“Unified Threat Management” is a buzzphrase (that is, a few buzzwords strung together) heard a lot in networking and network security. Essentially, this is something (usually a device) which combines several network security services, including email filtering, web content filtering, firewalling, intrusion detection/prevention, and others. A UTM device can provide other services as well, such as VPN (Virtual Private Networking) support, to allow your remote workers to securely connect to your office. UTMs frequently seen in small businesses because they (usually) carry a lower cost than purchasing and managing several separate devices or software packages to perform the same functions.
The major drawback of these is that they present a single point of failure on your network. If a hardware UTM device gets compromised or simply fails, your system can either be exposed or your Internet access can be down. Also, if you already have these all of these devices/services in place on your network, a UTM may not gain you much.
As previously stated, UTMs can offer a lower initial and ongoing cost of ownership than several separate devices. Consider the following elements of your network:
- Internet router
- Intrusion detection/prevention system
- VPN server
- E-mail anti-virus scanner
- Junk E-mail (spam) filter
- Web content filter
- Web proxy server
Now, take these devices or services and combine them into a single device which does all of these services for one (relatively) low(er) price. To a small business, this is pretty appealing, especially if these services were not present in the first place. For example, most of our smaller clients have no intrusion detection/prevention system in place. Many do not have any sort of website content filtering or centralized e-mail anti-virus or junk e-mail filter.
Additionally, small businesses frequently have only one main “server” on their network, and they can easily be overburdened by having too many tasks placed on them. We have seen software email anti-virus and junk e-mail scanners bring servers to a grinding halt. Offloading these processes to a separate device can improve performance and reliability of the main server.
A UTM also offers a single location to manage all of these services. This can be beneficial to less-experienced administrators, who are easily confused by having multiple different interfaces with different appearances and conventions. In other words, it is easier to manage because the interfaces and terminology tend to be consistent whether you are managing the firewall, email filter, or web proxy.
A UTM can kill many “birds” with a single stone, and is something every small business should consider for their network, especially if any of the above services are currently not present.