Download our in-depth report: The Ultimate Guide to IT Security Vendors
A unified threat management device, or UTM security appliance, can provide a comprehensive and easily managed security solution for small and mid-sized organizations at reasonable cost.
UTM appliances provide an alternative approach to building a security solution from several different point products, often from different vendors. These point solutions work independently of each other to fulfill different security functions that an organization requires, and may include a hardware firewall appliance, an anti-malware scanner, and a network intrusion detection and prevention system.
Those point solutions may give greater security protection than a one-size-fits-all UTM appliance – but they can come with management, implementation and integration challenges too great for the IT staff of a small business. A UTM solution can solve all those problems and provide comprehensive security that's easier to manage and costs less. It may not be a best of breed point solution, but it's pretty darn good for an SMB.
What is a unified threat management (UTM) appliance?
A UTM appliance is a hardware device that plugs in to your organization's network at the network perimeter. It serves as a gateway onto your corporate network, providing all the security services you need to protect your network from malware, unauthorized intrusion, and other security risks.
UTM security features
At the most basic level, a UTM security appliance acts as a standard network stateful hardware firewall to restrict access to your network. Other security functions can generally be turned on as options if required. Typical security functions offered by a UTM security device include:
- Remote access and site-to-site virtual private network (VPN) support
- Secure web gateway functionality (including anti-malware scanning and URL and content filtering)
- A network intrusion prevention system focused on blocking attacks against unpatched Windows PCs and servers
- Other UTM security features that are sometimes offered:
- application control
- web application firewalling
- bandwidth management
- data loss prevention (DLP)
- identity-based access control
- load balancing
- DDoS protection
- wireless access management
- email security
The majority of these extra security features may not be needed by many organizations. If your organization is small, you are unlikely to have any web applications to secure or web servers that need load balancing. You may also be using a cloud-based email offering such as Exchange Online or Google Apps.
UTM use cases
IT security is of critical importance, but requires a skilled security team to configure and manage a comprehensive security solution made up of point solutions. Smaller and medium-sized companies are less likely to have the resources to maintain such teams, so for that reason they are more likely to choose a unified threat management security device. That's because UTMs are much easier for a single person with modest security skills to configure and manage.
When it comes to particular industries, Adam Hils, a research director at Gartner, said UTMs appeal to companies in industries such as manufacturing, which are less likely to have a sophisticated approach to security, and which are less likely to have large IT security teams. K-12 educational institutions are also organizations that require an IT security solution that does not involve large numbers of security staff.
In theory, there is no reason why larger companies couldn't use a UTM security appliance, but the ease of manageability that the appliances offer does come at a cost. For example, many UTMs are now moving to a cloud-based management approach, which is often inadequate to cater for the more sophisticated security needs of larger enterprise, Hils says.
Unified threat management pros and cons: Is a UTM right for you?
Before you can decide whether a unified threat management device can provide a security solution to meet your needs, or whether your organization would better be served by a number of security point solutions, it is necessary to understand the pros and cons of a UTM security device.
- Fewer resources needed: A UTM requires minimal security staff because there is only one system to maintain, update, upgrade, and monitor through a single pane of glass. Security logs are also available in a single place.
- Better security coverage: A UTM should not leave any holes in the protection it provides because all the components should be designed to work together. That is not necessarily the case with a collection of point solutions.
- Scalability: As a UTM is a single device, it is easier to upgrade the security solution (or replace it) as your organization grows.
- Guaranteed compatibility: A UTM is an integrated appliance, and any software upgrades or updates are pre-tested to ensure that all the components continue to work well together. If you use point security solutions, it is up to you to ensure continued compatibility between parts of your solution following software changes.
- Central management and configuration of all security components: A UTM offers a single interface for management and configuration, which saves time and removes the need for training on each individual solution. Central configuration is particularly valuable for functions such as firewalling, VPN, and intrusion prevention and detection, because these act on the same policies, so central management reduces the likelihood of misconfiguration errors.
- Lower cost: A UTM is generally a less costly option than a number of point solutions running on separate hardware. A UTM will also consume less power and take up less data center space, and because it runs in a single appliance it will involve less hardware replacement costs.
- Backup security: A UTM security device can be purchased to act as a hardware firewall only, with other security functions provided by point solutions. The benefit of this approach is that if a particular point solution fails, then the corresponding functionality can be activated in the UTM as a stop-gap security measure until the point solution can be made to run normally again. A UTM firewall comparison is necessary to determine which UTMs offer firewalls that are sufficiently sophisticated to act as a standalone firewall appliance.
- Single point of failure: A UTM contains all your security eggs in one basket, so if the UTM appliance fails, all your security systems fail. Many organizations get around this by having two UTMs, but this negates some of the cost and management benefits of a UTM.
- Security efficacy: The risk mitigation provided by a UTM security appliance may not match the features and functionality of best-of-breed point solutions. In addition, UTMs may leave security holes if they simply offer a bundle of different products with a single interface rather than a genuinely unified solution.
- Performance limitations: Enabling security features on UTM can have a hugely detrimental effect on the performance (in terms of data throughput) that an appliance offers.
- Unnecessary costs: smaller organizations may require very few of the security features that a UTM offers, and may therefore pay for features that remain disabled.
Setting up unified threat management devices
The complexity of setting up a UTM varies from appliance to appliance, and although some vendors offer "zero touch" products that can be used without any security knowledge, they generally fail to live up to this billing, according to Gartner's Hils. "The best UTMs can be set up and configured with a couple of touches, but not zero touch," he says. More complex ones can be very difficult to configure, he adds, and require a skilled security professional to carry this out.
One solution to this problem is to use a managed security service provider (MSSP), who can carry out the initial configuration for you. It can also provide continued monitoring and management of the device remotely. This, says Hils, is becoming an increasingly popular option.
Planning for network capacity
One key operational challenge is providing adequate performance while your organization scales and its security needs change. That's because an organization with a 1 Gbps network connection may be tempted to buy a UTM with 1 Gbps network capacity, but as soon as any security options are activated beyond simple hardware firewall capabilities, the throughput will drop dramatically. "A company that does that is almost certainly doomed to run out of performance capacity. If you intend to use any security options, you will probably need to buy a UTM with a capacity of at least 1.8 times your network capacity," Hils says.
Another key operational challenge is how to deal with branch offices. Some organizations choose to route all their network traffic through a single internet gateway, but another option is to protect each branch office with its own UTM at its network perimeter. When this is the case, branch office UTMs are easy to neglect and difficult to monitor, so it is vital to consider choosing a UTM with a management system that allows configuration changes to be pushed out to each branch office device.
Differences between UTM appliances
One of the key differentiators between UTMs is their hardware firewalling capabilities and throughput capacity, so it's important to carry out a UTM firewall comparison before choosing to buy a specific UTM.
Different vendors' UTMs can vary widely in terms of features and functionality, so it's important to consider the following:
- Ease of deployment, configuration, and management: A UTM is meant to make security simple, but will you be able to use it effectively with the skillset of the staff available to you? A simple integrated web interface can make advanced security features accessible to relatively unskilled staff. For larger companies, look for a management system that enables you to push out configuration changes to separate devices in branch offices.
- Ease and speed of adding additional services: Can you unlock any additional security features that you may come to need by paying an additional license fee, or will you need to upgrade the UTM's software and/or firmware?
- Resources of the vendor: How good are the security research labs of the vendor concerned, and will it be able to add new security features to its products as they become available elsewhere in the market as point products? If not, the UTM may fail to meet your security needs much sooner than you would like.
- Ability to deal with remote offices and mobile workers: Unless you plan on deploying UTMs at a number of locations, you'll need to link your branch offices to your UTM. Mobile workers will also have to connect to it via a VPN. It's therefore important to choose an appliance that can manage sufficient incoming connections, and offers a variety of VPN connections – possibly including support for iOS and Android tablet devices if employees use them.
- Regulatory requirements: Will a given UTM provide sufficient functionality and reporting to enable your organization to pass a compliance audit?
- Secure wireless capability: Do you have a WLAN in your work environment? Some UTMs deliver secure wireless connectivity, enabling you to offer wireless users, including guests, the same security controls as wired LAN users.
Key UTM vendors
The roster of vendors supplying UTM appliances has been fairly stable in recent years, and many of the key players are well-known networking and security vendors.
Leading UTM vendors include:
- Barracuda Networks
- Check Point Software Technologies
- Comodo Group
- Cisco Systems
- Hewlett Packard Enterprise
- Juniper Networks
- Palo Alto Networks
- Rohde & Schwarz
- WatchGuard Technologies
- Zyxel Communications