10-12-2012, 03:07 PM
Universal Threat Machine
Universal Threat.pptx (Size: 693.88 KB / Downloads: 25)
What is UTM?
UTM -Universal Threat Machine is
a security device that provides broad network protection by combining multiple security features like—
Firewalling, anti-virus, intrusion detection and prevention, and
content control filtering—on a
single hardware platform.
Why UTM is required?
Due to increasing threat over internet, security is required due to following reasons:-
Cyber crimes
Malicious insiders
Hacking, to make out money
Key Reasons for UTM’s Success
By integrating the functionalities previously found in multiple security and networking devices,
The UTM enables the network security at much lower capital and operating costs.
There are fewer devices to purchase and to maintain.
Simplified centralised management
Components of UTM
UTM mainly has 5 components:-
Firewall
Intrusion detection/prevention
In-line AntiVirus
URL Content Filtering
Virtual Private Network
Functionalities of UTM
Behind the router is the firewall/VPN security gateway which has been the only critical piece of network security equipment for some time.
The main purpose of the firewall is to stop unwanted traffic from entering or leaving the internal enterprise network.
The purpose of the IPSec VPN is to provide secure communication between two sites through the internet.
Effective UTM requires:
Total Cost of Ownership
Cost of implementation should be less
Time of protection should be less
Should be capable of handling network traffic overhead
Should capable of updating the changes
Should capable to adapt with the changes
Coordination
Reduced complexity
Design Challenges
Router and Firewall Datapath
Router and firewall datapaths are relatively simple: the challenge is speed, speed and speed! Designers put a lot of effort into minimizing the number of instructions in the datapath in order to achieve high performance. Below are some datapath operations that can potentially consume a large number of CPU cycles:
• Servicing (high rate of) packet I/O interrupts
• Checksum verification
• Looking up large table(s) to determine what is to be done with a received packet
• Optionally provide Quality-of-Service (QoS) control
Choosing a UTM
For any company looking at UTMs, it is essential to define requirements and thoroughly research the market, but going for an established name with a proven record in firewall security is a good way of establishing a shortlist. Bear in mind that there is no legal definition of a UTM and that there are significant variations between UTM appliances. The variations are on price, functionality, performance, scalability and most importantly security.
Not all suppliers provide solutions that are suitable for larger companies. Performance is a key element. Many UTMs aren't designed for all the functions to work together, so performance can rapidly decline when all functions are switched on.
Future of UTMs
Recently, UTM market leader WatchGuard spoke about its plans for the future of UTMs and how they will adapt to current and future needs for network security. These plans indicate that UTMs will be well placed in the future to fulfil the needs of enterprises and larger companies.
WatchGuard's plan is for UTMs to provide ‘Extensibility', which means the ability to add onto or extend. UTM appliances will be able to proactively adapt to dynamic network environments, as well as protect against unknown, future threats. As businesses grow, so too will their security platform.
Conclusion
Enterprises and larger companies can now seriously consider UTMs, as an alternative to firewalls and other point solutions.
Costs savings and easier management are just a few of the issues which make them attractive.
Powerful UTM appliances with high performance aimed at very large networks are now available.
Future development like ‘Extensibility' will provide adaptability and future proofing which will help all companies protect in an ever changing security environment.