WedgeNetworks

Unified Management and Un-even Protection

UTM (Unified Threat Management) integrates the traditional firewall function with VPN, IDS/IPS, Gateway Antivirus, Antispam, webfiltering, etc. into one single hardware platform. According to leading analysts such as IDC, the UTM market is growing rapidly. The initial target customers of UTM vendors are mainly SMBs. In recent years, enterprises and service providers are also deploying high end UTM devices to upgrade their aging firewall devices. Seeing the potential of this market, established firewall vendors started rolling out the so called "Next Generation Firewalls" which offer the same set of functions.

With a unified configuration and management interface across the security functions in several layers of the OSI network model, UTM promises the advantage of low TCO for businesses. There are many vendors competing in this space, such as Fortinet, SonicWall, WatchGuard, NetGear, Palo Alto Networks, Juniper, etc. Fortinet is the current market leader in this space.

While it is technically plausible to apply unified management to the L2/L3 packets or streams, the same kind of unification at the application layer is superficial.   As many enterprises and service providers who deployed UTM solutions found out, UTM devices are doing a very poor job in delivering security protection at the OSI application layer. For example, when security functions for the application layer are enabled in their UTM devices, customers are experiencing unusable slow network connectivity and low security detection rate.

With most of the severe attacks coming through applications such as email and Web, this uneven protection is putting businesses at the mercy of cyber criminals. Many security analysts have pointed out that businesses should seriously consider complementing their existing firewall and UTM solutions with dedicated, application content layer security devices.

Plug the Content Security Hole in UTMs

With its BeSecure Web Security Appliance, Wedge Networks delivers the most advanced content security solution to enterprises and service providers.

In September 2009, two of the world’s renowned independent testing labs: the Tolly Group in the USA and the AV-Test.org in Germany conducted a performance and accuracy test of Wedge BeSecure against a leading UTM product. The published test report indicates that Wedge BeSecure provides the most complete anti-malware coverage with sustained much higher network throughputs than the UTM device, making it an ideal solution to plug the content security hole in UTMs. The report states:

“While today's firewalls and Unified Threat Management (UTM) solutions provide effective firewalling capability, comprehensive antivirus detection with good throughput performance often requires a complementary solution such as the Wedge Networks BeSecure NDP Web Security Appliance”

In fact, this is exactly what many security conscious enterprises are doing. To date, hundreds of BeSecure Web Security Appliances are deployed worldwide, most behind firewalls and UTMs, providing complete security protections at the application content layer.

The following figure depicts the content security solution offered by BeSecure:

Figure 1: BeSecure working in tandem with UTM products to provide comprehensive security

• BeSecure is deployed behind a firewall or UTM device, providing blanket content security coverage for all the networks nodes

• The security functions provided by BeSecure are:

  • Detect/Block malware embedded in any of the application (email, web, ftp) sessions

  • Block/Flag spam in all the email traffic

  • Prevent the theft or leakage of the sensitive information

  • Detect any infected hosts

Who Should Use This Solution

This solution shall be deployed by any enterprises and services providers who:

• Bought into the UTM promise and then realized application content layer security cannot be  achieved

• Have many computing devices that need to be protected against malware and OS vulnerability attacks

• Have a mobile computing workforce where host based security cannot be enforced

• Require multi-layered defences for compliance purposes