Frost and sullivan improving enterprise security by relocating into the carrier network
IMPROVING ENTERPRISE SECURITY BY RELOCAT ING
INTO THE CARRIER’S NETWORK
I NTRO D U CTI O N
As the Internet threat landscape continues to evolve, so too must security technologies.
Yet, the practice of stacking an increasing number of independent security technology
“boxes” can contribute to several undesirable outcomes, notably: operational complexity,
sub-optimized security expenditures, and inefficiencies in risk management. Overcoming
these outcomes is the aim of all-in-one security. This approach consolidates multiple
essential security technologies onto a single appliance, with control of all technologies
through a single management interface —a single pane of glass.
Representative of the customer
value of all-in-one security has been
the market demand for Unified
appliances. Industry research firm
Frost & Sullivan estimated that the
number of UTM appliances sold in
2008 worldwide was 786,000. 1 For
2012—four years later—Frost &
Sullivan estimated the annual sales
rate of UTM appliances increased by more than 50 percent, to 1.2 million. This growth is
projected to continue, with 2 million UTM appliances to be sold in 2016.
Contributing to the market demand in UTM has been the improvement in security
efficacy it offers by synergistically integrating previously separate security technologies.
An example of this is what is now referred to as next -generation firewalls (NGFW).
NGFWs integrate the capabilities of firewalls and intrusion detection and prevention
systems (IDS/IPS) to support more granular and context -aware defenses. UTMs are the
precursor to NGFWs, as firewall and IDS/IPS have been working together as part of
UTMs since UTMs were first introduced. Plus, UTMs include several other security
Another noteworthy aspect of all-in-one security is location. In this regard, UTM
appliances are no longer exclusively deployed at the perimeter of a business’s local area
network (LAN) or in front of a private data center —that is, customer premises
Frost & Sullivan, Analysis of the Global Unified Threat Management (UTM) Market – Enterprise Features and Product Value Propel
Market Growth (November 2012).
equipment (CPE). All-in-one security is also available as a bundle of security services
delivered from a shared, multi-tenant platform hosted in a carrier’s or Internet Service
Provider’s (ISP) network. This network-based location and use of multi-tenant platforms
follows the same evolutionary trend in firewalls, intrusion detection and prevention
systems, Web content filtering, and anti-malware. At one time, each of these security
technologies was exclusively deployed as a CPE appliance. Now, each of these security
technologies can be subscribed to as a security service delivered from a shared, network based platform. This service delivery approach is frequently referred to as “Security as a
Service.” As shown in the figure below, the all -in-one approach advances this concept by
relocating security from site-dedicated, CPE-based appliances to security services offered
from within the carrier’s network (i.e., network -based) to network-connected sites of
small and midsized businesses (SMBs), as well as the geographically dispersed sites of
Rel oc ati on of Si te - de di c ated, CPE - ba sed Appl i a nc es to Netw o rk - ba se d
Sec uri ty Ser vi c es
Source: Frost & Sullivan
In this white paper, we take a closer look at all -in-one security, its benefits when
subscribed to as network-based managed services, and service attributes that you, in
your dual roles of business leader and manager of security risk, should consider.
ALL- I N- ONE SEC URI TY ESSENTI A LS
There is no “silver bullet” in Internet security. The threats are too diverse for any one
technology to be effective against all. Additionally, the risk of using the Internet is not
exclusively from external attacks and ploys. End users, even the most security -conscious,
can inadvertently or, in a lapse of good judgment, initiate activities that are risky (e.g., in
the heat of multi-tasking, selecting and sending a document with sensitive or non -public
information to an unauthorized recipient, or by clicking on a Web link of questionable
authenticity or purpose). For these reasons, the majority of businesses rely on a
combination of security technologies to narrow their risks, while still allowing legitimate
business use of the Internet to continue.
This multi-layered approach is also aligned with the widely accepted defense -in-depth
concept. In this concept, security “fences” of different types are erected to mitigate risk.
In practice, if one fence is penetrated by an attacker, there are other fences to penetrate
with each requiring different attacker skills. While eliminating all potential of a successful
attack through a sequence of fences cannot be guaranteed, the probability of a successful
attack is materially reduced with multiple fences.
Another noteworthy perspective is that a multi-layered approach increases attackers’
costs, thereby reducing their incentive to continue with an attack. The more
sophisticated the attack sequence must be, or the longer it takes to be successful, the
greater the likelihood that attackers will forgo a multi -layer protected business, and
pursue other targets that are less fortified. Also, the multi -layered approach creates
several sensor points to detect attacker activities from which countermeasures can be
implemented. For example, when a threat is detected through an intrusion detection
system (IDS), a reputation tag is associated with the intruder (e.g., identified as an IP
address). Once tagged, that same IP address can be systematically blocked from future
communications with a firewall policy.
The aforementioned past and projected market demand for UTM reflects its alignment
with this multi-layered security approach. Additionally, the modular design of UTMs has
been a contributor, as it supports upgrades in security technologies that are already part
of the UTM, as well as introduction of new security technologies.
Currently, the security technologies commonly included in UTMs are:
Intrusion detection and prevention systems
Virtual private networking (VPN); Internet Protocol Security (IPsec VPN) and
Secure Sockets Layer (SSL VPN)
Web content filtering
UTMs did not originally include all of these security technologies. They have evolved to
this mixture over time, primarily due to a diversifying threat landscape —more security
technologies were required to maintain an effective defense. Furthermore, this expansion
in security technologies took advantage of UTM’s strategic, in -line location with a
business’s network traffic flow. An example of this is data loss prevention (DLP) —a
capability that is starting to materialize in UTMs. With DLP, businesses define and
enforce data protection policies (e.g., warn, quarantine, block, and encrypt) during the
real-time examination of outgoing traffic for the existence of sensitive information (e.g.,
payment card and social security numbers).
Another example of the evolution in UTM is firewall protocol inspection and control.
Gone are the days that legitimate traffic could be defined exclusively by its protocol (e.g.,
HTTP or SSL). The traffic within a single protocol is more often a mix of legitimate,
known illegitimate, and questionable, such that a binary protocol policy of on or off is
too coarse. For this reason, standalone or pure -play firewalls have advanced in policy
granularity through use of contextual variables to define and enforce policies. The same
is true for the firewall functionality contained in UTMs; it too has advanced in
sophistication to counter new threats and better serve businesses’ evolving Internet
ALI GNED WITH P REVAI L I NG BU SI NES S AND IT TREND S
The multi-layered, defense-in-depth security proposition of UTM has, as pointed out,
gained significant market traction. However, from our perspective, businesses should not
limit their security decisions to only whether a collection of security technologies
consolidated in a UTM appliance is preferable to a stack of single function security
appliances. We recommend that businesses also consider the virtues of network -based
security services versus in-house ownership and management of on-premises UTM
appliances. When considered, the advantageous alignment with several business and IT
trends becomes apparent. These trends include:
Operate from a Distributed Footprint – Instinctively, the thought of a
distributed footprint centers on businesses that need to be where their
customers are, such as in retail, banking, insurance, consumer and professional
services, and hospitality. Yet, a distributed footprint is not limited to these
industries. Talent, too, is distributed; and to bring together the employee talent
needed frequently requires more than one location. Additionally, in some
industries, such as high tech and media & entertainment, mergers and acquisitions
are prevalent—forcing businesses to maintain geographically distributed
locations, at least temporarily, during a transition period. Regardless of reason, a
distributed footprint is the norm for many businesses. This raises the question of
how to provide the security each location needs, economically, and with
straightforward policy administration.
Network-based security services are well suited to support the security
requirements of a distributed footprint for midsize businesses and very large
enterprises. As a network-based service, an always-on virtual instance of security
functionality is hosted in the carrier’s network for each location. As security
needs vary among locations, the virtual instances can be customized to reflect
just the security technologies needed for each location. Naturally, in this “as a
service” model, the customer only pays for the security technologies in use at
each of its locations. Additionally, when consistent security policies are needed
across virtual instances, that too is inherently supported in a single -click
broadcast fashion (i.e., define once and automatically apply to all).
Drive to Core – Maintaining a secure environment, protecting sensitive
information, and complying with regulations is a complex and dynamic endeavor.
Furthermore, the necessary skills and knowledge required to establish and update
security policies, and respond to security alerts, demand continuous
development. Plus, management downtime is nearly non -existent as threat actors
never sleep; so neither can their targets. Last, attackers, in their quest to be
effective, will attempt the same ploys or attack sequences across multiple targets.
In other words, businesses face a common foe. For all of these reasons,
businesses are justified in rethinking an exclusive do -it-yourself (DIY) approach
to security. While security is essential for business, it may not define the
business. Accordingly, driving more in-house emphasis to areas of competitive
differentiation, and outsourcing parts of security, is a prudent strategy.
Network-based security service is a managed service. As a managed service, the
service-delivery infrastructure is fully maintained by the service provider. The
essential tasks of ensuring uptime, updating, and patching software are no longer
the responsibility of the business; the provider fully owns these responsibilities.
While the customer retains responsibility for its security policies, the provider
lessens the policy-creation burden by having a library of field-tested security
policies available for customer use, and can provide guidance on policy selection.
The provider is also responsible for updating and distributing signature files, for
example, for IDS/IPS, anti-malware, and anti-spam. The service provider will also
send high priority alerts on security threats, and provide recommendations on
how to mitigate. With an around-the-clock staff of security specialists and a
customer community of virtual sensors, the service provider is a clearinghouse of
security information, and a guiding hand in assisting its customers in becoming
more effective in their defenses.
Be Lean – The cloud is part of the “how do we modernize business”
conversation of today. At its basic level, the cloud is a usage -based consumption
model that helps businesses match compute, storage, and application
expenditures closer with actual needs. The cloud reduces the excesses —that is,
spare or underutilized servers, storage systems, and software licenses —that
creep up with nearly any IT environment.
Network-based security services are patterned after the cloud model. Customers
select and pay for only the security technologies they need for their connected
locations. Also, situated in the carrier’s network between the customer’s
locations and the Internet, network-based security filters unwanted and
undesirable inbound traffic; essentially blocking this traffic closer to its source
and before traversing customer’s access lines. In this manner, a larger share of
the customer’s access bandwidth is available for essential traffic flows.
Additionally, for businesses accustomed to backhauling Internet -bound traffic
from remote sites to a central location, in order to enforce security policies,
network-based security eliminates this practice, as the same policies can be
applied for remote locations from within the carrier’s network. Not only will
eliminating backhaul reduce bandwidth consumption at the central location, but
end users at the remote sites will encounter less latency in their Internet centered activities.
Transform – Mobility and Bring Your Own Device (BYOD) are two non reversing IT trends that are stretching the boundaries of where business is
conducted and through what end-user devices. In the process, security is
becoming increasingly fragmented. At the same time, data breach consequences
and regulatory intensity is rising. And with more business activities being
conducted through mobile wireless connections and on endpoint devices not
owned or fully managed by the business’s IT and security organizations,
vulnerability to data loss, malware infections, and backdoor entry into critical
internal systems is also rising. As businesses adapt and incorporate mobility and
BYOD into their normal operations, security practices must also transform from
security policy enforcement just at the edge of the business network to wherever
business is conducted.
A virtue of network-based security services is that it relaxes the definition of a
protected location. No longer must a protected location be defined strictly in
terms of a physical address. Rather, protection is extended to any connection.
Whether that connection is from a mobile device, from an employee’s home PC,
or the laptop of a travelling employee, as long as the connection is directed
through the carrier’s network-based security service environment (e.g., through a
VPN tunnel), the business can enforce its security policies.
NETWORK - BA SED S ECURI TY SERVI CE A TTRIBUTE S TO CO N SID ER
Network-based security delivers a strong value proposition for the distributed business.
It starts with the foundation of UTM, and drives it further with the usage -based
economics of cloud-modeled services, the assurances of managed services, and the
bandwidth optimization benefits of being situated in the carrier’s network. There are
other service attributes that are also important to consider in selecting network -based
security services: (1) visibility and reporting, and (2) pricing.
Visibility and Report ing
An essential element of security is information; and each security technology included in
the customer’s network-based security services is a source of information. In order to
maximize the effectiveness of this information, it needs to be presented in a meaningful
way for its intended users. This can be a dilemma, as the intended users collectively
represent a diverse range of needs. For example, business executives may only require a
report card view of the state of protection and regulatory compliance. At the other
extreme are security administrators. In their role, highly granular information is essential.
They are, in effect, in charge of day-to-day decisions on protecting critical systems, data
privacy, and ensuring that end-users’ Internet usage stays within company parameters.
Yet, waves of granular information are overwhelming. To counter this, the information
must first be presented to alert and prioritize effort. From there, administrators can drill
down to detailed specifics, in order to qualify security threats or issues of regulatory no ncompliance; and then develop an action plan, such as modifying an existing security
policy, creating a new policy or rule, or drawing end -users’ attention to risky behaviors.
In assessing network-based security services, consider your visibility and reporting needs.
At minimum, you will want report card views. Beyond that, your level of active security
management will be a determining factor. For example, if your intent is to be highly
active (i.e., self-managed), then enterprise-grade visibility and reporting capabilities are
warranted. However, if your intent is to be more reserved in your day -to-day security
management, and your relationship with your network -based service provider includes
support for event investigations and policy changes, then your visibility and reporting
needs are not as stringent. Nevertheless, you will still want more than just report card
views, in order to facilitate effective and efficient communication with your service
provider about security issues and how to resolve them.
Usage-based pricing with a cloud-delivered service is compelling, but how does it work
with network-based security services? The reality is that there is no standard or
benchmark pricing structure. Nevertheless, in stepping back and considering the service delivery elements of network-based security, there are three characteristics that stand
Security Technologies – Each connected site or remote user aggregation point
(e.g., VPN concentrator) included in network -based security is defined by
security technologies in use. These, of course, represent capabilities that define
the protection your business is receiving. Thus, these are foundational elements
in network-based security pricing.
Throughput – Security, particularly when it entails examining the flow of
network traffic in real-time, consumes computational resources. As more
security technologies are turned on, or the number of connected users increases,
the need for higher levels of throughput increases. Consequently, the second
element of network-based security services pricing is how much throughput or
bandwidth is required to support traffic flow examination and policy enforcement
(e.g., block) without affecting the end-user experience (i.e., adding a perceptible
amount of latency) on safe and legitimate usage.
Customer Support – As previously stated, network-based security is a
managed service. However, the type and level of personalized support across
subscribing businesses will vary. Some businesses prefer a self -managed approach
in which they have full control of their security policies; for example, the
frequency of policy changes and the speed at which the changes are enacted.
Other subscribing businesses prefer to utilize the service provider’s staff to
administer policy changes on their behalf. Similar to security technologies and
throughput, staff time and talent has a cost associated with it, so customer
support is also a justifiable pricing element.
As each of these pricing elements could be metered and charged for at a very detailed
level (e.g., daily megabytes processed and customer support minutes), this would be
inconsistent with a prominent need of most businesses —cost certainty. Therefore, a
commonsense network-based security services pricing structure is tiered with a bursting
allowance (e.g., to accommodate, without extra charges, a seasonal spike or end -ofmonth spike in network traffic). In this manner, businesses gain certainty in their security
expenditures, without compromising service consistency (e.g., fluctuations in latency due
to a surge in network traffic).
CENTURYLINK BUSINESS AND NETWORK -BASED SECURITY SERVICES
The content on this page was provided by CenturyLink
Responding to the evolving security, regulatory, and data protection needs of
businesses—from large and highly distributed organizations to single site businesses —
CenturyLink now offers Network-Based
Security—a managed and monitored
security service delivered from within
CenturyLink’s nationwide, fiber-based
network. This service provides layers of
protection for each location in a
company’s private network.
combination of essential, state-of-theart security technologies moves
CenturyLink customers from a scenario
of “inefficient security” to “optimized
Today’s Network S ecurity Scenarios
Unpredictable capital expenditures and
Efficient operating expense model and
automatic security technology upgrades
Resource contention, congestion, and suboptimal performance
Highly expandable network-based model and
avoidance of network backhaul
Insufficient security expertise
24x7 expert threat monitoring and enterprisegrade visibility and reporting
Single points of failure
Always-on security with geographically diverse
and redundant virtual infrastructure
Unpredictable security expenses
Flexible and predictable pricing terms
The Last Word
Enterprise decisions on security need to be expanded beyond the essential “what” to
also include “how” and “where.” UTM appliance vendors have advanced the all -in-one
concept of security in multiple areas —performance, security efficacy, and
manageability—and businesses of all sizes are including UTMs in their standard
approach to security. Taking the all-in-one concept one step further, network
carriers are offering bundles of integrated security services from within their
networks; the Security as a Service approach. The benefits of this relocation from
CPE-based deployments to virtual network-based services are numerous and
impactful. And that impact is not limited to security efficacy; there are operational
benefits in optimizing bandwidth, streamlining administration, adapting to prevailing
IT trends, and managing security expenditures.
Stepping back and taking the appropriate “broad” view, one should ask what is
security doing for my organization and how can security be matched with my
organization’s business needs and objectives? In answering these questions, the value
of network-based security services becomes apparent. The time is right to evaluate
your network-based security service options.
VP of Research
Stratecast | Frost & Sullivan
331 E. Evelyn Ave., Suite 100
Mountain View, CA 94041
7550 West Interstate 10, Suite 400
San Antonio, Texas 78229-5616
Tel 44(0)20 7730 3438
Fax 44(0)20 7730 3343
4, Grosvenor Gardens,
London SWIW ODH,UK
877.GoFrost • firstname.lastname@example.org
Stratecast collaborates with our clients to reach smart business decisions in the rapidly evolving and hyper competitive Information and Communications Technology markets. Leveraging a mix of action -oriented subscription
research and customized consulting engagements, Stratecast delivers knowledge and perspective that is only
attainable through years of real-world experience in an industry where customers are collaborators; today’s
partners are tomorrow’s competitors; and agility and innovation are essential elements for success. Contact your
Stratecast Account Executive to engage our experience to assist you in attaining your growth objectives.
ABOUT FROST & SULLIVAN
Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary
innovation that addresses the global challenges and related growth opportunities that will make or break today’s
market participants. For more than 50 years, we have been developing growth strategies for the Global 1000,
emerging businesses, the public sector and the investment community. Is your organization prepared for the next
profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends,
breakthrough best practices, changing customer dynamics and emerging economies? Contact Us: Start the
For information regarding permission, write:
Frost & Sullivan
331 E. Evelyn Ave. Suite 100
Mountain View, CA 94041
Delhi / NCR
Iskander Malaysia/Johor Bahru