Unified threat management
Encyclopedia
Unified Threat Management (UTM) is a comprehensive solution that has recently emerged in the network security
industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations. In theory, it is the evolution of the traditional firewall
into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention and gateway antivirus
(AV), gateway anti-spam, VPN
, content filtering
, load balancing
, data leak prevention and on-appliance reporting.
The worldwide UTM market was approximately worth $1.2 billion in 2007, with a forecast of 35-40% compounded annual growth rate through 2011. The primary market of UTM providers is the SMB and Enterprise segment, although a few providers are now providing UTM solutions for small offices/remote offices
.
The term UTM was originally coined by IDC
, a leading market research firm. The advantages of unified security lies in the fact that rather than administering multiple systems that individually handle anti virus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.
on corporate information systems via hacking/cracking
, viruses
, worms
- mostly an outcome of blended threat
s and insider threats
. Also, newer attack techniques target the user as the weakest link in an enterprise, the repercussions of which are far more serious than imagined.
Data security
and unauthorized employee access have become major business concerns for enterprises today. This is because malicious intent and the resultant loss of confidential data
can lead to huge financial losses as well as corresponding legal liabilities. It needs to be mentioned that enterprises have only now begun to recognize the fact that user ignorance can lead to vital security being compromised out of their internal networks.
The main advantages of UTM solutions are simplicity, streamlined installation and use, and the ability to update all the security functions concurrently. So, not only are they a cost-effective purchase, but day-to-day network running costs are also considerably lower than other solutions.
The ultimate goal of a UTM is to provide a comprehensive set of security features in a single product managed through a single console. Integrated security solutions evolved as a logical way to tackle the increasingly complex blended internet threats impacting organizations.
The UTM market has shown dramatic growth recently with a 20.1% increase in 2009 following up a 32.2% increase in 2008, according to Frost and Sullivan.
and productivity
issues, are difficult to deploy, manage and update, which increases operational complexities and overhead costs
. Instead, organizations of today demand an integrated approach to network security and productivity that combines the management of traditionally disparate point technologies.
All these disadvantages can lead to situations where organizations deploy reduced security and inferior policies at remote locations. UTMs can help overcome these problems. In summary, the fast-paced transition from point to integrated security appliances is largely due to the cost-effectiveness and ease of manageability of UTM devices.
In this context, UTMs represent all-in-one security appliances that carry a variety of security capabilities including firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, bandwidth management, application control and centralized reporting as basic features. The UTM has a customized OS holding all the security features at one place, which can lead to better integration and throughput
than a collection of disparate devices.
For enterprises with remote networks
or distantly located offices, UTMs are a means to provide centralized security with complete control over their globally distributed networks.
The strength of UTM technology is that it is designed to offer comprehensive security while keeping security an easy-to-manage affair. Enterprises get complete network information in hand to take proactive action against network threats in case of inappropriate or suspicious user behavior in the network. As identity-based UTMs do not depend on IP
addresses, they provide comprehensive protection even in dynamic IP environments such as DHCP and WI-Fi and especially in a scenario where multiple users share the same computer.
Regulatory compliances like HIPAA
, GLBA, PCI-DSS, FISMA
, CIPA
, SOX, NERC, FFIEC
require access controls and auditing that meet control data leakage. UTMs that provide identity-based security give visibility into user activity while enabling policy creation based on the user identity, meeting the requirements of regulatory compliances.
Identity-based UTMs deliver identity-based reports on individual users in the network. This offers short audit and reporting cycles and facilitate the meeting of regulatory compliance requirements in enterprises.
Network security
In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...
industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations. In theory, it is the evolution of the traditional firewall
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention and gateway antivirus
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
(AV), gateway anti-spam, VPN
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
, content filtering
Content filtering
Content filtering is the technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria. It is most widely used on the internet to filter email and web access.- Content filtering of email :...
, load balancing
Load balancing (computing)
Load balancing is a computer networking methodology to distribute workload across multiple computers or a computer cluster, network links, central processing units, disk drives, or other resources, to achieve optimal resource utilization, maximize throughput, minimize response time, and avoid...
, data leak prevention and on-appliance reporting.
The worldwide UTM market was approximately worth $1.2 billion in 2007, with a forecast of 35-40% compounded annual growth rate through 2011. The primary market of UTM providers is the SMB and Enterprise segment, although a few providers are now providing UTM solutions for small offices/remote offices
Small office/home office
Small office/home office, or SOHO, refers to the category of business or cottage industry which involves from 1 to 10 workers. SOHO can also stand for single office/home office....
.
The term UTM was originally coined by IDC
International Data Corporation
International Data Corporation is a market research and analysis firm specializing in information technology, telecommunications and consumer technology. IDC is a subsidiary of International Data Group...
, a leading market research firm. The advantages of unified security lies in the fact that rather than administering multiple systems that individually handle anti virus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.
Brief history
UTM solutions emerged of the need to stem the increasing number of attacksAttack (computer)
In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.- IETF :Internet Engineering Task Force defines attack in RFC 2828 as:...
on corporate information systems via hacking/cracking
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
, viruses
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, worms
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
- mostly an outcome of blended threat
Blended threat
A blended threat is a software vulnerability which in turn involves a combination of attacks against different vulnerabilities. For example, many worm, a trojan horse and a computer virus exploit multiple techniques to attack and propagate....
s and insider threats
Misuse Detection
Misuse detection actively works against potential insider threats to vulnerable company data.-Misuse:Misuse detection is an approach in detecting attacks. In misuse detection approach, we define abnormal system behaviour at first, and then define any other behaviour, as normal behaviour...
. Also, newer attack techniques target the user as the weakest link in an enterprise, the repercussions of which are far more serious than imagined.
Data security
Data security
Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of Information security.- Disk Encryption...
and unauthorized employee access have become major business concerns for enterprises today. This is because malicious intent and the resultant loss of confidential data
Confidentiality
Confidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...
can lead to huge financial losses as well as corresponding legal liabilities. It needs to be mentioned that enterprises have only now begun to recognize the fact that user ignorance can lead to vital security being compromised out of their internal networks.
The main advantages of UTM solutions are simplicity, streamlined installation and use, and the ability to update all the security functions concurrently. So, not only are they a cost-effective purchase, but day-to-day network running costs are also considerably lower than other solutions.
The ultimate goal of a UTM is to provide a comprehensive set of security features in a single product managed through a single console. Integrated security solutions evolved as a logical way to tackle the increasingly complex blended internet threats impacting organizations.
The UTM market has shown dramatic growth recently with a 20.1% increase in 2009 following up a 32.2% increase in 2008, according to Frost and Sullivan.
Transition from point to integrated security solutions
Traditional point solutions, which were installed to solve major threatThreat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
and productivity
Productivity
Productivity is a measure of the efficiency of production. Productivity is a ratio of what is produced to what is required to produce it. Usually this ratio is in the form of an average, expressing the total output divided by the total input...
issues, are difficult to deploy, manage and update, which increases operational complexities and overhead costs
Overhead (business)
In business, overhead or overhead expense refers to an ongoing expense of operating a business...
. Instead, organizations of today demand an integrated approach to network security and productivity that combines the management of traditionally disparate point technologies.
All these disadvantages can lead to situations where organizations deploy reduced security and inferior policies at remote locations. UTMs can help overcome these problems. In summary, the fast-paced transition from point to integrated security appliances is largely due to the cost-effectiveness and ease of manageability of UTM devices.
How UTM secures the network
A single UTM appliance simplifies management of a company's security strategy, with just one device taking the place of multiple layers of hardware and software. Also from one single centralized console, all the security solutions can be monitored and configured.In this context, UTMs represent all-in-one security appliances that carry a variety of security capabilities including firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, bandwidth management, application control and centralized reporting as basic features. The UTM has a customized OS holding all the security features at one place, which can lead to better integration and throughput
Throughput
In communication networks, such as Ethernet or packet radio, throughput or network throughput is the average rate of successful message delivery over a communication channel. This data may be delivered over a physical or logical link, or pass through a certain network node...
than a collection of disparate devices.
For enterprises with remote networks
Remote access
In telecommunication, the term remote access has the following meanings:#Pertaining to communication with a data processing facility from a remote location or facility through a data link...
or distantly located offices, UTMs are a means to provide centralized security with complete control over their globally distributed networks.
Key advantages
- Reduced complexity: Single security solution. Single Vendor. Single AMC
- Simplicity: Avoidance of multiple software installation and maintenance
- Easy Management: Plug & Play Architecture, Web-based GUI for easy management
- Reduced technical training requirements, one product to learn.
- Regulatory compliance
Key Disadvantages
- Single point of failure for network traffic
- Single point of compromise if the UTM has vulnerabilities
- Potential impact on latency and bandwidth when the UTM cannot keep up with the traffic
Role of user identity
Identity-based UTM appliances are the next-generation security solutions offering comprehensive protection against emerging blended threats. While simple UTMs identify only IP addresses in the network, identity-based UTMs provide discrete identity information of each user in the network along with network log data. They allow creation of identity-based network access policies for individual users, delivering complete visibility and control on the network activities. The identity-based feature of such UTMs runs across the entire feature set, enabling enterprises to identify patterns of behavior by specific users or groups that can signify misuse, unauthorized intrusions, or malicious attacks from inside or outside the enterprise.The strength of UTM technology is that it is designed to offer comprehensive security while keeping security an easy-to-manage affair. Enterprises get complete network information in hand to take proactive action against network threats in case of inappropriate or suspicious user behavior in the network. As identity-based UTMs do not depend on IP
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
addresses, they provide comprehensive protection even in dynamic IP environments such as DHCP and WI-Fi and especially in a scenario where multiple users share the same computer.
Regulatory compliance
One salient feature of UTM appliances is that they provide best-of-the-breed security technology that can handle the increasingly regulatory environment across the world.Regulatory compliances like HIPAA
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 was enacted by the U.S. Congress and signed by President Bill Clinton in 1996. It was originally sponsored by Sen. Edward Kennedy and Sen. Nancy Kassebaum . Title I of HIPAA protects health insurance coverage for workers and their...
, GLBA, PCI-DSS, FISMA
Federal Information Security Management Act of 2002
The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 . The act recognized the importance of information security to the economic and national security interests of the United States...
, CIPA
Children's Internet Protection Act
The Children's Internet Protection Act requires that K-12 schools and libraries in the United States use Internet filters and implement other measures to protect children from harmful online content as a condition for the receipt of certain federal funding...
, SOX, NERC, FFIEC
Federal Financial Institutions Examination Council
The Federal Financial Institutions Examination Council, or FFIEC, is a formal interagency body of the United States government empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal...
require access controls and auditing that meet control data leakage. UTMs that provide identity-based security give visibility into user activity while enabling policy creation based on the user identity, meeting the requirements of regulatory compliances.
Identity-based UTMs deliver identity-based reports on individual users in the network. This offers short audit and reporting cycles and facilitate the meeting of regulatory compliance requirements in enterprises.
See also
- Identity driven networkingIdentity Driven NetworkingIdentity Driven Networking is the process of applying network controls to a network device access based on the identity of an individual or group of individuals responsible to or operating the device...
- Role-based access controlRole-Based Access ControlIn computer systems security, role-based access control is an approach to restricting system access to authorized users. It is used by the majority of enterprises with more than 500 employees, and can be implemented via mandatory access control or discretionary access control...
- Content-control softwareContent-control softwareContent-control software, also known as censorware or web filtering software, is a term for software designed and optimized for controlling what content is permitted to a reader, especially when it is used to restrict material delivered over the Web...
- Quality of serviceQuality of serviceThe quality of service refers to several related aspects of telephony and computer networks that allow the transport of traffic with special requirements...
- Single sign-onSingle sign-onSingle sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them...
- Extensible Threat Management (XTM)Extensible Threat Management (XTM)Extensible Threat Management is the next generation of Unified Threat Management , integrated network security appliances.As stated by IDC industry analyst Charles Kolodgy, in , Kolodgy reports,...
- List of UTM Devices
External links
- List of UTM Software and Vendors, Mosaic Security Research