This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."
Download it now to read this article plus other related content.
Special Feature: Be Prepared
Saying that UTM offers better management is a contextual argument depending on both the device itself and the organization. Most UTM devices, with their SMB orientation, have sacrificed depth and breadth of management to give the same "flavor" to each function within the device. Where device and function management are occasional tasks, such as in firewalls and antivirus systems, this compromise may not be noticed.
In larger enterprises, features such as IPS and e-mail security require their own consoles and management style. These features may also be handled by different functional units. Combining every UTM feature into an all-in-one console can be a show-stopper.
Of course, not every UTM device forces every function into the same GUI mold. These devices merge more seamlessly into the existing management structure in an enterprise where multiple units are responsible for different aspects of security, or where management-heavy features such as IPS are in play.
Having separate management systems has its disadvantages. For example, if your firewall and IPS are using different management systems, you may open a hole in the firewall and forget to adjust the IPS to properly handle the new services. Or, more commonly, you'll make the same change in two places, but have a simple error, such as having different subnet masks, that gives the two changes different
A clear plus for UTM is when network policy and objects can be shared across UTM features. For example, if a subnet requires inbound FTP services, policies permitting and inspecting this would have to be matched on both a firewall and an IPS, while the definition of the subnet would also have to match.
Anytime two things have to be matched or coordinated, there is the chance for failure--and a UTM device without some type of unified scheme to share policy and object information is ripe for human error.
This was first published in June 2006