Unified threat management solutions provide comprehensive protection from security threats.
Elephant calves in the wild are protected by the herd, which will circle the calf in order to fend off lions, hyenas, crocodiles and other predators. The huge size and coordinated action of the adult elephants is effective in shielding the vulnerable young.
Unified threat management (UTM) employs a similar technique to protect networks from security threats. UTM devices are all-in-one systems that combine a variety of security components in one unit that can be easily managed through a single console. These devices also offer integrated management, monitoring and logging capabilities, as well as streamlined deployment and maintenance that can be tailored to keep up with evolving security threats.
The UTM solutions market has grown recently due to its attractive network security approach and the increased demand for integrated security, particularly among small to midsize businesses (SMBs). In 2009, the SMB, remote office and small office/home office segments accounted for 53.6 percent of market revenues globally.
“The UTM concept is based on the assumption that a combination of security solutions bundled in the same appliance will create a better security umbrella for organizations,” said Ariel Avitan, Frost & Sullivan’s Industry Analyst for Network Security Technologies. “Another main advantage of UTM solutions is their low cost in comparison to purchasing many different security solutions. These two advantages are driving the rapid adoption of UTM solutions by SMB customers.”
Integrated Approach
Typical UTM solutions include a firewall, intrusion protection and detection, antivirus, anti-spam and a VPN. Single-console management makes it easier for administrators to enforce detailed security policies throughout the organization, and eliminates the need to investigate multiple alerts generated by various systems from a single event. Automatic security updates protect against emerging and evolving threats without administrator intervention.
With the integration of multiple security engines into a single appliance, UTM also makes it possible to detect blended threats that employ a combination of attacks — such as a mix of viruses, worms, Trojans and denial-of-service attacks — crafted to circumvent a single line of defense. With UTM solutions, the integrated security engines work together, enabling the system to inspect real-time traffic from multiple vantage points.
For example, a seemingly harmless e-mail that would pass through any anti-virus system could contain an HTML-based attachment that ultimately points to a Trojan. Because a UTM solution can use a combination of anti-spam, anti-virus, anti-spyware and other security engines, it can detect such blended threats more readily.
Controlling Costs
The traditional approach to defending systems has been to deploy a new dedicated security point product each time a security hole opens up. Denial-of-service attacks and worms led to intrusion prevention and vulnerability management systems. Firewalls and anti-virus drove the need for virtual private networking. Soon came instant messaging, P2P file sharing, and a dramatic rise in spam. Now there is information leakage, phishing and spyware.
A patchwork approach to security is simply not sustainable, however. Operating, maintaining and coordinating multiple security products leads to runaway costs. And since point products are configured separately, conflicting or incomplete rule sets can result in significant network security gaps.
A UTM implementation can lower operating costs and standardize the security platform across even dispersed organizations. It can also achieve consolidation, reduce complexity, improve intrusion detection and provide load balancing integrated into a single system supporting multiple applications.
Not Just for SMBs
SMBs have been among the first to adopt UTM appliances due to their all-in-one functionality, easier management and attractive price points; enterprise organizations have been slower to adopt them. With more IT staff and larger budgets, enterprises are better positioned to absorb the costs of managing multiple best-of-breed security products. Early UTMs could be bandwidth hogs, reducing network performance by 10 percent or more when the full set of security services were in use.
However, the latest generation of UTM devices addresses those concerns. Enterprise-class appliances from several vendors deliver reliable and scalable throughput for high-speed, widely distributed environments. These solutions also provide capacity for thousands of concurrent VPN connections and fully support voice over IP.
UTM can increase security, reduce costs and streamline management, but it isn’t a panacea. IT security requires constant vigilance, continual assessment and continuing education. However, today’s UTM appliances bring together powerful protection against a wide range of security threats.
