Perhaps more than any other industry except finance, the federal government faces intense pressure to protect its networks from hackers, inside attacks and a variety of other threats.
Agencies are increasingly looking to unified threat management (UTM) systems, which generally combine a firewall, virtual private network (VPN), intrusion detection and antivirus capabilities into one device.
“Most agencies are moving in the direction of UTM if they aren’t there already, simply because the functionality offered by a consolidated system makes it easier to protect the firewall, the network and look for a number of threats,” says Shawn McCarthy, director of research for IDC Government Insights. “UTM is a very important block in the foundation of managing security.”
For many, UTMs are a future endeavor. The Army, for instance, hopes to deploy the technology. The service’s traditional security architecture includes firewalls, network intrusion prevention, gateway antivirus and antispam, VPNs, content filtering and load balancing.
But the Army’s Network Service Center, within the Program Executive Office for Enterprise Information Systems, is looking seriously at UTMs as a way to enhance security, simplify administration and save money, says Steven Schliesman, chief of the center’s Technical Management Division.
UTM products are expected to make up 33.6% of the total network security market by 2012, compared with 22% in 2008.
“When ultimately deployed in support of the Army’s networks, it would be used in accordance with the available capability at time of deployment,” he says. “This could range anywhere from security of the local enclave, the Local Area Network (LAN), or as an enterprise capability securing the various points of presence or wherever a typical security enclave may exist.”
Schliesman says that barring any unforeseen circumstances, the Army will deploy a UTM capability within two to four years.
UTMs make sense for many types of organizations, according to Charles Kolodgy, research director for security products at IDC. Because the products unite multiple applications in one appliance, an organization simply plugs one box in at a remote site and manages the device from a central location. Manufacturers such as Check Point, Fortinet, Juniper Networks, McAfee, SonicWall and WatchGuard offer the hardware.
What’s more, users can buy just the features they need without investing in multiple hardware devices, and UTMs can be configured to handle the security applications users need, such as URL filtering and antispam.
Take, for example, the recent announcement from SonicWall that a major federal security agency has contracted to use the company’s UTM appliances as a key component of its cybersecurity strategy to detect and block malware from entering its network.