Unified Threat Management (UTM) is an all in one security solution that integrates firewalls, anti-viruses, content filtering, spam filtering, VPN protection, anti-spyware and other security system you need to protect your network. It can perform many security functions simultaneously to provide layered protection to all sizes of organization.
Key Program Metrics:
# redundant rules :
These are the rules that are masked, completely or partially, by other rules that are either placed higher up in the rule base. they add to the inefficiency and must be detected and removed subsequentl
# of exception in rules :
These are the exceptional cases where a rule is created temporarily to cater to the particular business need. care should be taken that all such rules are removed as soon as they are expired.
# rules with permissive services :
Permissive services give more access then is needed to the destination by allowing additional services. The most common examples of this are rules with “ANY ” in the service field. These kind of rules should be minimized
# rules with risky services :
Services such as telnet, ftp, snmp, pop etc. are risky because they usually credentials to be passed in plain text. Any service that exposes sensitive data or allows for shell access should be tightly monitored and controlled.
# rules with no documentation :
UTM rules should be documented. Rules should be explained in detail, business case is described. Any rule change shall be according to proper change ticket.
# rules with no logging :
UTM logs are useful for troubleshooting and forensics. It is very imperative that firewall logging hould be enabled and logs are leveraged for proper firewall management
Do let me know if you want us to add or modify any of the listed key use cases.
Check out the Unified Threat Management (UTM) market within FireCompass to get more information on these markets