Unified Threat Management (UTM)
As networks face newer threats each day, many organizations are deploying security through UTM appliances.
To protect networks and information against increasingly sophisticated threats, many organizations are deploying security in layers. Some are finding that an efficient way to do this is by using unified threat management (UTM) appliances.
UTM systems have multiple features and capabilities, including intrusion detection and prevention, gateway antivirus, e-mail spam filtering and Web content filtering, as well as the traditional functions of a firewall, integrated into one product offering.
- Some vendors offer the option of purchasing UTM appliances for all of the various functions available or integrating just a few of the functions as needed. It’s a fast-growing market.
- Firewalls, which protect the perimeter of a network or different network segments by filtering network traffic. Firewalls may employ different levels of filtering, from relatively simple packet filtering in which decisions are made based on information available in a single packet, to stateful filters that use connection-level information, or application-level filters that take into account application-specific traffic patterns.
- Antivirus and anti-spyware systems that can detect binary patterns in files indicative of malicious software. Network-based antivirus and anti-spyware complement client-based anti-malware programs.
- Anti-spam filters, which detect and block unwanted, unsolicited email before it reaches email servers. Blocking spam on the network before it reaches the email infrastructure can significantly reduce the spam burden on email servers.
- Content filters block inappropriate content for business networks. For example, a content filter may block URLs to gambling, shopping, hate speech, or other content with no business purpose.
- Intrusion prevention systems (IPSs) monitor network traffic for distinctive patterns associated with attacks on servers or for traffic patterns well outside the norm for a particular network. In addition to detecting attacks, IPSs can take steps to shut down an attack without human intervention.
- Monitoring and reporting modules are another key element in UTM systems. These subsystems can provide broad information on the state of the network as reflected in the outputs of the countermeasures within the UTM system.
Vendors continue to add new features to the basic functionality of their products. Before looking into products on the market, determine the specific security needs of your organization. The same can be said for purchasing many types of IT security products, but it’s especially true with technologies such as UTM appliances, which combine a number of security functions into one system.
There are several dozen UTM products on the market, and they vary broadly in terms of features, capabilities and price. Not all organizations will need particular security features and capabilities. So we assist you in choosing the right set of solution for your environment.