Unified Threat Management (UTM) What is Unified Threat Management (UTM)?
Unified Threat Management (UTM) is a security solution that consolidates multiple security features to reduce total cost of ownership (TCO) and offers a single point of defense against a range of security vulnerabilities like viruses, worms, malware, spyware, and other network attacks.
- UTM explained
- How does Unified Threat Management (UTM) work?
- What are the benefits of Unified Threat Management (UTM)?
- What are the core functions in a UTM?
- What’s the difference between next generation firewalls and Unified Threat Management?
- HPE and Unified Threat Management (UTM)
UTM explained
Typical Unified Threat Management (UTM) feature sets fall into three main subsets, all within UTM: firewall/intrusion prevention system /virtual private network, secure web gateway security (URL filtering, web antivirus [AV]) and messaging security (anti-spam, mail AV).
UTM enables security teams to efficiently monitor security risks across geographically distributed locations and rapidly respond to threats while reducing the total cost of owning and maintaining different products.
How does Unified Threat Management (UTM) work?
UTM consolidates various core security functions and eliminates the need for deploying different point products. UTM offers centralized security monitoring and management by leveraging different security components to scan the traffic entering and leaving the network. It uses deep packet inspection (DPI) to gain packet-level visibility into all the data moving across the network and blocks malicious or compromised inward and outward traffic.
With a consolidation of security functions like firewall, antivirus, IPS, DLP, etc., under a single UTM solution, the security team gets a holistic view of overall security posture, thereby reducing management complexity.
What are the benefits of Unified Threat Management (UTM)?
UTM consolidates the number of security point products, which helps IT teams to efficiently monitor and manage overall network security and reduce operational expenses. Following are the significant benefits of deploying UTM:
- Centralized security management: Your network needs protection from numerous threat vectors targeting different components of the network. Without UTM, the security team would need different point products to safeguard the network, thereby increasing complexity. UTM offers a consolidated view of overall security health, combining insights from different products and enabling the security team to manage and protect multiple geographically distributed locations from advanced threats.
- Cost savings: Replacing multiple products with UTM results in cost savings on many fronts, including fewer physical devices resulting in reduced hardware procurement, maintenance, training, and dedicated staff costs.
- Rapid response: UTM offers an efficient way to process data coming from different UTM components, derive meaningful insights, and take rapid action, all using a single dashboard. Compliance support: Enterprises are required to maintain a high level of data security and access control to meet different compliance requirements like GDPR, HIPPA, PCI DSS, etc. With a unified security solution like UTM, enterprises can efficiently deploy a robust set of security features in one solution that can meet compliance requirements.
What are the core functions in a UTM?
UTM consolidates a range of security functions into one solution. The primary functions or features under UTM can be grouped in the following categories:
- Firewall: A network firewall is hardware or software that restricts and permits the flow of traffic between networks. Network firewalls help prevent cyberattacks by enforcing policies that block unauthorized traffic from accessing a secure network.
- Antivirus and anti-malware: Antivirus or anti-malware tools scans the traffic flowing through network devices and eliminates any kind of malicious vectors like viruses, worms, trojans, etc.
- VPN (Virtual Private Network): VPN provides secure remote access to the corporate network by encrypting the data and ensuring that sensitive data is transmitted securely over less secure networks, like the internet.
- Network Access Control: Network access controls protect networked digital resources from unauthorized access by restricting users and devices from reaching resources based on policies established by IT.
- URL filtering or web filtering: Blocks access to websites if the requested URL from end devices matches against a continuously updated database of known malicious sites.
- Intrusion Detection and Prevention (IDS/IPS): Intrusion prevention detects malicious activities and performs actions when an intrusion is detected. It inspects all traffic going through the network, using both signature‑based and pattern‑based inspection, leveraging a library of known threats. If an intrusion matches a signature pattern, the system takes action. Intrusion detection provides threat intelligence on malicious activities including command and control, ransomware, phishing, malware, spyware, trojans, and exploit kits.
- Data Loss Prevention (DLP): DLP (Data Loss Prevention) helps protect sensitive data within a network by monitoring, detecting, and blocking potential data breaches or unauthorized access.
- Traffic segmentation: Regulates traffic flow across the network and ensures role-based access to resources.
To secure the network from advanced security threats, UTM can be combined with SSE (Security Service Edge) to expand the security monitoring and response.
What’s the difference between next generation firewalls and Unified Threat Management?
Both UTM and next generation firewalls consolidate network security functions in a single solution. There is no defined difference between these two as the definition of both of these solutions has evolved over time and in response to market needs. Next generation firewalls offer protection at the application level and leverage the latest technology to enable strong overall network security.
HPE and Unified Threat Management (UTM)
UTM from HPE Aruba Networking protects against advanced threats in multiple, geographically distributed locations, and integrates with additional cloud-based security services for layered protection. UTM is delivered via HPE Aruba Networking Central and can be grouped under following components:
- Advanced threat defense: Delivered by HPE Aruba Networking Central via HPE Aruba Networking EdgeConnect SD-Branch gateways , the solution supports an application-aware stateful firewall, deep packet inspection (DPI), web content filtering, VPN overlays, IDS/IPS, Dynamic Segmentation, security dashboards, IP reputation, and unified SASE through integration with HPE Aruba Networking SSE (Security Service Edge).
- Policy Enforcement Firewall (PEF): Our PEF is implemented as a software solution on existing HPE Aruba Networking network infrastructure and is managed via HPE Aruba Networking Central. HPE Aruba Networking PEF delivers a zero trust boundary at the point of network connection based on the identity and role of a user or device, regardless of location, method of connection, or device type. PEF enforces granular access permissions to keep compromised users and devices from participating in an attack with precision isolation and by automatically blocking or quarantining the endpoint when an attack is detected.
- Dynamic Segmentation: Delivered via HPE Aruba Networking Central in conjunction with NAC (ClearPass or Cloud Auth), PEF, and HPE Aruba Networking network hardware, our innovative Dynamic Segmentation serves as the foundation for zero trust and SASE frameworks by ensuring that users and devices can only communicate with destinations consistent with their access permissions.
Besides these advanced threat protection components, we offer a robust SSE platform that offers next gen security services like ZTNA, CASB, SWG, and DEM.