SlideShare ist ein Scribd-Unternehmen logo

UTM Technology & Leaders of UTMs in Gartner Magic report 2014

Tarek Nader
Tarek Nader

Technical presentation about UTM Technology & Leaders of UTMs in Gartner Magic report 2014

Technologie
1 von 26
Overview  The Security Challenge  The need for Consolidated Network Security  The pros & Cons of Consolidated Network Security  Why is this an issue?  Examples of the impact  Evolving firewall technology  The reality of using Stand-alone security appliances  Examples of Stand-alone Security Appliances  What ‘s UTM?  Evolution of UTM technology  The core architecture and development approach of developing UTMs  Why UTMs are required more than ever?  UTM - What actually it does?  Leaders of UTMs in Gartner Magic report 2014 By: Tarek Nader
The Security Challenge • Today’s networking environment and threat landscape are changing constantly — new devices, applications, and threats appear almost daily • Organizations of all sizes struggle to enable secure access for users on the latest mobile devices while blocking the latest threats hidden inside application traffic from social media sites. It’s a tough fight!
The need for Consolidated Network Security • In today’s increasingly mobile world, networks change constantly. New services, access methods, and even devices continue to show up in networks at a frenetic pace • As a result, organizations of all sizes face challenges in maintaining control over network and security policies • Unfortunately, many organizations continue to take a traditional approach to network security in spite of changing software, devices, and user habits. Such a traditional approach cannot adapt to the latest trends and leaves organizations vulnerable to today’s threats • To keep up with the constant change, organizations of all sizes must adopt a different approach
The Good More and Better Network Access • The evolution and incredible proliferation of networking and security technology has produced many benefits: • Today, remote users can access corporate data inside a firewall using any device with a network connection • Every day, the number of applications is exploding; exploiting the internet’s speed and always-on access makes it trivial to deliver content to end-users • Today’s applications deliver better access to back-end and internal data resources, which has enabled tremendous leaps in productivity among employees, partners, vendors, and customers • Delivery models have also evolved, from traditional ‘on premise’ applications inside a network, towards cloud-based hosted application services • The growing use of social media in everyday business practices reflects a profound change in where and how potential customers, partners, and agencies gather data, influence buying decisions, and build brand awareness
The Good What’s the impact? • A lot of good things have happened on corporate networks, and a lot of those things involve new technologies and new uses for existing systems and information assets • But these changes also add to the burden of maintaining security and require forward thinking to ensure that levels of protection and security keep up with new uses, new forms of access, and new forms of communication
The Bad • The ongoing application explosion means that new apps show up and run on systems and devices on organizational networks every day • Too often, such applications fly under the radar of network administrators and appear without planning, proper licensing, or even informed consent • Worse, such applications can potentially inundate those networks on which they appear with unknown, questionable, or even outright malicious content
Why is this an issue? • Traditional firewalls cannot detect these new applications; they rely on port numbers or protocol identifiers to recognize and categorize network traffic and to enforce policies related to such traffic • Apps that use specific port numbers or protocols make it easy for network administrators to block unwanted traffic, but browser- based applications often use only two port numbers, each associated with a protocol vital to user productivity and responsible for the bulk of Internet traffic today • This means that all traffic from browser-based apps looks exactly the same to traditional firewalls; they can’t differentiate between applications, so there is no easy way to block bad, unwanted, or inappropriate programs whilst permitting desirable or necessary apps to proceed unhindered
Examples of the impact • Exposure to malicious content – User-created content encompasses a wide range of threats, such as malware or links to malicious sites that could compromise user systems or even entire networks – Common risks include links to malicious sites where visitors are subject to drive-by downloads • Unwanted bandwidth consumption – Bandwidth-intensive web-based applications such as YouTube can clog networks and impede delivery of business-critical content – File-sharing applications can bog down networks because of large file sizes and the sheer number of files being swapped • Exposure to data leakage – Apps that can accommodate outbound file attachments can permit employees to (perhaps unwittingly) export sensitive, confidential or protected information outside organizational boundaries and controls – This can incur potential civil and criminal liabilities, as well as loss of customer trust and brand equity
And The Ugly • Online crime is an ever-increasing part of the threat landscape. Beyond the threats of damage or data loss from malware, professional criminals have gone online to play their unsavoury trades • Corporations, institutions, government agencies, and other large organizations can fall prey to various kinds of cyberwarfare, that aim to steal information, transfer funds, or perform other illicit activities
Traditional firewalls can’t keep up with today’s threats • Because network traffic is so heavily web- and application- based, the ability of legacy security technologies to protect internal networks is increasingly challenged, to say the least • Attacks have become more frequent and more serious. Every day new attacks are designed to avoid detection and come up with more and better ways to steal our information • As attacks and their consequences become more dangerous and costly, organizations are learning to their dismay that their existing security infrastructures can’t keep up • Traditional firewalls and security appliances have lost their ability to block such traffic, which means prevailing tools and technologies can’t prevent the worst and most nefarious attacks from affecting or damaging networks
Inadequate Protection (at Best) • One of the first and most basic lines of network defence is a firewall, a device that inspects inbound and out-bound traffic on a network • Firewalls were the first widely deployed network security technology when internet use really began in earnest. The firewall’s job is to inspect traffic and decide what is allowed to go from outside to inside, and from inside to outside • But network traffic has changed vastly in the last decade, and a great proportion is now web-based • Because of the commingling of modern application traffic with everyday web access, traditional port-based firewalls have essentially become blind to the most common type of network traffic • This means: – They cannot distinguish different types of traffic that use the same port – They cannot detect applications that tunnel inside other applications – They cannot see inside encrypted packets – They can’t even block sneaky rogue applications that use nonstandard port numbers
Evolving firewall technology still can’t keep up • As simple rules for filtering traffic in a firewall proved to be too permissive, firewall vendors deployed new technology to stay abreast of the changing threat landscape • One important advance was the development of a proxy server, which sits transparently on the network and checks all packets for policy compliance before forwarding them • Various other security protocols were also developed to distinguish legitimate communications from suspicious or malicious types of connections, allowing only packets that corresponded to a valid, recognized, active connection between a client and server and rejecting everything else • In spite of these advances, firewalls could not stop the evolving threats. With each new firewall technology, the hackers devised new evasion techniques. New threats simply slipped through legacy firewalls and headed right onto the trusted network, attacking clients and servers with gusto and abandon • Network security vendors sought to fight back by creating new technologies to fight the new threats
From Firewalls to Stand-alone Products • Over time, as the threat landscape evolved, organizations began adding specialized or stand-alone security devices to their infrastructures, with the intention of providing workarounds to the limitations of traditional firewalls • Each device addresses a specific threat: One appliance provides malware screening, and another provides content filtering of websites and traffic. Still others detect and block intrusions, or add spam filtering and e-mail message handling. Put them all together on a network, and you could have half a dozen or more appliances, each inspecting the stream of traffic moving across the network • All of these devices were designed to improve a network’s security by adding functionality missing from the firewall. However, a patchwork of stand-alone technologies can have the opposite effect on network visibility as well as performance. They don’t talk to each other easily (if at all). They lack central management and monitoring because each product operates on its own. Plus, data from individual devices isn’t aggregated to create a complete or holistic view
Examples of Stand-alone Security Appliances Here are some examples of typical stand-alone security appliances that are deployed in a network: • Virtual private network (VPN): Uses special protocols to move information across the Internet securely • Data loss prevention (DLP): Looks for confidential, proprietary, or regulated data leaving the network. It can stop wholesale loss of proprietary data, as well as small scale accidental losses • Intrusion prevention system (IPS): Acts as a network’s watchdog, looking for patterns of network traffic and activity, and recording events that may affect security • Content filtering technologies: These devices block traffic to and/or from a network by IP address, domain name/URL, type of content or payload
The reality of using Stand-alone security appliances • There are several implications of the use of stand- alone security appliances, namely: • Multiple devices create a performance hit • Reduced network visibility • Total Cost of Ownership is far too high • The benefits of moving away from this approach include: • An integrated and holistic view of network security • Optimal TCO • Minimal latency impact
Finding a way out… • Many organizations want to find a way out of the expensive, labour-intensive, unsecure, and chaotic mess of traditional firewalls supplemented with multiple stand-alone security technologies. • Unified Threat Management (UTM) is the approach that many organizations have adopted to improve visibility and control of their network security while lowering complexity of their networks • UTM creates an environment in which all network security falls beneath a single, consistent technology umbrella • UTM enables the consolidation of all traditional as well as next-generation firewalls into a single device
• UTMs can be simply expressed as Next generation Firewalls, have evolved specifically from conventional firewalls. • The first firewalls were software firewalls which were itself evolved from software routers. • Later on as technology evolved, and hardware routers came into scene, hardware firewalls arrived which were nothing more than routers with packet filtering capabilities. • Furthermore, the technology matured from basic packet filtering to a more complex control technology which included stateful packet inspection and finally to full application layer inspection devices (IEEE, 1997). • Around the year 2000, VPN's appeared and gained acceptance as the mainstream technology to connect networks securely, remotely. • Firewalls followed closely by integrating VPN's with Firewall which was the natural choice as enterprise solutions required both firewalls and VPNS EVOLUTION — A little Background of UTM technology
Stepping up to UTM • UTM represents a significant shift in the evolution of network security technology and equipment • UTM generally refers to a security appliance that consolidates a wide range of essential network security functions into a single device, including next-generation firewall technologies like application control • As network threats evolve and new threats emerge, network security must change and adapt to protect against such threats. This adaptability can make UTM difficult to define because the technologies included can vary from vendor to vendor • Over time, however, the collection of capabilities associated with UTM has consistently expanded, and this trend shows no sign of tapering off
UTM – bringing order to chaos The best UTM solutions include the following core security functions: • Network firewalls perform stateful packet inspection • IPS detects and blocks intrusions and certain attacks • Application control provides visibility and control of application behaviour and content • VPN enables secure remote access to networks • Web filtering halts access to malicious, inappropriate, or questionable websites and online content • IPv6 support in all network security functions protects networks as they migrate from IPv4 to IPv6 • Support for virtualized environments, both virtual domains and virtual appliances
Additional technologies UTM solutions may also include additional security technologies that organizations can choose to deploy, including: • Data loss prevention (DLP) that blocks accidental or intentional loss of confidential, proprietary, or regulated data • Anti-malware/Anti-spam protection that prevents malicious payloads or unwanted messages from entering networks • Endpoint control that enforces corporate security policies with remote users and devices
The core architecture and development approach of developing UTMs  Licensing and Integrating Approach (Multi vendor UTM)  In-house Development Approach (Single vendor UTM) Licensing and Integrating Approach (Multi vendor UTM) The first design approach tried to get the best of worlds by integrating specialized technologies from different security vendors. For e.g.: Cyberoam UTM licenses Antivirus from Kaspersky, Antispam by Commtouch, both who specialize in Antivirus and Antispam technologies. These UTM's provided an integrated interface to manage all the integrated technologies in the easiest possible manner, while some others require specific management interfaces.
Licensing and Integrating Approach (Multi vendor UTM)
In-house Development Approach (Single vendor UTM) • The second design approach is the more difficult out of two, which requires ground up development of a UTM device from scratch, and involves the provision of each security function natively. • This was not flawless, each security function must pass a set of market guidelines and standards set by standalone security products effectively in order to be accepted. However, with time, the core functions provided by UTM platforms—firewall, intrusion prevention and antivirus—had matured since the onset of the UTM era, so building competent security functions was both possible and cost effective. • Also, this approach had a better management interface as the platform incorporated all the technologies since inception.
Why UTMs are required more than ever?  With advent of technology, blended attacks against organizations has led to older specialized protection devices/services obsolete.  The integrated approach allows the administrator to worry about only one device, not the whole flurry of firewalls, antivirus & IDS/IPS.  With falling costs, the attackers have got more speed at their dispense, hence they can carry out. more attacks & hence we need more functionality on a single device to counter those. UTM —Impact Assessment
Unified Threat Management - What actually it does?  At its heart, a UTM does the core work of collection of data and detection of unwanted and malicious data. As quoted by Mick Johnson,  Collection involves picking the packets off the wire and processing them through the network stack, reassembling and deciphering packet header information and identifying the relevant payloads.  Detection is the task of scanning those payloads for data that signify a particular traffic stream is malicious or unwanted.  A given portion of traffic might apply to either collection or detection at different stages: the source IP address must be checked against a set of firewall rules before being used to identify a TCP stream for reassembly and HTTP-level scanning for viruses.  Finally with each added security function or application in a UTM adds extra workload to the detection phase, irrespective of the amount of traffic which leads to a massive performance drop when a specific type of inspection is turned on.
 Leaders of UTMs in Gartner Magic report 2014  Fortinet  Check Point Software Technologies  Dell  Sophos  WatchGuard

Empfohlen

Leaders of Gartner Magic Quadrant 2014 for Secure Web Gateways
Leaders of Gartner Magic Quadrant 2014 for Secure Web GatewaysLeaders of Gartner Magic Quadrant 2014 for Secure Web Gateways
Leaders of Gartner Magic Quadrant 2014 for Secure Web GatewaysTarek Nader
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardCisco Security
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessCisco Security
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 

Empfohlen

Leaders of Gartner Magic Quadrant 2014 for Secure Web Gateways
Leaders of Gartner Magic Quadrant 2014 for Secure Web GatewaysLeaders of Gartner Magic Quadrant 2014 for Secure Web Gateways
Leaders of Gartner Magic Quadrant 2014 for Secure Web GatewaysTarek Nader
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardCisco Security
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessCisco Security
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGovernment Technology and Services Coalition
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança Cisco do Brasil
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and ResponseDigital Transformation EXPO Event Series
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
jn_fs_tech_insider_march_032516
jn_fs_tech_insider_march_032516jn_fs_tech_insider_march_032516
jn_fs_tech_insider_march_032516Tony Evans
 
Ben Rothke - NBA for The Security Professional
Ben Rothke - NBA for The Security ProfessionalBen Rothke - NBA for The Security Professional
Ben Rothke - NBA for The Security ProfessionalBen Rothke
 
Anton Chuvakin on Security Data Centralization
Anton Chuvakin on Security Data CentralizationAnton Chuvakin on Security Data Centralization
Anton Chuvakin on Security Data CentralizationAnton Chuvakin
 
Finding Your Lost Keys
Finding Your Lost KeysFinding Your Lost Keys
Finding Your Lost Keystrueidentity
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesElsa Cariello
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 

Weitere ähnliche Inhalte

Was ist angesagt?

Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança Cisco do Brasil
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
jn_fs_tech_insider_march_032516
jn_fs_tech_insider_march_032516jn_fs_tech_insider_march_032516
jn_fs_tech_insider_march_032516Tony Evans
 
Ben Rothke - NBA for The Security Professional
Ben Rothke - NBA for The Security ProfessionalBen Rothke - NBA for The Security Professional
Ben Rothke - NBA for The Security ProfessionalBen Rothke
 
Anton Chuvakin on Security Data Centralization
Anton Chuvakin on Security Data CentralizationAnton Chuvakin on Security Data Centralization
Anton Chuvakin on Security Data CentralizationAnton Chuvakin
 
Finding Your Lost Keys
Finding Your Lost KeysFinding Your Lost Keys
Finding Your Lost Keystrueidentity
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 

Was ist angesagt? (20)

Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution market
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and Response
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
 
jn_fs_tech_insider_march_032516
jn_fs_tech_insider_march_032516jn_fs_tech_insider_march_032516
jn_fs_tech_insider_march_032516
 
Ben Rothke - NBA for The Security Professional
Ben Rothke - NBA for The Security ProfessionalBen Rothke - NBA for The Security Professional
Ben Rothke - NBA for The Security Professional
 
Anton Chuvakin on Security Data Centralization
Anton Chuvakin on Security Data CentralizationAnton Chuvakin on Security Data Centralization
Anton Chuvakin on Security Data Centralization
 
Finding Your Lost Keys
Finding Your Lost KeysFinding Your Lost Keys
Finding Your Lost Keys
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenches
 

Ähnlich wie UTM Technology & Leaders of UTMs in Gartner Magic report 2014

An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesElsa Cariello
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 
Healthcare_Security_White_Paper
Healthcare_Security_White_PaperHealthcare_Security_White_Paper
Healthcare_Security_White_PaperJames Maudlin
 
Network design consideration
Network design considerationNetwork design consideration
Network design considerationlavanya marichamy
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 

Ähnlich wie UTM Technology & Leaders of UTMs in Gartner Magic report 2014 (20)

An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for Dummies
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guide
 
Healthcare_Security_White_Paper
Healthcare_Security_White_PaperHealthcare_Security_White_Paper
Healthcare_Security_White_Paper
 
Network design consideration
Network design considerationNetwork design consideration
Network design consideration
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 

Kürzlich hochgeladen

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

UTM Technology & Leaders of UTMs in Gartner Magic report 2014

  • 1. Overview  The Security Challenge  The need for Consolidated Network Security  The pros & Cons of Consolidated Network Security  Why is this an issue?  Examples of the impact  Evolving firewall technology  The reality of using Stand-alone security appliances  Examples of Stand-alone Security Appliances  What ‘s UTM?  Evolution of UTM technology  The core architecture and development approach of developing UTMs  Why UTMs are required more than ever?  UTM - What actually it does?  Leaders of UTMs in Gartner Magic report 2014 By: Tarek Nader
  • 2. The Security Challenge • Today’s networking environment and threat landscape are changing constantly — new devices, applications, and threats appear almost daily • Organizations of all sizes struggle to enable secure access for users on the latest mobile devices while blocking the latest threats hidden inside application traffic from social media sites. It’s a tough fight!
  • 3. The need for Consolidated Network Security • In today’s increasingly mobile world, networks change constantly. New services, access methods, and even devices continue to show up in networks at a frenetic pace • As a result, organizations of all sizes face challenges in maintaining control over network and security policies • Unfortunately, many organizations continue to take a traditional approach to network security in spite of changing software, devices, and user habits. Such a traditional approach cannot adapt to the latest trends and leaves organizations vulnerable to today’s threats • To keep up with the constant change, organizations of all sizes must adopt a different approach
  • 4. The Good More and Better Network Access • The evolution and incredible proliferation of networking and security technology has produced many benefits: • Today, remote users can access corporate data inside a firewall using any device with a network connection • Every day, the number of applications is exploding; exploiting the internet’s speed and always-on access makes it trivial to deliver content to end-users • Today’s applications deliver better access to back-end and internal data resources, which has enabled tremendous leaps in productivity among employees, partners, vendors, and customers • Delivery models have also evolved, from traditional ‘on premise’ applications inside a network, towards cloud-based hosted application services • The growing use of social media in everyday business practices reflects a profound change in where and how potential customers, partners, and agencies gather data, influence buying decisions, and build brand awareness
  • 5. The Good What’s the impact? • A lot of good things have happened on corporate networks, and a lot of those things involve new technologies and new uses for existing systems and information assets • But these changes also add to the burden of maintaining security and require forward thinking to ensure that levels of protection and security keep up with new uses, new forms of access, and new forms of communication
  • 6. The Bad • The ongoing application explosion means that new apps show up and run on systems and devices on organizational networks every day • Too often, such applications fly under the radar of network administrators and appear without planning, proper licensing, or even informed consent • Worse, such applications can potentially inundate those networks on which they appear with unknown, questionable, or even outright malicious content
  • 7. Why is this an issue? • Traditional firewalls cannot detect these new applications; they rely on port numbers or protocol identifiers to recognize and categorize network traffic and to enforce policies related to such traffic • Apps that use specific port numbers or protocols make it easy for network administrators to block unwanted traffic, but browser- based applications often use only two port numbers, each associated with a protocol vital to user productivity and responsible for the bulk of Internet traffic today • This means that all traffic from browser-based apps looks exactly the same to traditional firewalls; they can’t differentiate between applications, so there is no easy way to block bad, unwanted, or inappropriate programs whilst permitting desirable or necessary apps to proceed unhindered
  • 8. Examples of the impact • Exposure to malicious content – User-created content encompasses a wide range of threats, such as malware or links to malicious sites that could compromise user systems or even entire networks – Common risks include links to malicious sites where visitors are subject to drive-by downloads • Unwanted bandwidth consumption – Bandwidth-intensive web-based applications such as YouTube can clog networks and impede delivery of business-critical content – File-sharing applications can bog down networks because of large file sizes and the sheer number of files being swapped • Exposure to data leakage – Apps that can accommodate outbound file attachments can permit employees to (perhaps unwittingly) export sensitive, confidential or protected information outside organizational boundaries and controls – This can incur potential civil and criminal liabilities, as well as loss of customer trust and brand equity
  • 9. And The Ugly • Online crime is an ever-increasing part of the threat landscape. Beyond the threats of damage or data loss from malware, professional criminals have gone online to play their unsavoury trades • Corporations, institutions, government agencies, and other large organizations can fall prey to various kinds of cyberwarfare, that aim to steal information, transfer funds, or perform other illicit activities
  • 10. Traditional firewalls can’t keep up with today’s threats • Because network traffic is so heavily web- and application- based, the ability of legacy security technologies to protect internal networks is increasingly challenged, to say the least • Attacks have become more frequent and more serious. Every day new attacks are designed to avoid detection and come up with more and better ways to steal our information • As attacks and their consequences become more dangerous and costly, organizations are learning to their dismay that their existing security infrastructures can’t keep up • Traditional firewalls and security appliances have lost their ability to block such traffic, which means prevailing tools and technologies can’t prevent the worst and most nefarious attacks from affecting or damaging networks
  • 11. Inadequate Protection (at Best) • One of the first and most basic lines of network defence is a firewall, a device that inspects inbound and out-bound traffic on a network • Firewalls were the first widely deployed network security technology when internet use really began in earnest. The firewall’s job is to inspect traffic and decide what is allowed to go from outside to inside, and from inside to outside • But network traffic has changed vastly in the last decade, and a great proportion is now web-based • Because of the commingling of modern application traffic with everyday web access, traditional port-based firewalls have essentially become blind to the most common type of network traffic • This means: – They cannot distinguish different types of traffic that use the same port – They cannot detect applications that tunnel inside other applications – They cannot see inside encrypted packets – They can’t even block sneaky rogue applications that use nonstandard port numbers
  • 12. Evolving firewall technology still can’t keep up • As simple rules for filtering traffic in a firewall proved to be too permissive, firewall vendors deployed new technology to stay abreast of the changing threat landscape • One important advance was the development of a proxy server, which sits transparently on the network and checks all packets for policy compliance before forwarding them • Various other security protocols were also developed to distinguish legitimate communications from suspicious or malicious types of connections, allowing only packets that corresponded to a valid, recognized, active connection between a client and server and rejecting everything else • In spite of these advances, firewalls could not stop the evolving threats. With each new firewall technology, the hackers devised new evasion techniques. New threats simply slipped through legacy firewalls and headed right onto the trusted network, attacking clients and servers with gusto and abandon • Network security vendors sought to fight back by creating new technologies to fight the new threats
  • 13. From Firewalls to Stand-alone Products • Over time, as the threat landscape evolved, organizations began adding specialized or stand-alone security devices to their infrastructures, with the intention of providing workarounds to the limitations of traditional firewalls • Each device addresses a specific threat: One appliance provides malware screening, and another provides content filtering of websites and traffic. Still others detect and block intrusions, or add spam filtering and e-mail message handling. Put them all together on a network, and you could have half a dozen or more appliances, each inspecting the stream of traffic moving across the network • All of these devices were designed to improve a network’s security by adding functionality missing from the firewall. However, a patchwork of stand-alone technologies can have the opposite effect on network visibility as well as performance. They don’t talk to each other easily (if at all). They lack central management and monitoring because each product operates on its own. Plus, data from individual devices isn’t aggregated to create a complete or holistic view
  • 14. Examples of Stand-alone Security Appliances Here are some examples of typical stand-alone security appliances that are deployed in a network: • Virtual private network (VPN): Uses special protocols to move information across the Internet securely • Data loss prevention (DLP): Looks for confidential, proprietary, or regulated data leaving the network. It can stop wholesale loss of proprietary data, as well as small scale accidental losses • Intrusion prevention system (IPS): Acts as a network’s watchdog, looking for patterns of network traffic and activity, and recording events that may affect security • Content filtering technologies: These devices block traffic to and/or from a network by IP address, domain name/URL, type of content or payload
  • 15. The reality of using Stand-alone security appliances • There are several implications of the use of stand- alone security appliances, namely: • Multiple devices create a performance hit • Reduced network visibility • Total Cost of Ownership is far too high • The benefits of moving away from this approach include: • An integrated and holistic view of network security • Optimal TCO • Minimal latency impact
  • 16. Finding a way out… • Many organizations want to find a way out of the expensive, labour-intensive, unsecure, and chaotic mess of traditional firewalls supplemented with multiple stand-alone security technologies. • Unified Threat Management (UTM) is the approach that many organizations have adopted to improve visibility and control of their network security while lowering complexity of their networks • UTM creates an environment in which all network security falls beneath a single, consistent technology umbrella • UTM enables the consolidation of all traditional as well as next-generation firewalls into a single device
  • 17. • UTMs can be simply expressed as Next generation Firewalls, have evolved specifically from conventional firewalls. • The first firewalls were software firewalls which were itself evolved from software routers. • Later on as technology evolved, and hardware routers came into scene, hardware firewalls arrived which were nothing more than routers with packet filtering capabilities. • Furthermore, the technology matured from basic packet filtering to a more complex control technology which included stateful packet inspection and finally to full application layer inspection devices (IEEE, 1997). • Around the year 2000, VPN's appeared and gained acceptance as the mainstream technology to connect networks securely, remotely. • Firewalls followed closely by integrating VPN's with Firewall which was the natural choice as enterprise solutions required both firewalls and VPNS EVOLUTION — A little Background of UTM technology
  • 18. Stepping up to UTM • UTM represents a significant shift in the evolution of network security technology and equipment • UTM generally refers to a security appliance that consolidates a wide range of essential network security functions into a single device, including next-generation firewall technologies like application control • As network threats evolve and new threats emerge, network security must change and adapt to protect against such threats. This adaptability can make UTM difficult to define because the technologies included can vary from vendor to vendor • Over time, however, the collection of capabilities associated with UTM has consistently expanded, and this trend shows no sign of tapering off
  • 19. UTM – bringing order to chaos The best UTM solutions include the following core security functions: • Network firewalls perform stateful packet inspection • IPS detects and blocks intrusions and certain attacks • Application control provides visibility and control of application behaviour and content • VPN enables secure remote access to networks • Web filtering halts access to malicious, inappropriate, or questionable websites and online content • IPv6 support in all network security functions protects networks as they migrate from IPv4 to IPv6 • Support for virtualized environments, both virtual domains and virtual appliances
  • 20. Additional technologies UTM solutions may also include additional security technologies that organizations can choose to deploy, including: • Data loss prevention (DLP) that blocks accidental or intentional loss of confidential, proprietary, or regulated data • Anti-malware/Anti-spam protection that prevents malicious payloads or unwanted messages from entering networks • Endpoint control that enforces corporate security policies with remote users and devices
  • 21. The core architecture and development approach of developing UTMs  Licensing and Integrating Approach (Multi vendor UTM)  In-house Development Approach (Single vendor UTM) Licensing and Integrating Approach (Multi vendor UTM) The first design approach tried to get the best of worlds by integrating specialized technologies from different security vendors. For e.g.: Cyberoam UTM licenses Antivirus from Kaspersky, Antispam by Commtouch, both who specialize in Antivirus and Antispam technologies. These UTM's provided an integrated interface to manage all the integrated technologies in the easiest possible manner, while some others require specific management interfaces.
  • 22. Licensing and Integrating Approach (Multi vendor UTM)
  • 23. In-house Development Approach (Single vendor UTM) • The second design approach is the more difficult out of two, which requires ground up development of a UTM device from scratch, and involves the provision of each security function natively. • This was not flawless, each security function must pass a set of market guidelines and standards set by standalone security products effectively in order to be accepted. However, with time, the core functions provided by UTM platforms—firewall, intrusion prevention and antivirus—had matured since the onset of the UTM era, so building competent security functions was both possible and cost effective. • Also, this approach had a better management interface as the platform incorporated all the technologies since inception.
  • 24. Why UTMs are required more than ever?  With advent of technology, blended attacks against organizations has led to older specialized protection devices/services obsolete.  The integrated approach allows the administrator to worry about only one device, not the whole flurry of firewalls, antivirus & IDS/IPS.  With falling costs, the attackers have got more speed at their dispense, hence they can carry out. more attacks & hence we need more functionality on a single device to counter those. UTM —Impact Assessment
  • 25. Unified Threat Management - What actually it does?  At its heart, a UTM does the core work of collection of data and detection of unwanted and malicious data. As quoted by Mick Johnson,  Collection involves picking the packets off the wire and processing them through the network stack, reassembling and deciphering packet header information and identifying the relevant payloads.  Detection is the task of scanning those payloads for data that signify a particular traffic stream is malicious or unwanted.  A given portion of traffic might apply to either collection or detection at different stages: the source IP address must be checked against a set of firewall rules before being used to identify a TCP stream for reassembly and HTTP-level scanning for viruses.  Finally with each added security function or application in a UTM adds extra workload to the detection phase, irrespective of the amount of traffic which leads to a massive performance drop when a specific type of inspection is turned on.
  • 26.  Leaders of UTMs in Gartner Magic report 2014  Fortinet  Check Point Software Technologies  Dell  Sophos  WatchGuard