In the sector of cybersecurity, unified threat management (UTM) offers a full defence against different types of cyberattacks. Even though it has the same objectives, UTM is slightly different compared to firewalls and antivirus software.
Many businesses and small to medium corporations have adopted a UTM system, but what is it exactly?
What is UTM?
A UTM is an information security (infosec) system which includes, in one location, protection against cyber threats such as viruses and other malware, alongside complex network attacks.
The factors that distinguish it from other anti-virus software is that it does not just act on computers and PCs, but it covers entire networks and individual users. It does so by overseeing traffic and blocking eventual threats. The reason why many small and medium-sized businesses (SMBs) adopted UTMs is that it offers many features from one singular system rather than many smaller ones.
A UTM device, in particular, protects businesses from the main five cyber threats: malware, phishing, viruses and trojans, hackers and denial of service (DoS). In a normal antivirus structure, many different components are needed to tackle these issues. In a UTM, on the other hand, no separate technology is needed.
How does UTM work?
A UTM network has two main ways to scan for security breaches and cyber threats, either via a flow-based inspection or a proxy-based one. The former is also referred to as stream-based inspection, which deals with and filters data that breaches a security device such as a firewall. These devices are made to detect viruses or other malicious activity.
The latter, the proxy-based inspection, inspects entire packets of content that pass through a firewall, IPS or VPN server. By doing this, the network security device itself can act as a proxy to filter through the information that enters the device.
What are UTM’s main features?
The most widespread UTMs normally include an array of features. The principal ones are antispam services, URL filtering and application control, firewalls, VPN, content filtering, and intrusion detection and prevention.
Antispam services are also called spam filters and, as the name suggests, they filter email-based attacks while monitoring inbound and outbound messages. Some of them already know what to look for, for instance, specific words or addresses, while others for entire word patterns thanks to the Bayesian process analysis.
Similarly, firewalls also control inbound and outbound traffic, however, rather than emails, they focus on network traffic. A firewall can either be hardware or software-based and its main purpose is to block and prevent malicious content from accessing information about computer files or web servers. The three main kinds of firewalls are circuit-level gateway, application-level gateway and packet filtering.
Content filtering mostly acts on web pages, controlling the information that goes through a network with the help of filters such as Internet Protocol (IP) address or media access control (MAC) address. The threat it mostly looks out for is data loss following an information breach.