UTM, or unified threat management, seems to have become amisused term; anyone who puts together something more than afirewall in the same box calls it a UTM.

So what are the key elements your credit union should look for?Read on:

1) Firewall – of course yourcredit union needs this, but in light of the other features thatyou will want, packet filtering, stateful inspection and proxycreate a more flexible solution; so your firewall must be ahybrid.

2) IDS/IPS – this today is a must;you can't have edge protection without proper IPS, and it isridiculous to buy a separate one after you have spent all the moneyfor a UTM device. This feature should be fully integrated withthe firewall, to achieve a next generation firewall protection, andshould be INLINE with the firewall, able to communicate with it tostop/tear down connections that are sending rogue packets.

3) Email protection – should bemuch more than just an anti-virus, or AV, product. Should bepolicy protection, to block unwanted attachments, hidden,compressed or otherwise. Should be protection for the server,integrated with the firewall and IPS. Should be protection fromvulnerabilities that affect your credit union's protocols andservers.

4) Antivirus – protocols to beprotected are, at a minimum: SMTP, POP3, IMAP, FTP, and HTTP.

1. AV is too generic a term; one single AV is no longer acceptableas no one can really keep up; best is to have more than one
2. Real time AV – this is an emerging technology; but if you wantto hope to block emerging threats, you need zero day protection,you need a real time AV

5) Antispam. Hackers use allkinds of ways to get in; your credit union needs to have protectionagainst all of them. Antispam should have a proven record ofat least 98% protection, should not be using old spam lists butshould be based on more modern techniques, such as SPF check andmany others. We still see too many systems that use old methodsthat cause way too many false positives and yield poor overallresults

6) Web access policy – a creditunion must be able to control where its employees are allowed to goon the Internet, and this in turn enhances protection as itprevents users from landing on dangerous websites.

7) VPNs – modern devices shouldsupport IPSEC for compatibility, but should also offer SSL as afull VPN, with roaming AND site-to-site solutions. PPTP is stillthere, as it is free and inexpensive, but not mandatory at thispoint.

8) Updates – the Internet movestoo fast for updates to be pulled from the devices. Real-timepush updates are now a must.

9) Monitoring/management – this isimportant because expert configuration is 50% of theprotection.

A true UTM device should be seamless – the final result beingstronger than the sum of the parts. The antispam should be able tocommunicate with the IPS, so that a spammer attacking your devicewill be blocked before the email is even delivered.

The antispam should also be able to use the categorizationabilities of the web access policy to see if a URL in an emailshould be allowed or not. The IPS and the firewall should be fullyintegrated. And the list goes on …

New functions that are emerging as required on the UTM are DLPand Vulnerability Scanning. These functions thus far havebeen done using separate devices; more and more companies aredemanding to see them integrated with the gateway protection.

2012 will see the introduction of encrypted protocol scanning.As the trust model of SSL/TSL is being broken by more and moreattacks, it will become very important that this model betransferred back under the control of the experts, at the gateway,moving it away from the desktop. Hence scanning SSL/TSL at thegateway becomes mandatory.

Lastly, it's important that the technology offered for onecredit union branch, for instance, is the same provided for allbranches. For example, you want the same AV protection, nothingless.

Remember, viruses don't treat one branch any better than theytreat your headquarters!

Pierluigi Stella is chief technology officer atNetwork Box USA in Houston, Texas.