With the number of network-connected devices increasing exponentially, threats to corporate networks and the data they contain pose an ever-increasing risk, as well. Attackers have proven their capability to find and exploit security holes, whether their target is perimeter defense measures, employees who receive phishing emails or the unsuspecting telecommuter without proper controls in place on a home computer.
Historically, organizations have used a patchwork collection of security devices, often from different vendors, to protect and defend their networks. Acquiring, configuring, managing and monitoring this assortment of devices takes considerable effort and expertise, which puts undue strain on the administrators and engineers tasked with the responsibility of network security.
Unified threat management (UTM) products are dedicated security systems with optimized hardware and software that can perform many security functions simultaneously, such as firewall, intrusion detection and prevention, antivirus, virtual private networking and more. The point of a UTM product is to provide layered, integrated protection all within a single appliance, which requires less administrative effort and generally comes at a lower cost.
Note: Cloud-based UTM services are also available, but haven't yet been widely adopted by organizations. According to Gartner's 2014 Magic Quadrant for Unified Threat Management, cloud-based UTM services are adopted in less than 5% of UTM implementations. Though UTM is edging toward the cloud, it hasn't really made that jump just yet -- no matter what vendors may proclaim.
This article explores the pros and cons of UTM products and examines how UTM can benefit different network environments.
Advantages and disadvantages of a UTM product
A UTM appliance offers many key advantages for managing data threats and protecting networks and sensitive information. Here are some of the advantages of deploying a UTM appliance:
- Hardware consolidation: An administrator can purchase, deploy and manage one appliance in an SMB, or a small number of appliances in larger environments, rather than multiple devices.
- Simplified management and patching: Blended threats and emerging threats may target different parts of a network simultaneously, causing an administrative nightmare if many security devices are involved. UTM offers centralized management, enabling administrators to manage a large range of threats to local and remote environments from a single console. Patch management is also simplified because only one or relatively few appliances need to be patched rather than many different devices.
- One vendor, one license, one support contact: Administrators can work with a single vendor and its support department, fostering a solid relationship that promotes continuity. Licensing of a single appliance is easy to manage, even as an organization's needs grow.
- Lower expenses: The consolidation of hardware offers a lower price point compared to acquiring multiple devices, and administrators can focus their knowledge and training on one appliance.
While UTM products resolve many administrative and operational security issues, they also pose a few drawbacks, as well:
- Single point of failure: Because UTM combines many security features into one appliance, it presents a single point of failure if the appliance stops working or if malware makes it to the internal network. To mitigate this situation, SMBs might implement a secondary failsafe service, such as a software-based firewall. However, more robust UTM appliances, such as enterprise-ready products, are designed with built-in redundancy to avoid the single-point-of-failure scenario.
- Performance issues: Until recently, performance was cited as a major drawback for UTM appliances. When all features were enabled -- especially the antivirus feature that checked all traffic and email -- network performance took an appreciable hit. UTM vendors have greatly improved the their appliances' performance to overcome most issues, but an organization looking to implement a UTM product needs to pay close attention to performance rates and perform thorough tests of any appliance that makes its acquisition shortlist.
Organizations that benefit from UTM products
Most UTM vendors offer a range of appliances in different capacities and capabilities. A high-capacity UTM appliance protects primary network connections to the Internet -- on the edge -- or may be implemented in the core network, providing fault tolerance and high availability. Smaller UTM appliances offer most of the same features as their larger counterparts, and are ideal for SMBs, as well as remote offices with connections to corporate networks. Due to the modular nature of a UTM appliance, an administrator can enable all or some of the features to suit the needs of the environment.
UTM scenario No. 1: SMB organizations
The UTM concept was originally aimed at the SMB market -- organizations with fewer than 100 employees to upwards of 1,000 -- as an all-in-one security box that was easy to install and administer. And SMBs still represent a significant percentage of the UTM customer base -- for good reason. UTM is an ideal security product for nearly every SMB infrastructure. All of the major vendors -- such as Fortinet, Dell, Cisco, WatchGuard, Check Point, Sophos and Barracuda -- offer a solid range of appliances for the SMB market. With the right unit in place, UTM provides comprehensive, yet flexible, network security, cost effectively.
UTM scenario No. 2: Branch office/home office environment
According to the 2014 National Study of Employers (NSE), 67% of employers with 50 or more employees allow them to occasionally work some of their regular paid hours at home. Although a virtual private network (VPN) is commonly used to secure communications between the home office and the corporate network, administrators have little control over the security of the home computer itself. If the home computer is infected with a virus, rootkit or other form of malware, the corporate network is at risk when the VPN connection is used.
Some UTM vendors, such as WatchGuard, offer relatively low-cost UTM appliances that protect data and communications between the branch or home office and corporate resources. For example, the WatchGuard Firebox T10 self-configures upon plugging in the appliance, immediately communicates with the administrator's central console at the corporate office and incorporates security intelligence from the cloud. The administrator can remotely manage the appliance, ensuring the remote office computer and connection is secure and complies with corporate security policy.
UTM scenario No. 3: Large enterprise environment
In the past, UTM products were designed primarily for hardware consolidation, ease of use and lower costs rather than performance and reliability, which are critical to enterprises. Today, some of the top-ranked UTM vendors offer truly enterprise-ready appliances that perform well at the network edge and the core, offering virtual local area network (VLAN) capabilities that support multiple security zones, load balancing, scalability and more.
The problem, however, is that most enterprises are committed to their current security infrastructure, and may be loath to replacing standalone units that are performing well with an all-in-one UTM appliance -- essentially putting their trust in a single appliance.
A large organization that is dealing with an acquisition or merger -- and needs to standardize on security -- or one that has consolidated its firewalls on a large network, should consider adding UTM functionality. Regardless of the situation, that organization will need to spend a good deal of time researching specifications and talking to salespeople. Testing units with all features enabled is also necessary. And to perform those tests, organizations should push traffic through the appliance that mimics real-time network traffic.
Next steps: How to select the right UTM product
SMBs continue to be the primary UTM product consumer. An SMB that plans to upgrade its current security infrastructure should look closely at the top-rated UTM vendors as part of its research. Large enterprises now have a fairly good range of UTM products to choose from that are truly enterprise-ready; they meet performance requirements and provide high availability and redundancy. Additionally, reasonably priced appliances are available for remote offices that provide critical protection beyond the VPN connection.