What is unified threat management (UTM)? - TechTarget

Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, ... Home Networksecurity Networksecurity unifiedthreatmanagement(UTM) Sharethisitemwithyournetwork: By LindaRosencrance Whatisunifiedthreatmanagement(UTM)? Unifiedthreatmanagement(UTM)describesaninformationsecurity(infosec)systemthatprovidesasinglepointofprotectionagainstthreats,includingviruses,worms,spywareandothermalware,andnetworkattacks.Itcombinessecurity,performance,managementandcompliancecapabilitiesintoasingleinstallation,makingiteasierforadministratorstomanagenetworks. Unlikeantivirustools,aUTMsystemdoesnotjustprotectpersonalcomputers(PCs)andservers.Itprotectsanentirenetworkandindividualusersbyscanningallnetworktraffic,filteringpotentiallydangerouscontentandblockingintrusions.Manysmallandmedium-sizedbusinesses(SMBs)haveadoptedUTMsystems,findingiteasiertohandletheirinfosecwithasinglesystem,ratherthanseveralsmallerones. UTMsystemscombinemultiplesecurityfeaturesintoasingledeviceorsoftwareprogram.Thiscanhelpbecausetherearefiveprimarykindsofthreatsthatorganizationsneedtoprotectagainst: malware phishingandsocialengineering viruses,wormsandTrojans hackers denialofservice(DoS) Whendealingwiththesethreats,aseparatetechnologyistypicallyrequiredtoresolveeachissue.Thatendsupbeingmorecomplicatedthanitneedstobe,whichiswhyUTMsystemsexist. UTMandnext-generationfirewalls(NGFWs)arebothfirewalltechnologiesservingsimilarpurposes,butthey'realsodifferentinsomekeyareas.NGFWswereoriginallydevelopedtofillnetworksecuritygapsleftbytraditionalfirewallsandincludeapplicationintelligenceandanintrusionpreventionsystem(IPS),aswellasDoSprotection.UTMreferstotheabilityofasingledevicetoperformthefunctionsofanNGFW,firewallandvirtualprivatenetwork(VPN),whileanNGFWisanetworksecurityplatformthatprovidesagatewaybetweeninternalandexternalnetworks.ThemajordifferencebetweenthesetwofirewalltypesisthataUTMsystemtypicallyoffersmorefeaturesthananNGFW,suchasanintrusiondetectionsystem(IDS)andspamfiltering,sinceitisabletomonitorandprotectinternalnetworksfromintruders. Learnmoreaboutthedifferencesbetweenunifiedthreatmanagementandnext-generationfirewallshere. HowUTMworks Understandingthreatsandidentifyingweaknessestoanorganization'snetworkarecriticalforsecurity.AUTMsystemcanhelpaccomplishthisbyusingtwoinspectionmethodsthataddressdifferenttypesofthreats: Flow-basedinspection.Flow-basedinspection,alsoknownasstream-basedinspection,samplesdatathatentersanetworksecuritydevice,suchasafirewallorIPS.Thedevicesinspectthedataformaliciousactivity,suchasviruses,intrusionsandotherhackingattempts. Proxy-basedinspection.Proxy-basedinspectionisanetworksecuritytechniquethatcanbeusedtoexaminethecontentsofpacketsthatpassintoandoutofanetworksecuritydevice,suchasafirewall,IPSorVPNserver.Byusingaproxyservertoinspectthesepackets,thenetworksecuritydevicecanactasaproxytoreconstructthecontententeringthedevice. Unifiedthreatmanagementdevices UTMdevicesarehardwareorsoftwarethattietogethernetworksecurityfeaturesintoonesimple-to-use,easy-to-manageappliance.Inadditiontohavingafirewall,VPNandIPS,everyUTMappliancesupportsnetwork-orcloud-basedcentralizedmanagement.Forexample,CiscoMerakiappliancesuseacloud-basedmanagementtoolthatcanbedeployedremotelyonaper-devicebasis. Unifiedthreatmanagementfeatures UTMstypicallyincludethefollowingsecurityfeatures. Antispamservices Antispamservicesorspamfiltersaredesignedtoblockortagincomingemail-basedattacksbyscanninginboundandoutboundemailtrafficforsignsofapossibleattack.Antispamsystemsusealgorithmstodetectspambyscanningmessagecontentforpatternsthatareassociatedwithspam.Somesystemslookforcertainwords,othersforspecificlanguagepatternsandothersforwholewordpatternsusingaprocesscalledBayesiananalysis.Ifthemessageappearstobespamormalware,thecontentsaretaggedorquarantined. URLfilteringandapplicationcontrol UTMdevicescanperformmanyfunctionsthathelpsecureacorporationorotherorganization'snetwork,includingUniformResourceLocator(URL)filteringandapplicationcontrol.Withapplicationcontrol,aUTMdevicecanputspecificapplicationsonanallowlistsotheycanconnecttotheinternetwithoutdealingwithspamcontentfilteringorothersecuritymeasures.ApplicationcontrolisusuallycombinedwithaUTMdevice'sfirewallandotherfeaturestoensurethatalltrafficenteringthecorporatenetworkisprotected. Firewalls Afirewallisahardware-orsoftware-basedsecuritymeasurethatrestrictsaccesstoaprivatenetworkbymonitoringincomingandoutgoingtrafficbetweendifferentnetworks.Itkeepsunauthorized--ormalicious--usersfromgainingaccesstodataorresourcessuchasfileservers,printersandwebservers.Therearethreemaintypesoffirewalls:packetfiltering,circuit-levelgatewayandapplication-levelgateway. Intrusiondetectionsystemsandintrusionpreventionsystems AnIDSmonitorsthenetworkforsignsofacyberattack,whileanIPStakesactiontostopattacksbyneutralizingmalicioustraffic. ThegoalofanIDSistodetectabnormalbehaviorsothatitcanbeanalyzed,recordedandreported.Itcan'tactuallyblockanyincomingthreats,butitcannotifyanadministratoraboutanintrusionandlogtheactivityforlateranalysis.AnIPS,ontheotherhand,isatypeofsecuritytechnologythatcanalternetworktraffictoblockmaliciousactivities.AnIPSfeaturecanbeaddedtoanexistingIDSorfirewall. VPN TheroleofaVPNistocreateasecureconnectionbetweentwocomputersoverapublicnetwork.Thisenablesfilesharingsecurelybetweenco-workers,accessingdataremotelyorusinganynumberofotherserviceswithoutfearthatanoutsidepartywillinterceptthedata.VPNsworkbyusingencryptiontoprotectdatafromunauthorizedaccesswhencrossingbetweenpublicandprivatenetworks,therebycreatingasecureconnectionthatisencryptedwithinatunneloverthepublicinternet. Contentfiltering Webcontentfilteringisamethodofcontrollingwhattypesofinformationcanpassintooroutofanetwork,usingvariousfilteringmethods,suchasbyInternetProtocol(IP)address,portnumberormediaaccesscontrol(MAC)address.Contentfilteringisusedonnetworkstoblockunwantedcontentandtoprotectagainstdatalossbyfilteringoutgoingdatatopreventsensitiveinformationfrombeingtransmitted. ThiswaslastupdatedinApril2021 ContinueReadingAboutunifiedthreatmanagement(UTM) HowtoreduceriskswithURLfiltering Deeppacketinspectiontools:Proxyvs.stream-based Makingunifiedthreatmanagementakeysecuritytool SecurityThinkTank:ApproachUTMwithcaution Bestunifiedthreatmanagementsoftware RelatedTerms hardwaresecurity Hardwaresecurityisvulnerabilityprotectionthatcomesintheformofaphysicaldeviceratherthansoftwarethat'sinstalled... See complete definition maninthebrowser(MitB) Maninthebrowser(MitB)isasecurityattackwheretheperpetratorinstallsaTrojanhorseonthevictim'scomputerthatis... See complete definition SWIFTFINmessage SWIFTFINisamessagetype(MT)thattransmitsfinancialinformationfromonefinancialinstitutiontoanother. See complete definition DigDeeperonNetworksecurity Explore9essentialelementsofnetworksecurity By:Lee Doyle firewall By:Ben Lutkevich Howtoselectandimplementanext-genfirewall By:Rachel Meltzer Next-generationfirewallcomparisonbasedoncompanyneeds By:Mike Villegas SponsoredNews DeliveringInnovationWithIoTandEdgeComputingTexmark:WhereDigital... –HPE TheMandateforEnhancedSecuritytoProtecttheDigitalWorkspace –Citrix SeeMore VendorResources ThwartingSophisticatedAttackswithToday’sFirewalls –SearchSecurity.com AComputerWeeklybuyer'sguidetoThreatManagement –ComputerWeekly.com LatestTechTargetresources Networking CIO EnterpriseDesktop CloudComputing ComputerWeekly SearchNetworking JuniperMistautomaticallyvalidatesAPplacement JuniperhasaddedthreefeaturestoitsAIOpsnetworkingassistanttoimprovetroubleshootingandgivemoreinsightsintothe... Counterfeitschemetraffickedin$1billioninCiscogear AFloridamanhasbeenchargedwithrunningacounterfeitoperationthatdupedhospitals,schools,governmentagenciesandthe... MarketinghypefuelsAIpredictivenetworktroubleshooting Vendorsarepushingheavilyonthebenefitsofpredictiveanalysistoautomaticallyidentifyandremediatenetworkissues.But... SearchCIO PenFedexpandschatbotstrategyviaSalesforceplatform Thecreditunion,oneofthenation'slargest,isusingtheSalesforceplatformtodeploychatbotsthatcanhandleagrowingset... Enterprisearchitectrolerevertstotechinpandemic Thepandemichassentmanyenterprisesintosurvivalmode,whichalteredthescopeoftheenterprisearchitect'sroleonceagain,... Women'shealthappsenhancedataprivacyafterRoev.Wade Bellabeatisawomen'shealthcompanythathasaddedaprivatekeyencryptionfeatureforappuserstobetterprotecttheirdata. SearchEnterpriseDesktop PCshipmentsplummetasmarketboomends PCmanufacturersshippedfewerthan80millioncomputersforthefirsttimeinsevenquartersaslowdemandandsupplychain... HowtochooseaPCaaSvendor ThePC-as-a-serviceanddevice-as-a-servicemarketisstilldevelopingandmaturing,soorganizationsshouldlearnwhothemajor... TheWindows11systemrequirementsandwhattheyindicate WhenorganizationsconsiderupgradingtoWindows11,theyneedtocomparetheWindows11systemrequirementstotheirexisting... SearchCloudComputing LearnthebasicsofSaaSlicensingandpricingmodels SaaSlicensingcanbetrickytonavigate,andawrongchoicecouldcostyou.Togetitright,examinethedifferenttypesof... Walmart'smulti-cloudstrategycutsmillionsinITcosts Walmartbuiltitsowncloudplatformandtiedittotwopubliccloudproviders,creatingamulti-cloudarchitecturethatsaved... PrepareforyourFinOpsinterviewwiththese9questions FinOpspromisestohelporganizationsgainmorevaluefromtheirtechnologyspending,especiallyinthecloud.Doyouhavethe... ComputerWeekly.com NHSDigitalseeksoutwirelesshealthcareinnovation FundingisavailableacrosstheNHSforinnovativeprojectsthatusewirelesstechnologywithinhealthcare DutchmultinationalhiresHCLfordigitaltransformation Netherlands-basedDSMismovingtoasingle-supplierITservicesmodelforitsdigitaltransformation Holdingthelineintheworldofhybridwork Theroleoflinemanagersisevolvingandchangingastheshifttowardshybridworkingincreases,anditwouldappearthesecret... Close