Extensible threat management is the next generation of unified threat management. This article provides an overview of XTM and explains its advantages over UTM. It is based on a white paper by WatchGuard Technologies.
Unified threat management (UTM) spawned a new era of IT security. The promise of these integrated security appliances proved to be an exceptional and efficient way of securing commercial networks. However, businesses today face an inflection point, dictated by changing market trends and new technologies that demand more of today’s UTM. Hence the need is for eXtensible threat management (XTM) solutions, the next generation of UTM appliances. XTM is predicated upon the substantive expansion of three elements: more security, greater networking capabilities, and more management flexibility. This paper provides an overview of these issues.
Unified threat management
Originally coined in 2003 by IDC analyst, Charles Kolodgy, the term unified threat management represented a ground-breaking concept in having disparate security functions – firewall, intrusion detection/intrusion prevention (IDS/IDP) and gateway anti-virus (AV) – reside in a single, integrated network security appliance.
UTM appliances quickly became a network security favorite for small, mid-market, and enterprise branch office environments. UTM devices gained substantial ground in education, healthcare, and retail segments because they helped to address regulatory mandates, such as the Children’s Internet Protection Act (CIPA), Health Insurance Portability and Accounting Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS).
As the demand for UTM grew, so too did the industry and the number of respective solutions. By 2007, the UTM market had grown approximately 35 percent year-over-year, to reach $1.2 billion. By the end of 2008, industry analysts estimate that sales of UTM appliances will surpass traditional firewall/VPN solutions. By 2010, sales of UTM devices are expected to exceed $2.5 billion.
What is unclear right now is whether the current state of UTM offerings in the market is sufficient to fully meet future business demand and IT expectations.
Trends affecting UTM
Clearly, UTM has moved from a concept to a business and network security reality. The growth and acceptance of UTM is undeniable. However, there are factors to suggest that UTM, in its current state, will not be sufficient to tackle the next generation of looming security threats, nor capable enough to meet the needs of savvy businesses that leverage new forms of technologies to be more productive and efficient.
Threats are changing. The next generation of security threats will present unparalleled challenges and risks. The ‘black hat’ community is not the band of miscreants that it used to be. What was once done to gain notoriety and underground fame among fellow hackers has now turned into big business, similar to organized crime syndicates. Data is valuable, and gaining control of web sites, servers, and personal computers can be lucrative.
The next generation of security threats is expected to be more sophisticated and less conspicuous. Security threats are taking on new forms, morphing common annoyances such as spam email and mutating them into hybrid spam/phishing/malware payload-delivery vehicles. The traditional attacks on network ports and data networking protocols will change to attacks that exploit holes directly at the application layer.
Threats are becoming more stealthy and concealed, as well. Typically, when a threat reaches a broad enough audience, a ‘signature’ can be developed to counter and neutralize the threat. Today, the writers of these attacks have learned that low profile attacks keep threats ‘under the radar,’ and hence, avoid detection and the eventual signature that will wipe them out. Likewise, other attackers have developed automated repackaging malware applications so that the malware changes every few minutes – effectively staying ahead of any anti-virus vendors’ ability to produce a signature.
Changing business dynamics
Business is changing. Several factors are all converging to change the way businesses operate. The ‘millennial’ generation, the ‘consumerization’ of IT, Web 2.0+, and new technologies, such as virtualization and software as a service (SaaS), are all creating new dynamics for network security and data protection.
Mobility, mobile workers, and remote office technologies accelerate business opportunities, but at the same time, create new venues for security risks. According to a recent survey conducted by Stanford University and Hong Kong University of Science and Technology, “92 percent of Fortune 500 respondents agreed that uncoordinated mobility initiatives lead to security risks and high integration costs. But 93 percent reported that mobility can provide a significant competitive advantage.” (1) The traditional desktop is being redefined by mobile devices and mobile applications. As this happens, IT staff must address the inherent security risks that accompany this trend.
Likewise, the next generation of workers, the ‘millennials’, mirrors the benefits and risks associated with mobility. The millennial generation is instrumental in adopting new technologies, particularly, IM, peer-to-peer, and social networking tools, yet shows lackluster awareness and even disdain towards the risks that go with these technologies. In a recent blog post titled, ‘IT Risk and the Millennials,’ Samir Kapuria talks about what could turn out to be one of the most pressing issues for IT. Kapuria points out that CIOs are trying to figure out how to cope with this generation: “Millennials are used to freely downloading software from the Internet, such as Skype; using applications like Facebook; and bringing their iPods and laptops into the office—all of it blurring the lines between personal and work life.” (2)
Relative to this is the ‘consumerization’ of IT and Web 2.0 technologies. Designed to foster more collaboration, greater efficiencies, the sharing of information, and more productivity, the IT landscape of consumerized technologies (iPhones/iPods, USB drives), and Web 2.0 applications (mash ups, peer-to-peer and social networks) is also creating new security and information leakage concerns. It has been noted that some consumer-oriented applications, such as Facebook or LinkedIn,` are being used as contact managers or even as CRM substitutes. Businesses that rush out and adopt these new tools may also find themselves in uncharted security waters.
For example, the media recently reported on a popular online consumer game, World of Warcraft, and how malware associated with the game is stealing user passwords and account data. For a consumer, that is a serious threat. By analogy, if one applies this type of scenario to something like Second Life, which quickly morphed from a game into a business-to-business (3) vehicle for corporate events, sales, training, marketing, and demand generation, then we see how deleterious this type of malware could be if it could capture corporate passwords and corporate data. Bottom line is businesses have yet to experience the risks associated with consumer technologies and Web 2.0 applications in the work environment.
New business technologies are shaping security profiles. This ranges from VoIP to virtualization. For example, virtualization is the general term used to describe the abstraction of IT resources. Virtualization hides the physical characteristics of computing resources from their users, be they applications or end users. (4) This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple virtual resources; it can also include making multiple physical resources (such as storage devices or servers) appear as a single virtual resource. (5) As businesses adopt virtualization, they must understand the security risks associated with it.
Software as a service (SaaS) presents similar security challenges for IT staff. With industry heavyweights, such as Cisco, Google, and Microsoft, pushing for more IT services to be ‘in the cloud,’ questions arise of who controls the data, how is it protected, which laws and regulations apply, how is it audited, and what recourse is available should something happen? Assuming that SaaS is an inevitable reality, businesses will need XTM solutions to ensure secure connectivity to the cloud, as well as to protect the integrity of applications and data interactions.
Likewise, as businesses deploy new technologies, they must address protection in new ways. For example, mobility and data in motion is changing the concept of how to secure the network perimeter. Protecting the end point device will be subjacent to protecting users and data as they move through networking, web, and messaging platforms.
Lastly, businesses and IT administrators will have to do more with fewer resources. A recent Goldman Sachs report stated that security budgets are down from previous forecasts. As global economic issues create turbulent markets, companies are expected to react by reducing IT expenditures.
All of the above factors – the next generation of threats, changing business dynamics and new business technologies – dictate how network security will operate in the future. WatchGuard believes that the UTM industry is at an inflection point, and that the current state of UTM appliances is insufficient to fully address these factors. Therefore, what business and technical decision makers will need is the next generation of UTM – XTM, or extensible threat management solutions.
Extensible threat management
Extensible threat management is the next generation of unified threat management integrated network security appliances. As stated by IDC analyst, Charles Kolodgy, in SC Magazine (May 2, 2008):
“IDC believes that UTM will remain the primary security solution for distributed environments, but within the enterprise it will evolve into an eXtensible Threat Management (XTM) platform. XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility. Future XTM appliances should provide automated processes – such as logging, reputation-based protections, event correlation, network access control and vulnerability management. Adding to the networking capabilities will be management of network bandwidth, traffic shaping, throughput, latency and other features, including unified communications.”
Based on this definition, WatchGuard sees XTM as an extension of the UTM category. XTM will expand on what UTM has delivered, but will include additional substantive developments in three core areas:
- More security features
- Greater networking capabilities
- More management flexibility.
The business and technical cases for XTM
For business decision makers, XTM offers an ideal cache of reliable security and superior TCO (total cost of ownership). XTM allows businesses to utilize mobility, consumer technologies, Web 2.0, and other new business applications in a highly secure manner.
Because of the inherent flexibility found in XTM, these solutions will help businesses address the needs of regulatory compliance and future changes that are bound to come.
With greater networking and security capabilities, XTM solutions also eliminate the costly need to purchase and manage multiple routing and stand-alone security appliances. For example, small businesses that currently purchase low-end routers and then supplement them with firewall devices will be able to use a single XTM device for both routing and security. Likewise, instead of utilizing separate appliances, such as a spam firewall, web application filter, and IDS/IDP solution, with XTM businesses can utilize all of these services in one device. This makes the cost of XTM acquisition, as well as the cost of management, much lower than traditional best-of-breed, stand-alone appliances.
For technical decision makers, XTM offers greater management, real-time user control and superior security. As the network perimeter changes and users pass through network, web and messaging platforms, administrators will look to XTM appliances to provide ‘common reputation services’ so that regardless of the device or location, the user and data are always protected. XTM will offer administrators new capabilities in ‘policy migration’ as well. This way, as older appliances such as firewalls are replaced, newer devices can extend and enforce existing security policies.
Finally, technical decision makers who are not security experts will be able to rest assured, knowing that their networks are highly protected with proactive, XTM-based security.
XTM is the next generation of UTM, and it is predicated upon the substantive expansion of three foundational elements: more security, greater networking capabilities, and more management flexibility. Although the changing landscape of business dynamics and technology developments has created new efficiencies and accelerated business opportunities, these carry with them new forms of sophisticated threats and risks. The current state of UTM will not be enough to address these changes, hence the need for the technology to more up a level; into XTM solutions.
1) ‘The Mobility Manifesto: What enterprise mobility means and how to make the most of it’ – Nokia Corporation
3) Using Second Life as a Business-to-Business Tool, Information Week (April 26, 2007) http://www.informationweek.com
4) Electronic Commerce: A Managerial Perspective, Turban, E., (2008)
5) ‘The Pros and Cons of Virtualization,’ Business Trends Quarterly, Mann, Andi (April 21, 2008); ‘Virtualization 101,’ Enterprise Management Associates (EMA), Mann, Andi (Oct. 29, 2007)
WatchGuard has provided the following author statement:
Since 1996, WatchGuard Technologies has provided reliable, easy to manage security appliances to hundreds of thousands of businesses worldwide. Its Firebox X family of unified threat management (UTM) solutions provides the best combination of strong, reliable, multi-layered security with the best ease of use in its class. Its newest product line – the WatchGuard SSL – makes secure remote access easy and affordable, regardless of the size of your network. All products are backed by LiveSecurity Service, a ground-breaking support and maintenance program. WatchGuard is a privately owned company, headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. For more information, please visit www.watchguard.com
•Date: 28th August 2008• Region: World •Type: Article •Topic: ISM
Rate this article or make a comment - click here