Unified Threat Management (UTM) is an approach to network security that combines multiple security services, such as firewalling, anti-virus/anti-spyware, intrusion detection and prevention, spam blocking, application-level content filtering for web access control & content inspection/distribution (web caching), etc., into a single appliance or software system.
UTM is also commonly referred to as a “next-generation firewall” due to the integrated nature of its features. UTM has many desirable features but can be expensive in terms of hardware cost or licensing fee. Several manufacturers have produced low-cost UTM appliances by integrating some basic firewall functionalities with one or more essential security functions. These devices are primarily targeted towards small businesses and home users.
Elements of Unified Threat Management:
Network Security
Network security has evolved from simple firewalls and intrusion detection systems (IDS), which used to be adequate when segregated networks were the only choice, into a much more complex UTM system where enhanced protection for data communication across open public networks such as the Internet is required, along with advanced content filtering that prevents employees from accessing inappropriate/illegal web sites or internal users downloading sensitive documents that might contain trade secrets.
Many small businesses and home users also need centralized network security devices to simplify daily operation and maintenance tasks.
“Web 2.0”
Web 2.0 refers to the new generation of web services that enable users to view and edit information in a web-based environment. It revolutionizes both business and individual’s daily life and has brought about many positive changes. Unfortunately, it also comes with some negative repercussions:
- Employees can abuse Web 2.0 features such as for weblogs, wikis, and RSS feeds for their reasons (e.g., downloading music or videos) at work, which not only infringes corporate rules but also wastes network bandwidth and computing resources;
- Personal home pages created on blogging sites such as Blogger or Windows Live Spaces might contain sensitive private content that is meant for family use only;
- Malicious users can create web pages with illegal content or post links to malicious websites on social networking sites such as Facebook, MySpace, etc.
These are only some examples of the potential problems from employees accessing malicious websites while at work. Organizations need a way to monitor and control their employees’ online activities. In contrast, home users need a simple, user-friendly solution that enables them to manage their children’s access to inappropriate websites. The UTM system with its integrated security features fits the bill perfectly in both cases.
Benefits Of Unified Threat Management
Unified Threat Management (UTM) appliances combine multiple security services into a single device or software system, saving customers money and time by replacing dedicated devices that perform only one function. This also provides centralized management of all network security tools to simplify daily operation and maintenance tasks.
Eliminates The Need For Multiple Devices
A UTM solution can replace several traditional firewalls, routers, switches, IDS systems, and VPN peers with integrated IPSec VPN capabilities.
Increases Efficiency
It enables administrators to quickly set up rules based on specific criteria at different levels within the network structure, so an appropriate level of protection is provided according to pre-set parameters without constant supervision by IT staff.
For example, the administrator might configure a policy that lets an employee access a website from his home office but blocks the same destination while he is at work.
Prevents Abuse Of User Privileges
A UTM system can monitor and control network activities to protect against unauthorized wireless connections, websites, and protocols.
For example, it can block employees from using peer-to-peer protocols such as BitTorrent at work, not wasting bandwidth for company data communication needs. It also limits users from opening too many connections while surfing the Internet, so modem line congestion does not occur due to excessive downloads or uploads. In addition, all content downloaded by users will be recorded in a central database making forensic analysis simple if any inappropriate/illegal objects are discovered.
Maintains Network Security
A UTM solution can help protect both the company and its customers from various types of attacks such as Denial of Service (DoS/DDoS), Distributed DoS (DDoS), and worms that send large amounts of packets to a targeted system to overwhelm the bandwidth or flood it with traffic, making it inaccessible to legitimate users.
Web-based attacks targeting applications, operating systems, and database management systems are also monitored by a UTM system, preventing them from entering networks and thus ensuring complete protection.
Drawbacks Of Unified Threat Management
Does Not Support Many Security Functions
A UTM system may not support a multitude of security functions or offer a wide range of protocols. In addition, non-integrated products might only protect the network perimeter, leaving the internal network exposed to attack.
Failure Of UTM Affects All Services
If a UTM appliance fails, it will affect all services this device provides, and Internet links will be lost. This is less likely with other approaches such as using multiple firewalls and routers because if one box fails, there should still be other devices that can provide service. In contrast, the faulty equipment is being serviced or replaced. However, if every individual firewall and router has failed, it would be difficult for users to access any websites at all, so the best approach would be to use a higher-level device that can provide multiple services.
UTM Appliances Offer Basic Content Filtering Capabilities
Some UTM appliances may offer only basic content filtering capabilities that do not precisely control traffic.
UTM Solutions Are Expensive
They also require more time to deploy and configure, while some only work with specific operating systems (e.g., Microsoft Windows) or specific versions of these OSes (e.g., 2003).
Conclusion
UTM solutions allow network administrators to use only one device that can provide different security functions (e.g., firewall, IPSec VPN, intrusion prevention system) and enable central management of these tools for simplifying daily operation and maintenance tasks. However, they may be more expensive than using separate firewalls and intrusion detection systems.
However, it is essential to consider the pros and cons of each device to determine whether a UTM solution or multiple appliances would be more advantageous for your network.