UTM Solutions are here to stay

Everybody makes sacrifices during which they give up one thing to get something more important. With the advent of Unified Threat Management (UTM) devices, network administrators gave up disparate point solutions for integrated tools that tackle tasks such as firewall, intrusion detection, antivirus, and more often than not, VPN connectivity. On the surface, this approach simplifies security. However, upon digging deeper, it is found that many UTMs potentially can dilute defenses to the point of mediocrity, leaving networks vulnerable to attack. Some others tackle key security issues yet leave out vital features related to management, reporting, and updateability.

The problem with UTMs has become worse over time. When research firm IDC conceived of the UTM market in 2004, it established standard definitions for these catchall tools. Since then, the definitions have drifted. Some UTMs have firewall but no VPN. Others have VPN but no antivirus. With dozens of products on the market today, customers must seek tools that offer a winning combination of proven solutions, centralized management, easy updates, and advanced reporting.

Proven solutions

A good UTM device offers battle-tested technology. Many times vendors build a UTM device around one all-star feature, sacrificing the quality of others for an overwhelming breadth of defense. Sure, the highlighted feature might be good, but more often than not its supporting cast is second-rate. The result is watered-down security that is not secure at all. When thinking about UTMs, picture a team approach: All the security components must work together to deliver top-notch protection that is second to none.

How do you know a technology is proven? First, ask prospective vendors to name some of the clients using it today. If a majority of Fortune 100 companies is using it, consider it a safe solution. Next, make sure the UTM includes features beyond the ones needed to maintain basic security.

Finally, make sure the tool includes some form of centralized management console—this will make keeping tabs on all of the components easier as networks expand over time.

It has the ability to perform network firewall functions, intrusion detection and prevention, as well as gateway antivirus scanning. Other common features found in UTMs include the filtering and controlling of a wide variety of network communications, such as Web, instant messaging and email traffic. The combination of multiple capabilities allows deep inspection of packets and real-time attack protection from layer two to Layer 7 of the Open System Interconnection (OSI) model. Some devices also offer VPN capabilities

A more recent UTM feature is the ability to inspect all network traffic, including encoded, compressed, encrypted and wireless traffic.

Centralized management



Everyone loves to multitask. Why? Because managing disparate security functions is easier if it can be done all at once. In the UTM space, a centralized approach empowers network administrators to see across their networks with panoramic views. Also, the very best of these management consoles is compatible with a number of existing point solutions—a characteristic known as “extensibility.” This enables network gurus to link new and preexisting solutions that are not covered under a new UTM box into a UTM manager.

Also, there are other benefits. A centralized strategy offers improved visibility and faster response times to problems when they arise. UTMs with centralized management also enable network administrators to manage a number of security features across a large number of sites. This is especially handy for mid-size corporations that may not be able to employ human eyes to manage security in remote outposts. By centralizing management, administering security over these distances becomes more of a possibility.

Enhanced updateability

A single point of management also makes it easier to administer fast and frequent security updates across the network. In the past, UTM devices combined security features with no method for ensuring that signatures were up to date. As a result, network administrators had to update these signatures manually—a chore that took hours. Some UTM devices did not even come with the requisite drivers for managing updates. Instead, customers had to purchase separate tools to tackle this task.

Next-generation UTMs enable specialists to download signature updates and administer them across the network with the click of a button. The new devices also dispatch updates across the network, ensuring that every corner of the corporate computing environment has the latest and greatest protection against threats.

In many cases, the gateways automatically keep endpoints up to date, forcing downloads of the latest protections by quarantining users until they comply. This makes life for administrators easier.

“SonicWALL’s family of network security appliances combines robust security services with high-speed deep packet inspection to provide organizations of all size the best protection. SonicWALL TZ and PRO Series appliances are designed reduce cost, risk and complexity by integrating automated and dynamic security capabilities for comprehensive protection and maximum performance,” adds Shubhomoy Biswas, Country Manager (India), SonicWALL.

Advanced reporting

Updating a UTM device means nothing if the device lacks reporting features to demonstrate how the updates are getting the job done. These days, the very best UTM devices are equipped with advanced reporting features that enable network administrators to keep real-time tabs on overall performance. Provided the devices offer adequate extensibility and a good centralized management tool, the reporting interface should be able to deliver information about every security feature tied to the UTM.

Without a special decoder, this security information can be hard to digest. To combat this challenge, many of the newest UTM tools come with graphical reporting interfaces that make monitoring network security easy. Think of these interfaces as real-time status reports on network security, a sort of CNN for network health. In addition to giving constant data about perimeter defenses, the consoles also provide “headline” items to which network administrators should be alerted.

“UTM-1 from Check Point Software Technologies combines proven security into a solution that boasts centralized management, enhanced updateability and advanced reporting. It saves time. It saves energy. Perhaps most important, the tool keeps networks safe. With UTM-1, just about the only thing you will sacrifice is cost. At a time when IT budgets are shrinking, this is just about the only type of sacrifice worth making,” informs Bhaskar Bakthavatsalu, Country Manager, Check Point Software Technologies – India & SAARC

UTM solutions are here to stay

UTM devices sure have come a long way since 2004. With the latest innovations in architecture, network administrators no longer have to settle for mediocre security in a centralized device. The approach of proven, next-generation UTMs mixes best-of-breed security with a variety of flexible features that is second to none. The new tools are easy to use, manage, update, and upgrade. UTMs of tomorrow also offer the highest standards of data privacy, applying the strongest encryption algorithms available today.

In India it is still a nascent market as far as security beyond antivirus goes. But with increased technical and educated crowd and not to mention, the increasing Internet population, it is experiencing tremendous growth in the UTM market.

The awareness has increased thus creating a huge potential and an accelerated growth.

Also, the booming IT and ITES market, the investors showing keen interest in Indian business, has paved way for the security business to experience an upward trend.

UTM is an emerging trend in the firewall appliance security market—an evolution of the traditional firewall into a product that not only guards against intrusion—but performs content filtering, spam filtering, intrusion detection and anti-virus duties traditionally handled by multiple systems. UTM is a compelling and natural consolidation point in the evolution of information asset protection. Part technology and part packaging, it responds to the growing challenge of protecting information assets in the 21st century.

However, in India, the UTM market is still growing. In desktop security, by combining desktop protection with gateway protection, you get the highest level of security possible which are protected from not only external attacks, but against those that start from within the network as well. Web and e-mail security solutions also form a part of the UTM umbrella of protection, with both inbound and outbound e-mail protection and a system that enforces your internal policies and compliance with relevant regulations.