UTMs: Not up to the challenge
Traditional Unified Threat Management solutions (UTMs) are designed to bring a variety of security functions - including web content filtering - into a single appliance. To do their job without compromising network performance, they must support massive throughput. More important, they must dedicate massive computing power to scanning content and enforcing policies.
Unfortunately, this makes such solutions increasingly costly - and much of that cost is effectively wasted, since a large portion of the device's processing power is used only at times of peak traffic.
Furthermore, it means that as new threat profiles emerge, organisations are often required to upgrade their UTM hardware - at significant cost - in order to maintain effective security.
Even more problematic, when the UTM is bogging down network traffic due to a heavy content-filtering queue, it can interfere with connectivity to business-critical resources and applications hosted in the cloud - which can result in a significant loss of productivity or interruption of business.
An emerging category of comprehensive security solution takes a different approach to provisioning resources for content filtering - one that addresses all of the challenges detailed above. Rather than regarding the ubiquity of the cloud merely as a challenge to security efforts, this approach regards it as an opportunity.
In this approach, a robust, next-generation firewall appliance is tightly integrated with a cloud-hosted web content filtering service. The next-generation firewall at the core of the solution is designed at the kernel layer to support multiple, integrated security functions. This makes it far more efficient than bolted-together UTMs in which a basic firewall core is augmented with add-on components that increase latency at each step of the process.
Because the compute-intensive tasks of content filtering, malware blocking, and reporting are offloaded to the cloud, even very high traffic levels do not create additional latency within the network itself. With effectively unlimited resources in the cloud, and the ability to dynamically re-provision resources as needed in real time, this approach also eliminates the cost and inefficiency of over provisioning compute resources locally, as traditional UTMs require.
Another significant benefit of using cloud-based resources for content filtering is that as new threat categories are identified, there is no need to upgrade or replace on-premises equipment - firmware upgrades are applied automatically and transparently, ensuring the network is fully protected with no interruptions.
Because there is no on-network congestion due to content filtering, connectivity to business-critical applications hosted in the cloud is not affected. And with a next-generation firewall core that includes capabilities to aggregate multiple uplinks and prioritise traffic based on business policies, it can dramatically increase the reliability of those connections, improving business continuity and reducing downtime.
Aravindan Anandan is Consulting Systems Engineer, APAC of Barracuda Networks.
Sign up for Computerworld eNewsletters.