Unified threat management

Last updated

Unified threat management (UTM) is an approach to information security where a single hardware or software installation provides multiple security functions. This contrasts with the traditional method of having point solutions for each security function. [1] UTM simplifies information-security management by providing a single management and reporting point for the security administrator rather than managing multiple products from different vendors. [2] [3] UTM appliances have been gaining popularity since 2009, partly because the all-in-one approach simplifies installation, configuration and maintenance. [4] Such a setup saves time, money and people when compared to the management of multiple security systems. Instead of having several single-function appliances, all needing individual familiarity, attention and support, network administrators can centrally administer their security defenses from one computer. Some of the prominent UTM brands are Cisco, Fortinet, Sophos, Netgear, FortiGate, Huawei, WiJungle, SonicWall and Check Point. [5] UTMs are now typically called next-generation firewalls.

Contents

Features

UTMs at the minimum should have some converged security features like

Some of the other features commonly found in UTMs are:

Disadvantages

Although an UTM offers ease of management from a single device, it also introduces a single point of failure within the IT infrastructure. Additionally, the approach of a UTM may go against one of the basic information assurance / security approaches of defense in depth, as a UTM would replace multiple security products, and compromise at the UTM layer will break the entire defense-in-depth approach. [6]

Related Research Articles

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The application firewall can control communications up to the application layer of the OSI model, which is the highest operating layer, and where it gets its name. The two primary categories of application firewalls are network-based and host-based.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

Fortinet is an American multinational corporation headquartered in Sunnyvale, California. It develops and sells cybersecurity solutions, including but not limited to physical products such as firewalls, plus software and services such as anti-virus protection, intrusion prevention systems and endpoint security components.

Check Point Israeli security company

Check Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.

A security appliance is any form of server appliance that is designed to protect computer networks from unwanted traffic.

Sourcefire

Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013.

A virtual security appliance is a computer appliance that runs inside virtual environments. It is called an appliance because it is pre-packaged with a hardened operating system and a security application and runs on a virtualized hardware. The hardware is virtualized using hypervisor technology delivered by companies such as VMware, Citrix and Microsoft. The security application may vary depending on the particular network security vendor. Some vendors such as Reflex Systems have chosen to deliver Intrusion Prevention technology as a Virtualized Appliance, or as a multifunctional server vulnerability shield delivered by Blue Lane. The type of security technology is irrelevant when it comes to the definition of a Virtual Security Appliance and is more relevant when it comes to the performance levels achieved when deploying various types of security as a virtual security appliance. Other issues include visibility into the hypervisor and the virtual network that runs inside.

TriGeo Network Security

TriGeo Network Security is a United States-based provider of security information and event management (SIEM) technology. The company helps midmarket organizations proactively protect networks and data from internal and external threats, with a SIEM appliance that provides real-time log management and automated network defense - from the perimeter to the endpoint.

In computing, managed security services (MSS) are network security services that have been outsourced to a service provider. A company providing such a service is a managed security service provider (MSSP) The roots of MSSPs are in the Internet Service Providers (ISPs) in the mid to late 1990s. Initially ISP(s) would sell customers a firewall appliance, as customer premises equipment (CPE), and for an additional fee would manage the customer-owned firewall over a dial-up connection.

eSoft was a Colorado-based company, that ceased operations in December 2013 and specializing in integrated security solutions including secure content management and unified threat management appliances. Privately held eSoft, based in the foothills of Broomfield, Colorado, has developed the award-winning InstaGate and ThreatWall security appliances, as well as modular software bundles called ThreatPaks that provide Email and Web security.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

Information security operations center Facility where enterprise information systems are monitored, assessed, and defended

An information security operations center is a facility where enterprise information systems are monitored, assessed, and defended.

Messaging Security is a program that provides protection for companies' messaging infrastructure. The programs includes IP reputation-based anti-spam, pattern-based anti-spam, administrator defined block/allow lists, mail antivirus, zero-hour malware detection and email intrusion prevention.

Cyberoam Computer security company

Cyberoam Technologies, a Sophos subsidiary, is a global network security appliances provider, with presence in more than 125 countries.

A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration.

Endian Firewall

Endian Firewall is an open-source router, firewall and gateway security Linux distribution developed by the South Tyrolean company Endian. The product is available as either free software, commercial software with guaranteed support services, or as a hardware appliance.

Data center security is the set of policies, precautions and practices adopted to avoid unauthorized access and manipulation of a data center's resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

WatchGuard, formally known as WatchGuard Technologies, Inc is a Seattle, Washington-based network security vendor. Its products are designed to protect computer networks from outside threats such as malware and ransomware.

Secure Access Service Edge (SASE) is a term coined by analyst firm Gartner, SASE simplifies wide-area networking (WAN) and security by delivering both as a cloud service directly to the source of connection rather than the enterprise data center. Security is based around identity, real-time context and enterprise security and compliance policies. An identity may be attached to anything from a person/user to a device, branch office, cloud service, application, IoT system, or an edge computing location.

References

  1. "Unified Threat Management". Gartner. Archived from the original on 13 Jul 2017. Retrieved 11 December 2017.
  2. "Unified threat management devices". Techtarget. Wayback Machine. Archived from the original on 11 December 2017. Retrieved 11 December 2017.
  3. "UTM and Firewall Growth Drive the Worldwide Security Appliance Market Expansion in Q2 2017". Business Wire. Wayback Machine. Archived from the original on 11 December 2017. Retrieved 11 December 2017.
  4. "What are common (and uncommon) unified threat management features?". SearchMidmarketSecurity. Retrieved 2019-04-04.
  5. "10 Top Unified Threat Management Vendors". web.archive.org. 2019-07-23. Retrieved 2019-07-23.
  6. Todd McGuiness. "Defense in Depth". sans.org. Archived from the original on 22 Dec 2017. Retrieved 22 December 2017.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.