Buzzword Babylon I: 5 Experts Explain 4 Baffling IT Security TermsMarch 26, 2014 by Daniel Humphries
According to a 2013 report from cybersecurity firm McAfee, costs related to cyber fraud can amount to as much as $140 billion and 500,000 jobs lost each year in the U.S.—which means IT security should be something your business takes very seriously. But if you’re a non-specialist searching for security solutions, trying to understand the many products and features vendors offer can be a daunting experience.
Perplexing acronyms like EPP and UTM abound, manufacturers make similar claims and the same applications recur in different combinations across multiple products. If you’re not careful, you could end up paying for features you don’t need.
“Fear, uncertainty and doubt are three extremely powerful motivators for security sales and marketing,” explains Jenson Crawford, director of software engineering at Crowd Ignite. “It’s what powers the IT security industry, and is the reason that IT security terms are made so difficult to understand.”
To help non-tech business owners better understand the market, we asked a group of experts to explain four of the most common IT security terms in plain English. Here’s what we’ll cover:
- Endpoint Protection Platforms (EPP)
- Unified Threat Management (UTM)
- Next Generation Firewall (NGFW)
- Mobile Device Management (MDM)
1. Endpoint Protection Platforms (EPP)
Mike Carpenter, VP of business continuity and compliance at TOA Technologies: The best way to make sense of the term EPP is to break it down as follows:
- An endpoint is a device a person uses, such as a smartphone, tablet, laptop or desktop.
- Protection refers to the data on these devices. These platforms protect the data on these endpoints from unauthorized use, i.e. by someone other than the user.
- These software systems are called platforms because they’re consistently distributed to everyone’s devices within an organization. It’s much easier to sell a “platform” than “software consistently distributed to everyone’s devices.”
Luca Sambucci, NSA certified risk analyst: An EPP is basically an antivirus on steroids. When viruses were the only threat around, you would protect your endpoint with an antivirus; it was as simple as that. Then hackers began to enter your computer, so we added firewalls. Spam was an annoyance, so we added anti-spam filters.
Then phishing came around, so we added anti-phishing algorithms. Then your operating system’s critical updates (the ones you were always postponing) became the favorite entry method for malware, so we added patch management. Then came behavior blockers, and so forth.
EPPs are essentially gigantic, bulky, impressive pieces of brilliant software engineering that should keep your computer protected from everything—at least until the next malicious permutation.
Tim Singleton, president of Strive Technology Consulting: An EPP is a single program that includes several different layers of antivirus, each designed to guard against a different attack. One might be focused on websites, another on email and a third on files on the hard drive. All of these layers coordinate together to provide endpoint protection.
EPPs are typically managed and controlled from a central server somewhere on the network or in the cloud, thus making it a whole platform. Some EPPs are limited to computers, some also cover phones and embedded devices.
EPPs are available from all major anti-virus companies for individuals. A central console for managing EPPs is also available, and businesses that have more than a handful of employees would benefit from having this component available.
2. Unified Threat Management (UTM)
Don Oxman, security architect at Pinnacle Business Systems: A UTM device is a box that sits on your network and is connected to the Internet. All traffic goes through it, and it’s supposed to prevent viruses, spam and other bad things from causing problems on your computers.
Luca Sambucci: UTM is like a liver. You pour alcohol in your stomach, the liver filters it and eliminates the toxins. A UTM appliance is placed somewhere at the beginning of the network and does a similar job.
UTM is similar to EPP, but it’s for the whole network instead of just the endpoints. It contains a firewall, anti-virus, anti-spam, network intrusion prevention system, content filtering appliance and additional protection from additional attack methods—all of which are tied to one another in a chain of processes.
The problem with a UTM appliance is that a single packet of data might need inspection from several of these separate engines, each of which acts as its own “most wanted” list. Imagine you’re at the airport and you’re stopped by a cop who only searches for firearms, then one who only searches for drugs, then by another who’s only interested in bombs, etc. This causes a delay, which we call latency, and as a result – you miss your plane.
Mike Carpenter: UTM is a central system or “security brain” that, in theory, can see all threats and correlate all the implications of these threats, sorting those that are real from those that are merely possible. UTM not only gathers information, but can alert you to threats and even react to them on its own.
UTM is not a new idea, just a new name for an old idea. Vendors often position old concepts in a new, better light to new customers, and use them as a way to follow up with old customers that may have said no to something the first time. But, there are some very recent advances in technology that reduce latency and make UTM more real-time, and therefore more practical. Prices have also come down recently, so UTM is now more affordable.
3. Next Generation Firewall (NGFW)
(Note: Inside each UTM appliance is an NGFW, which can also be sold separately. We asked our experts to define a NGFW and to distinguish between it, a traditional firewall and a UTM.)
Jenson Crawford: A firewall generally keeps people out based on who they are and where they’re coming from. A NGFW builds on that by looking deeper to try and understand if someone is trying to do something they shouldn’t be doing.
Luca Sambucci: NGFWs use only some of the UTM’s protection systems, but enhance their scope and efficacy. Older firewalls are not as smart—they look at the packet, but they usually won’t be able to tell what it is (e.g. is it a video or Skype call?), so they’re not very good at spotting threats.
NGFWs are “application aware,” meaning they likely know what application your employees are using so they have a better idea of what to look for. This awareness also allows an NGFW to know how an application should behave. If it behaves differently, the NGFW will recognize this as a red flag.
If we picture a UTM as a Swiss Army knife, where the firewall is the magnifier that comes with a bunch of other tools, a NGFW is a super-precise magnifier incorporating a precision screwdriver. But you might also want a few of the other tools that come with a UTM, which is why some companies use them together.
Don Oxman: NGFWs block access to your network from the Internet (unless you allow it), and also offer additional features, such as the ability to allow or block certain applications from running on your network. For example, maybe you don’t want to allow Facebook Games on your network, but you do want to allow LinkedIn—an NGFW can do that.
It can also allow or block specific users from using certain applications through the firewall. For example, if Jane in Accounting needs access to the accounting servers but Jim in HR does not, an NGFW can provide that security.
Mike Carpenter: The new features and “intelligence” offered in a NGFW may not matter to your particular business or users. It’s a good idea to either ask an objective expert that you can trust for advice, or else plan to do a lot of reading and critical thinking on your own.
Always carefully consider your reasons for going next-gen: Is it because you need new features, or is it because you don’t know how to use what you already have? When adopting technology, users usually get the best value per dollar once technology enters the commodity phase—when people stop calling it “next”—so many organizations will be wiser to wait.
4. Mobile Device Management (MDM)
Don Oxman: MDM is a relatively new item within IT security. MDM products manage mobile devices (e.g. smartphones and tablets), and provide security on these devices. MDM platforms allow these devices to be configured and managed similarly so they can only access specific resources on the company network, allow certain programs to run and remotely wipe only company data on the device.
If you allow users to access company resources using their personally-owned device (e.g. email or documents) and are concerned about what happens with that information, then perhaps a MDM product might be worth investigating.
Luca Sambucci: MDM is a central solution to manage mobile endpoints. Nowadays mobile devices are swarming the workplace like an army of bees. The only difference is that while bees are all the same, those mobile devices are mostly different from one another. A MDM solution helps you map all devices, keep in the network those you approve and keep out those you don’t, and manage approved devices with security guidelines, updates, monitoring, etc.
Tim Singleton: For a long time, organizations have been able to configure computers with the software, security policies and tools that IT departments deemed best for the company. MDM brings the same functionality to mobile devices.
There is some conceptual overlap here between MDM and EPP: MDM can include remotely administered antivirus software for a mobile device, which also falls into EPP’s realm. If your company is large enough to require a corporate policy on how mobile devices should be configured and what they can and cannot be used for, MDM is for you.
Our epic quest to blast through the confusing world of IT security buzzwords has only just begun—stay tuned for episode II!
Meet Our Experts:
Jenson Crawford is director of software engineering for Crowd Ignite, an audience marketing platform that helps web publishers increase traffic. An experienced manager, he has successfully worked with local, offshore and hybrid teams to deliver software for a wide variety of industries.
Mike Carpenter is the VP of business continuity and compliance at TOA Technologies. He ensures the security, availability, performance, scalability and technical service of TOA’s cloud-based field service management application for customers around the globe. He learned the World Wide Web via the Advanced Research Projects Agency Network (ARPANET) at Carnegie Mellon University in 1986, and moved permanently to the Internet soon afterwards.
Luca Sambucci is a veteran of the anti-malware industry, and previously worked as an IT security consultant for the Italian Minister of Communications. Today, he’s a NSA certified risk analyst and a member of the Italian Association of Experts in Critical Infrastructures. He currently works for Italian anti-malware vendor ESET.
Don Oxman runs the security practice at Pinnacle Business Systems, serving both as chief information security officer and “security evangelist” to customers. The former director of the Network and Security Operations Center for the state of Texas, Oxman has also held security manager positions for legal and retail firms. He holds the CISSP, CISM and ITIL Expert certifications, and is a licensed private investigator in Texas.
Tim Singleton has worked in the computer and technology industry since 1999, doing everything from entry level help desk work to designing business networks and advising large IT organizations. He currently owns and operates Strive Technology Consulting, a managed service provider in Denver that provides enterprise-class support and guidance to small businesses.