Today’s threat environment is forcing organizations to rethink their security tools. Traditional firewalls no longer provide adequate protection at the network perimeter. They are being replaced by next-generation firewalls, which use deep packet inspection, application-level policies and other features to detect and block modern security threats.
These advanced capabilities have made security more effective – and more complicated. That’s why many smaller organizations are looking for a simpler way to manage the security infrastructure.
Unified threat management (UTM) was introduced as a new approach to security management that integrates various security technologies. Typical UTM solutions include a firewall, gateway security, intrusion detection and prevention, anti-malware software, content filtering, and other security features. This functionality is integrated into one solution, making it easier to install, update and maintain than traditional security tools.
In addition, the integration of multiple security engines makes it possible to detect blended threats that employ a combination of attacks — such as a mix of viruses, worms, Trojans and denial-of-service attacks — crafted to circumvent a single line of defense. With UTM, the integrated security engines work together, enabling the system to inspect real-time traffic from multiple vantage points.
For example, a seemingly harmless e-mail that might pass through any antivirus system could contain an HTML-based attachment that ultimately points to a Trojan. Because a UTM solution can use a combination of antispam, antivirus and other security engines, it can detect such blended threats more readily.
Single-console management makes it easier for administrators to enforce detailed security policies throughout the organization, and eliminates the need to investigate multiple alerts generated by various systems for the same event. Automatic security updates protect against emerging and evolving threats without administrator intervention.
In addition to reducing management complexity, UTM solutions can be configured to meet regulatory compliance standards. The more complex the infrastructure, the more complex those configurations will be. However, configuring a single UTM appliance is simpler than separately configuring several security tools.
When selecting a UTM solution, there are a number of things to consider:
- What security functionality do you have in place and what is missing? Do you simply want to supplement your existing environment or replace individual solutions with an all-in-one product? Be sure that the UTM appliance has all the features and functionality you need.
- How many users and devices do you need to support today, and what is your anticipated growth over the next two years? Scalable UTM appliances cost more but may be worth it for growing organizations.
- How much bandwidth will you need? To answer this question, you will need to collect information on bandwidth usage, email traffic, and any spikes in activity. This will help you select the right UTM solution and also identify any network bottlenecks that may need to be addressed.
- Are you looking at appliances from well-known manufacturers? Industry leaders typically offer more robust products and better support. They also tend to stay abreast of emerging threats and update their solutions accordingly.
Note that the industry lacks consistent nomenclature with regard to UTM. Some vendors call UTM products “security appliances” while others refer to them as next-gen firewalls. ICG can provide you with objective advice on security solutions and help you implement the right tools to protect your business.