For your organization’s IT infrastructure, the decision to choose and implement a network security solution is one of the most important ones. There are myriad factors to consider in choosing the right solution and deploying the correct device. Gone are the days when a network would have one firewall that would be supplemented with a number of point solutions for protecting the gateway. Fortunately, the hassle of having so many solutions can be overcome by implementing a
Like Swiss Army knives have multiple functionalities, UTM solutions too have a multitude of capabilities packed in one device. This single network security appliance is an integration of all the necessary security features comprising firewall, endpoint security, content filtering, spam filtering, antivirus, intrusion prevention, VPN, and much more. The benefits accruing from just one security appliance securing the gateway are enormous. And because of such benefits, UTM devices are today the most sought after solution for network security. The significance for SMEs is even greater, as smaller organizations rarely have the resources or manpower to manage many individual point solutions.
UTM sizing considerations
Several things need to be considered in order to deploy a suitably sized UTM device. These include factors such as the network environment, desired functionality, scalability, and so on. For UTM sizing, issues relating to the nature of network traffic; number of users on the network; and, throughput requirements, all need to be addressed.
As the business grows over time, so will the network requirements. Therefore, provisioning for future needs should be factored in while right-sizing the UTM device for your organization. Be pragmatic with respect to the features desired. For example, if you already have a certain feature deployed in your organization, evaluate whether duplicating it in the UTM makes sense or would just entail unnecessary additional cost. Vendor lock-ins and after-sales support are other important factors to watch out for when choosing a UTM security solution and optimizing UTM sizing.
Determine the best UTM size
To determine the best UTM size for your organization’s network security needs, you must understand the traffic categorization, network usage and the network environment. The typical traffic mostly comprises HTTP, FTP, SMTP and POP3. For organizations that have cloud-based applications, the bandwidth allocation would be higher, while organizations that have multiple branch offices and a network of vendors would have high levels of email traffic. Another major point to consider is how many concurrent users access the firewall.
This is important for UTM sizing as any UTM device has a specified throughput or packet processing capability. Since the device comprises applications for antivirus, intrusion prevention, firewall, VPN, and so on, all these would be processing the incoming data packets from the gateway. A device with higher throughput would be able to monitor the data traffic for all the features without hampering network speed. The number of servers and DMZs in the organization also needs to be considered. Most modern UTMs support the DMZ feature. A DMZ can comprise of servers for email, Web servers, ERP, and similar functions.
For instance, consider an organization of 1,000 employees, with 15 servers for different business applications. At any given time, there are around 500 concurrent users of the firewall. The network bandwidth is mostly consumed by Web traffic, followed by messaging communications. The organization intends to install a UTM device to cater to all its network security needs, along with bandwidth management features.
For optimal UTM sizing, the organization could consider a UTM device with around sufficient memory, a throughput of 500 Mbps for the firewall, and adequate capacity to handle multiple security policies for the internal networks. Remember that correct UTM sizing before making any UTM device purchase decision is of prime importance for meeting the network security needs of your organization effectively.
About the author: Vishak Raman is the regional director for India & SAARC at Fortinet. A UTM evangelist, Vishak has also been instrumental in setting up Fortinet’s Technical Assistance Centre (TAC) at Bangalore that provides 24 x 7 technical support worldwide.
This was first published in January 2012