The advantages of unified threat management
15th May 2013 | 07:00
UTM appliances promise security in a box
Keeping IT infrastructure secure is a complex task and few small and midsized businesses can afford dedicated security specialists.
This goes a long way to explaining the popularity of unified threat management (UTM) appliances - single boxes which plug in to the company network to manage security. The market for UTMs has been expanding rapidly, with research house Gartner seeing 20.7% compound annual growth over the past four years.
Another reason for their popularity is that criminals are targeting smaller companies, says Lawrence Pingree, a Gartner analyst.
"Hackers have always targeted large enterprises but they generally have got good security defences," he says. "If they want to commit financial fraud or steal credit card details it is much easier for them to go after small and medium sized businesses which have no security staff."
So what exactly do UTMs offer? Key features include:
- A corporate firewall to keep unwanted traffic off the company network.
- Internet gateway security (which includes scanning incoming traffic for viruses, malware or malicious attachments and web address blacklisting).
- A network intrusion prevention system (IPS) to prevent hackers attacking unpatched Windows PCs and servers.
- Secure remote access, enabling employees to connect to the company network while out of the office.
- The ability to update automatically with the latest security updates, anti-virus definitions and new features so that minimal manual intervention is required beyond initial set-up.
More advanced features may include: a web application firewall to protect the company website; secure wireless capabilities to enable guests to connect to the network; next generation firewall features, including the ability to control or prevent employee use of specific applications such as peer to peer programs.
Leading UTM vendors include Fortinet, Dell SonicWALL, Juniper Networks, Check Point Software Technologies, WatchGuard and Sophos.
The benefit of a UTM for smaller businesses is simplicity -a single purchase covers every security need, and all the security features can be controlled and configured from a single management console. Some UTMs offer a base level of security in the initial purchase price, and extra security services, such as an intrusion protection system (IPS), can be enabled for an additional licence fee.
"The alternative is for a company to seek out point solutions for each of these security needs, but as well as leading to complex licensing there is also the question of having to carry out multiple device configurations and making sure that it all works well together," says Pingree.
But he warns that UTMs don't always provide the same level of protection as point solutions. "The protection you can expect from the IPS built in to most UTMs is much improved in recent years, but a specialist vendor's IPS is still likely to be better."
But for many companies the choice is actually between having a UTM-based IPS or not having one at all, he points out, so this difference is largely academic.
This can be particularly important for companies that have to be in compliance with security regulations for the industry or sector in which they operate.
"You can certainly satisfy some compliance requirements with a UTM, like running an IPS, but don't forget that satisfying compliance requirements involves configuring the appliance properly," says Pingree. "It's not enough to have a specific security capability in a UTM you buy - you have to know how to turn it on and configure it."
That should be less of a problem for medium sized companies than those at the smaller end of the scale, according to John Grady, a security researcher at IDC.
"The more complex your IT architecture, the more likely you are to have an admin who can configure a UTM," he says. "But even for small companies that have don't have an IT person with security skills, it's still much easier to manage a single UTM than to try and manage point solutions separately."
If configuration is too much of an issue - especially for small companies that are growing quickly and changing their IT infrastructure regularly - then there is always the option to buy a UTM through a managed security service provider who will configure the appliance remotely.
One drawback of UTMs that vendors generally don't mention is the detrimental impact they can have on network performance beyond the local area network if they don't have the capacity to handle large amounts of traffic. They can process a considerable amount of data, and scanning incoming traffic for viruses alone can reduce network speeds by 20-50%. Enabling IPS and other security features reduces performance even further.
UTMs are supplied for internet connections of different bandwidths or capacities, and Gartner's Lawrence Pingree advises buying one with plenty of capacity to spare.
"If you have a 100Mbps internet connection then a 100Mbps model would be fine if you are simply running the firewall. But if you are planning on enabling the other security features then you should definitely look at a 200Mbps model," he advises.
Another drawback is that even if you have a UTM installed at your internet gateway you still need to install and manage anti-virus software on employees' computers and on servers. "Not using endpoint security software is committing security suicide," warns Pingree.
That's because if a new virus arrives at the UTM before the appliance has been updated to recognise it, it will get through to infect machines on the network. Running anti-virus software on these machines enables the virus to be detected and removed a few days (or even hours) later, once the software has been updated to recognise the virus.
The crucial tips for UTM buyers are to look for an appliance with at least double the bandwidth of your existing internet connection, and to check that you can disable - and won't have to pay for - functionality you know you won't need. For example, you don't need a web application firewall if you don't run your own web server, or email security if you use a cloud based email system.