Unified threat management (UTM) emerged in recent years largely in response to blended threats consisting of malware combos using multiple attack vectors simultaneously.
UTM offered simplified defense and is found now in many enterprises. UTM can also help safeguard storage and backup systems, which are increasingly under attack.
Here are some of the top trends in UTM:
1. Backup insecurity
Continuity Software exposed the vulnerability of backup systems and has taken steps to plug these holes.
Doron Pinhas, CTO of Continuity, said that starting in late 2019 and growing ever since, new forms of malware and ransomwares emerged that specifically targeted storage and backup systems. Some of the backup weaknesses included:
- Unpatched backup vulnerabilities
- Data encryption not implemented for data feeds such as management transport, replication transport, and backup transport
- Improper separation of duties such as the same roles used to manage data and protected it via snapshots and backups
- Undocumented and insecure API and CLI access paths that provide an a backdoor to control storage devices, exfiltrate data, and tamer with storage content and its backups.
“Organizations have started to evaluate the security of their backup systems,” Pinhas said.
“The drivers include increased pressure from auditors and the mandatory requirements of insurers.”
2. Lack of cloud security
Cloud vendors take care of specific aspects of cloud security. Organizations are realizing that they can’t leave everything to Google, AWS, or Microsoft.
They, too, have a responsibility to secure the data they store in the cloud. Coupled with increased costs, companies are investing in UTM and other tools to keep cloud storage more secure.
According to Veritas Technologies, 94% of enterprises incurred higher costs than originally anticipated when using a public cloud service provider (CSP). The report found they are surpassing their allocated cloud budgets by an average of 43%.
Part of the reason for overspending is needing to spend more money than anticipated on storage security. The report noted that 99% of respondents believed that their CSP would be responsible for protecting some of their assets in the cloud. In reality, organizations are responsible for the security of their data and applications in the cloud, and CSPs are responsible for the resiliency of the cloud. Another 89% had experienced a ransomware attack on their cloud environment.
“Our research highlights some of the huge benefits that organizations are getting from the cloud – but it also shines a light on the need for a better understanding of what purchasers are actually buying from their CSPs,” said Sonya Duffin, data control evangelist, Veritas.
3. Greater collaboration
With systems spread across the cloud and on-prem and among multiple providers on different clouds, detection and remediation are far from easy.
What is needed are end-to-end processes that find vulnerabilities, discovery the fix or exception, and take care of remediation. However, that is easier said than done. What is needed is for the different stakeholders to come together and for the different tools to be able to interface and coordinate their actions.
“Improving collaboration between security and the remediators (IT, development, cloud operations, etc.) is needed to create a more holistic view an organization’s security posture and increase productivity,” said Lou Fiorello, VP and GM, security products, ServiceNow.
“This allows security teams to gain a better understanding of the essential parts of their systems and processes so they can protect them appropriately.”
4. Tool consolidation
This has given rise to a need for tool coordination to enable an integrated workspace approach to user experience, management, security, storage, virtual desktop and apps management, analytics, and remote support, according to Aditya Kunduri, director of EUC product marketing, VMware.
“Unified and cloud-delivered security integrates with and complements UTM, unified endpoint management (UEM), cloud web security, SASE, zero-trust network access, and firewalling to enable secure remote work from anywhere on any device,” Kunduri said.
5. AI/ML augmentation
Another big trend in UTM that ranges across the storage and security landscape is the incorporation of artificial intelligence (AI) and machine learning (ML) engines to add automation, real-time processing, and provide faster insights to aid decision making.
Some systems can even be set up to make pre-set decisions based on specific criteria. This is vitally needed in the worlds of security and storage. And it is all gradually falling under the umbrella of a secure access service edge (SASE) approach.
“Expansion of security services, such as malware sandboxing, data loss prevention, UTM, and user entity and behavior analytics will become an integral part of SASE,” said Michael Wood, CMO, Versa Networks.
“All these technologies are being disrupted by the inclusion of ML/AI technology. SASE services will be augmented with AI/ML in endpoint devices used.”