This month we are standing at the portal to our enterprise seeking entrance. Those who have heard me speak at conference sessions know that I am a great one for illustrative war stories, so here's one from my misspent youth. It takes me back to when I was at day camp in Indianapolis. There was “skit night” when the parents visited and the campers put on skits. One of the most popular involved a king in his castle. His page comes into the throne room and announces “Majesty, there is a man without the gate who seeks entrance.” To which the king predictably responds, “Well, give him the gate and send him home!”
Our products this month might substitute for the king's response: “Majesty, there is an unknown packet stream without the gateway.” The response: “Well, give it the boot and send it home!”
“...when the bad guys come knocking, we can give 'em the boot...”
– Peter Stephenson, technical editor,
UTMs and anti-malware gateways often are our key protection at the perimeter. However, the notion of defense-in-depth may suffer if there is no client-side or endpoint protection in place. More important, in many cases we are seeing very little innovative advancement in the products that we looked at this month. That's a problem.
The nature of internet-borne threats is such that if we do not advance, we actually regress. There comes a point for both product groups where simply increasing the catch rate is neither enough nor practical. Newer and more innovative technology is what is needed here, perhaps more than anywhere on the enterprise. For UTMs, the traditional patterns are out the window. Now we can expect a competent UTM to have a lot of functionality. We also are reaching a point where the UTM will take over for the anti-malware gateway and, some mavens predict, the firewall as well.
Traditionally, the UTM was a combination of firewall, IDS/IPS and anti-malware gateway. Today, they all add something extra. It may be a broader interpretation of malware, including such things as anti-spam, protocol blocking and web content filtering. That puts them in the same ballpark as other products, such as anti-virus gateways and web filtering products. In fact, it is not uncommon for a vendor to submit the same product for multiple functions, all of which are services of the product, which the vendor calls a UTM. As we have written in the past, the UTM has supplanted the multipurpose appliance of years past.
As a function of the UTM, anti-malware gateways might be expected to go the way of the dinosaur. To be sure, our crop of products this year was somewhat smaller than it has been in the past. But the product is not dead yet and we saw some good examples of the current state of the practice. Overall, the products we saw are focused on stopping all types of malware threats at the perimeter. There are arguments in favor of using a suite of products at the perimeter as opposed to using a single gateway. Some of those include defense-in-depth, performance and the ability to distribute protection widely in an enterprise with an imprecise boundary, such as an online banking system that really consists of multiple layers or subnets, some of which are internet-facing, some of which are not directly touching the internet, all of which need protection.So, like our mythical king, whether we select a UTM, anti-malware gateway or some combination, when the bad guys come knocking, we can give ‘em the boot and send them packing.