ITMs can be configured to collect compliance data and generate specific compliance reports.

UTMs and ITMs deliver more rational, easier-to-manage IT security that costs less to implement and maintain and provides better protection against the fast-evolving threats faced by every enterprise, large and small.

Choosing a threat management solution:
Start with defense-in-depth.
Just about everyone involved in securing an IT infrastructure from threats embraces the principal of defense in depth.  The concept of implementing multiple layers of defense is increasingly important as threats become more complex.

However, threat complexity has spawned defense complexity.  Until recently, defending enterprise IT, even in small organizations, has meant fielding multiple point products that have made threat management time-consuming, costly, and gap-ridden.

Unified and integrated threat management solutions offer relief - but deciding what sort of unified or integrated solution best fits your needs can be difficult.  The trick is to view these solutions in terms of their role in your defense-in-depth strategy.

What's under the security policy umbrella?
All elements of an IT infrastructure need to be protected by layers of defense based on an encompassing, enforceable security policy:

  • The network perimeter.  This first line of defense requires network firewalls, virtual private networks (VPNs), intrusion detection and prevention, and network access control.  Content-level defenses - including anti-malware, Web filtering, and P2P and instant messaging firewalls - also need to be implemented on the perimeter.  Unified and integrated threat management solutions can deliver synergy that eliminates perimeter security gaps.
  • The network core.  The variety of applications now handled by networks means that some applications suffer performance degradation.  When it comes to securing the core - with firewalls, VPNs, and intrusion prevention - it's important to consider scalability, performance, and availability.
  • The data center(s).  Protecting your business's servers and application takes firewalls and intrusion detection/prevention as well as protection of application content (anti-malware).  These defenses must be able to handle the throughput demands of realtime apps.
  • Remote offices and facilities.  Both network- and content-level defenses are required here, very much like what's needed at the enterprise network perimeter.  And because these sites generally don't have IT staff, centralized policy control and remote threat management capabilities are crucial.
  • Email messaging.  Securing email demands anti-malware capabilities.  Because email is the most common way viruses infect an IT infrastructure, the centrally managed email security policy features of integrated and unified threat management solutions are key.
  • The endpoints.  Protecting gateways, desktops, notebook computers, and other mobile devices requires not just content-level security (Web filtering and anti-malware backed up by thorough malware research) but also network-level security, including firewalls, network access control, and VPNs.  Here, again, centralized policy control and remote threat management can eliminate gaps missed by point products.


Do you understand your vulnerabilities?
Sometimes an enterprise's chief vulnerabilities are obvious.  When that's the case, choosing the best threat management solution may be fairly straightforward. 

Vulnerabilities can be painfully subtle, though.  And it's not always apparent which point products are best traded out for an integrated/unified alternative.  So it may be worthwhile to seek expert help in determining which threat management solutions will work best to protect your IT infrastructure.

Getting started with integrated threat management
To figure out if a multi-faceted threat management solution is worthwhile for your business, consider the following questions.

  • Do you struggle to keep your security policies consistently configured and enforced across various elements in your data center and your remote locations?  Many threat solutions include centralized policy management capabilities that alert you when something's out of whack.  Some will remove out-of-policy apps to keep your IT environment in line with policy.
  • How many applications do you have to monitor to spot suspect behavior on your network?  A single threat management solution can protect your network perimeter with firewall, intrusion detection/prevention, Web filtering, and other capabilities.
  • Can you deploy, monitor, update, and configure security at other locations from your data center without involving end-users?  Threat management solutions make it easy to do all of this from a single dashboard.
  • How long does it take to patch and update your network, systems, and applications against vulnerabilities?  That threat management solution dashboard saves enormous amounts of security administration time and reduces the likelihood of human error - so you can do more with the same staff.
  • Have you had problems with blended-threat attacks on your network or your endpoints?  Threat management solutions can catch cross-functional security gaps that point products won't.
  • Is your company's email burdened by spam and phishing?  Do you worry about what employees are up to on the Web?  Threat management solution anti-malware and Web filtering capabilities provide active, automatically-updated protection.  Some provide endpoint firewalls and integrated real-time browser protection to help users avoid online threats.
  • Are you stuck with sifting through several disparate logs in order to analyze security events?  Threat management solutions can be configured to generate the reports you need when you need them.  Automated email alerts can be configured to meet specific business needs and to prevent false alarms.

As threats to your IT environment become more complex, threat management solutions that combine several formerly distinct protections can save you plenty.  They're easy to deploy, they coordinate and simplify key security capabilities that every business needs, and they substantially reduce administrative costs.

To figure out which threat management solution will work best for your business, talk with an independent firm that offers threat management solutions from several highly-regarded vendors.  These folks will ask you key questions about your business and your IT environment.  Your answers will enable them to recommend what will work best for you.

About the authors
Carol Weiszmann and Susan Messenheimer are partners at aimpublications.com, a content consultancy at the intersection of technology and business.  They analyze and write about how key information technologies impact enterprise security, compliance, infrastructure, productivity, and profitability.

We Can Help You
Deployment Questions
Licensing and Technical Support
help@productivecorp.com
800.726.4099