- July 24, 2017
- Posted by: keith
- Category: Blogs, Security
Expert Ed Tittel explains why unified threat management is the right holistic IT security approach for SMBs and how it can fit into the enterprise, as well.
With the number of network-connected devices increasing exponentially, threats to corporate networks and the data they contain pose an ever-increasing risk, as well. Attackers have proven their capability to find and exploit security holes, whether their target is perimeter defense measures, employees who receive phishing emails or the unsuspecting telecommuter without proper controls in place on a home computer.
Historically, organizations have used a patchwork collection of security devices, often from different vendors, to protect and defend their networks. Acquiring, configuring, managing and monitoring this assortment of devices takes considerable effort and expertise, which puts undue strain on the administrators and engineers tasked with the responsibility of network security.
Unified threat management (UTM) products are dedicated security systems with optimized hardware and software that can perform many security functions simultaneously, such as firewall, intrusion detection and prevention, antivirus, virtual private networking and more. The point of a UTM product is to provide layered, integrated protection all within a single appliance, which requires less administrative effort and generally comes at a lower cost.
Note: Cloud-based UTM servicesare also available, but haven’t yet been widely adopted by organizations. According to Gartner’s 2014 Magic Quadrant for Unified Threat Management, cloud-based UTM services are adopted in less than 5% of UTM implementations. Though UTM is edging toward the cloud, it hasn’t really made that jump just yet — no matter what vendors may proclaim.
This article explores the pros and cons of UTM products and examines how UTM can benefit different network environments.
Advantages and disadvantages of a UTM product
A UTM appliance offers many key advantages for managing data threats and protecting networks and sensitive information. Here are some of the advantages of deploying a UTM appliance:
- Hardware consolidation: An administrator can purchase, deploy and manage one appliance in an SMB, or a small number of appliances in larger environments, rather than multiple devices.
- Simplified management and patching: Blended threats and emerging threats may target different parts of a network simultaneously, causing an administrative nightmare if many security devices are involved. UTM offers centralized management, enabling administrators to manage a large range of threats to local and remote environments from a single console. Patch management is also simplified because only one or relatively few appliances need to be patched rather than many different devices.
- One vendor, one license, one support contact: Administrators can work with a single vendor and its support department, fostering a solid relationship that promotes continuity. Licensing of a single appliance is easy to manage, even as an organization’s needs grow.
- Lower expenses: The consolidation of hardware offers a lower price point compared to acquiring multiple devices, and administrators can focus their knowledge and training on one appliance.
While UTM products resolve many administrative and operational security issues, they also pose a few drawbacks, as well:
- Single point of failure: Because UTM combines many security features into one appliance, it presents a single point of failure if the appliance stops working or if malware makes it to the internal network. To mitigate this situation, SMBs might implement a secondary failsafe service, such as a software-based firewall. However, more robust UTM appliances, such as enterprise-ready products, are designed with built-in redundancy to avoid the single-point-of-failure scenario.
- Performance issues: Until recently, performance was cited as a major drawback for UTM appliances. When all features were enabled — especially the antivirus feature that checked all traffic and email — network performance took an appreciable hit. UTM vendors have greatly improved the their appliances’ performance to overcome most issues, but an organization looking to implement a UTM product needs to pay close attention to performance rates and perform thorough tests of any appliance that makes its acquisition shortlist.
Organizations that benefit from UTM products
Most UTM vendors offer a range of appliances in different capacities and capabilities. A high-capacity UTM appliance protects primary network connections to the Internet — on the edge — or may be implemented in the core network, providing fault tolerance and high availability. Smaller UTM appliances offer most of the same features as their larger counterparts, and are ideal for SMBs, as well as remote offices with connections to corporate networks. Due to the modular nature of a UTM appliance, an administrator can enable all or some of the features to suit the needs of the environment.