The Jericho Forum has attracted its share of skepticism over the years, much of it directed at the extremist version of what the group espouses. Named for the biblical city of Jericho, which saw its walls tumble in the face of a, shall we say, divine battle plan, the Jericho Forum believes that network defenses shouldn't depend on a hard exterior. Instead, the forum espouses what many security practitioners have long advocated: defense in depth.

Jericho doesn't dismiss all border protection--it admits that conventional security systems will continue to have roles--but it does stress their limitations. Its alternate philosophy of "deperimeterization" makes sense for a number of reasons.

First, as more applications move to the Web and new protocols are created on top of HTTP, traditional network inspection products are increasingly useless. Second, the shift from attacking servers to targeting clients that has gradually taken place over the past six years means that a DMZ server getting owned is less probable than an internal client becoming compromised. Today, an attack is all too likely to strike at the very core of your network. Finally, as more devices regularly leave and re-enter your borders, the simplest way though a boundary network firewall might be on the laptop of a salesman returning from a business trip.

Does a layered defense obviate the utility of border unified threat management? Not at all. Indeed, one disadvantage of defense-in-depth security is the amount of resources required to make it happen. Because UTM allows for a variety of protection measures with reduced implementation and administration complexity, it should be easier to implement those additional internal controls, resting assured that your walls will stand. See more.

Return to the story:
Trend Report: Unified Threat Management