Organizations constantly have to cope with rising security threats with each
passing day. There are so many different types of security threats that it's a
challenge just to keep track of them. To combat this situation, the market
reacted by introducing a wide array of security products. So much so that
there's a product available for every type of security threat. At the first
level are the broad range of security products for combating viruses, spam, web
content and hacking. At the micro level, there are security products for various
different channels and applications. So apart from security threats,
organizations have to also worry about choosing the right mix of security
products. As if that was not enough, they also have to manage so many different
devices, ensure they're always up and running, constantly updated, etc. This is
as big a challenge as combatiing the security threats themselves. That's where
the concept of Unified Threat Management, or UTM comes into picture.
A UTM is a single device that provides protection against multiple security
threats be it viruses, spam, network and host intrusions, etc. It's available as
a hardware appliance, which can simply be plugged into the network and
configured. Their simplicty and speed of deployment has made them extremely
popular amongst organizations.
The story so far: |
|
Types of UTMs
There are several different types of UTMs, which vary depending upon where
they have to be placed on the network and how many security threats they need to
combat. There are the all-in-on types of UTMs that can be placed at the first
level itself to provide protection against everything. There are also some that
are more suited as a second line of defense. These devices are equipped with a
single utility such as only anti-spam, anti-virus or IDP.
There are some UTMs in the market that have lesser definitions of viruses and
spam, and contain definitions of only those viruses which are active for an year
or two. Such devices are good as a second layer of defense as they provide a
very high degree of performance.
There are a number of free UTMs such as Endian and Untangle available which
you can download from the Internet. These are complete OS and need to be
installed on a system, as discussed earlier. These are free of cost and have
almost all the tools required. But you have to configure it yourself and there's
no support provided. But if you are looking for support then you can get that at
a reasonable fee. However, if you're looking for deploying security in remote
offices then Open Source UTMs can be a good choice, but only if you have the
in-house technical support. These UTMs can be managed remotely from a central
office through a Web based browser management console or using VPN. There are
hardware appliances available but you can also find software hybrid appliances
too. They comprise of a software or a complete OS which can be installed on a
system and then placed on the gateway for protection; similar to the manner in
which hardware UTMs are installed. The system that is used to deploy such kind
of security layers should meet minimum software requirements of the
organization.
A Unified Threat Management device securing your network at the gateway level in a typical enterprise setup |
A word on security threats
The types of security threats have also matured and are becoming more
dangerous. One kind of an attack involves plain monitoring of the network, and
no damage is done to the software nor is any information stolen. The second and
more dangerous types of attacks are done with a malicious intent of stealing
sensitive information or damaging software.
Unfortunately, the trend is moving towards the second types of attacks. There
are many studies that indicate that in the future, most of the security attacks
will be done with a malicious intent.
TMs go beyond security
While the prime objective of a UTM appliance is to provide protection
against security threats, that's not the only function it can perform. Apart
from security, you can also configure UTM devices for bandwidth management,
defining policies for a group or individual, etc.
New technology in UTMs
The number of security threats are only going to increase with time. So much
so that there will be instances where a single UTM won't be able to handle the
volumes coming from so differnet types of security threats. In essence what's
needed then are dedicated appliances for different security threats, but with
the condition that they shouldn't bring back the difficulties faced with
managing them, which was the case earlier with multiple security devices. So one
thing being worked upon is to have rack mountable blades, wherein each blade is
dedicated for different jobs. For example, if one is for spam then the other
will be for IDS/IPS and so on. The good thing is that all these can be
controlled and managed from a single console. Another thing that has been
developed but needs improvement is 'Zero Day' protection. Zero Day protection
helps tackle Zero Day attacks, which involve exposing undisclosed and unpatched
application vulnerabilities or holes to the outside world.
The pros and cons of UTMs
The best use for UTMs is at the branch office level where you don't have
dedicated manpower to manage security. It could also be used at the head office
for handling specific security threat. The other benefit of a UTM is that since
it's a dedicated security device, it can handle a high number of transactions.
However there are a few things to watch out for in UTMs as well. For instance,
while they're easy to install, what do you do if there's a problem? If it goes
down, then you're essentially vulnerable to multiple security threats, and need
support at the earliest. In such a case, you're at the mercy of how quickly can
the vendor rectify the problem or provide you a backup UTM.
Future of UTMs |
PUSH technology: With the help of this new technology updates from the vendor can be pushed to the UTM device, within a particular time frame. Presently, a UTM has to pull upgrades from a central repository which is a disadvantage as the UTM might miss out on crucial time since a patch has been released. So, this technology helps maintain currency.
VoIP traffic: Apart from HTTP and FTP |
What to expect in future
As attacks increase and become more intense, more and more security
appliances will come up with new features and functionality. Now there are some
dedicated appliances which are specially designed to block spyware and Trojans
but also have anti-virus and anti-spam functionality. These devices are very
good as a second line of defense as they can be placed behind the firewall. In
the coming year expect a security appliance with a far higher performance, one
that will provide better security and 100% protection from Zero Day attacks.
Also one can expect UTMs to go personal and be available as software which can
be installed on your system.