Unified Management and Uneven Protection
Unified Threat Management (UTM) integrates the traditional firewall function with VPN, IDS/IPS, Gateway Anti-Virus, Anti-Spam, Web Filtering, etc. into one single hardware platform. According to leading analysts, such as IDC, the UTM market is growing rapidly with initial target customers of UTM vendors being mainly SMBs. In recent years, enterprises and service providers are also deploying high end UTM devices in order to upgrade their aging firewall devices. Seeing the potential of this market, established firewall vendors started rolling out the so called "Next Generation Firewalls" which offer the same set of functions.
With a unified configuration and management interface across the security functions in several layers of the OSI network model, UTM promises the advantage of low TCO for businesses.
While it is technically plausible to apply unified management to the L2/L3 packets or streams, the same kind of unification at the application layer is superficial. As many enterprises and service providers who deployed UTM solutions found out, UTM devices do a very poor job in delivering security protection at the OSI application layer. For example, when security functions for the application layer are enabled in their UTM devices, customers experience unusable slow network connectivity and low security detection rates.
With most of the severe attacks coming through applications such as email and Web, this uneven protection is putting businesses at the mercy of cyber criminals. Many security analysts have pointed out that businesses should seriously consider complementing their existing firewall and UTM solutions with dedicated, application content layer security devices.
Plug the Content Security Hole in UTMs
With its WedgeOS-based Web Security Appliance, Wedge Networks delivers the most advanced content security solution to enterprises and service providers.
In September 2009, two of the world’s renowned independent testing labs: the Tolly Group, in the USA, and the AV-Test.org, in Germany, conducted performance and accuracy tests of Wedge's WedgeOS platform against a leading UTM product. The published test report indicates that the WedgeOS appliance provides the most complete Anti-Malware coverage with much higher sustained network throughputs than the UTM device, making it an ideal solution to plug the content security hole in UTMs. The report states:
“While today's firewalls and Unified Threat Management (UTM) solutions provide effective firewalling capabilities, comprehensive antivirus detection with good throughput performance often requires a complementary solution such as the Wedge Networks BeSecure NDP Web Security Appliance”
In fact, this is exactly what many security conscious enterprises are doing. To date, hundreds of WedgeOS-based Web Security Appliances are deployed worldwide, typically behind firewalls and UTMs, providing complete security protections at the application content layer.
The following figure depicts the content security solution offered by a WedgeOS appliance:
Figure 1: WedgeOS appliance working in tandem with UTM products to provide comprehensive security
WedgeOS appliance is deployed behind a firewall or UTM device, providing blanket content security coverage for all the network's nodes
The security functions provided by the WedgeOS appliance are:
Detect/Block malware embedded in any of the application (email, web, ftp) sessions
Block/Flag spam in all the email traffic
Prevent the theft or leakage of sensitive information
Detect any infected hosts
Who Should Use This Solution?
This solution should be deployed by any enterprises and services providers who:
Bought into the UTM promise and then realized application content layer security cannot be achieved
Have many computing devices that need to be protected against malware and OS vulnerability attacks
Have a mobile computing workforce where host based security cannot be enforced
Require multi-layered defences for compliance purposes