What is Unified Threat Management?
Unified threat management (UTM) is an IT term that refers to a single security solution that provides multiple security functions at a single point on a network. A UTM solution may also be known as a next-generation firewall (NGFW), and may include features such as antivirus, anti-spyware, anti-spam, content filtering, web filtering, leak protection, network firewalling, intrusion detection and prevention, identity-based security policies, data loss prevention, remote routing, network address translation (NAT), and support for virtual private networks (VPNs).
UTM solutions are deployed at the network perimeter where they scan all data entering and leaving the network. There, the UTM solution uses deep packet inspection (DPI) to gain the necessary visibility into network packets so that it may identify incoming threats and block web requests leading to insecure and/or malicious websites. UTMs have gained popularity as they address blended threats, or threats consisting of multiple types of malware and cyberattacks that target different parts of a network concurrently. Rather than using separate solutions to address each type of threat individually, a UTM solution provides a single dashboard from which a security team can manage all of these corresponding features and threats. Advantages of UTM solutions include:
Centralized management. UTM solutions centralize management and monitoring by consolidating features to create a single point of defense on a single console. This is more efficient and effective than managing and monitoring multiple dashboards for different threat types.
Simplified compliance. Identity-based security policies in UTM solutions simplify the process of implementing least-privilege access controls that are required to meet the access control requirements of regulations such as HIPAA, PCI, DSS, and GDPR.
Consolidation. UTM solutions integrate multiple security functions into a single solution that can provide more contextual data about threats, allowing security teams to detect potential threats faster. Faster detection leads to a faster response across the entire system, which can prevent or minimize damage from cyberattacks.
Simplicity. UTM solutions replace multiple security products, making it easier to manage, configure, and update. This makes these tasks more efficient for security teams and also reduces the chances of critical updates and patches not being installed. Having a single security product also supports continuity of operations by only having a single vendor/license/support contact to manage.
Flexibility. UTM solutions are designed to integrate with new security features and functions as they become available, providing more flexibility to incorporate new security functions without needing to deploy new appliances.
Cost savings. UTM solutions reduce costs by replacing multiple standalone security products with a single solution.