Unified threat management

From Wikipedia, the free encyclopedia

  (Redirected from Unified Threat Management)
Jump to: navigation, search
 This article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can. (May 2009)
This article's tone or style may not be appropriate for Wikipedia. Specific concerns may be found on the talk page. See Wikipedia's guide to writing better articles for suggestions. (June 2009)

Unified Threat Management (UTM) is a comprehensive solution that has recently emerged in the network security industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations.[1] In theory, it is the evolution of the traditional firewall into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing and on-appliance reporting.

The worldwide UTM market was approximately worth $1.2 billion in 2007, with a forecast of 35-40% compounded annual growth rate through 2011. Some of the leading UTM vendors include Juniper, Fortinet, SonicWall, Cyberoam, Untangle and Astaro. The primary market of UTM providers is the SMB and Enterprise segment, although a few providers are now providing UTM solutions for small offices/remote offices.[2]

Contents

[edit] Etymology

UTM appliances

The term UTM was originally coined by IDC, a leading market research firm. The advantages of unified security lies in the fact that rather than administering multiple systems that individually handle anti virus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.

[edit] Brief history

UTM solutions emerged out of the need to stem the increasing number of attacks on corporate information systems via hacking, viruses, worms - mostly an outcome of blended threats and insider threats. Also, newer attack techniques target the user as the weakest link in an enterprise, the repercussions of which are far more serious than imagined.

Data security and unauthorized employee access have become major business concerns for enterprises today. This is because malicious intent and the resultant loss of confidential data can lead to huge financial losses as well as corresponding legal liabilities. It needs to be mentioned that enterprises have only now began to recognize the fact that user ignorance can lead to vital security being compromised out of their internal networks.[3]

The main advantages of UTM solutions are simplicity, streamlined installation and use, and the ability to update all the security functions or programs concurrently.[4] So, not only are they a cost-effective purchase, but day-to-day network running costs are also considerably lowered. Such a great degree of functionality provided by a UTM appliance is held as the justification for the replacement of older, more basic Firewalls in favor of a Unified Threat Management firewall appliance that does it all.

The ultimate goal of a UTM is to provide a comprehensive set of security features in a single product and managed through a single console. Integrated security solutions evolved as a logical way to tackle the increasingly complex blended internet threats impacting organizations.[5]

[edit] Transition from point to integrated security solutions

Traditional point solutions, which were installed to solve major threat and productivity issues, are difficult to deploy, manage and update, which increases operational complexities and overhead costs.[6] Instead, organizations of today demand an integrated approach to network security and productivity that combines the management of traditionally disparate point technologies.

All these disadvantages can lead to situations where organizations deploy reduced security and inferior policies at remote locations. UTMs can help overcome these problems. In summary, the fast-paced transition from point to integrated security appliances is largely due to the cost-effectiveness and ease of manageability of UTM devices.

[edit] How UTM secures the network

A single UTM appliance makes it very easy to manage a company's security strategy, with just one device to worry about, one source of support and a single way to maintain every aspect of your security solution. The UTM can prove to be more effective a solution as its strength lies in the bundle of solutions which are integrated and designed to work together. Also from one single centralized console, all the security solutions can be monitored and configured. Thus it tweaks the solutions to perfection.

In this context, UTMs represent all-in-one security appliances that carry firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, bandwidth management and centralized reporting as basic features. The UTM is thus, a highly integrated quiver of security solutions, working in tandem that systematically provides network security to organizations. As there is a customized OS holding all these security features at one place, they tend to work in unison, providing a very high throughput. The UTM can prove highly effective because its strength lies in the bundle of solutions which are integrated and designed to work together without treading on each other’s toes.[1]

[edit] Unique attractions of UTM

Enterprises have been fed a constant diet of increasingly inadequate security technologies to solve their security problems. With increasing threats clearly looming over their networks and their business, they don’t want another box to solve their problems. Their needs are about leverage, simplicity and integrated management capabilities. Standalone solutions such as AV, AS, Firewall fail to protect against such threats. Enterprises are not only under pressure from cybercrime and insider abuse, but are facing increasing and evolving compliance demands - highlighting the importance of establishing effective and measurable security.

Reduced complexity, through Single security solution, Single Vendor, avoidance of multiple software installation and maintenance, Plug & Play architecture, Web-based GUI for easy management are some of the major reasons why many organizations, both big and small are fast switching to smart, UTM solutions. This, coupled with Zero-hour protection without comprising on performance translates into high ROI for customers who deploy UTMs.

For enterprises with remote networks or distantly located offices, UTMs are the only means to provide centralized security with complete control over their globally distributed networks. Enterprises, thus get zero-hour protection at branch offices against security attacks despite the lack of technical resources at these locations.[1]

[edit] Key advantages [7]

  1. Reduced complexity: Single security solution. Single Vendor. Single AMC
  2. Simplicity: Avoidance of multiple software installation and maintenance
  3. Easy Management: Plug & Play Architecture, Web-based GUI for easy management
  4. Performance: Zero-hour protection without degrading the network performance
  5. Troubleshooting: Single point of contact – 24 x 7 vendor support
  6. Reduced technical training requirements, one product to learn.
  7. Regulatory compliance

[edit] Role of user identity

Identity-based UTM appliances are the next-generation security solutions offering comprehensive protection against emerging blended threats. While simple UTMs identify only IP addresses in the network, identity-based UTMs provide discrete identity information of each user in the network along with network log data. They allow creation of identity-based network access policies for individual users, delivering complete visibility and control on the network activities. The identity-based feature of such UTMs runs across the entire feature set, enabling enterprises to identify patterns of behavior by specific users or groups that can signify misuse, unauthorized intrusions, or malicious attacks from inside or outside the enterprise.[3]

The strength of UTM technology is that it is designed to offer comprehensive security while keeping security an easy-to-manage affair. Enterprises get complete network information in hand to take proactive action against network threats in case of inappropriate or suspicious user behavior in the network. As identity-based UTMs do not depend on IP addresses, they provide comprehensive protection even in dynamic IP environments such as DHCP and WI-Fi and especially in a scenario where multiple users share the same computer.[3]

[edit] Regulatory compliance

One salient feature of UTM appliances is that they provide best-of-the-breed security technology that can handle the increasingly regulatory environment across the world. Regulatory compliances like HIPAA, GLBA, PCI-DSS, FISMA, CIPA, SOX require access controls and auditing that meet control data leakage. UTMs that provide identity-based security give visibility into user activity while enabling policy creation based on the user identity, meeting the requirements of regulatory compliances.

Identity-based UTMs deliver identity-based reports on individual users in the network. This offers short audit and reporting cycles and facilitate the meeting of regulatory compliance requirements in enterprises.

[edit] Limitations of UTM

Notwithstanding the business advantages of UTM security over desktop security, there are a few limitations as well:

  • Costs: For small businesses, initial investment in a UTM solution proves much more expensive compared to standalone solutions. This can make UTM an unattractive purchase. [8]
  • Single Point of Failure: The biggest disadvantage of a UTM lies in the fact that in a complex array of security solutions, the failure of even a single solution can lead to the entire system being brought down. This can be remedied by using High Availability (HA) technology.[8]

[edit] References

  1. ^ a b c IDC. September 2007. Unified Threat Management Appliances and Identity-based Security: The Next Level in Network Security. IDC Go-to Market Services.
  2. ^ Firstbrook, Peter, Orans, Lawrence & Hallawell, Arabella. 4 June, 2007. Magic Quadrant for Secure Web Gateway, 2007. Gartner Inc. 1-28
  3. ^ a b c Mittal, Richa. Dec 19, 2008. Unified Threat Management and Identity-based Security. Knol Articles. http://knol.google.com/k/richa-mittal/unified-threat-management-and-identity/1jdphe4wksldn/5#. Accessed May 7, 2009
  4. ^ Author Unknown. 2009. Definitions –Unified Threat Management. Search Security (Tech Target). http://searchsecurity.techtarget.com/dictionary/definition/what-is-unified-threat-management.html. (accessed May 7, 2009)
  5. ^ Biztech. 2008. SMBs Driving the Indian UTM Market. Biztech India. http://tech2.in.com/biz/india/features/security/smbs-driving-the-indian-utm-market/19851/0 (accessed May 7, 2009)
  6. ^ Jacob, John, 2009. The Rise of Integrated Security Appliances. Channel Business. http://www.channelbusiness.in/index.php?Itemid=83&id=252&option=com_content&task=view. (Accessed May 6, 2009)http://www.channelbusiness.in/index.php?Itemid=83&id=252&option=com_content&task=view
  7. ^ http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci1275947,00.html
  8. ^ a b http://www.itsecurityportal.com/itsecurity_news.asp?articleid=26617&arttitle=Individual%20point%20security%20solutions%20vs%20unified%20threat%20management%20system

[edit] See also

Retrieved from "http://en.wikipedia.org/wiki/Unified_threat_management"
Personal tools