Potential attacks, software and platform vulnerabilities, malware, and misconfiguration issues can pose serious threats to organizations seeking to protect private, confidential, or proprietary data. Fortunately, various technologies – collectively known as unified threat management – make it easy to use virtualized or appliance-based tools to provide comprehensive security coverage.
With a combination of regular updates, monitoring and management services, and critical security research and intelligence data, you can vastly improve your business’s cybersecurity. We’ll explore how to erect defenses with UTM and implement sound security policies to cope with an array of threats.
Unified threat management is an all-in-one security implementation that helps protect businesses from online security risks. A UTM solution includes features like network firewalls, antivirus software, intrusion detection and virtual private networks. Many businesses may prefer UTM software platforms, but hardware options, such as dedicated firewalls and router networking devices, are also available.
By implementing a UTM program throughout your organization, you provide a single security source for all of your information technology (IT) needs that can scale as your business grows.
With a UTM guarding your organization, you get a streamlined experience with various security components working together seamlessly, instead of the potential issues that could arise if you integrated multiple services for each function.
By its very nature, technology is constantly changing. Unfortunately, this includes cybercrime; as technology progresses and we become more connected, the number of threats keeps growing.
This unpredictability is why it’s critical to implement a comprehensive UTM program throughout your organization. A UTM is like a cybersecurity force guarding against the most common vulnerabilities hackers could exploit. By essentially guarding every virtual entry point, a UTM is a great preventive security measure for any business.
The history of information security and palliative technologies goes back to the 1980s, when perimeter security (through firewalls and screening routers) and malware protection (primarily in the form of early antivirus technologies) became available.
As threats evolved in sophistication and capability, other elements to secure business networks and systems became available. These solutions include email checks, file screening, phishing protection, and allow lists and block lists for IP addresses and URLs.
From the mid-’90s to the first decade of the 21st century, there was an incredible proliferation of point solutions to counter specific threat types, such as malware, IP-based attacks, distributed denial-of-service (DDoS) attacks, and rogue websites with drive-by downloads. This explosion led to an onslaught of data security software and hardware designed to counter individual threat classes.
Unfortunately, a collection of single-focus security systems lacks consistent and coherent coordination. There’s no way to detect and mitigate hybrid attacks that might start with a rogue URL embedded in a tweet or email message, continue with a drive-by download when that URL is accessed, and really get underway when a surreptitiously installed keylogger teams up with timed transmissions of captured data from a backdoor uploader.
Worse yet, many of these cyberattack applications are web-based and use standard HTTP port addresses, so higher-level content and activity screening is necessary to detect and counter unwanted influences.
The basic premise of UTM is to create powerful, customized processing computer architectures that can handle, inspect, and (when necessary) block large amounts of network traffic at or near wire speeds. It must search this data for blacklisted IP addresses, inspect URLs for malware signatures, look for data leakage, and ensure all protocols, applications, and data are benign.
Typical UTM solutions usually bundle various functions, such as the following.
Modern UTM systems incorporate all these functions and more by combining fast special-purpose network circuitry with general-purpose computing facilities. The custom circuitry that exposes network traffic to detailed and painstaking analysis and intelligent handling does not slow down benign packets in transit. It can, however, remove suspicious or questionable packets from ongoing traffic flows, turning them over to scanners or filters.
The UTM agency can then perform complex or sophisticated analyses to recognize and foil attacks, filter out unwanted or malicious content, prevent data leakage, and ensure security policies apply to all network traffic.
UTM solutions usually take the form of special-purpose network appliances that sit at the network boundary, straddling the links that connect internal networks to external networks via high-speed links to service providers or communication companies.
By design, UTM devices coordinate all aspects of a security policy, applying a consistent and coherent set of checks and balances to incoming and outgoing network traffic. Most UTM device manufacturers build their appliances to work with centralized, web-based management consoles. This lets network management companies install, configure and maintain UTM devices for their clients.
Alternatively, IT managers and centralized IT departments can take over this function. This approach ensures that the same checks, filters, controls, and policy enforcement apply to all UTM devices equally, avoiding the gaps that the integration of multiple disparate point solutions (discrete firewalls, email appliances, content filters, virus checkers, and so forth) can expose.
These are some of the most respected UTM providers:
When choosing a business UTM solution, you should seek the standard functions described above as well as these more advanced features:
Advanced UTM devices must also support flexible architectures whose firmware can be easily upgraded to incorporate new means of filtering and detection and to respond to the ever-changing threat landscape. UTM makers generally operate large, ongoing security teams that monitor, catalog, and respond to emerging threats as quickly as possible, providing warning and guidance to client organizations to avoid exposure to risks and threats.
Some of the best-known names in the computing industry offer UTM solutions to their customers, but not all offerings are equal. Look for solutions from reputable companies like Cisco, Netgear, SonicWall and Juniper Networks. You’re sure to find the right mix of features and controls to meet your security needs without breaking your budget.
As a visit to the periodic survey of information security certifications at TechTarget’s SearchSecurity confirms, more than 100 active and ongoing credentials are available in this broad field. However, not all of the best IT certifications address UTM directly or explicitly.
While no credential focuses exclusively on UTM, some of the best InfoSec and cybersecurity certifications cover UTM aspects in their exam objectives or the associated standard body of knowledge that candidates must master:
Of these credentials, the generalist items (such as CISA, CISSP, and CHPP/CHPA) and the two SANS GIAC certifications (GCIH and GCWN) provide varying levels of coverage on the principles of DLP and the best practices for its application and use within the context of a well-defined security policy.
Out of the above list, the CISSP and CISA are the most advanced and demanding certs. The Cisco and Juniper credentials concentrate more on the details of specific platforms and systems from vendors of UTM solutions.
With the ever-increasing emphasis on and demand for cybersecurity, any of these certifications – or even entry-level cybersecurity certifications – can be a springboard to launch you into your next information security opportunity.
Eduardo Vasconcellos contributed to the writing and research in this article.