What is a Unified Threat Management System? A UTM is an all-in-one information security approach in which a single converged platform (application or appliance) provides multiple security services. This can resolve implementation and integration challenges that might result from using different products from different vendors. A UTM may include network firewalls, anti-spam, anti-spyware, anti-virus, intrusion detection and prevention, email and web content filtering, NAT (network address translation), and business VPN (virtual private network). Using a UTM simplifies information security (infosec) management, providing one central management and reporting point instead of multiple appliances from different vendors.
While UTM solutions solve some network security issues, they also have drawbacks. The main issue is that since a UTM device offers one single point of defense, this means it also has one single point of failure. For this reason, many organizations choose to supplement their UTM appliance with a second software-based perimeter that will stop any malware that manages to get through or around the UTM firewall.
A UTM might not provide the best protection in every area, but it can solve a lot of problems at a lower cost than you would pay to use a different vendor for each security service. If you have a small to medium-sized company, you may not have a very large IT team that can configure and manage a security solution that is made up of point solutions. UTMs are much easier for a small (even one-person) team with modest security skills to manage.
A UTM appliance is a hardware device that plugs into your network at the network perimeter. It serves as a gateway to your corporate network, and provides all the security services necessary to protect your network from unauthorized intrusion, malware, and other security risks.
A UTM security appliance, at the most basic level, acts as a standard network hardware firewall to restrict access to your network. Then you can turn on additional functions as necessary.
Typical security functions that a UTM security device may offer include:
Many organizations, especially if they are small, might not need all of the security features on the list, but they should be available in case you do.
Originally, firewalls only filtered traffic based on ports & IP addresses. They evolved over time to become “stateful,” which means that they keep track of the state of network connections passing through the appliance. However, as cyber threats also evolved and diversified, organizations began to deploy multiple appliances to defend against different classes of attacks. They now needed:
As more threats evolved, new types of appliances and services were created to meet the challenge. It was too difficult for the traditional stateful appliance approach to scale along with growing businesses.
An antivirus tool like a firewall just protects PCs and servers. Next-generation firewalls (NGFWs) are more effective than traditional firewalls, but they still lack critical features for detecting and responding to all the latest threats. Therefore, UTM systems are used to protect the entire network, as well as individual users. It does this by scanning all network traffic, filtering any potentially dangerous content, and then blocking intrusions.
UTM appliances have become popular due to combinations of different types of attacks and malware, known as blended threats, that simultaneously target multiple parts of the network. It can be difficult for separate appliances from different vendors to prevent these types of attacks. A UTM:
UTM solutions make it both easier and more affordable to deal with varied threats from a single point of defense and a single console.
