Primer : UTM - joined up security

 

 

Analyst IDC coined the term unified threat management (UTM) to describe an appliance that integrates multiple security features into a single box. According to IDC’s classification, a UTM appliance must incorporate a firewall with VPN capabilities IPSec/SSL), an anti-virus gateway, an intrusion detection system (IDS) probe and an intrusion prevention system (IPS) engine. In addition, a UTM appliance can offer extra features including URL filtering, anti-spam and anti-spyware. UTM appliances are designed to provide all necessary functionality to protect the enterprise, but they can also be deployed in combination with other security appliances or used for a specialized purpose such as internal intrusion protection.

 

 

Security developers are in an arms race with malware writers and hackers, and the UTM appliance is designed to help companies deal with complex blended threats. The firewall is the first line of defense and prevents unauthorized accesses, controls network-to-network IP activity and protects enterprises against most types of threats. Firewalls, however, can’t protect enterprises against application-layer attacks and therefore need to be combined with other security components. The anti-virus gateway checks all incoming traffic, such as Web downloads or incoming mail attachments for any infected files. The intrusion detection and prevention system (IDS/IPS) inspects all inbound and outbound network traffic and identifies suspicious patterns that may indicate a network or system attack. It can also log specific events for forensic analysis, and if needed, raise alerts according to the implemented security policy. It will also block suspected malicious network activity.

 

 

According to the latest figures from analyst IDC published in November 2007, the UTM market was worth $967 million in 2006, with a year-on-year growth of 42%. IDC said that although unit revenues for standalone firewall/VPN appliances have been slow over the past few quarters, UTM appliances continue to see strong growth. The profile of the UTM user is also changing; IDC says that in the past the UTM appliance market was driven by small to mid-sized enterprises, but that from 2006, demand really started to pick up from large enterprises. IDC says that Fortinet was the number one vendor in this sub-market, with Cisco finishing in second place. It forecasts that by 2011, UTM will account for nearly 50% of the overall network security market.

 

 

UTM provides all the key security features needed to protect enterprises and offers a range of added benefits. According to analyst the Yankee Group, these include: improved reliability because of the interoperability of all the security components; simplified management because UTM is a single platform; streamlined functions, which makes them suitable for sites with few security specialists; and optimized processing, as all traffic goes through a single appliance. But perhaps most significantly, UTM drastically reduces the security total cost of ownership (TCO). The combined appliance allows businesses to have the same functionality as multiple point solutions at a lower cost and management overhead. UTM delivers a simple and centralized administration interface along with security events reporting. Its all-in-one approach helps coordinate multiple and complementary security components to build an effective riposte to complex blended threats.