SmartAdvice: Unified Management Is Next For Security
Managing threats, not avoiding them, is what unified threat management lets companies do, The Advisory Council says. Also, pick the best elements of project management, but don't be a slave to the process.
Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from leadership advice to enterprise strategies to how to deal with vendors. Submit questions directly to email@example.com
- The Untapped Potential of Mobile Apps for Commercial Customers
- Secure Cloud: Taking Advantage of the Intelligent WAN
- IBM index reveals key indicators of business continuity exposure and maturity
- Embedding Agility in Next Generation System Designs (VDC)
- Strategy: Mapping IAM Processes to the Business
- Strategy: How to Conduct an Effective IT Security Risk Assessment
Question A: How well does unified threat management fit the requirements of an effective information security program?
Our advice: Unified threat management is a compelling and natural consolidation point in the evolution of information asset protection. Part technology and part packaging, it responds to the growing challenge of protecting information assets in the 21st century. Businesses are interconnecting more with each other, with customers, with vendors, with government agencies, and with the public. How does an organization make sure these interconnections (and the networked resources they connect) are used appropriately?
We are awash in a sea of attacks on our information assets. Place a probe outside almost any firewall and you will find a continual stream of low-level network attacks, peppered from time to time with serious break-in attempts. Add to this the virus-infected E-mails, worms, spam, and spyware that keep coming. And top it off with sophisticated attacks on Web servers. It becomes quite a challenge.
Early solutions were ad hoc and piecemeal. These included virus detection and prevention, firewalls, host and network intrusion detection, encryption, secure host configurations, more secure computers and software--and never-ending patch management, access control and review, penetration testing, vulnerability assessments, and so on. Not only is it labor intensive and expensive ensuring that all these are in place, it's problematic whether they can be sufficiently coordinated to ensure adequate and timely protection.
At the same time, the emphasis has shifted from threat avoidance to threat management. The latter requires, for example:
- Cost effectiveness. Total system costs should be less than the expected loss if there are security breaches due to a lack of controls. When considering total costs, recognize the hardware and software costs, operational costs, and potential impact on business.
- Coordination. It has to take place between organizations and between technologies.
- Streamlined administration. Manual processes will break down under too much volume and pressure; throwing more labor at the problem usually worsens it while increasing costs.
- Interoperability. If the technical components don't work well together, incident resolution (and sometimes even incident determination) is difficult, if not impossible.
Unified threat management addresses these and other requirements by bundling together key information-security functions and providing simplified administration. It's a state-of-the-art method of managing a lot of information-security threats--a good idea whose time has come. Efficiently packaged and effectively delivered, it will reduce the cost and increase the reliability of your information-security program.
However, there's an important caveat. Unified threat management, like its predecessors firewalls, intrusion detection, penetration testing, antivirus systems, and encryption, risks becoming a buzzword solution, even perceived as a panacea. It's a good tool, but it has its limits. Manage expectations, from desktop users to the board of directors. Make sure unified threat management is understood and defined by what it does and doesn't do.
Strategically, look at deploying unified threat management in the medium term--two-to-four years. By then, the industry should shake out. Tactically, make sure that every decision is consistent with that direction, focusing on the bulleted requirements above and any others important to you. Finally, keep a continual eye on these products and prevailing practices, just in case unified threat management is superseded by cosmic threat management.
-- Richard Feingold