UTM - Unified Threat Management Appliance
A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
While UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.
UTM systems provide increased protection and visibility, as well as control over network security, reducing complexity. UTM systems typically do this via inspection methods that address different types of threats.
These methods include:
- Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.
- Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.
UTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.
Suppliers UTM - Unified Threat Management Appliance
F.A.Q about UTM - Unified Threat Management Appliance
How UTM Appliances Block a Computer Virus — or Many Viruses?
Unified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.
While unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.
What kind of companies use a Unified Threat Management system?
UTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.
What security features does Unified Threat Management have?
As previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.
- Data loss prevention software to stop data from exfiltrating the business which in turn prevents a data leak from occurring.
- Security information and event management software for real-time monitoring of network health which allows threats and points of weakness to be identified.
- Bandwidth management to regulate and prioritise network traffic, ensuring everything is running smoothly without getting overwhelmed.
- Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defences.
- Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.
- Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.
What are the benefits of Unified Threat Management?
- Simplifies the network
By consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganised. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.
- Provides greater security and visibility
A UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.
- Can defend from more sophisticated attacks
Because UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled easier. With cyber-attacks getting more sophisticated, having defences that can match them is of greater importance.
Having several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.