This content is part of the Essential Guide: Unified threat management devices: Understanding UTM and its vendors

Essential Guide

Browse Sections

What is UTM? Inside unified threat management's layered defense

Enterprise devices are under attack. A unified threat management (UTM) product can help give your company a fighting chance.

Enterprise computing devices -- including servers, desktops, laptops and mobile devices -- are being attacked via...

an increasingly wide variety of methods. The cost of these attacks continues to rise, with a single data breach potentially resulting in millions of dollars in damages, which makes it important for organizations to prevent these attacks altogether, or at least minimize the damage they can do.

Unfortunately, it is not possible to thwart these diverse attacks with a single technology -- each major category of assault requires different defensive measures. Ultimately,  a layered defense combining several types of tools and techniques must be implemented to effectively stop a range of modern attacks. However, because these disparate technologies are often installed as separate point products that do not directly interact with each other, their effectiveness may be reduced. Deploying so many point products can be costly resource intensive, and increase overhead and latency as well, since network activity must be repeatedly examined and in turn, analyzed by several different security appliances. Another disadvantage of multiple disparate products involves compliance reporting; it is far more complicated to produce the reports HIPAA, SOX and other legislative and regulatory efforts require when there are so many different unconnected sources of information for those reports.  

UTM systems provide a more convenient way of achieving a layered defense because there's only a single product to deploy, manage and monitor.

In response to these challenges, vendors have developed integrated systems that bundle all of these disparate point appliances into a single product, known as a unified threat management (UTM) system. UTM systems provide a more convenient way of achieving a layered defense because there's only a single product to deploy, manage and monitor. Examination and analysis of network activity occurs once, not several times in succession, and the different layers of defense share information with each other to improve detection accuracy. There's a single report that covers all the layers, making compliance reporting less of a headache.

Originally, UTM systems were created for small and mid-size organizations, which lacked the manpower and funding to deploy the variety of defensive measures required to thwart the rise of system attacks. However, enterprise executives often considered the use of multiple methods to be overkill. A UTM provided a single security appliance for these organizations, and reduced labor and infrastructure costs.

UTM systems have since expanded to also address the needs of large enterprise markets, and have become significantly more scalable, making them able to handle higher volumes of network traffic. Many large enterprises have found that having a single interface for security control management and reporting is a huge advantage, even if the other benefits of UTMs don't necessarily apply.

The security capabilities that comprise UTM systems are nothing new, as most of them have been available for many years as point appliances. The capabilities that UTM strategies most often support include the following:

More info on UTM

Using UTM to boost network security

UTM features needed for Internet security

Common and uncommon UTM features

UTM systems are also expanding their functionality to include additional security capabilities, such as load balancing, data loss prevention (DLP) and bandwidth management. And, it's expected that UTM appliances will continue to add new security capabilities in the future.

About the author:
Karen Scarfone is senior cybersecurity engineer at tapestry technologies Inc. and the principal consultant for Scarfone Cybersecurity in Clifton, Virginia. She provides cybersecurity publication consulting services, specializing in network and system security guidelines. Scarfone was formerly a senior computer scientist for the National Institute of Standards and Technology (NIST), where she oversaw the development of system and network security publications for federal civilian agencies and the public.

This was last published in June 2014

Dig Deeper on Network device security: Appliances, firewalls and switches