In recent years, single security strategies have become incapable of keeping companies completely protected against threats, causing them to require a multi-layered defense that integrates various technologies into one IT security strategy. Unified threat management (UTM) has emerged in response to this need and has developed into the default solution for many information technology integrators and managed services providers (MSPs).
Unified threat management is a simplified approach to security management that allows an administrator to monitor and manage a wide variety of security-related applications and infrastructure components on one, integrated platform. UTM consolidates a range of security features into a single appliance that is designed to protect users from a blend of sophisticated cyber threats. Typically, a UTM is an appliance that includes several security technologies – such as next-gen firewall, intrusion prevention system (IPS), antivirus, virtual private networking (VPN) and content filtering.
Today’s organizations can’t be too careful when it comes to IT and network security, especially when client data and regulatory compliance are at risk. Multiple layers of security are now required to keep attackers out and to secure sensitive data. At the same time, organizations continue to be challenged by managing security in-house, due to the heavy burden of day-to-day management requirements and rising costs. However, this is where partnering with a managed services provider is most beneficial. When MSPs include unified threat management in their technology stack, it provides clients with a comprehensive IT security solution. Also, UTM is highly compatible with most solutions and services MSPs already have in their portfolio.
Unified threat management is considered an all-in-one solution for network security, but when integrated with other managed services it allows MSPs to become a one-stop-shop for all their clients’ IT needs. Specifically, UTM can become most valuable when combined with remote monitoring and management (RMM), endpoint protection and backup and disaster recovery (BDR).
Since UTM solutions include features such as application control, intrusion detection and content filtering, pairing them with an RMM solution can provide more effective and higher-level network monitoring. RMM technology specializes in proactively staying ahead of issues, resolving them remotely and giving in depth insight into client servers and desktops. Unified threat management can further support an RMM solution by providing more sophisticated alerts for security incidents and 24x7x365 monitoring of an entire network, which allows for an unprecedented level of efficiency, communication and attention. Similarly, including endpoint protection with UTM and RMM adds an additional layer of security, further protecting your devices and networks from intrusion.
A BDR solution is another ideal counterpart to UTM because it acts as a safety net – ensuring you can roll back to a previous version should your files become encrypted or stolen. Pairing a BDR solution with a UTM device can fill in any gaps in the data protection and recovery process, while providing additional human resources to offer end-to-end monitoring and troubleshooting for backup failures.
Anti-Malware – Software that prevents, detects and eliminates malicious programs on computing devices and IT systems.
Antivirus – Software that prevents, scans for, detects and eliminates computer viruses and other malicious software.
Application Control – A security practice that blocks or restricts unauthorized applications from executing in ways that put data at risk. The control functions vary based on the business purpose of the specific application, but the main objective is to help ensure the privacy and security of data used by and transmitted between applications.
Bandwidth Management – The process of measuring and optimizing the communication and data being transferred over a network in order to control traffic and ensure that business-critical applications have the necessary resources.
Content Filtering – Also known as information filtering, it’s the use of a program to screen and exclude access or availability to Web pages or e-mail that is deemed objectionable.
Data Loss Prevention (DLP) – A strategy for ensuring that end-users or malicious applications do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end-users can transfer.
Endpoint Protection – A solution or process that secures and protects various endpoints from getting infected and prevents infections from spreading throughout a network; also known as endpoint security.
Firewall – A barrier that controls and protects information from spreading between networks.
Intrusion Detection System (IDS) – A device or software application that monitors a network or systems for malicious activity or policy violations and reports any detected activity to an administrator.
Intrusion Prevention System (IPS) – A network security appliance that monitors network and/or system activities for malicious activity.
Load Balancing – The even distribution of processing and communications activity across a computer network so that no single device is overwhelmed. Load balancing can be implemented with hardware, software or a combination of both.
Next-Generation Firewall (NGFW) – A hardware- or software-based network security system that can detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level.
Security Information and Event Management (SIEM) – An approach to security management that seeks to provide a holistic view of an organization’s IT security through the identification, analysis and recovery of security events.
Threat Monitoring – A type of solution or process dedicated to continuously monitoring across networks and/or endpoints for signs of security threats such as attempts at intrusions or data exfiltration.
Virtual Private Network (VPN) – A technology that creates an encrypted connection over a less secure network, providing safe online access and information protection.
Web Filter - A program that can screen an incoming Web page to determine whether some or all of it should not be displayed to the user by blocking objectionable content or material believed to decrease employee productivity.
Many organizations have turned to UTM solutions to avoid the expensive, labor-intensive approach of traditional firewalls supplemented with multiple standalone security technologies. As cyber threats evolve and new threats emerge, network security must change and adapt to protect against such threats. This adaptability can make UTM difficult to define because the technologies included can vary from vendor to vendor, however, nearly every unified threat management appliance includes these same core features:
Some more advanced features that are incorporated into specific UTM models include application control, bandwidth management, data loss prevention, identity-based access control, load balancing and more.
The primary function of UTM is to provide increased security, protection, visibility and control over network security while also reducing complexity. UTM solutions typically do so by employing different inspection methods to address various types of threats. These two methods include:
Flow-based inspection, also called stream-based inspection, which samples the data entering a UTM device and uses pattern matching to determine whether there is malicious content.
Proxy-based inspection, which reconstructs content entering a UTM device and performs a full inspection of the content, looking for possible security threats. If the content appears clean, then the device sends the content to the end-user. If a virus or other security problem is detected, the device removes the problematic content before sending the file, or web page, to the user.
UTM functions similarly to SIEM, which is another approach to security management that is able to gather, analyze and present information from network and security devices. The difference between these two approaches, however, is that SIEM tends to focus less on threat prevention and instead is used to log security data and generate reports for compliance purposes. Still, it is an IT security strategy that offers similar capabilities and functionalities as UTM.
Ultimately, UTM has become the modern approach to IT security because it allows for a consolidated management of security technologies that are essential to keeping today’s organizations secure and protected.
Unified threat management delivers a flexible, future-ready solution to meet the challenges of today’s networking environments. The promise of UTM lies in its simplicity and its ability to reduce costs by rolling the capabilities of several technologies into one. The most common alternative to UTM is to have multiple separate devices, each designed to perform one or more security functions. However, utilizing specialized appliances for specialized services adds complexity and cost, as each new technology means a new device to deploy, a new set of policies to configure, and a new management console to monitor. Therefore, today’s businesses are beginning to adopt solutions that include everything in one box. Below are a few pros and cons of unified threat management as compared with a traditional, multi-box solution.