Managed Security Services

Fire-Proofing Your Network With UTM,
Part 4: Delivering UTM as a managed service

We conclude our series on Unified Threat Management with a look at how ISPs can leverage UTM to defend themselves more effectively and earn more revenue.

by Lisa Phifer VP Core Competence, Inc. [December 31, 2007]

In this series, we examined the drivers behind Unified Threat Management and took you on a guided tour of the IBM ISS Proventia MX1004 (Part 2 and Part 3) to demonstrate what UTM has to offer. Here in Part 4, we conclude our UTM series by discussing how providers can benefit from network-based threat management.

Defending yourself
Like any other business, service providers must protect their own networks and insulate their own systems and users from attack. UTM appliances can help you accomplish these goals with less complexity.

Smaller local ISPs face the same challenges that plague SMBs. While you have plenty of network expertise, you probably do not have much time or staff to devote to security. Rolling your own firewall or IPS or web proxy using open source software is popular—and fraught with security pitfalls. Over time, you might find that a UTM appliance could provide the protection you need with fewer hassles.

For example, you might drop a UTM appliance in front of your NOC to insulate it from the rest of your network. Alternatively, you might drop a UTM appliance in front of your web servers, using firewall and IPS to protect them from infected hosts, implementing attack signatures and responses designed to protect servers rather than clients.

Regional providers often grow through acquisition. UTM can help you consolidate disparate security levels and systems inherited from each. For example, AAAnet might have a single pair of firewalls, while ZZZnet might be big on dedicated security systems—a web proxy here, IDS sensors there. But when your company acquires them, those networks must be integrated into yours.

You don't really know their security state and you don't want to expose your network to unnecessary risk. Directing control traffic to and from those networks through a UTM that you administer is one way to spot and stop any network-borne threats. Because management traffic is not latency-sensitive, anti-X services can easily be applied here.

Very large providers may want to look at the emerging crop of enterprise-class or even carrier-class UTM platforms. Those high-throughout, high-availability platforms can help you consolidate selected security services, lowering capital and operating cost without putting all of your eggs into one basket.

Defending your customers
Service providers can leverage UTM as a way of earning more revenue. For example, those that host customer servers must protect those assets from network-borne threats. If one customer's server were hacked by a worm, you would need to prevent that worm from rapidly propagating to all other hosted servers. Packet filters and server IDS can help, but they are not enough to stop direct damage or denial of service.

Replacing TCP/IP packet filters with UTM defenses could help you insulate those hosted servers without adding a lot of systems for you to manage, monitor, and maintain. In fact, you might charge customers more for a UTM-protected hosting service, enabling available security modules as a la carte options.

A more common way of generating revenue from UTM is to either resell UTM appliances to business customers, or to deliver UTM capabilities as managed services. Managed security service providers (MSSPs) use economies of scale to deliver various security services to their customers at higher quality and lower cost. Customers benefit from the latest in security, while providers generate a return on their investment.

ISP-Planet has conducted many MSSP surveys like the one published in December 2006. Once upon a time, managed firewalls and VPN ruled. Today, almost every MSSP offers managed IPS and many deliver managed anti-virus / anti-spyware services too. Many of the MSSPs in our last survey did so using UTM platforms.

Delivering managed UTM
To illustrate the benefits and challenges associated with deliver managed UTM services, we spoke to Greg Davis, the Vice President of Marketing at MegaPath.

MegaPath's SecureConnect Attack Mitigation provides Firewall and IPS services, deployed separately or together. The same UTM platform is also used to deliver SecureConnect Anti-Malware and Web Filtering services. All of these services are backed by SecureConnect Care, MegaPath's team of security professionals.

MegaPath acquired Netifice in early 2006. "Prior to the merger, Netifice engineers had already settled on Fortinet as a platform for offering these services," said Davis. "We were putting a pair of Fortigate 300 firewalls on-site. That worked for large customers, but it wouldn't scale down for SMBs."

Netifice was evaluating the FortiGate 5000, a multi-tenant UTM chassis, when it merged with MegaPath. As luck would have it, MegaPath had just purchased ten F5000's. Together, they launched SecureConnect UTM services in July 2006.

MegaPath uses the F5000 to deliver managed security services to both enterprise and SMB customers because it finds it to be more cost effective and robust. "Not only do we no longer have to buy boxes for each customer—that saves time and money—but the F5000 is carrier class," said Davis. "It is far more fault-tolerant."

Moving to a UTM chassis allowed MegaPath to offer more attractive service bundles. "Many of our customers have over 500 sites. We can offer managed security over DSL to each small office for just $10/month. This becomes very attractive from a cost per site perspective, with no capital expense," said Davis.

Why does MegaPath deliver managed services from a UTM platform instead of best-of-breed servers? "First of all, it would cost considerably more to purchase separate boxes," explained Davis. "Second, it would cost more to manage them separately. And third, it's a lot simpler to take remediation action in one appliance."

Go to page two: Series Conclusion >