Advertisment

Unified Threat Management

author-image
PCQ Bureau
New Update

Organizations constantly have to cope with rising security threats with each

passing day. There are so many different types of security threats that it's a

challenge just to keep track of them. To combat this situation, the market

reacted by introducing a wide array of security products. So much so that

there's a product available for every type of security threat. At the first

level are the broad range of security products for combating viruses, spam, web

content and hacking. At the micro level, there are security products for various

different channels and applications. So apart from security threats,

organizations have to also worry about choosing the right mix of security

products. As if that was not enough, they also have to manage so many different

devices, ensure they're always up and running, constantly updated, etc. This is

as big a challenge as combatiing the security threats themselves. That's where

the concept of Unified Threat Management, or UTM comes into picture.

Advertisment

A UTM is a single device that provides protection against multiple security

threats be it viruses, spam, network and host intrusions, etc. It's available as

a hardware appliance, which can simply be plugged into the network and

configured. Their simplicty and speed of deployment has made them extremely

popular amongst organizations.

The story so far:
  • Software UTMs started gaining momentum.
  • Lots of Open Source UTMs became available

    apart from the commercial appliances.
  • UTMs became embedded in desktops and

    laptops.
  • UTMs for home users have also become



    available.

Types of UTMs



There are several different types of UTMs, which vary depending upon where

they have to be placed on the network and how many security threats they need to

combat. There are the all-in-on types of UTMs that can be placed at the first

level itself to provide protection against everything. There are also some that

are more suited as a second line of defense. These devices are equipped with a

single utility such as only anti-spam, anti-virus or IDP.

Advertisment

There are some UTMs in the market that have lesser definitions of viruses and

spam, and contain definitions of only those viruses which are active for an year

or two. Such devices are good as a second layer of defense as they provide a

very high degree of performance.

There are a number of free UTMs such as Endian and Untangle available which

you can download from the Internet. These are complete OS and need to be

installed on a system, as discussed earlier. These are free of cost and have

almost all the tools required. But you have to configure it yourself and there's

no support provided. But if you are looking for support then you can get that at

a reasonable fee. However, if you're looking for deploying security in remote

offices then Open Source UTMs can be a good choice, but only if you have the

in-house technical support. These UTMs can be managed remotely from a central

office through a Web based browser management console or using VPN. There are

hardware appliances available but you can also find software hybrid appliances

too. They comprise of a software or a complete OS which can be installed on a

system and then placed on the gateway for protection; similar to the manner in

which hardware UTMs are installed. The system that is used to deploy such kind

of security layers should meet minimum software requirements of the

organization.

A Unified Threat Management

device securing your network at the gateway level in a typical enterprise

setup
Advertisment

A word on security threats



The types of security threats have also matured and are becoming more

dangerous. One kind of an attack involves plain monitoring of the network, and

no damage is done to the software nor is any information stolen. The second and

more dangerous types of attacks are done with a malicious intent of stealing

sensitive information or damaging software.

Unfortunately, the trend is moving towards the second types of attacks. There

are many studies that indicate that in the future, most of the security attacks

will be done with a malicious intent.

TMs go beyond security



While the prime objective of a UTM appliance is to provide protection

against security threats, that's not the only function it can perform. Apart

from security, you can also configure UTM devices for bandwidth management,

defining policies for a group or individual, etc.

Advertisment

New technology in UTMs



The number of security threats are only going to increase with time. So much

so that there will be instances where a single UTM won't be able to handle the

volumes coming from so differnet types of security threats. In essence what's

needed then are dedicated appliances for different security threats, but with

the condition that they shouldn't bring back the difficulties faced with

managing them, which was the case earlier with multiple security devices. So one

thing being worked upon is to have rack mountable blades, wherein each blade is

dedicated for different jobs. For example, if one is for spam then the other

will be for IDS/IPS and so on. The good thing is that all these can be

controlled and managed from a single console. Another thing that has been

developed but needs improvement is 'Zero Day' protection. Zero Day protection

helps tackle Zero Day attacks, which involve exposing undisclosed and unpatched

application vulnerabilities or holes to the outside world.

The pros and cons of UTMs



The best use for UTMs is at the branch office level where you don't have

dedicated manpower to manage security. It could also be used at the head office

for handling specific security threat. The other benefit of a UTM is that since

it's a dedicated security device, it can handle a high number of transactions.

However there are a few things to watch out for in UTMs as well. For instance,

while they're easy to install, what do you do if there's a problem? If it goes

down, then you're essentially vulnerable to multiple security threats, and need

support at the earliest. In such a case, you're at the mercy of how quickly can

the vendor rectify the problem or provide you a backup UTM.



Future of UTMs
PUSH technology: With the

help of this new technology updates from the vendor can be pushed to the UTM

device, within a particular time frame. Presently, a UTM has to pull

upgrades from a central repository which is a disadvantage as the UTM might

miss out on crucial time since a patch has been released. So, this

technology helps maintain currency.



Stronger UTMs:
As newer threats emerge, performance of UTMs also needs

to stay on par. Packets with larger size need to be scanned within seconds.

Moreover, IDS/IPS will become more efficient and better equipped.

VoIP traffic: Apart from HTTP and FTP

traffic, VoIP traffic could also be routed through UTMs. Security has been

incorporated for the popular SIP protocol.

What to expect in future



As attacks increase and become more intense, more and more security

appliances will come up with new features and functionality. Now there are some

dedicated appliances which are specially designed to block spyware and Trojans

but also have anti-virus and anti-spam functionality. These devices are very

good as a second line of defense as they can be placed behind the firewall. In

the coming year expect a security appliance with a far higher performance, one

that will provide better security and 100% protection from Zero Day attacks.

Also one can expect UTMs to go personal and be available as software which can

be installed on your system.

Advertisment