Businesses Say Next-Generation Firewalls Simplify Security Management
When the state of Massachusetts passed privacy legislation that required businesses to deploy up-to-date firewalls that included encryption, Maloney Properties’ IT Director Melissa Andrews knew it was time for an upgrade.
The Wellesley, Mass., property management company had used WatchGuard firewalls for several years, but the devices didn’t support centralized management as required by law. The solution was to deploy a WatchGuard XTM 5 Series unified threat management (UTM) appliance in its headquarters and smaller WatchGuard XTM 2 Series UTM devices in the company’s 60 branch offices throughout New England.
“We centrally configured the devices and just dragged and dropped them in,” Andrews says. “It took about 30 minutes to an hour to get each one of them up and running.” Maloney Properties finished rolling out the new WatchGuard gear in June 2012. The implementation has provided the company with numerous benefits.
The IT staff can now update its firmware all at once and monitor traffic from a central console, says Andrews. The WatchGuard software also offers visibility into the traffic that runs over the company’s boiler and solar panel systems. “Our auditors recommended that we deploy an IDS/IPS, so that was another reason we went with the UTM device,” she explains. “We’re also looking at adding the URL filter, but we need a policy behind it before we move forward.”
The percentage of security professionals who believe that employee access to social networking sites increases the likelihood of an advanced persistent threat or other sophisticated malware attack on the organization
SOURCE: “A Prudent Approach to Next-Generation Firewalls” (Enterprise Strategy Group, January 2013)
John Grady, a research manager with IDC’s security products group, says IT managers such as Andrews opt for multifunction devices because they deliver high value at an affordable price.
“I see this as the gradual evolution of the UTM,” Grady says. “The latest devices offer better integration between technologies, as well as application control and the ability for systems administrators to set very granular policies for users or groups of users.”
Taking Security Up a Notch
When IT Manager Marty Gworek joined voiceTech, the maker of automation software for pharmacies had an old router and later moved up to a single-function firewall. “When I started, we had an old firewall and had nothing to protect our email or stop viruses and attacks,” he says.
About three years ago, the Sarasota, Fla., company worked with Sophos and its partner Data Integrity Services to deploy a Sophos UTM, equipment they plan to upgrade to a Sophos UTM 220 appliance later this year.
Today, voiceTech uses the UTM device as a firewall for inbound and outbound rules, email protection and as an FTP server for the company’s interactive voice recognition transaction. They also use it as a wireless controller, a virtual private network and, with the latest upgrade, plan to use the application control feature to secure company and customer portals.
Gworek estimates that purchased separately, those capabilities would cost voiceTech $10,000 to $20,000. “The Sophos UTM is a fraction of the cost, plus it’s perfect for a small, growing company like ours,” he says. “This let us modernize our security in a big way.”
Jon Oltsik, a senior principal analyst for the Enterprise Strategy Group, advises organizations to adopt a broad, next-generation security architecture of tightly integrated network services that can be applied throughout the network.
Next-generation network security includes these elements:
- Central management. A major aspect of next-generation security is the ability to centrally manage security policies, service orchestration/provisioning, monitoring and reporting.
- Distributed policy enforcement. This capability expedites network security service provisioning throughout the network. For example, a systems administrator can deploy a firewall service at the network perimeter, in the data center, at remote offices or within a physical server hosting multiple virtual servers.
- Any network security service in any form factor. Next-generation network security can be applied in any type of device or set of services, including fixed-function, multifunction or virtual appliances, or cloud-based managed services.