UTM’s – What Are They and What Role Do They Play in Computer Security?

Unified Threat Management (UTM) is a term still foreign to many people, even those interested in computers, and even many working in the industry, but that will certainly change in the near future.

A UTM device is the next evolution of the traditional firewall.

Most of us have a firewall, whether we know it or not, built into the modem we use to connect to our Internet Service Provider (ISP). It’s basic function is to prevent external traffic from entering our local private space by closing off “ports” that aren’t in use. Think of it as a wall between you and the internet, preventing anything from getting to your computer. The problem is that we WANT some things to get to our computer – email traffic, web traffic etc. To allow the traffic we want to let in we poke a hole in the wall specifically for that type of traffic. These holes are referred to as ports. Overall we are much safer with a firewall than without one, but still the open ports present potential vulnerabilities that ne’re do wells could exploit.

Unified Threat Management Devices combine the functions of a Firewall with an Anti-Virus solution on steroids. Ports are still opened to allow the traffic that we need to come in to go about our day, but every packet of traffic that passes through the UTM is intelligently scanned for Viruses, Malware, Spam and Inappropriate Content. They also provide advanced Intrusion Detection / Intrusion Prevention services.

More recently UTM devices have started offering Data Loss Prevention services as well. With DLP you can specify Data that is private, or your intellectual property and it will prevent this data from leaving the network without your specific say so. This can be extended to automated services that monitor for things such as credit card details to keep you safe from Data and Identity Theft.

The primary market for UTM devices has been the small to medium size Enterprise sector, due to the cost involved in purchasing and maintaining the devices (on top of the cost of the device itself, an annual fee is payable to maintain the filtering definitions, similar to the subscription payment on your anti-virus software), but recently providers have started developing solutions for the SOHO (Small Office / Home Office) market and with the rise of the ongoing Ransomware threat it is only a matter of time until options are available for the home user market.

It is important to note though that whilst UTM devices provide a huge jump up in computer protection, they are not recommended as a replacement for traditional Anti-Virus software, but rather an addition to it. UTM’s only protect you from external threats and only scan traffic in transit. If your son, daughter or significant other brings home a virus infected movie on a thumb drive and plugs it in you’ll be wanting that AV software!