Learn about unified threat management solutions and their benefits in Data Protection 101, our series on the fundamentals of information security.
A Definition of Unified Threat Management
Unified threat management (UTM) describes network solutions that integrates the capabilities of several security products into one all-inclusive security console. The all-in-one solution is much easier for an organization to manage than several different security solutions, reducing the complexity. This is most popular among small businesses because it provides an affordable alternative to purchasing each security solution separately. UTMs are commonly used in branch offices, home offices, banking, retail, and midsize companies.
Features of UTM Solutions
Almost every unified threat management application includes the same seven features. Some applications may also include additional features in order to appeal to certain customers.
- Intrusion prevention
- Virtual private networking (VPN)
- Web filtering
- Data loss prevention
Next Generation Firewalls vs. Unified Threat Management
Some sources say that UTMs and next-generation firewalls (NGFWs) are synonymous. It is true that some capabilities of NGFWs overlap with those of UTMs. However, UTMs include additional security features such as gateway antivirus and content filtering that are not covered by NGFWs. NGFWs are firewalls that include intrusion prevention systems and application intelligence. They were originally designed to fill the security hole left by traditional firewalls. UTM devices offer seven layers of security, NGFW being one of those layers. It is important to keep in mind that each solution is used for different reasons and none is superior to any other.
Benefits of Using a Unified Threat Management Solution
UTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTMs reduce the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.
Some UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.
UTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.
Challenges of Using a Unified Threat Management Solution
The main benefit of using a UTM solution can also be its greatest weakness. When a company’s security capabilities are concentrated in one appliance, it becomes a possible single point of failure. This means that any malicious or ignorant entity would only have to disrupt the UTM to bring down the entire security system. Companies using a UTM device take the risk of putting all of their security ‘eggs’ in one basket. This risk should be taken seriously and weighed against the possible benefits of a UTM when analyzing security solutions. This could ultimately lead to a performance issue as well, meaning that the performance of the network may slow down, but is not to be a problem that cannot be overcome.