The Services Spin In Unified Threat Management

Bob Longo, director of channel development at ClearPointe Technology, offers some insight into how the Little Rock, Ark.-based managed service provider has taken the integration of UTM devices in the client networks it manages to a new level. The company draws on data gathered from client sites to better equip its state-of-the-art NOC to deal with emerging security threats.

The holistic approach to security: If you just had a firewall with intrusion protection, that's pretty narrow. So if you can get the phishing, the worms, the intrusion protection, all of those things onto one device, you've got a holistic approach to security. And most importantly, for MSPs, imagine all those devices at all their client sites reporting to their NOC. So that's not only a holistic approach, but the MSP also gets to see what and how all the appliances are reporting to a central location. That's information you can use to track new threats and evolve new measures to stop them.

From SOC to NOC: We have a security operations center—or a SOC—inside our NOC. One of the instances where the SOC talks to the NOC is in the processing of data that's coming in from the UTM appliances we have deployed. We can see which countries, which locations, are trying to break into our client sites. The more these devices can see and do, the more we can build a collaborative solution. Remember, MSPs typically reach down to the Windows server level as well. So now we're not only seeing edge devices, but we can correlate that data with the servers.

Taking on all threats: With a basic firewall, you can get 50 or so intrusion events trapped. Contrast that with the thousands of events that these UTM devices can handle. These devices are very big with banking clients. They'll typically hire a penetration company to test a system. With a typical thin firewall, they won't even see these events. Then they come to us and say, 'Hey, NOC why didn't you catch that?' That's when we upsell them on the UTM device.

Who's buying: With the banks, they'll tell us the auditor asked for a UTM device. So banks won't do it unless they're forced to. Price can be an issue. Moving from a few hundred dollars for a firewall to a few thousand dollars for an enterprise-class UTM device can be a tall conversation. But any time I walk into a CIO's office, I know which way they're going. If they've got bits of routers lying around and 'IT For Dummies' on the shelf, they're going down to the server room. If they've got 'The World Is Flat,' they're headed up to the boardroom.