While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
A network, like a chain, is only as strong as its weakest link. And the weakest links are often the ones furthest from the control of IT: small to midsized remote offices, temporary field offices and remote users. These links in an agency’s network chain are the least likely to have up-to-date defenses, and directly connecting them into centralized network defenses can be expensive, impractical and in some cases physically impossible.
That’s where devices such as Sophos’ UTM 220 come in. This security appliance provides unified threat management for a small to midsized network (up to 150 users), delivering a front-line defense against malware and integrating with endpoint defenses.
The UTM 220 provides out-of-the-box protection against many types of malware attacks, tapping into Sophos’ constantly updated database of virus threats. For an agency running a mail server within its network, the UTM 220 can act as a Simple Message Transfer Protocol relay, screening the content of messages for spam or malware before it even hits the server’s mail store.
Phishing scams and other threats have made the web the most common attack vector for landing botnets and other malware on users’ PCs. The UTM 220 can screen web traffic, watching for and blocking both web-based malware attacks and visits to potentially malicious websites, as well as enforcing an agency’s web use policies by blocking inappropriate sites.
The UTM 220 doesn’t just guard the network’s front door. It can be integrated with Sophos software agents that run on clients to provide defense in depth against viruses. It also provides intrusion prevention technologies to block attacks from outside the network or from one segment of the network to another.
The appliance also can act as a virtual private network connection point. It supports most common standards for remote access. The UTM 220 can also connect to the cloud via Amazon Virtual Private Cloud, so an agency can use cloud services as securely as if they were on the local network.
The UTM 220 is extremely easy to set up. It can be configured from a network-connected PC through a web browser; it took me about 10 minutes to get an initial configuration up and running. Almost anyone with basic training can install a UTM 220 by following a simple set of procedures. The device can also be configured for remote administrative access from a fixed IP address.
From there, almost all of the tweaks can be made through the UTM 220’s web interface, and administrators can view its logs and reports. A feature called “network visibility” gives real-time information about application traffic on the network; this data can also be used for application control to throttle or block some services and to guarantee quality of service to more important applications.
Most of the UTM’s functionality is based on subscription licenses. While this allows a user to pick and choose the levels and types of protection, it also means a recurring cost for operation.
Some of the features of the UTM 220 require additional Sophos hardware to work. For example, the appliance’s defenses can be extended to wireless network protection, enforcing a consistent networkwide set of passwords and security settings and watching for malicious traffic passing through access points. But this feature requires Sophos APs.