This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."
Download it now to read this article plus other related content.
Reed Smith, a law firm with 21 offices across three continents, deployed UTM during a network redesign to accommodate growth, business continuity and security.
"In the past, we operated in a decentralized environment where each location had its own infrastructure," says Frank Hervert, senior manager of enterprise networking and messaging services. "We embarked on an initiative to move to a centralized design that's highly redundant."
UTM was a better fit than best-of-breed for Reed Smith's re-engineered network, he says: "We saw the inefficiencies of managing multiple independent devices and keeping up with [them]. Our preference was a single device, for better manageability and to fit into our highly redundant design. To do best-of-breed in our design would have meant many redundant appliances, which would have grown very complex."
As it grew through acquisition, Reed Smith inherited a mixed bag of Internet firewalls. Today, most have been replaced by dedicated DS3 links carrying thin client and Internet traffic to a primary data center. All traffic passes through a redundant pair of Fortinet FortiGate 5020 chassis with 5001SX blades, with a third at a backup site, all supervised through one FortiManager.
"We wanted something robust enough and secure enough to
do firewall, IPS and antivirus in a single device," says Hervert. "UTM gave us the ability to do more without adding more best-of-breed devices." However, Reed Smith retained its Juniper VPN and opted to not utilize Fortinet's spam filters.
Reed Smith had the luxury of creating a new environment from scratch, replacing all legacy devices in one fell swoop. But the company still grapples with unified monitoring for its primary data center, including UTM devices. Hervert recommends that operations teams prepare to incorporate new UTM devices with existing enterprise management and monitoring systems.
This was first published in March 2007