With the more and more pervasive cyber menace, chief data safety officers (CISOs) might be forgiven for looking for a catch-all answer. Unified menace administration (UTM) methods usually declare to supply these time-poor, careworn safety professionals with a one-size-fits-all method to cyber safety. One device to cowl all bases feels like a perfect answer – however CISOs ought to method these with warning.
UTM home equipment mix firewall, gateway antivirus, and intrusion detection and prevention capabilities right into a single platform. In idea, this could offer you a variety of safety from exterior threats and cyber criminals. CISOs are afforded the data that they solely must look in a single place and at one system or piece of software program to know the security and safety of their vital methods.
However having one system in place means there’s just one system to go improper. An absence of redundancy methods signifies that if the worst have been to occur, there’s no person on the subs bench prepared to come back on and alter the sport. If the UTM system fails, the criminals can primarily stroll proper in.
One dimension doesn’t at all times match all
Take into consideration the profile of cyber criminals. They don’t play by the principles, and can regularly change assault vectors and apply stress to the most recent vulnerabilities. The pace at which they’ll do that is horrifying, and with a UTM system, you’re reliant on the menace intelligence supplier to be as fast because the criminals. If it’s not updated, a enterprise’s entire safety posture is weakened, as a substitute of only one ingredient. This leaves a number of assault vectors open to criminals, and makes the enterprise way more susceptible.
The opposite factor CISOs want to contemplate is what kind of enterprise they’re, and the place they is likely to be susceptible. For instance, a producing or industrial enterprise might be susceptible in several areas to a financial institution.
One factor that’s clear, nonetheless, is that as companies proceed to remodel digitally, connecting extra gadgets on-line, sustaining a safe community surroundings turns into more durable. As a result of interconnected nature of at this time’s companies, a UTM device doubtless wouldn’t cowl all bases anyway. Firewalls and anti-spam software program are efficient at catching phishing emails aimed toward workers, however they might not discover packets of information leaving a related gadget contaminated with malware. Keep in mind – this occurred to a on line casino when its related fish tank was hacked!
To that finish, CISOs ought to contemplate their spend. UTM methods could give them safety in areas they don’t want, whereas leaving them susceptible in others.
Watch out for the device that cried wolf
In fact, this isn’t to say that UTM methods don’t have their place within the CISO’s arsenal. Massive enterprises could effectively profit from the cost-effective deployments and centralised administration. They’re additionally scalable, so it’s turns into a lot simpler for safety professionals to deploy into new places of work and geographies. Nonetheless, there are a couple of issues.
“CISOs could be smart to contemplate a layered method to cyber safety, with bespoke instruments for every potential assault vector”
Simon McCalla, Nominet
The primary is to be cautious of selling hype. A giant cyber safety participant was not too long ago criticised for the inefficient alerts it was giving to the groups that used it. The expertise was primarily accused of crying wolf, that means that safety professionals ignored alerts, or turned them off all collectively. This doesn’t imply that the system wasn’t additionally flagging legit threats, however they have been doubtless misplaced within the maelstrom.
The second is to get the fundamentals proper first. One of many key areas which is commonly ignored is area title system (DNS) safety; a layer of safety that sits on the very gateway to your community. The DNS is normally a dependable assault vector, as firewalls usually permit site visitors via this manner. However what’s weak within the occasion of an assault will be made robust in defence: if each packet of information leaves or enters by way of the DNS, it may be used as a powerful first line of defence.
In the intervening time, UTM methods don’t pay a lot consideration to the DNS. CISOs could be smart to contemplate a layered method to cyber safety, with bespoke instruments for every potential assault vector. Or, if a UTM system is the popular technique of safety, a backup system that sits at a DNS stage ought to be thought-about.
What subsequent for UTM?
As threats proceed to evolve, so too will UTM instruments. Within the age of GDPR – the EU’s Normal Information Safety Regulation – and related laws world wide, the place companies are beneath rising stress to reveal breaches, the power to forensically report on assaults might be key. Figuring out what information was stolen, and the place it went, will should be a key providing for all cyber safety suppliers.
UTM instruments are prone to develop into extra expansive, as they cowl the ever-increasing assault vectors accessible to criminals. They will even have a look at providing safety at a deeper community stage to deal with the plethora of gadgets now related to the web. Some kind of DNS safety functionality might be important, as that could be the one option to spot malware that’s calling out to a command and management (C&C) centre.
Finally, UTM methods – as with all varieties of menace prevention – will at all times be in responsive mode, monitoring the most recent threats and adapting accordingly. To that finish, it’s going to nonetheless require the guile of a strategic CISO to know their very own community, establish the weak factors, and deploy instruments accordingly. Whether or not that’s a UTM system, bespoke instruments, or a mixture of the 2, nothing will beat the strategic outlook of a well-versed CISO.