(Unified Threat Management) UTM

What is (Unified Threat Management) UTM?

UTM consolidates a range of security functions into one solution. The primary functions or features under UTM can be grouped in the following categories:

• Firewall: A network firewall is hardware or software that restricts and permits the flow of traffic between networks. Network firewalls help prevent cyberattacks by enforcing policies that block unauthorized traffic from accessing a secure network.
• Antivirus and anti-malware: Antivirus or anti-malware tools scan the traffic flowing through network devices and reduces any kind of malicious vectors like viruses, worms, trojans, etc.
• Virtual Private Network (VPN): VPN provides secure remote access to the corporate network by encrypting the data and enabling the transfer of sensitive data over less secure networks, like the internet.
• URL filtering or web filtering: Blocks access to websites if the requested URL from end devices matches against a continuously updated database of known malicious sites.
• Intrusion Detection and Prevention (IDS/IPS): Intrusion prevention detects malicious activities and performs actions when an intrusion is detected. It inspects all traffic going through the network, using both signature based and pattern based inspection, leveraging a library of known threats. If an intrusion matches a signature pattern, the system takes action. Intrusion detection provides threat intelligence about malicious activities including command and control, ransomware, phishing, malware, spyware, trojans, and exploit kits.
• Data Loss Prevention (DLP): DLP helps protect sensitive data within a network by monitoring, detecting, and blocking potential data breaches or unauthorized access.
• Traffic segmentation: Regulates traffic flow across the network and provides role-based access to resources.

To secure the network from advanced security threats, UTM can be combined with Security Service Edge (SSE) to expand the security monitoring and response.

Both UTM and NGFW consolidate network security functions in a single solution. There is no defined difference between these two as the definition of both solutions has evolved over time and in response to market needs. NGFW offer protection at the application level and leverage the latest technology to enable strong overall network security.

HPE offers UTM via its HPE Juniper Networking Next Generation Firewall which consolidates all the significant functions of UTM.

HPE Networking also consolidates various UTM functions in its management platform—HPE Aruba Networking Central.

HPE Juniper Networking SRX Series Next-Generation Firewalls and the vSRX Virtual Firewall include outstanding content security against malware, viruses, phishing attacks, intrusion attempts, spam, and other threats through unified threat management, protecting against network-level attacks, application-level attacks, and content-based attacks. The components provided in NGFW systems include:

• Anti-spam—Tags or blocks unwanted e-mail traffic by scanning inbound and outbound SMTP e-mail traffic. Antispam filtering allows you to use both a third-party server-based spam block list (SBL) and to optionally create your own local allow list and deny list for filtering against e-mail messages. for filtering against e-mail messages.
• Anti-virus—Uses a scanning engine and virus signature databases to protect against virus-infected files, worms, trojans, spyware, and other malware over POP3 HTTP, SMTP, IMAP, and FTP protocols. By using Juniper Advanced Threat Prevention (ATP), you can combine traditional signature-based detection with latest anti-malware technologies to detect threats and mitigate them.
• Content Filtering—Provides basic data loss prevention functionality. Content filtering filters traffic based on MIME type, file extension, and protocol commands. You can also use the content filter module to block ActiveX, Java Applets, and other types of content. Content filtering does not require a separate license.
• Web Filtering—Provides URL filtering capability by using either a local Websense server or Internet-based SurfControl server. Web filtering is critical as a service for tracking productivity and corporate user behavior.

HPE Aruba Networking provides protection against advanced threat in multiple geographically distributed locations, and integrates with additional cloud-based security services for layered protection. The platform consolidates the following UTM functions:

Advanced threat defense: HPE Aruba Networking Central supports an application-aware stateful firewall, deep packet inspection (DPI), web content filtering, VPN overlays, IDS/IPS, dynamic segmentation, security dashboards, IP reputation, and unified SASE through integration with HPE Aruba Networking SSE (Security Service Edge).

Policy Enforcement Firewall (PEF): PEF is implemented as a software solution on existing HPE Aruba Networking network infrastructure and is managed via HPE Aruba Networking Central. HPE Aruba Networking PEF delivers a zero trust boundary at the point of network connection based on the identity and role of a user or device regardless of location, method of connection, or device type. PEF enforces granular access permissions to keep compromised users and devices from participating in an attack with precision isolation and by automatically blocking or quarantining the endpoint when an attack is detected.

Dynamic Segmentation: Dynamic Segmentation serves as the foundation for zero trust and SASE frameworks by providing secure connectivity between source and destination based on predefined access permissions.

Besides these advanced threat protection components, HPE Aruba Networking offers a robust SSE platform that provides next gen security services like ZTNA, CASB, SWG, and DEM.