Unified Threat Management (UTM) was coined by IDC to describe a product integrating several security features into a single appliance. This includes firewall, gateway anti-virus and intrusion detection and prevention capabilities.
The shift to UTM is part of a move by cyber security customers away from complex systems of bolted together solutions and towards dealing with a single vendor and most importantly, a single system of alerts.
CBR looks at some of the main UTM solutions on the market.
1. WatchGuard
WatchGuard provides UTM, Next Generation Firewall, secure wi-fi and network intelligence products to over 75,000 customers.
WatchGuard’s UTM product emphasises flexibility, with the option to upgrade it to a higher appliance model within the line using a software license key.
The solution aims to simplify administrative tasks such as log file management, auditing and compliance reporting.
It includes intrusion prevention service, application control, web blocker, antivirus, spam blocker, reputation enabled defence and network discovery.
Additional security modules available include data loss prevention, advanced persistent threat blocker and support service subscription.
Prices vary per organisation. The company is headquartered in Seattle, with officers across North America, Europe, Asia Pacific and Latin America.
2. Sophos
Sophos XG Firewall provides a control centre to oversee the network, users and applications within an organisation.
Within the control centre, users have access to a system panel, which displays the real-time status of system performance and connections. There is a basic colour code to simplify the alerts system; green indicates everything is fine, orange a warning and red that something needs immediate attention.
There is also a security heartbeat widget which indicates the health status of all endpoints managed within the Sophos Cloud.
Systems that may be infected will show up as yellow or red.
Unique to Sophos is the User Threat Quotient, which provides an indication of a user’s risk level based on their recent web and advanced threat activity. Again, it uses the colour code and goes red when a certain threshold of suspicious activity is passed.
3. Fortinet
Fortinet claims to be the market share leader, with over 100,000 network security appliances sold per quarter. The solution has been validated by NSS Labs, AV Comparative and Virus Bulletin amongst others.
The solution is managed through a single cloud-based console. It includes high-performance next generation firewall, VPN, IPS, application control, web filtering, antivirus, antispam and data loss prevention.
Fortinet also offers networking capabilities with routing, switching, WiFi, LAN, and WAN available.
4. Cyberoam
Cyberoam’s NG series is built on CyberoamOS, its new firmware which tightly integrates with the hardware for network and crypto acceleration to deliver high performance.
Cyberoam claims to offer some of the fastest UTM appliances, with up to 5 times the industry average throughputs. The appliances come with hardware that includes Gigahertz processors along with Gigabit Ethernet ports and high port density.
Main features include Application Visibility & Control, which prioritises applications based on user identity, time and bandwidth, improving the flexibility, visibility and control. The advanced controls can classify applications based on risk level, characteristics and technology, providing granular controls.
The solution uses a proactive protection model that removes the need for manual intervention by an administrator.
Available as a subscription is the Web Application Firewall, which protects web servers and applications from hackers.
Also included is support for new connectivity technologies including 4G. Cyberoam is also the first vendor to offer on-appliance reporting, which offers real-time logs and reports and removes the need to deploy a dedicated solution for doing so.
5. Cisco
The SA500 Series from Cisco is a UTM solution for small businesses, combining firewall, VPN and option IPS, email and content security capabilities.
Cisco’s solution series includes built-in a stateful packet inspection and IPS with protection from unwanted traffic.
The demilitarised zone can host file, web and internet-accessible servers without exposing the internal LAN network of the business to threats.
There are also web and URL filtering blocking known malicious sites and limiting employee internet access to appropriate websites. There are also built-in VPN capabilities.
The solutions are designed for small businesses with under 100 employees, businesses with small office routers, businesses aiming to improve employee productivity and businesses that need remote access to enable employees, partners and contractors to connect to the business network.