Unified threat management systems, or UTMs, have become a mainstay of cybersecurity architectures. Using UTM firewall and threat management services, organizations of all sizes are empowered to effectively and efficiently manage modern cyber threats.
What is a UTM system and when should you use one? Here are a few insights into unified threat management systems and when to use a UTM.
What Is Unified Threat Management?
Unified threat management is the practice of using a combination of early detection systems—such as intrusion detection systems (IDS), security information and event management (SIEM) systems, etc.—and security tools to proactively monitor for and counter threats to your business’ network.
A unified threat management system is a specific type of security threat management system that collects all of the tools for threat management into a single solution—such as UTM firewall, UTM networking security, UTM appliances, and so on. With a UTM solution, you only have to deal with a single technology vendor for all of your threat management needs. This minimizes the complexity of dealing with your business’ network security—helping save management time and effort.
Sounds perfect, right?
Well, not necessarily. As pointed out in one Computer Weekly article:
“Whilst UTM is very attractive, it should not be considered as the only product for protecting your enterprise. Mobile users will still need antivirus, personal firewalls and full-disk encryption. Desktop users and servers will still need local antivirus as a minimum. A unified threat management system certainly reduces the management of perimeter defences, but on the downside, you are putting all your eggs in one basket by becoming dependent on one vendor.”
Basically, the term “unified” can be a bit of a misnomer, since the solution may not actually replace everything you need to protect your business online across all of the platforms it operates on. Additionally, using one solution for all of your cybersecurity needs makes it so that one exploit or bug can be used to bypass all of your protections. Using different solutions to create a “defense-in-depth” cybersecurity strategy can make it harder for attackers to break into your network.
What is Included with a Unified Threat Management Solution?
This can be hard to answer accurately, as different UTM security vendors might include different things with their specific solution. Here's a short list of some things that a UTM security solution may have:
- UTM Devices. Some UTM solutions are hardware-based, meaning that they will include co-located UTM devices or UTM appliances that provide cybersecurity for your network. For example, a hardware-based firewall could be an example of a UTM appliance if it comes with a range of other solutions and services.
- UTM Firewall. Firewalls are a basic component of any complete cybersecurity strategy, helping to filter out malicious traffic from the network. UTM firewalls can be delivered in a number of ways—including both on-premises and off-premises solutions via firewall appliances or cloud-based firewalls.
- UTM VPN Networking. Virtual private networks (VPNs) help to anonymize and encrypt your network traffic—making it harder for cybercriminals to intercept and use against your organization. UTM networking solutions often employ VPNs to help ensure that outgoing traffic is protected from malicious actors.
- UTM Load Balancing. Another type of UTM appliance that can be included with a solution that uses physical, on-premises devices is UTM load balancers. These devices help to route traffic evenly between different databases and servers on your network—promoting network stability during peak use.
- UTM Data Loss Prevention. Some UTM security solutions include systems for enabling remote data backup so that files can be restored if lost due to user error, acts of nature, or cyberattacks (such as ransomware attacks). This UTM data loss prevention (DLP) can be crucial for your business continuity and disaster recovery plan.
This list is far from comprehensive—there are many specific solutions that a managed security service provider may offer as a part of their UTM security service. And, some UTM solutions may not offer everything in the above list.
So, when searching for a unified threat management service or system, it's important to verify what the specific service provider includes in their UTM solution. It can also help to ask how the UTM solution can be customized or configured to work with your organization's workflows and cybersecurity needs.
When Should I Use a Unified Threat Management System?
As the Computer Weekly article points out, a unified threat management system isn’t necessarily the end-all, be-all solution the name might imply. However, a UTM security product can still be a valuable component of your overall cybersecurity threat management system.
Previously, we published a blog titled 3 Reasons Why Cybersecurity is Not a Device. In this blog, Lenny talked about why simply buying the latest cybersecurity tools isn’t a valid replacement for having a mature cybersecurity program that looks beyond having the latest tools to:
- Identify what needs protecting.
- Establish what risks there are to your business.
- Get buy-in to the program at all levels of the organization.
- Develop a long-term strategy that takes into account the organization’s needs over the next few years.
The same concept applies here: a unified threat management system, no matter how robust, is not a replacement for a sound cybersecurity strategy. However, it can be a useful part of such a strategy.
UTM tools should be approached in the same way as any other cybersecurity tool. When you look at such a threat management system, you should evaluate it thoroughly and ask yourself:
- How does the product fit in with your existing cybersecurity protections?
- Will it cause a conflict?
- How does it mesh with your business processes?
- Will adopting the tool require any major changes in your organization?
- Do you already have tools that perform the same functions?
- If so, does the UTM perform those functions better?
A UTM product shouldn’t necessarily replace your existing cybersecurity tools, but it can be used to enhance your existing protections. On the other hand, if you have a number of obsolete products that have been phased out by their developers, using a UTM security solution to replace them can make sense.
In a basic sense, a UTM is just another cybersecurity tool; one that needs to be used when and where appropriate—just like any other cybersecurity solution.
Need help integrating a unified threat management system into your cybersecurity strategy or developing a mature cybersecurity program for your organization? Contact the experts at Compuquip Cybersecurity today for help with your network security challenges.