It is not news to most church staff (or almost anyone else in the developed world) that the instance and potential impact of cyber-attacks is expanding at an exponential level. Not only are churches not immune from this trend, but, with increasing regularity, they are a chosen target of this trend.
This heightened cyber threat environment presents a problem for many churches. Not fully understanding the complexity, effectiveness, and creativity of such attacks, many staff believe that their standard firewall (working via a set of rules applied against incoming data packets) and some anti-virus software are sufficient to protect them from the problem. Such a belief is dangerous. The bottom line is that these items alone are not adequate to safeguard church technology resources and data.
Multiple Layers of Security are Required
Over the years as technology security threats have morphed and matured, prudent IT engineers have implemented numerous security platforms to protect church resources and data. In years past, a secure network might have consisted of:
- A Firewall appliance to control access in and out of the network
- An Intrusion Prevention System (IPS) to detect and stop the exploitation of security vulnerabilities
- A VPN gateway to provide secure remote access
- A Content Filtering (CFS) appliance to control access to web sites and block access to malicious content
- A Spam Filtering appliance to quarantine spam and malware-infected email attachments
All of the platforms mentioned above play a vital role in effectively securing your church network. However, the management and configuration of these multiple, different platforms is inefficient and adds a high cost of both time and money. This inefficiency was the impetus behind the development of the Unified Threat Management Gateway (UTM).
UTM Appliances Provide Enhanced Efficiency and Power at a Lower Overall Cost
A UTM appliance generally includes, in one device, all of the protection mechanisms and features listed above, as well as some additional “Next-Generation” protection features. This design provides for configuration and management of all security features in a single edge gateway device. The result is a much more robust and efficiently managed security environment.
Technology leaps in the last ten years have enabled hardware vendors to pack much more power into a small chassis due to the lower cost and efficiency of powerful multiple core processors. This technical advancement allows a single unit to perform exponentially more operations and inspections than was possible with previous equipment in use as recently as five years ago. The amount of traffic traversing our networks is at an all-time high due to affordable, fast internet connections. The increased traffic requires the highly expanded level of processing that properly-sized current generation UTM appliances accomplish with ease.
Increased Security Protection Offered by UTM Appliances
In addition to standard firewall and security features (IPS/IDS, VPN, CFS, Anti-Spam, Anti-Malware), these “Next-Gen” appliances leverage the cloud-connected world in real-time to better detect “Zero Day” (previously unknown) malware and intrusion schemes. The UTM platforms can even “sandbox” unknown files in a cloud quarantine environment. There, the UTM can “execute the payload” and perform analysis to determine if any malicious content exists. Only if the files are “clean” will the appliance allow the files through the gateway.
Another critical feature of a UTM appliance is the ability to configure flexible and granular application control. In laymen’s terms, the security appliance can identify a particular application and apply targeted policies to that individual application. An example of some standard policies might be to “throttle” the amount of bandwidth allowed for a particular application or to block a specific application’s traffic selectively. Another example might be to send a particular application’s traffic out of a lower cost WAN (Internet) connection instead of the primary WAN connection. Multiple WAN configuration options on these next-gen devices are known as “SD-WAN.” SD-WAN stands for software-defined wide area network and is applied broadly in the marketplace currently. This feature allows the church to have multiple Internet connections through various providers, and it can configure any type of traffic to use the Internet connection of your choice. This allows you to limit the exposure across your network.
These next-generation features enable precise control of your Internet utilization and security to provide you with a highly optimized and secure Internet experience.
Due to the nature of the threats propagating on the internet today, we recommend that all churches protect their network technology resources with a properly configured robust Unified Threat Management gateway. Just because you have a network device that contains UTM features doesn’t mean that you are making the most of what it has to offer, so a properly configured UTM is critical.
If you are unsure that your church’s technology environment has the proper levels of protection, please reach out to [email protected] today to see how you can further enhance your network security and optimize your Internet connectivity. Enable will work with you to ensure that your network is better protected and that you are getting the most out of your available internet connection. We would be honored to serve you in this way!
Written By: Phil Brewer, Senior Engineer, Enable Ministry Partners