Unified threat management (UTM) refers to when multiple security features or services are combined into a single device within your network. Using UTM, your network’s users are protected with several different features, including antivirus, content filtering, email and web filtering, anti-spam, and more.
UTM enables an organization to consolidate their IT security services into one device, potentially simplifying the protection of the network. As a result, your business can monitor all threats and security-related activity through a single pane of glass. In this way, you attain complete, simplified visibility into all elements of your security or wireless architecture.
Desired Features of a Unified Threat Manager
There are certain features that an ideal UTM solution must possess.
A UTM comes with antivirus software that can monitor your network, then detect and stop viruses from damaging your system or its connected devices. This is done by leveraging the information in signature databases, which are storehouses containing the profiles of viruses, to check if any are active within your system or are trying to gain access.
Some of the threats the antivirus software within a UTM can stop include infected files, Trojans, worms, spyware, and other malware.
Unified threat management protects your network against malware by detecting it and then responding. A UTM can be preconfigured to detect known malware, filtering it out of your data streams and blocking it from penetrating your system. UTM can also be configured to detect novel malware threats using heuristic analysis, which involves rules that analyze the behavior and characteristics of files. For example, if a program is designed to prevent the proper function of a computer’s camera, a heuristic approach can flag that program as malware.
UTM can also use sandboxing as an anti-malware measure. With sandboxing, a cell inside the computer is confined to a sandbox that captures the suspicious file. Even though the malware is allowed to run, the sandbox prevents it from interacting with other programs in the computer.
A firewall has the ability to scan incoming and outgoing traffic for viruses, malware, phishing attacks, spam, attempts to intrude on the network, and other cybersecurity threats. Because UTM firewalls examine both the data coming in and out of your network, they can also prevent devices within your network from being used to spread malware to other networks that connect to it.
A UTM system can provide an organization with intrusion prevention capability, which detects then prevents attacks. This functionality is often referred to as an intrusion detection system (IDS) or intrusion prevention system (IPS). To identify threats, an IPS analyzes packets of data, looking for patterns known to exist in threats. When one of these patterns is recognized, the IPS stops the attack.
In some cases, an IDS will merely detect the dangerous data packet, and an IT team can then choose how they want to address the threat. The steps taken to stop the attack can be automated or performed manually. The UTM will also log the malicious event. These logs can then be analyzed and used to prevent other attacks in the future.
Virtual Private Networking (VPN)
The virtual private network (VPN) features that come with a UTM appliance function similarly to regular VPN infrastructure. A VPN creates a private network that tunnels through a public network, giving users the ability to send and receive data through the public network without others seeing their data. All transmissions are encrypted, so even if someone were to intercept the data, it would be useless to them.
A UTM’s web filtering feature can prevent users from seeing specific websites or Uniform Resource Locators (URLs). This is done by stopping users’ browsers from loading the pages from those sites onto their device. You can configure web filters to target certain sites according to what your organization aims to accomplish.
For example, if you want to prevent employees from being distracted by certain social media sites, you can stop those sites from loading on their devices while they are connected to your network.
Data Loss Prevention
The data loss prevention you get with a UTM appliance enables you to detect data breaches and exfiltration attempts and then prevent them. To do this, the data loss prevention system monitors sensitive data, and when it identifies an attempt by a malicious actor to steal it, blocks the attempt, thereby protecting the data.