Logo Rob Buckley – Freelance Journalist and Editor

UTM: A united front

UTM: A united front

A single box that can protect your network from all known evils sounds great, but does the reality live up to the hype? Rob Buckley investigates.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Associated Newspapers, which publishes the Daily Mail, the Evening Standard, Metro and Loot among others, found that devising a security policy for newspaper offices presented certain challenges. One of the problems was the actual requirement of many employees to download and try different software for their respective publications, something that the average organisation would find completely incompatible with good security.

Mark Callaby, IT security officer at Associated chose to deploy a mixture of UTM technologies both on the host and on the edge as a way to safeguard the organisation while maintaining a “semi-lenient” security policy.

The first hurdle was spyware, since Associated had already managed to get a “stranglehold” on the large number of viruses the company was receiving using CA's AV product. “We already had an AV deployment throughout the organisation, but we had a big spyware problem,” Callaby says. He decided to deploy CA's anti-spyware system, part of its UTM solution, to the 2,100 Windows XP desktops in the organisation. Associated was already a big CA customer, and the team wanted to stay with the supplier's software. “As soon as you start using different vendors, it costs to integrate.”

Installation was simple, with a batch file used to initially put the software on to 15 to 20 machines, to find out just how much of a spyware problem the company had. Having discovered that there was indeed a problem, the company used CA's Unicenter software to package the anti-spyware client software and deploy it to each division.

Associated chose not to have the anti-spyware software automatically remove any detected spyware. “What CA may call spyware, and what we might call spyware are two different things. Is PC Anywhere spyware? We needed to find out what was on our estate and decide for ourselves what to remove.”

In addition to host-based security measures, Associated uses network and edge security to provide complete UTM-level security. WebSense's URL filtering shores up the company's standard firewall to prevent web-based attacks, and a network IPS system alerts it to malicious traffic.

“IDS is a separate beast,” says Callaby. “Once you put that in, it can take you a year getting it right because there's just so much data to deal with.” Currently, Associated uses IDS to monitor traffic and discover any problems on the network.

This combined host and edge-based UTM, slowly moving to fully host-based UTM, has so far proved to be “worth its weight in gold”, according to Callaby, who has seen reduced incidents in the organisation as well as speed improvements from hosts that have been disinfected of spyware.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Interested in commissioning a similar article? Please contact me to discuss details. Alternatively, return to the main gallery or search for another article: