This article takes a look at the advantages and disadvantages of enterprise network security solutions that offer unified threat management, along with key capabilities and features of UTM appliances.
The Information Security (IS) space has changed a lot over the last decade. Once upon a time, network security appliances were mainly deployed as point products, focused on controlling a single threat; for example, an Intrusion Detection System (IDS), virus scanner, or spam checker. While these products were very capable and did their job well, organizations required a number of different appliances to protect against multiple network threats.
The solution to running multiple devices side by side to protect against individual threats came in the Unified Threat Management (UTM) appliance, which could handle multiple types of network security scenarios.
UTM Advantages and Disadvantages
The idea and implementation of UTM has been around for about a decade as a solution to the problem of implementing multiple point product appliances. With UTM implementation came a number of advantages and disadvantages:
UTM advantages:
Less hardware -- the ability to have a single (or a very small number) UTM appliance instead of having to purchase, deploy and manage a number different products.
Lower operational expense -- the ability to have a smaller group of subject matter experts (SMEs) dedicated in their knowledge of the single UTM appliance, instead of maintaining high operational expense with multiple SMEs for managing multiple devices.
Simplified management -- the ability to have a simple, unified interface (single plane of glass) to manage the threats as they are found, instead of having to switch to different management interfaces for each type of threat.
Simplified patch management -- you're patching one appliance instead of multiple ones.
Simplified licensing -- growth-based licensing becomes simpler with a single device type.
UTM disadvantages:
Lower performance -- the performance of the first UTM appliances were not in step with the abilities of their point product replacements; this has improved significantly in the past few years.
Single point of failure.
Vendor lock-in.
Difficult to scale in large environments.
Limited feature set compared to point product alternatives.
What Does Today's UTM Offer?
Following Moore's Law, the processing ability of a single unified appliance was able to catch up with their point product competitors over the decade, making the unified approach much more appealing to enterprises.
The question of what UTM is today and what it has to offer, although seemingly simple, requires a rather complex answer. The main reason for this is that there is no single definition that is used for UTM. This has become more complex over the last year or so with the introduction of Next Generation Firewall (NGFW) products, some of which offer, more or less, the same capabilities that UTM solutions offer.
The general consensus seems to be that the term UTM and NGFW are referring to the same broad range of network security devices with the basic goal of offering multiple point product capabilities in a single appliance.
Research firm Gartner defines UTM as a product that offers:
Standard network firewall functions;
Remote access and site-to-site Virtual Private Network (VPN) support;
Web Access Gateway (WAG) functionality with anti-malware, URL and content filtering;
Network Intrusion Protection System (NIPS) focused on blocking attacks against PCs and servers.
Fortinet, one of the leaders in the UTM space, defines UTM as a device that offers the following essential network security functions:
A Stateful firewall;
VPN Support;
NIPS;
Application control;
WAG support;
Advanced threat protection (targeted threat protection);
Integrated wireless LAN controller.
As you can see from these two definitions, there is a wide difference between what one company may consider a UTM solution over another. One thing yo might notice is that UTM is commonly categorizes as an small to medium sized business (SMB) solution. This is mostly due to UTM's inability to scale in large environments. However, with hardware acceleration many new UTM products on the market are able to mitigate latency and resiliency issues and able to handle larger amounts of content inspection.
Key Features & Capabilities
Expanding on the list of common UTM features and capabilities, here are some key features and capabilities that you can expect from today's UTM solutions.
The standard and Next-Generation Network Firewall (NGFS) functions include:
The ability to track and maintain state information for communications to determine the source and purpose of network communications.
The ability to allow or block traffic based on configured policy (which can be integrated with the state information).
The ability to perform Network Address Translation (NAT) and Port Address Translation(PAT).
The ability to perform application aware network traffic scanning, tracking and control.
The ability to optimize a network connection (i.e. using TCP optimization).
Remote Access and Site-to-Site VPN functions include:
The ability to connect multiple sites securely using a VPN (i.e. IPsec, SSL).
The ability to have clients connect from remote locations securely using VPN (i.e. Clientless SSL, IPsec and SSL client).
The ability to connect to the device from a remote location for the purposes of management (i.e. HTTPS, SSH).
Web Access Gateway functions include:
The ability to perform URL filtering.
The ability to perform web application monitoring and control.
The ability to perform web Application Firewall (WAF) functions.
The ability to perform antivirus and anti-malware scanning.
The ability to perform HTTPS scanning (decode).
Network Intrusion Protection System (NIPS) is tasked with detecting network attack traffic and offers the ability to alter the action taken on the traffic based on policy. A NIPS component offers a number of different options for detecting attacks, including:
The ability to detect based on signature.
The ability to detect based on anomalous activity.
The ability to detect based on behavioral analysis.
Finding the Right Network Security Solution for Your Business
Although the definition of a Unified Threat Management (UTM) solution is rather subjective, there are some common features and capabilities that a modern UTM should be able to offer. Generally, vendors use the UTM term to refer to SMB-level products, but this is not an absolute and does not apply to all vendors, including today's UTM market leaders. The network security space is evolving rapidly and the UTM solutions are becoming more powerful and enterprise-ready.
When looking for an enterprise network security solution, it is best to first determine if you want to go with a unified appliance, an NGFW solution, or a combination of different security devices to mitigate the growing number of security threats. As with most device niches, the decision will also come down to not only the function of the device, but also the cost.
On the following pages, we introduce you to several leading UTM vendors and their products. The vendors we include all offer good support, regular cloud-based signature and engine updates, and features and capabilities discussed above.
No comments:
Post a Comment