Attacks, Software and Platform vulnerabilities, Malware and Misconfiguration problems all threaten to endanger an organization’s private, sensitive or proprietary information. Yet technologies referred to as unified threat management (UTM) can easily be implemented with virtualized or appliance-based tools for end-to-end security management.
Providing regular updates; monitoring and management services; and essential security research and intelligence data, you will have your company’s cybersecurity up to a much higher level. What we’ll do is look at how to build defences using UTM and how to build good security policies to deal with a wide range of threats.
What is unified threat management?
Unified threat management is a single security solution that safeguards enterprises from cyber threats. Network firewalls, antivirus software, intrusion detection and virtual private networks are all part of a UTM solution. Most organizations will want to stick with UTM software, but there are also hardware (e.g., dedicated firewalls and router networking machines).
Throughout your organization, when you have a UTM program in place, you offer one scaleable security point for all of your IT.
What does a single threat management platform consist of?
UTM’s basic idea is to build strong, customised processing computers that can analyse, scan and (if necessary) filter huge amounts of network traffic at or near wire speed. It needs to query this data for blacklisted IP addresses, scan URLs for signatures of malware, check for data leakage, and verify protocols, apps, and data are all harmless.
Typical UTM packages bundle many features, some of which are as follows:
- Proxy services: Proxy services block public details of internal IP addresses in networks and analyze communications and transfer at the application level.
- Stateful packet inspection: Stateful packet inspection is used to distinguish good network traffic from bogus or known malicious message types.
- Deep packet inspection: Deep packet inspection (DPI) examines network packets’ data segments or payloads to scan for malware and block classified, proprietary, private or confidential data leaks across network boundaries. We call this technology data loss prevention. DPI technology allows you to set content filters.
- Real-time packet decryption: Real-time packet decryption uses special hardware (which literally replicates programs in high-speed circuitry to analyze deep data) to allow deep inspection at or near network wire speeds. You can use this to manage content even on encrypted data and quarantine such data for policy compliance, malware detection, etc.
- Email Management: Email management such as malware detection and removal, spam filtering, content analysis for phishing, malicious websites, blacklisted IPs and URLs.
- Intrusion detection and blockage: Intrusion detection and blockage monitors incoming traffic to detect and react to DDoS attacks, but also more subtle and advanced attempts to compromise network and system security or gain access to systems and data.
- Application control: Application control (or filtering) detects application activity — web applications and services, in particular — and enforces security policies to prevent or rob nefarious applications from eating up network resources or performing unauthorized data transfer (or data capture).
- Virtual private networks (VPNs): The best VPNs allow remote access users to form private connections through public network links such as the internet. The vast majority of organisations apply this technology to guard the end route of network traffic from sender to receiver.
Modern UTM machines do all this and more, by marrying nimble, dedicated network circuitry with general-purpose computers. The bespoke circuitry that subjected network traffic to intensive, manual tinkering and savvy manipulation doesn’t slow down harmless packets on the way. But it can scrub unknown or doubtful packets from flowing traffic and pass them to scanners or filters.
The UTM agent can then run advanced or granular analysis to identify and block attacks, eliminate malicious/invited content, stop data loss, and enforce security policies across all network traffic.
Why is unified threat management important?
UTM is necessary because cybercrime threat is sporadic and constantly changing. The more connected we become with technology, the more dangers there are.
What business does not know is how, when and how the next attack will happen or what will the data breach cost? They might be from text message, email, pop-up ads, or a hole in a perfectly good company website.
Risk becomes more variable and diffuse, so it is time to have a UTM strategy in your entire organization. A UTM program is like an on-ground cybersecurity unit that guards against the common attack points hackers may use to hack into a data base.
Since you basically guard all virtual access points, a UTM makes for a great proactive security tool for any business.
A brief history of UTM
What you should know about the development of UTM in information security and the popularity of this cybersecurity principle.
- Perimeter security became available. Information security and preventive technologies have their origin in the 1980s with the introduction of perimeter security (firewalls and screening routers) and malware detection (in the form of mostly very early antivirus tools).
- Network security technologies evolved. As threats grew in sophistication and ability, there were more parts to protect corporate networks and infrastructure. These methods were email filters, file filtering, phishing filters, allow lists and blacklists of IP addresses and URLs.
- Specific threat solutions proliferated. It took between the mid-1990s and early 2000s for point solutions to become an unimaginable number of products for fighting certain types of attacks, including malware, IP attacks, DDoS attacks, rogue websites with drive-by downloads. This firehose resulted in a flood of data security software and hardware that could mitigate specific threat classes.
- Threat prevention on a singular basis was not good enough. A series of isolated security infrastructures cannot be coordinated with one another. No way to detect and prevent hybrid attacks that might start with a malicious URL included in a tweet or email, progress with a drive-by download upon opening that URL, and really ramp up when a covertly installed keylogger joins forces with scheduled transmissions of stolen data via a backdoor uploader. Not only that, but a lot of cyberattack applications are also online and use standard http port addresses.
- That was when UTM came into view. Cybersecurity professionals realised they need to detect and fight against manipulative forces by screening content and activity at a higher level.
Unified threat management providers
UTM products typically appear in the form of dedicated network appliances that exist on the network edge, hovering between the fibres that join inner networks to outer networks over high-speed fibres to carriers or Telco’s. Note: We don’t usually call them UTMs; different packages can implement more than one function.
In principle, UTM devices manage all elements of a security policy by putting a strict and unaltered combination of checks and balances on inbound and outbound network traffic. The vast majority of UTM device manufacturers design their appliances with centralised, online management portals. This permits network management companies to set up, provision and support UTM devices on behalf of clients.
Or centralized IT teams and expert IT managers can do this job. This makes sure that the same checks, filters, controls and policy enforcement is done on all UTM devices equally. This avoids the inefficiencies that are caused by aggregating many different point solutions — discrete firewalls, email appliances, content filters and virus checkers.
Top UTM providers
Here are some of the most reputable UTM providers:
- Fortinet FortiGate Next-Generation Firewall (NGFW): FortiGate NGFW comes with all the security benefits of online protection. It’s the one to use, scale and support. By bringing all the security services together in one solution, FortiGate NGFW lowers security costs and manages risk better. Meanwhile, its automated threat management guards against common attacks, such as ransomware, command-and-control, and firewall breaches.
- Check Point Next-Generation Firewall: Developed for comprehensive, intuitive online protection, Check Point NGFW is able to execute 60 security services on the same dashboard. Check Point NGFW includes Check Point’s Sandblast Zero-Day Protection, which is powered by CPU threat detection to detect zero-day threats in real time and can scale on demand. Providing secure management of your networks, cloud servers and internet of things devices from one place, Check Point NGFW is a powerful UTM solution.
- WatchGuard Firebox: WatchGuard Network Security’s Firebox is for SMBs and distributed enterprises. It’s a full security solution without the user-interface sacrifice. WatchGuard comes packed with an advanced firewall, antivirus, spam and content filters, and so much more security in the box.
How to Select the Right UTM Provider?
For business UTM solution you want both the above common functions and some additional features.
- Look for endpoint controls that enforce company security measures against remote machines and users.
- Include wireless controllers so that wired and wireless traffic can share the same machine. These controllers make security policy management and enforce easier and make networks less complex.
- While virtualization technologies are not for everyone, ensure that there is support for virtual clients and servers, as well as virtualized implementations for UTM appliances.
- High-end UTM devices should also have flexible designs whose firmware can be simply updated to support new filtering and detection technologies and adapt to the evolving threat environment.
UTM vendors typically have big, regular security teams that watch, catalogue and react to new threats as fast as possible and issue warnings and advice to clients.
Some of the biggest names in computing provide UTM solutions but not all of them are created equal. Try to find solutions from brands that are known such as Cisco, Net gear, SonicWall, Juniper Networks. You’ll be able to find the right combination of features and controls for your security, without breaking the bank.
UTM IT InfoSec certifications — IT InfoSec certifications.
Accreditations will help you learn about your industry, but not all the best IT certifications talk about UTM directly or explicitly. There’s no UTM-only credential and independent modules based on different UTM features won’t even get that designation. Still, there are some of the best InfoSec and cybersecurity certifications which have UTM as part of the exam objectives or the standard knowledge to be learned by the candidate.
Take these IT certifications that cover UTM:
- ISACA Certified Information Systems Auditor (CISA)
- Cisco security certifications CCNA, CCNP Security, CCIE Security.
- Juniper Networks security certifications JNCIS-SEC, JNCIP-SEC, JNCIE-SEC, JNCIA-SEC.
- (ISC)2 Certified Information Systems Security Professional (CISSP)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Windows Security Administrator (GCWN)
- Certifications from Global Center for Public Safety (CHPP and CHPA Levels I-IV)
The generalist certificates (CISA, CISSP and CHPP/CHPA) and two GIAC certifications (GCIH and GCWN) of these are somewhat overlapping in terms of how much information is taught about the data loss prevention concepts and best practices for how it should be implemented and utilized under a well-defined security policy.
The most technical and difficult certifications out of all of the above are CISSP and CISA. Cisco and Juniper credentials are more focused on specific platform/system information of UTM vendors.
As cybersecurity is becoming more important and sought after than ever, any of these certifications — or even entry-level cybersecurity certifications — can help launch you to your next information security job.
Follow up with UTM: Make sure you do.
And if this post has moved you to make an investment in strengthening your company’s cybersecurity, consider which aspects of your business would stand to the greatest benefit from a UTM solution. Maybe you have a majority offsite workforce that uses remote login, or maybe your business has been hit with DDoS attacks in the past.
UTM implementation needn’t be a scary project. Invest in IT trainings or delegate installation and upkeep to a professional. The trick is to realize that in the new hostile cyber world, the privacy of your company’s information is not an option and UTM tools can help keep it safe.