How Centralised UTM Can Help Companies Control Security at Remote Offices, Simplify Administration and Cut Costs
In today's modern, distributed computing network, where companies and organisations need to secure IT not just for the head office, but for remote locations as well, the ability to control security for multiple sites from one single location is becoming increasingly important.
With some security systems, the tasks of configuration, updating, rebooting, etc. for remote sites might all have to be done separately and repeated for each location. Administrators could be faced with managing remote security appliances individually, possibly having to send someone out to a remote site to carry out certain tasks, such as configuration or establishing VPN tunnels. This can be difficult, time consuming, costly and complex and, in some cases, it is practically or financially impossible.
It can be further complicated if there are multiple appliances, delivering multiple levels of security, such as firewall, VPN, spam blocking, gateway anti-virus, web content management and intrusion detection/prevention.
However vendors, such as WatchGuard Technologies, have now responded to the need for strong centralised control with their range of Firebox UTM (unified threat management) security appliances, which make controlling security for multiple sites quick, easy and cost-effective.
The need for strong centralised management
Many problems arise when strong centralised management is not available for extended networks with multi-site locations. Critically, the lack of good centralised management takes control away from the administrator, making it more difficult to implement and report on company security policies throughout an organisation, and increasing the likelihood of security lapses.
Administrators have no clear visibility of what is happening across the network and if problems do occur, it's harder to resolve them quickly and effectively throughout the company. Additionally, without proper centralised management, it is more likely that branches will fail to carry out all necessary updates and security procedures. And, of course, the lack of centralised reporting means that organisations are unable to provide audit logs confirming that they have met their security and staff protection responsibilities.
The availability of skilled staff at remote sites is another issue. There simply may not be enough of them to do all the necessary updates, configuration, etc. Or the level of understanding of security issues may not be high enough to maintain the required level of security. It will also be harder for administrators to manage security services such as anti-virus, spam blocking, web blocking and intrusion prevention.
Some specific functions, such as setting up VPN tunnels between locations, can be very complex and prone to error, as well as time-consuming and costly if tackled without central control. A centralised management system, such as one which can set up VPNs from a central location and can do it in a simple way, such as by using 'drag and drop' techniques, can save an enormous amount of time, effort and money.
Cost is an important issue. Having to deal separately with each remote site, and possibly having to visit sites, is time consuming and consequently expensive. The lack of control can lead to errors at remote sites, or security lapses which can be costly. Or, it may be felt necessary to employ skilled staff to suitably manage remote site security, again another cost to an organisation.
The key benefit of a centralised management system is control for the network administrator and the more remote sites a company has, the greater the potential benefit. A good centralised management system empowers the network or security administrator to flexibly mange the whole network in real time. It saves a huge amount of time, effort and cost. And it allows corporate policies to be easily deployed across the network.
Centralised management from WatchGuard
Security vendor WatchGuard has focused strongly on providing administrators with centralised management systems that bring maximum control of security across the network, while being flexible, cost-effective and easy to use.
Centralised management within the WatchGuard System Manager (WSM) feature, found on all WatchGuard Firebox X UTM appliances, provides administrators of simple or complex network environments with an intuitive interface to centrally manage multiple Firebox X UTM appliances, including firewall, VPN, various security applications, and appliance software updates.
WatchGuard System Manager allows administrators to:
• view all security appliances at a glance and launch monitoring or configuration tools for pinpoint control of any device or UTM service.
• immediately see and understand what's happening on the network and take instant pre-emptive and corrective action with interactive real time monitoring.
• send simultaneous global firmware and configuration updates to multiple Firebox X appliances with one management action, either immediately or as an automatic scheduled task.
• make configuration changes immediately or work offline for convenience.
• create secure site-to-site VPN tunnels with just three steps, saving time and frustration.
• manage security services such as gateway anti-virus/intrusion prevention, spamblocker or web blocker with no separate management software to purchase or maintain.
• easily tailor systems to business needs by using flexible objects, simplified service configurations and customisable reports.
• use drag and drop management to lessen the time and effort needed to create centrally managed security configurations and branch office VPN tunnels between WatchGuard appliances.
• view, edit, and create security policies and tunnels across the enterprise from a single management console.
• make use of secure, centralised logging and comprehensive reporting on remote devices, with no extra logging or reporting modules to buy.
An easy to use real time monitoring system with clear, intuitive graphical interface
Users of WatchGuard's centralised management system often comment on the value of the real time nature of the management function and its ease of use, which allow them to get going straight away and perform the kind of routine tasks that every administrator has to perform - only faster and more efficiently. They also appreciate the overall visibility gained into the network, thanks to the intuitive graphical interface.
WSM has a suite of utilities which collectively provide ‘interactive real time monitoring’. These are graphical tools which show what is going on in the system in real time. This brings the whole network alive in front of the administrator, making it very easy to see exactly what is happening in terms of network events or security events, and to understand just what users are doing.
WatchGuard calls these facilities interactive because many of them allow administrators to act on the data that’s being shown right in front of them. For example, in ‘host watch’ or ‘traffic monitor’, administrators can right click the IP address that’s shown and then do a diagnostic. They can try and ping that IP address, or actually stop the connection right there.
If they see a connection and decide there’s something wrong, they can stop it, cut it off, take a look at what’s going on and decide if it should be prevented permanently, with a rule change. Or, if it turns out to be OK, it can be allowed again.
The system gives a real immediacy to the connection between the administrator and the Firebox. The configuration tools are visually oriented and thoughtfully laid out, based on common tasks. Smart defaults provide strong security right from the start, saving valuable configuration time and effort, while advanced, granular controls empower the expert user.
Policy creation can be streamlined with optional time-savers such as wizards, aliases, and QoS objects. Configurations can be created offline and deployed when most convenient, or quick changes can be saved to the box immediately.
The interactive real time monitoring system provides clear, visually driven interfaces and plain-English log messages, making it easy to validate the security policy and to make changes or adjustments as desired. Interactive tools help administrators take instant preventive or diagnostic action directly from the monitoring interface, without the need to open separate configuration screens. Compared to some other systems, this can be a major benefit.
Ease of VPN tunnel creation
A key feature of the system is the ease, speed and accuracy with which branch office VPN tunnels can be created using drag-and-drop techniques. A branch office tunnel is initiated by dragging one branch office VPN device to another - a fast, easy and virtually foolproof method. Creating those tunnels, without a feature like this, would normally be very detailed and demanding, taking considerable time and being sensitive to all kinds of errors. The WatchGuard system gives flexible, granular control of the centrally managed tunnels.
The VPN facility is also extremely helpful when working with dynamic IP devices. It very easily accommodates locations with dynamic IP addresses. When you tell WSM that a device is dynamic, then it will always know the IP address of that device, without the administrator having to get on the phone to check. Whenever the IP address changes, the device contacts the server to report the new address.
Within the Policy Manager function, on Firebox Core and Firebox Peak devices, is an offline configuration tool which is unique. When the administrator is creating a policy for a device, it can be created offline, acting on a file instead of acting directly on t
write your comments about the article :: © 2008 Computing News :: home page