Rational Survivability

I need to spend 2 minutes further introducing the concept of Enterprise-class UTM.  I’ll post in greater detail as a follow-on in the next day or so.  I just got back from the Gartner show, so my head hurts and it’s 1am in the morning here in Beantown.  This (blog entry below) was an interesting if not somewhat incomplete beginning to this thought process.

Don McVittie over on the Network Computing Security Blog had some really interesting things to say about the need for, general ripeness and maturity of UTM and the operationalization of UTM technology and architecture within the context of how it is defined, considered and deployed today.

What he illustrated is exactly the breakdown where "traditional" SMB-based, perimeter-deployed UTM messaging is today.  You’d be nuts to try an deploy one of these referenced UTM appliances at the core of a large enterprise.  You’re not supposed to.  There’s simply no comparison between what you’d deploy at the core for UTM versus what you’d deploy at a remote/branch office.

That’s what Enterprise-class UTM is for.  The main idea here is that while for a small company UTM is simply a box with a set number of applications or security functions, composed in various ways and leveraged to provide the ability to "do things" to traffic as it passes through the bumps in the security stack.

In large enterprises and service providers the concept of the "box" has to extend to an *architecture* whose primary attributes are flexibility, resilience and performance.

I think that most people don’t hear that, as the marketing of UTM has eclipsed the engineering realities of management, operationalization and deployment based upon what most people think of as UTM.

Historically, UTM is defined as an approach to network security in which multiple logically complimentary security applications, such as firewall, intrusion detection and antivirus, are deployed together on a single device. This reduces operational complexity while protecting the network from blended threats.

For large networks where security requirements are much broader and complex, the definition expands from the device to the architectural level. In these networks, UTM is a “security services layer” within the greater network architecture. This maintains the operational simplicity of UTM, while enabling the scalable and intelligent delivery of security services based on the requirements of the business and network. It also enables enterprises and service providers to adapt to new threats without having to add additional security infrastructure.

You need a really capable and competent switching platform optimized for virtualized service delivery to pull this off.   That’s what this is for — the Crossbeam X80 Security Services Switch:

You plumb the X-series into the switching  infrastructure as an overlay and provide service where and when you need to manage risk by effectively implementing policies which abstract down to making all flows which match criteria within the rules, to be subject to specific security service layer combinations (firewall, IDS, AV, URL, etc…)  No forklifts, no fundamental  departures from how you manage or maintain the network or the security layer(s) defending it.  Enterprise UTM provides transparency, high performance, high availability, best-of-breed virtualized security services, and simplified deployment and management…

UTM for large networks is designed to provide solutions that deliver the key components required for a UTM security services layer:

•     high performance and high availability,
•     best-of-breed applications
•     intelligent and virtualized service delivery

This enables customers to create an intelligent security services layer that delivers the right protection for any part of the network in accordance with evolving threats and business objectives. This layer is managed as a single consolidated system, thus delivering the operational and cost benefits of UTM while radically improving the overall security posture of the network.

More on the architecture which enables this in a follow-on post.  We’ll discuss the traditional embedded vs. overlay appliance model versus the X-Series perspective as well as the C-series.

Look, we’ll go through the technical details in a follow-on post.  Bear with me.

Chris