Network security products vary in use and protection. If you're looking at security options to protect your network, read this description of unified threat management (UTM) to learn
what UTM's advantages are compared to traditional security models.
The traditional network security model and associated limitations
The traditional network security model uses standalone devices for maintaining a secure network environment. These standalone network security products are generally deployed as software, running either on a PC or an appliance, and provide product-specific network security functions, like a firewall and VPN. While they do what they are designed for, they fail to provide the comprehensive security, network deployment flexibility and the performance necessary to combat today's ever increasing sophisticated cyber threats.
Standalone network security products introduce these significant challenges:
- Today's rapidly evolving cyber threats are more sophisticated and evade one or more standalone technologies. It's easier to target a standalone device that gives an attacker a clear passage to network.
- There is always a cost and complexity factor associated with managing and maintaining an increasingly distributed network with no clear perimeter. This not only creates a security gap but also adds burden to already-taxed resources.
- The performance and processing power required to provide complete content-level protection is difficult to achieve without purpose-built hardware.
What is unified threat management (UTM)?
Unified threat management is basically a firewall appliance that not only guards against intrusion but also performs content filtering, spam filtering, intrusion detection and antivirus duties traditionally handled by multiple systems. These devices are designed to combat all levels of malicious activity on the computer network.
An effective UTM solution delivers a network security platform that comprises robust and fully integrated security and networking functions such as network firewalling, intrusion detection and prevention systems (IDS/IPS) and gateway antivirus (AV) along with other features, such as security management and policy management by group or user. It is designed to protect against next-generation application layer threats and offers a centralized management through a single console, all without impairing the performance of the network.
Advantages of using an UTM
Simply put, the convenience and ease of installation are the key advantages of threat management security appliances. There is much less human intervention required to install and configure these appliances.
The advantages of UTM include the following:
- Reduced complexity: The integrated all-in-one approach not only simplifies product selection, but product integration and ongoing support as well.
- Ease of deployment: Since there is much less human intervention required, customers themselves or vendors can easily install and maintain these products.
- Integration capabilities: The appliances can easily be deployed at remote sites without the help of any security professional. In this scenario, a plug-and-play appliance can be installed and managed remotely. This kind of management is synergistic with large, centralized software-based firewalls.
- The black box approach: Users have a tendency to play with things, and the black box approach limits the "damage" users can do. This reduces trouble calls and improves network security.
- Troubleshooting ease: When a box fails, it is easier to swap it out than troubleshoot. This process gets the node back online quicker. A non-technical person can do it, which is especially important for remote offices without dedicated technical staff onsite.
Some of the leading UTM solution providers are Fortinet Inc., NetScreen (acquired by Juniper Networks Inc.), Symantec Corp., Citrix NetScaler, WatchGuard Technologies Inc. and Elitecore Technologies Ltd.
Puneet Mehta is a CISSP Security Architect at SDG Corp., an e-security and e-business software services and solutions firm headquartered in Connecticut. Special expert security areas for Puneet include internetworking technologies, network security, e-business infrastructure architecture and implementation, single sign-on strategies and solutions, PKI design/implementation and encryption technologies. Puneet holds several industry-leading certifications. Among them are MCP, MCPS, MCP+I, MCSE, CCNA, CLP, Certified Internet Security Specialist, OCP, BS7799-2:2002, CISSP, CEH, and CPTS.
Ask Puneet a network security question or view his Ask the Expert section on securing networks.
This was first published in October 2007