Basics of UTM

Basics of UTM

Unified Threat Management

Unified threat management (UTM) is an approach to information security in which a single hardware or software that provides multiple security functions (intrusion prevention, antivirus, content filtering etc.). Sometimes it is called USM (Unified Security Management). In a single place you can review all logs rather than to check individual devices.

An UTM can provide services such as;

• Network firewall
• Intrusion detection
• Intrusion prevention
• Gateway anti-virus
• Proxy firewall
• Deep packet inspection
• Web proxy and content filtering
• Data loss prevention (DLP)
• Security information and event management (SIEM)
• Virtual private network (VPN)

Its all-in-one approach simplifies installation, configuration and maintenance. The disadvantages of combining everything into one include a potential single point of failure and dependence on one OEM. 

UTM devices are often bundled as network security appliances that can help guard networks against combined security threats, including malware and attacks that simultaneously target distinct parts of the network.

It prevents attacks before they enter the network by inspecting the packet headers. Generally an UTM inspects the traffic in two ways, i.e. flow based inspection and proxy based inspection.

• Flow-based inspection or stream-based inspection through which it samples data that enters in to a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow or not. 
• Proxy-based inspection acts as a proxy to recreate the content entering a UTM device, and then performs a full inspection of the content to search for potential security threats. 

There are many vendors/OEMs with their appliance such as Fortinet/ FortiGate, Checkpoint, Cisco, Sophos, Sonicwall, Juniper, etc.

-DR