UTM or stand-alone proxy: what are the risks of relying on a single solution for security?
In January 2019, CESIN published its corporate cybersecurity barometer, which stated that 80% of companies had suffered a cyberattack in the last 12 months. Cases are multiplying, and even large companies, reputed to be ultra-secure, are not immune, as shown by the recent attack on Airbus, which confirmed "unauthorized access" within its IT networks that enabled hackers to gain access to employees' business details and login credentials.
Enhancing the effectiveness of cybersecurity is a strategic priority for IT Departments
This priority is also reinforced by the digital transformation that these same CIOs are undergoing, since it encourages the emergence of new risks with the widespread use of the Cloud, SaaS applications and, above all, interconnectivity between internal and external IT systems. The Payment Services Directive (PSD2), applicable from September 2019, is a perfect example of this in the banking sector.
It is therefore essential to build and maintain a complete web security chain within the enterprise, effectively protecting users, the information system and all its component IT resources, from internal or nomadic workstations to connected objects. Despite this, CIOs and CISOs have to contend with budgetary constraints that are not always in line with the growing sophistication of the malware used and the upsurge in attempted attacks.
Obviously, budgets are an important factor in the debate: you have to do as much, if not better, with less. When the question of upgrading equipment arises, it is sometimes convenient to consider replacing the stand-alone Proxy with the filtering functions integrated into the UTM and Firewall. On the face of it, this seems more economical, simpler to implement and maintain... but is it really a good idea to rely on a single solution to protect your information system?
The question could be asked differently: is it really reasonable to put all one's eggs in one basket when it comes to cybersecurity? In any case, this is not one of ANSSI's recommendations, which advocate decentralizing the various cybersecurity-related processes across several machines.
UTM VS PROXY: a debate that fails to address the issue of performance
The performance aspect, with the increase in HTTPS Internet traffic, should also weigh in the debate. The UTM box has more and more processing to do, and if SSL-TLS decryption is added, this will increase its resource consumption to the point of slowing it down, which could then affect its main function: the firewall. What's more, the upsurge in DDOS attacks over the last few months could quickly penalize it, and the rest of the operations it should be handling would be further degraded. The scalability of the UTM is therefore sometimes rapidly limited, whereas the Olfeo stand-alone Proxy can be installed in virtualization mode, enabling its processing capacity to be easily increased, without any additional licensing costs for the customer, since the price is calculated per user and not per appliance...
The standalone proxy is therefore a true ally of the Firewall: by taking on web filtering, SSL-TLS decryption and even DNS filtering, it enhances its effectiveness. With a security architecture based on both a Firewall and a standalone Proxy working in total synergy, you can better distribute tasks and risks in the face of cyber threats.
Discover the advice of Damien Billy, pre-sales consultant at Olfeo, to reinforce your cybersecurity chain with your UTM and an autonomous Proxy :
For your cybersecurity strategy, this means setting up real-time protection to distinguish legitimate network flows from suspicious flows, which must be filtered by the DNS server to ensure optimum protection of the information system.
Olfeo's web security gateway meets precisely this need, and offers several integration modes that can be implemented very quickly. It enables you to activate a DNS filtering service that will contain users and accesses, whether for uncontrolled or connected equipment, and apply filtering rules. Thanks to the quality of Olfeo's URL database, 2% of unknown websites are blocked at DNS server level.
Web filtering remains one of the pillars of a cybersecurity strategy, and the UTM can't do everything (well).
Today, it's impossible to be complacent when it comes to cybersecurity. Attacks are inevitable, and malware can block the smooth running of a company, as was the case this year for the Fleury Michon food group, which was hit hard enough to have to disconnect all its systems in order to prevent the threat from spreading. Web filtering and SSL-TLS decryption of HTTPS flows, which contribute to better detection of malicious code, are therefore essential to an effective cybersecurity strategy.
In addition, we mustn't forget the legal and liability aspects of using the Internet, which are part and parcel of web filtering. UTMs based on international categories don't offer the same level of quality as our URL database, built by a French team 16 years ago. The consequence is often that the lack of finesse in categories and URLs improperly blocks certain sites, wrongly classified in the wrong category by the robots. With Olfeo, the site of Pornic town hall or Paris-expo won't be classified as pornography, and a doctor researching the male reproductive system won't be blocked. On the contrary, there are many different categories in Olfeo, and the granularity of URLs is much appreciated by our customers for customizing their user rules.