The minimum requirement for a unified threat management system (UTM), is a firewall, VPN, antivirus and intrusion detection/prevention. UTMs have, however, evolved from this to incorporate additional capabilities which can include URL filtering, spam blocking and spyware protection, as well as centralised management, monitoring, and logging capabilities.
UTMs have been growing in popularity for the last few years and many people are now wondering whether individual point security solutions or a UTM, which incorporates several solutions, is the best answer.
The solutions provided by two major suppliers give an idea of what’s on offer. WatchGuard’s SOHO Edge series of UTMs, for example, combines stateful firewall, VPN, zero day protection, anti-virus, anti-spyware, anti-spam, intrusion prevention, and URL filtering.
Check Point’s UTM-1 appliance for the mid-market is very comprehensive providing a firewall, intrusion prevention, anti-virus, anti-spyware, VoIP security, web application firewall, instant messaging (IM) and peer-to-peer (P2P) blocking, and web filtering.
UTMs were designed to provide a range of security solutions in a single appliance, reducing costs and simplifying the whole process of security systems management and installation.
While the widest deployment of UTMs has been in SMEs, larger companies are also using them, as they too have begun to appreciate the benefits of less expenditure and easier centralised administration. Large companies are typically using UTMs to centrally secure branch and remote offices; or alongside their existing gateway firewall for the additional UTM functionality.
Cost is a key issue in the growth of UTMs, with common thought being that a UTM device can cost less than a quarter of the price of equivalent point solutions. UTMs’ significant cost savings come from lower pricing than buying and implementing the components separately, simplified and reduced installation, plus fewer ongoing management costs such as training, maintenance and upgrades. And of course, UTMs have only one dedicated platform to support.
Management is an important issue. For smaller companies with limited or no specialised knowledge of IT security, UTMs provide an easy way to manage the growing number of security threats.
Larger organisations using point solutions are often unable to scale the solutions to the number of sites they have, because of cost, installation, management and ongoing support issues. This can lead to organisations deploying reduced security and inferior policies at remote locations. UTMs can enable them to overcome these problems.
A stated disadvantage of UTMs is that they have a single point of failure with all security systems potentially down at the same time. This is typically dealt with by using high availability.
For any company looking at UTMs, it is essential to define requirements and thoroughly research the market, but going for an established name with a proven record in firewall security is a good way of establishing a shortlist. Bear in mind that there is no legal definition of a UTM and that there are significant variations between UTM appliances, both at the top and bottom of the market. The variations are on price, functionality, performance, scalability and most importantly security.
If you’re buying a UTM appliance you’ll typically be looking for three or more years’ life out of the device, so you’ll need considerable room for growth or an appliance that is licence upgradeable for both performance and function. Companies such as WatchGuard, Check Point and Nortel provide this kind of product. You’ll also need a firewall that has deep packet inspection as a minimum, not just stateful inspection.
Other key factors to consider with UTMs are future proofing and performance issues. Some UTMs have the ability to start out with just the functions required and then add additional functions, as the need arises.
Performance is another key element. Many UTMs aren’t designed for all the functions to work together, so performance can rapidly decline when all functions are switched on. This is often not apparent from the throughput statistics as the majority of published performance statistics are with most of the functions switched off!
In addition, as loads continue to rise over time (who’d have thought only two years ago that 10MB attachments can be fairly commonplace today) any purchase needs to either have significant additional capacity, or the ability to upgrade the box in the rack (i.e. licence upgradeability)
As different threats continue to emerge, UTM vendors are likely to add increased functionality to their products. As they do, it’s likely that more companies will want to use UTMs to simplify the process of securing themselves against the growing number and diversity of security challenges.