The linked article above has an interesting view point. Where we agree is that firewalls aren't sufficient to address all the security threats on the network. Where we disagree is how to address that shortcoming. The author discusses the use of UTM (Unified Threat Management) devices to address all the other threats out on the Internet. While in theory I like the idea, the problem I have with it is that it only works for the smaller organization. Any organization that has any volume of email and web usage will probably find any UTM device inadequate as the scanning necessary to address the myriad of threats tends to drive up CPU usage, and most UTM devices don't scale to the necessary levels for larger organizations.
Another and perhaps bigger problem with UTM devices is that attacks on organizations tend to focus on one protocol, a denial of service attack will be on HTTP, SMTP, or DNS, but not usually all of them at once. With a UTM device an attack on any of these will render all of them unusable. By separating the security devices associated with each protocol, when one is under attack, there's a good chance the other protocols remain available for use.
The final problem with UTM devices is having to rely on the technology that the UTM vendor has selected for the given protocol. This leaves the organization vulnerable if the best of breed technology wasn't selected by the UTM vendor. In this blog we focus on proxies, and I believe any organization should evaluate the proxy solutions available and decide which one is best for their needs. At the same time, find the best email solution for spam and viruses, and any other protection they think need (including ILP/DLP, etc.).
Find the proxy solution with all the security features you need and don't rely on the UTM vendor to do it for you.
Tuesday, April 1, 2008
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment