Get started Bring yourself up to speed with our introductory content.

UTM vs. NGFW: Comparing unified threat management, next-gen firewalls

What's the difference between unified threat management (UTM) products and next-generation firewalls (NGFW)? Brad Casey discusses.

What are the key differences between a UTM device and a next-generation firewall (NGFW)?

Ask the Expert

Have questions about network security? Send them via email today! (All questions are anonymous.)

The answer to this question depends on who you ask, as both types of systems have overlapping features. Perhaps the best way to define the differences between UTM vs. NGFW is to first define the scope and history of both appliances.

Not too long ago, the need arose for a unified system that included features, such as gateway antivirus, intrusion prevention, URL blocking, and more -- thus the idea of unified threat management (UTM) was born. At the time, however, it was thought that appliances including all of these features wouldn't have the processing speed enterprise networks needed. Hence, the next-generation firewall (NGFW) was concocted.

NGFWs were designed to perform intrusion prevention and deep packet inspection while many of the other features mentioned above were offloaded to other devices to conserve network throughput and thereby better serve an enterprise network. More recently, NGFWs added application firewall features, a dynamic new capability that in many cases has allowed enterprises to consolidate and use a single device to protect their applications and core networks. At present, however, multi-Gigabit LAN speeds are commonplace, and the need for a device that only performs certain NGFW functions has become obsolete.

Therefore, I would argue that the difference between UTMs and NGFWs is actually minimal. The only tangible difference that may be found involves their respective throughput ratings; devices marketed as UTMs typically have a lower throughput rating and are marketed to small and medium-sized businesses, while devices that maintain a higher throughput rating are typically marketed as NGFWs. In terms of functionality, the two devices are almost carbon copies.

This was last published in April 2014

Dig Deeper on Network device security: Appliances, firewalls and switches