Best Unified Threat Management (UTM) Solutions

A UTM appliance is a hardware device that plugs into your network at the network perimeter. It serves as a gateway to your corporate network, and provides all the security services necessary to protect your network from unauthorized intrusion, malware, and other security risks.

A UTM security appliance, at the most basic level, acts as a standard network hardware firewall to restrict access to your network. Then you can turn on additional functions as necessary.

Typical security functions that a UTM security device may offer include:

• Site-to-site and remote access VPN support
• Secure web gateway functionality (this should include URL and content filtering and anti-malware scanning)
• A system to prevent network intrusion
• Application control
• Bandwidth management
• Web application firewalling
• Data loss prevention (DLP)
• Load balancing
• Identity-based access control
• Wireless access management
• DDoS protection
• Email security

Many organizations, especially if they are small, might not need all of the security features on the list, but they should be available in case you do.

Originally, firewalls only filtered traffic based on ports & IP addresses. They evolved over time to become “stateful,” which means that they keep track of the state of network connections passing through the appliance. However, as cyber threats also evolved and diversified, organizations began to deploy multiple appliances to defend against different classes of attacks. They now needed:

• A stateful packet inspection firewall to allow inbound and outbound traffic on the network
• A web proxy to scan content and URLS with antivirus services and filter them
• A separate Intrusion Prevention System (IPS) to detect and block malicious traffic
• An appliance to filter spam such as junk emails and phishing attempts
• VPN servers to connect remote offices or allow users to access company resources remotely

As more threats evolved, new types of appliances and services were created to meet the challenge. It was too difficult for the traditional stateful appliance approach to scale along with growing businesses.

An antivirus tool like a firewall just protects PCs and servers. Next-generation firewalls (NGFWs) are more effective than traditional firewalls, but they still lack critical features for detecting and responding to all the latest threats. Therefore, UTM systems are used to protect the entire network, as well as individual users. It does this by scanning all network traffic, filtering any potentially dangerous content, and then blocking intrusions.

UTM appliances have become popular due to combinations of different types of attacks and malware, known as blended threats, that simultaneously target multiple parts of the network. It can be difficult for separate appliances from different vendors to prevent these types of attacks. A UTM:

• requires fewer resources, including minimal security staff, because there is only one system to monitor and maintain. All security logs are also centralized in a single location.
  
• provides better security coverage because all the components are designed to work together, which is not the case with a collection of point solutions.
  
• is easily scalable as your organization grows.
  
• Is guaranteed to be compatible, unlike point security solutions.
  
• can be centrally managed and configured, which removes the need for training on multiple solutions and saves time and reducing the likelihood of misconfiguration errors.
  
• costs less than purchasing a standalone product for each area. It will also take up less data center space, consume less power, and involve less hardware replacement costs.
  
• can act as a standalone firewall appliance as backup to point solutions as necessary.

UTM solutions make it both easier and more affordable to deal with varied threats from a single point of defense and a single console.