In recent years, malicious threats have evolved to become more advanced at avoiding detection by traditional firewalls and anti-virus solutions. In order to combat these evolving threats, internet and network security has also evolved from single scanning solutions. Organisations now take a layered approach to securing their networks, combining firewall, anti-virus and other security features. This is where Unified Threat Management (UTM) appliances come in to simplify this task. A UTM appliance may look like a traditional hardware firewall, but is actually an efficient security tool that combines multiple security systems into a single platform. It saves you from having to integrate complex solutions from multiple vendors.
Common features on most UTM appliances include:
- Network/Proxy firewall
- Intrusion detection/prevention
- Gateway anti-virus
- Deep packet inspection
- Web proxy and content filtering
- Data loss prevention (DLP)
- Security information and event management (SIEM)
- Virtual private network (VPN)
This all-in-one approach simplifies installation, configuration and maintenance. This makes UTM appliances very popular among network and security administrators – especially price conscious SMB-based users. It saves the need to purchase an anti-spam appliance, URL filtering software, firewall, IPS appliance, etc. SMB users can just opt for an all-in-one solution with an UTM appliance, while gaining enterprise level protection at a significant cost saving.
The big advantage of the all-in-one approach is simplification. It simplifies installation, configuration and maintenance for security administrators. Security admins only need to access a single tool that allows them to manage various devices, rather than juggling multiple products from different vendors. This setup saves time, money and people when compared to the management of multiple security systems. Dangers and threats can be identified quickly and more efficiently due to transparency between the security modules.
Cost savings is another big factor for deploying an UTM appliance, as there are fewer devices to buy and software to licence. Costs can also be saved due to fewer specialised staff required to maintain the network.
Group policies can be deployed from a central management console. This allows uniform changes to be applied across the network / security modules, accurately and efficiently.
Finally, some common UTM features are not supported by other stand-alone solutions – allowing for a more secure network.
Although there are many advantages of using an UTM, there are also a few disadvantages.
Combining every security component together into one appliance allows system administrators to manage everything in one dashboard. It also presents a potential single point of failure, allowing a network to be completely exposed if the UTM appliance fails. This can be averted through redundancy, by deploying a high availability configuration, but will increase setup and running costs.
Components within an UTM appliance may not have settings as granular, or rules as powerful as dedicated appliances. There is also the possibility of degraded performance when the UTM appliance handles a large of number of applications / clients with many UTM features enabled. Compared to a dedicated appliance, the performance hit may not be as noticeable.
The final risk that needs to be assessed when deploying an UTM appliance, is to have your network’s security dependent on one vendor. Vendor diversity is considered best practice for network security, as many vendors use the same malware detection algorithms across their product set. If something gets missed by one vendor’s product, there’s a chance that it’ll get missed by other products from that vendor also. If you used vendor A for UTM and vendor B on product endpoints, there’s a lower chance of missing a specific piece of malware. Each vendor runs different detection algorithms.
Despite these drawbacks, UTM appliances have quickly gained popularity and are now considered the modern approach to network security. An UTM consolidates many security solutions into one platform that makes it easy to deploy and maintain, at a lower cost than buying each solution individually.
If you are considering an UTM appliance, have a look at the offerings from WatchGuard.
WatchGuard are known for easy-to-deploy and easy-to-manage solutions, with a product set comprising of 3 categories – network security, WiFi and MFA. They aim to make enterprise-grade security technologies accessible for every company. Their products are an ideal fit for small to medium-sized businesses.