Unified threat management
Unified threat management (UTM) or unified security management (USM), is a solution in the network security industry, and since 2004 it has become established as a primary network gateway defense solution for organizations. In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system: network firewalling, network intrusion detection/prevention (IDS/IPS), gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data loss prevention, and on-appliance reporting.
The worldwide UTM market was worth approximately $1.2 billion in 2007, with a forecast of 35–40% compounded annual growth rate through 2011. The primary market of UTM providers is small and medium-sized enterprises (SMEs), although a few providers are now providing UTM solutions for small offices/home offices.
The term UTM was originally coined by market research firm IDC. The advantages of unified security lie in the fact that, rather than administering multiple systems that individually handle antivirus, content filtering, intrusion prevention, and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.
UTM solutions emerged of the need to stem the increasing number of attacks on corporate information systems via hacking, viruses, and worms from blended and insider threats. Newer attack techniques target the user as the weakest link in an enterprise, with serious repercussions. Data security and the prevention unauthorized employee access has become a major business concern for enterprises today, because malicious intent and the resultant loss of confidential data can lead to huge financial losses as well as corresponding legal liabilities. Enterprises have only recently begun to recognize that user ignorance can lead to compromised network security.
The main advantage of an UTM solution is its ability to reduce complexity. Its main disadvantage is a single point of failure. The goal of a UTM is to provide a comprehensive set of security features in a single product managed through a single console. Integrated security solutions have become the logical way to tackle increasingly complex, blended Internet threats.
The UTM market has shown notable growth recently with a 20.1% increase in 2009 following up a 32.2% increase in 2008, according to consulting firm Frost & Sullivan.
Transition from point to integrated security solutions
Traditional point solutions, which were installed to solve major threat and productivity issues, are often difficult to deploy, manage, and update, which increases operational complexities and overhead costs. The traditional point solution approach led to disadvantages, such as the deployment of reduced security and inferior policies at remote locations. UTM's can help overcome such problems. Instead, organizations of today may rely on an integrated approach to network security and productivity that combines the management of traditionally disparate point technologies.
How UTM secures the network
A single UTM appliance simplifies management of an organization's security strategy, with just one device taking the place of multiple layers of hardware and software. As well, from a single centralized console, all security solutions may be configured and monitored. In this context, UTMs represent all-in-one security appliances that carry a variety of security capabilities. These include a network firewall, network intrusion detection/prevention (IDS/IPS), gateway antivirus (AV), gateway anti-spam, virtual private network (VPN), content filtering, load balancing, data loss prevention, misuse detection, and on-appliance reporting as basic features. The UTM will have a customized OS holding all security features in one place, often leading to better integration and throughput than a collection of disparate devices. For enterprises with remote networks or distantly located offices, UTMs are a means to provide centralized security with control over their globally distributed networks.
- Reduced complexity: Single solution. Single Vendor. Single AMC
- Simplicity: Avoidance of multiple software installation and maintenance
- Easy Management: Plug & Play Architecture, Web-based GUI for easy management
- Reduced technical training requirements, one product to learn.
- Regulatory compliance
- Single point of failure for network traffic, unless high availability is used
- Single point of compromise if the UTM has vulnerabilities
- Potential impact on latency and bandwidth when the UTM cannot keep up with the traffic
Role of user identity
Identity-based UTM appliances are the security solutions offering comprehensive protection against blended threats. While simple UTMs identify only IP addresses in the network, identity-based UTMs provide discrete identity information of each user in the network along with network log data. They allow creation of identity-based network access policies for individual users, delivering visibility and control on the network activities. The identity-based feature of such UTMs runs across the entire feature set, enabling enterprises to identify patterns of behavior by specific users or groups that can signify misuse, unauthorized intrusions, or malicious attacks from inside or outside the enterprise.
The strength of UTM technology is that it is designed to offer comprehensive security while being easy to manage. Enterprises get complete network information in hand to take proactive action against network threats in case of inappropriate or suspicious user behavior in the network. As identity-based UTMs do not depend on IP addresses, they provide comprehensive protection even in dynamic IP environments such as DHCP and Wi-Fi and especially in a scenario where multiple users share the same computer.
One feature of UTM appliances is that they provide security technology that can handle the increasingly regulatory environment across the world. Regulatory compliances like HIPAA, GLBA, PCI-DSS, FISMA, CIPA, SOX, NERC, FFIEC require access controls and auditing that meet control data leakage. UTMs that provide identity-based security give visibility into user activity while enabling policy creation based on the user identity, meeting the requirements of regulatory compliance. Identity-based UTMs deliver identity-based reports on individual users in the network. This offers short audit and reporting cycles and facilitate the meeting of regulatory compliance requirements in enterprises.
- Content-control software
- Identity-based security
- Identity driven networking
- Next-Generation Firewall
- Quality of service
- Role-based access control
- Single sign-on
- IDC. September 2007. Unified Threat Management Appliances and Identity-based Security: The Next Level in Network Security. IDC Go-to Market Services.
- Firstbrook, Peter, Orans, Lawrence & Hallawell, Arabella. 4 June 2007. Magic Quadrant for Secure Web Gateway, 2007. Gartner Inc. 1-28
- Mittal, Richa. Dec 19, 2008. Unified Threat Management and Identity-based Security. Knol Articles. https://web.archive.org/web/20090208112613/http://knol.google.com/k/richa-mittal/unified-threat-management-and-identity/1jdphe4wksldn/5. Accessed May 7, 2009
- Author Unknown. 2009. Definitions –Unified Threat Management. Search Security (Tech Target). http://searchsecurity.techtarget.com/dictionary/definition/what-is-unified-threat-management.html. (accessed May 7, 2009)
- Biztech. 2008. SMBs Driving the Indian UTM Market. Biztech India. http://tech2.in.com/biz/india/features/security/smbs-driving-the-indian-utm-market/19851/0 (accessed May 7, 2009)
- Jacob, John, 2009. The Rise of Integrated Security Appliances. Channel Business. http://www.channelbusiness.in/index.php?Itemid=83&id=252&option=com_content&task=view. (Accessed May 6, 2009)http://www.channelbusiness.in/index.php?Itemid=83&id=252&option=com_content&task=view
- List of UTM Software and Vendors, Mosaic Security Research