Unified threat management (UTM) offers something approaching total security in a box for small and midsize enterprises (SMEs), combining multiple network security functions in a single appliance.
In addition to standard firewalls, features in UTMs often include intrusion detection and prevention systems (IDPS), secure web gateways, secure email gateways, remote access, routing and WAN connectivity.
However, the UTM market has been evolving over the past few years. Some vendors have ditched the UTM label and prefer to call their tools next-generation firewalls (NGFW). Starting in 2019, Gartner consolidated its Magic Quadrants for Unified Threat Management (UTM) and Enterprise Firewalls into a single Magic Quadrant called Network Firewalls. There are even further acronyms being thrown around such as unified endpoint management (UEM) and unified endpoint management and security (UEMS). Who knows how this market will eventually unfold. Some even predict it will all head to the cloud with Secure Service Edge/Secure Access Service Edge (SASE) solutions.
Also read: Best Next-Generation Firewall (NGFW) Vendors
UTM Evolves with Network Security
The UTM market has evolved due to network expansion and mobility. Where the security perimeter of the enterprise was once defined by the location of the data center, it is now also defined by the location of employees and their devices and the ever-expanding network edge. This is the definition of the hybrid workforce, defined by an enterprise that runs on a multi-cloud environment with employees accessing SaaS applications and data from off-network and on-network working locations.
This hybrid workforce trend will only grow more popular and embedded, pushing enterprise infrastructure and security stakeholders to seek new, more converged and scalable solutions to secure and optimize hybrid cloud access. Security services will continue to play a key role to build a strong security posture. In many cases, these NGFWs are part of a bigger platform. XDR is one comprehensive security platform that’s growing in popularity.
Additional influences include zero trust network access (ZTNA) enforcement policies to improve security for the hybrid workforce. The delivery of the same security policy will require a consistent convergence of networking and security – on-premises with NGFW and ZTNA enforcement and off-premises, where the same capability is delivered as a service from the cloud.
In the longer term, ZTNA, SASE and SD-WAN will continue to drive consistent convergence and inclusion of more security and networking capabilities. ZTNA will become more ubiquitous and applied to the entire network as a more standard policy. In addition, SASE will continue to grow in adoption as service offerings allow control of where traffic inspection takes place, what data is logged and how traffic flows are optimized. The division between how the enterprise is secured on premises, or from remote locations, likely will gradually shift to a cloud-delivered model.
Features of UTM Products
Each vendor incorporates a slightly different set of components in its UTM appliance, so it’s important for buyers to determine if a UTM appliance has all the features they need. In its most recent Magic Quadrant (MQ) for this market, Gartner said the most Common features for UTM include:
- URL filtering
- Web antivirus
- IPsec and SSL virtual private networking (VPN)
- Application control
- User control
- Quality of service (QoS)
Top Unified Threat Management (UTM) Vendors
Regardless of the preferred acronym, here are our top picks for UTM hardware and software vendors.
Fortinet FortiGate NGFWs offer integrated Zero Trust Network Access (ZTNA) enforcement, SD-WAN and security processing units to allow customers to build hybrid IT architectures at any scale and deliver zero trust strategy protection any user, application, and edge with optimal user experience. Fortinet offers a range of NGFW products that run the same FortiOS to converge networking and security. They are underpinned by the Fortinet Security Fabric providing integrated detection, and automated and coordinated responses to cybersecurity threats.
Fortinet’s key features
- Fortinet is the only industry vendor that is recognized by Gartner as a Leader in both magic quadrants – Network Firewall and SD-WAN delivered from the same FortiGate products, operating system and management.
- Includes intrusion prevention system (IPS), antivirus, Web filtering, content filtering, data loss prevention (DLP), virtual private network (VPN) tunnel endpoint (SSL & IPSec), SSL inspection, and advanced threat protection.
- Managed by a centralized management solution called FortiManger delivered via a physical, virtual, and cloud offering. It offers high-performance, multi-layered security and unified visibility with ease of management.
- Fortinet appliances leverage dedicated security processors and provide additional capabilities, such as a wireless access point controller, switch controller, and integration with other elements of the Fortinet Security Fabric (endpoint agents, sandbox appliances, and fabric partner solutions). Units for larger sites support multiple WAN interfaces with load-balancing and failover capabilities.
- Flexible form factor NGFW products are used across hybrid and hyperscale data centers, in main campus, branch, distributed locations and across multiple clouds.
- Integrated ZTNA enforcement
- Specific products include: FortiGate Entry focused on Secure SD-WAN deployments; FortiGate Mid-Range for campuses; and FortiGate High-End for protecting hybrid and hyperscale data centers.
Barracuda CloudGen Firewall base functions include application control, user awareness, IPS, antivirus, cloud-based advanced threat protection, inline inspection URL filter, SSL interception and inspection, web proxy with cache, unlimited site-to-site VPN, unlimited client-to-site VPN, and a spam filter. It includes NGFW and SD-WAN in one box plus optional ZTNA for easy access of resources behind the firewall.
Barracuda’s key features
- Secure SD-WAN functionality supporting load-share over as many as 24 internet links is included with every appliance.
- All devices can be shipped directly to the intended location with zero-touch deployment.
- Appliances are integrated with Barracuda’s Cloudgen Access to facilitate ZTNA application access with the client apps available for Windows, macOS, iOS, Android, and Chromebook.
- Also offers cloud-based central management, advanced threat protection (ATP), Tunnel Independent Network Architecture VPN protocol, and CudaLaunch VPN app.
- Includes SCADA and industrial controls protocol enforcement.
- Available on AWS, Azure, Google Cloud Platform.
- Global threat intelligence network ingests threat info form 50 million collection points worldwide.
- Available as physical and virtual appliances or in the cloud.
WatchGuard NGFW products provide line-speed security inspection on all traffic and support multi-gigabit packet filtering throughput. In addition, the NGFW line provides application control; connects offices via unique Drag and Drop VPN; connects people via SSL and IPSec VPN; and gives the enterprise visibility into real-time and historical user, network, and security activities. Businesses can define, enforce, and audit strong security and acceptable use policies, improving employee productivity with less risk to critical intellectual property and customer data.
- High-performance security inspection that blocks attacks and unwanted traffic without hindering internet usage.
- Firewall, packet filtering, network address translation (NAT), stateful protocol inspection, virtual private networking (VPN), intrusion prevention (IPS), application awareness and control.
- Directory integration to tie security policies to users and groups and cloud-based reputation services to stop traffic from dangerous sources.
- Granular control: Due to the varied ways that people can use applications, it’s critical to control one or more aspects of an application while being able to disallow other aspects of it.
- WatchGuard application signatures are automatically updated without requiring an upgrade of the entire NGFW appliance as new applications are released and application behaviors change.
- WatchGuard Application Control’s behavior analysis functionality can discover even well disguised applications that attempt to bypass security measures by encrypting application data and traffic as it traverses the Internet.
- WatchGuard Firebox M290 & M390 provide a suite of unified security controls for small and midsize businesses to address malware and ransomware.
- WatchGuard Firebox M590 & M690 firewalls are for midsize and distributed enterprises; they use an operating system built on the latest multi-core processors.
- WatchGuard Firebox T Series (T20, T40, T80) equips small, home, and midsize office environments with performance to support business-critical internet speeds.
The Stormshield Network Security (SNS) firewall range combine security and networking around SD-WAN functionalities. These next-generation firewalls come with interconnection control, dynamic link selection, and bandwidth management.
- Real-time protection
- Network segmentation
- Intrusion prevention system (IPS) and Intrusion detection system (IDS)
- Cloud-based sandboxing
- URL and content filtering
- Geolocation of IPs
- Detection of vulnerabilities
- Application control
- Site-to-site and mobile security
- IPSec VPN and Mobile SSL VPN
Check Point gateways provide security beyond NGFW functions. Designed for SandBlast’s Zero Day protection, they prevent cyberattacks with more than 60 security services. Quantum Security Gateway models, for example, include 15 models that can deliver up to 1.5 Tbps of threat prevention performance and can scale on demand.
Check Point features
- Delivers threat prevention with SandBlast Zero Day protection out of the box.
- On-demand hyperscale threat prevention performance provides enterprises cloud level expansion and resiliency on premises.
- Unified security management control across networks, clouds, and IoT.
- Maestro Hyper-scale Networking scales to 1.5 Tbps.
- Remote Access VPN protects remote users
Juniper’s NGFWs provide visibility into who and what is traversing the network. Combined with behavioral and real-time threat detection, the firewalls safeguard users, applications, and devices. These firewalls can be used to extend security to every point of connection in the network, from client to workload.
Juniper firewall features
- Delivered on-premises, in the cloud, or as a service.
- Protects users, applications, and devices without sacrificing reliability or performance.
- Delivers a threat-aware network posture, not limited to perimeter-only protection.
- Attack surface reduction through pervasive visibility and intelligence informs the right action automatically.
- Inline decryption and inspection of inbound and outbound Secure Socket Layer (SSL) connections at the SRX firewall.
- The Junos OS optimizes services on SRX devices for scale and automation.
- Products range from Firewall-as-a-Service (FWaaS) to SRX Series Gateways and virtual firewalls.
Sophos Firewall’s Xstream architecture protects the network from the latest threats while accelerating SaaS, SD-WAN, and cloud application traffic.
Sophos firewall features
- Remove blinds spots with TLS inspection, with extensive exceptions and point-and-click policy tools.
- Stops ransomware and breaches with streaming deep packet inspection.
- Includes IPS, web protection, and app control, as well as deep learning and sandboxing powered by SophosLabs Intelix.
- Accelerate SaaS, SD-WAN, and cloud traffic such as VoIP, video, and other applications automatically or via policies, putting them on the Xstream FastPath to optimize performance.
- The XGS Series delivers Xstream performance to protect diverse, distributed, and encrypted networks.
- Accelerate and offload important SaaS, SD-WAN, and cloud traffic at the hardware level, while adding performance headroom for TLS and deep packet inspection with integrated Xstream Flow Processors.
- Customize the firewall’s connectivity options with add-on modules for high-speed copper, fiber, Power over Ethernet (PoE), and Wi-Fi.
SonicWall’s hardware and technology are built into each firewall, with solutions for networks of all sizes. These firewalls are designed to meet specific security and usability needs, with an emphasis on affordable pricing.
- For SMBs and branches, SOHO/TZ Series Firewalls provide enterprise-grade protection, while NSA Series Firewalls target the mid-range.
- NSSP Series Firewalls for large enterprises, which leverage cloud intelligence.
- NSV Series virtual firewalls for hybrid and multi-cloud environments.
- The SonicWall Network Security Manager (NSM) for firewall management allows you to onboard and manage dozens or hundreds of firewalls centrally from one interface.
- Deploy and administer firewalls remotely.
- Identify and remedy security risks through analytics and dashboards.
- Federate security policies globally.
- Automate audit-ready reporting.
Read next: Top Endpoint Detection & Response (EDR) Solutions