Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Network protection and UTM Buyers Guide Using a UTM solution for your network p

Network protection and UTM Buyers Guide Using a UTM solution for your network protection used to be a compromise—while you gained in resource savings and ease of use, there was a payof in terms of protection capabilities. Now, network protection through a UTM solution gives you the best of both worlds. You can enjoy the highest standards of network security, plus the ability to integrate multiple security capabilities within a single platform. Add security capabilities as you need them, when you need them. This buyers guide is designed to help you choose the right solution for your organization. It looks at the factors you should consider when evaluating solutions to ensure you have the protection and functionality you need, both now and as your business evolves. Network protection and UTM Buyers Guide 2 How to use this guide This guide details the capabilities to look for when evaluating security solutions. It's separated into individual protection areas—network, web, email, etc.—for ease of of use. It also includes suggested questions to ask your vendors to help you identify which solution best meets your requirements. At the end of the document is a product comparison check list. Some of the data is already supplied and you can also add in additional requirements you may have to meet the needs of your organization. What is UTM? Unified threat management (UTM) is a suite of security software integrated into a single platform, upholding consistent security policies and protection across the organization. You choose which security elements you use, and manage them all through a single platform with a centralized management console. According to Gartner*, UTM products need to provide the following functions as a minimum: Ì Standard network stateful firewall functions Ì Remote access and site-to-site virtual private network (VPN) support Ì Web-security gateway functionality (anti-malware, URL and content filtering) Ì Network intrusion prevention focused on blocking attacks against unpatched Windows PCs and servers When reviewing UTM solutions, there are two things you should consider. Think of the overall benefits ofered by the UTM approach, as well as how the individual network security features meet your specific requirements. Next-generation firewalls (NGFW) Right now, next-generation firewalls are a hot topic. Many vendors vary in their description of exactly what constitutes a NGFW. However, there is widespread agreement that, in essence, a NGFW goes beyond a traditional firewall, protecting organizations in a world where everything is about the web. The four core features of a NGFW are: 1. Application visibility and control 2. Optimizing the use of the internet connection(s) 3. Clear, understandable Intrusion Prevention Systems (IPS) 4. Seamless VPN for connecting to remote sites and allowing access for remote users Many UTM solutions ofer NGFW capabilities. It’s important is to understand what you need to do, so you can evaluate solutions against your requirements. Network protection and UTM Buyers Guide 3 * 2012 Gartner Magic Quadrant for Unified Threat Management Evaluating solutions: security features Network protection Cyber-criminals are continually changing their attack methods to avoid detection. The best way to protect the network against these new and emerging threats is through multiple layers of defense. A UTM product should provide a solid network security foundation even before you add network protection subscriptions or licenses. At a basic level UTM should include static routing, DNS proxy services, DHCP server options, NTP functionality, stateful firewall, network address translation, basic remote access VPN, local user authentication, local logging and daily reports and basic management functionality . Capability to look for Description Questions to ask your vendor IPS Bolsters your firewall’s security policy by inspecting approved traffic for malicious packets. Can drop packets that match a signature list of threat patterns. Ì What kind of expertise is needed to properly use the system? Ì How are rules delivered and configured? Bandwidth control/ Quality of service Prioritizes traffic based on the rules you set and allows you to control how a fixed resource is used during diferent conditions. Ì How many WAN connections can you support on a single appliance? Ì How easy is it to identify and control the bandwidth applications use? Site-to-site VPN options Links remote sites with the main office, allowing users to send and receive information via a secure connection. Also allows employees to use devices such as file servers and printers that are not in the same office. Ì What protocols does your VPN support? Ì How much experience or VPN knowledge is required to set up a VPN? Remote access options Allows users to securely connect to the UTM appliance from any location. Ì Do you ofer multiple remote access options including clientless VPN? Ì Is remote access supported from any OS and/or device? Ì Is the clientless VPN truly clientless or are applets required on end-user devices? Ì Are additional licenses required? Remote office support Connects remote office networks to the UTM appliance to protect them with the same policies and capabilities. Ì How easy is it to connect remote offices? Ì technician required? Ì Can remote offices be centrally managed? Ì Are additional subscriptions or licenses needed? Detailed reports Provides detailed real-time and historical statistics and reports on network/bandwidth usage, network security, etc. Ì Does the UTM contain a built-in hard drive? Ì What kind of reports are available without a separate application? Web protection You may already block access to potentially dangerous URLs with a web filter. But many filters inspect traffic from the sidelines, providing little if any malware scanning. You need web protection that allows you to apply terms and conditions to where and how users spend their time online, and stops spyware and viruses before they can enter the network. Detailed reports should show you how efective your policy is so you can make adjustments. Capability to look for Description Questions to ask your vendor URL filtering Controls employee web usage to prevent casual surfing and to keep inappropriate content and malware of the network. Ì Are live updates available? Ì How many web surfing profiles can be created and used? Spyware protection Prevents malicious software from installing on employees’ computers, consuming bandwidth and sending sensitive data out of the network. Ì Are live updates available? Antivirus scanning Scans content before it enters the network to prevent viruses, worms and other malware from infecting computers on the network. Ì Are live updates available? HTTPS scanning Provides visibility into encrypted web traffic to protect the network against threats that can be transmitted via HTTPS. Ì Can HTTPS traffic be inspected and checked against policies? Application control Provides visibility into how employees are using the web and controls which applications they can use and how. Ì Are live updates available? Interactive web reporting Provides flexible reporting capabilities to allow administrators to build their own reports. Ì Are real-time and historical usage reports available? Ì Can reports be scheduled for delivery? Ì Is a third-party reporting application required? Next-generation firewall protection NGFW is an evolution of the traditional port-based protections used in most network security approaches. Rather than simply allowing traffic through on ports like HTTP or HTTPS, NGFWs have application signatures that can identify traffic on a much more granular level. For example, administrators can choose to block Facebook Messaging while still allowing access to Facebook. NGFWs also do deep packet inspection at a high speed, identifying and blocking exploits, malware and other threats with high levels of precision. Because many attacks are now web-based, traditional firewalls filtering only by port are of limited efectiveness in defending you against these threats. A NGFW also allows organizations to be more strategic by prioritizing their network usage with powerful shaping rules. For example, you can choose to allow VOIP phone calls or prioritize Salesforce.com traffic while the throughput or blocking outright applications like Bittorrent. Capability to look for Description Questions to ask your vendor Application visibility and control Having visibility of the applications being used enables you to make educated decisions about what to allow, what to prioritize and what to block. So your bandwidth is used to best efect and you don’t waste time blocking applications that aren’t a problem. Ì Can you prioritize and control access to applications and see in real-time how your Internet connection is being used, and by whom? Ì How easy is it to set a policy from a live view of your current activity? Optimizing the use of the internet connection(s) Bandwidth is a limited commodity and you need to make sure that you make best use of it, like ensuring business-critical applications like salesforce.com have priority. Ì How easy is it to shape bandwidth? Ì Do you have a Quality-of-Service (QoS) toolkit? Clear, understandable IPS Many web-based attacks are now able to masquerade as legitimate traffic. Efective IPS enables you to see what web traffic actually does, rather than just what it is. Ì How easy it is to manage IPS? Ì What level of expertise is required – for example, do you need to understand diferent types of threats? Seamless VPN for remote connections uploads/Management/ utm-buyers-guide.pdf