Unified Threat Management devices are network firewalls that also perform other security features like virus protection like web content filtering along with the traditional activities of a firewall (see Blocking Digital Threats Is Easy With The Right Tool).
We asked Jon Kuhn, Director of Product Management at SonicWALL to explain how UTM works and the benefits of using one to protect your company’s network.
For businesses not using a UTM device, what solutions are they typically using?
It is assumed that the majority of business not running a UTM device is at least running basic firewalling. Basic irewalling is typically used to describe a technology called Stateful Packet Inspection or SPI. SPI tracks each connection traversing interfaces on a firewall and focuses in on source and destination information based on a configurable security policy. SPI is limited to the inspection of only a fraction of all traffic that comes in, out and through a given network.
What are the benefits of UTM vs. point solutions or any other solutions?
Above we discussed the predominant technology used on networks not running UTM. For customers looking to increase their visibility, security and reliability of their networks, they choose technology that can scan *all* traffic rather than a small fraction. This technology is referred to as Deep Packet Inspection or DPI. Using DPI, it is possible to have a much greater field of visibility when looking at the connections moving throughout the network.
But it takes more than just DPI to improve security, DPI is only the starting point. Some UTM solutions use DPI to increase security only over certain content, file and traffic types, as well as restrict their solution to only a percentage of users on the network in order to meet the deep security, massive throughput and granular control required of today’s networks. A technology called Reassembly-Free UTM unifies multiple security layers into a logical solution, combined with intrusion prevention, vulnerability protection, anti-malware protection, content filtering, and application control, without compromising network scalability or performance. The idea is, what’s the benefit of comprehensive security if it brings the network to a halt. With reassembly-free UTM you don’t have to make that choice.
Are other threats, other than virus and malware via web sites, really that problematic for businesses?
Absolutely. Computer, network and application usage is dramatically changing the way networks are designed, managed and protected. Bandwidth is increasing, users are becoming more technically savvy, while the growth of insecure Web 2.0, SaaS, SOA, social networking and streaming media applications has increased the need for greater traffic inspection. More often users are sharing content with networks and end points outside of the control of administrators, think Google Docs. To add to all of this, firewall-evasive techniques, convergent online information and port-hopping add new opportunities for the spread of malicious content and malcode. Customers require a much greater level of network and application inspection without compromising the ever-growing throughput requirements of today’s complex communication networks.
How can smaller businesses know if their current IT solution provider can handle properly configuring their network and working with a UTM device?