Preventing Network Security Threats and Vulnerabilities

What is unified threat management?

Unified threat management is an all-in-one security implementation that helps protect businesses from online security risks. A UTM solution includes features such as network firewalls, antivirus software, intrusion detection and virtual private networks. Many businesses may prefer UTM software, but hardware options, such as dedicated firewalls and router networking devices, are also available.

By implementing a UTM program throughout your organization, you provide a single, scalable security source for all of your information technology (IT) needs. 

What does a unified threat management solution include?

The basic premise of UTM is to create powerful, customized processing computer architectures that can handle, inspect and (when necessary) block large amounts of network traffic at or near wire speeds. It must search this data for blacklisted IP addresses, inspect URLs for malware signatures, look for data leakage, and ensure all protocols, applications and data are benign. 

Typical UTM solutions usually bundle various functions, including these:

• Proxy services: Proxy services block revealing details of internal IP addresses on networks and examine communications and data transfers at the application level.
• Stateful packet inspection: Stateful packet inspection distinguishes legitimate network communications from suspect or known malicious communication forms.
• Deep packet inspection: Deep packet inspection (DPI) checks network packets’ data portions or payloads to protect against malware and block classified, proprietary, private or confidential data leakage across network boundaries. This technology is also called data loss prevention. DPI technology supports various content filters.
• Real-time packet decryption: Real-time packet decryption exploits special hardware (which essentially reproduces software programs in the form of high-speed circuitry to perform complex data analysis) to permit deep inspection at or near network wire speeds. This lets you apply content-level controls even to encrypted data and screen such data for policy compliance, malware filtering and more.
• Email handling: Email handling includes malware detection and removal, spam filtering and content checks for phishing, malicious websites, and blacklisted IP addresses and URLs.
• Intrusion detection and blockage: Intrusion detection and blockage technology observes incoming traffic patterns to detect and respond to distributed-denial-of-service (DDoS) attacks, as well as more nuanced and malicious attempts to breach network and system security or obtain unauthorized access to systems and data.
• Application control: Application control (or filtering) observes applications in use — especially web-based applications and services — and applies security policies to block or starve unwanted or unauthorized applications from consuming network resources or accomplishing unauthorized access to (or transfer of) data.
• Virtual private networks (VPNs): The best VPN services let remote users establish secure private connections over public network links, including the internet. Most organizations use this technology to protect network traffic en route from the sender to the receiver.

Modern UTM systems incorporate all of these functions and more by combining fast, special-purpose network circuitry with general-purpose computing facilities. The custom circuitry that exposes network traffic to detailed and painstaking analysis and intelligent handling does not slow down benign packets in transit. However, it can remove suspicious or questionable packets from ongoing traffic flows and turn them over to scanners or filters. 

The UTM agency can then perform complex or sophisticated analyses to recognize and foil attacks, filter out unwanted or malicious content, prevent data leakage and ensure security policies apply to all network traffic.

Why is unified threat management important?

UTM is essential because cybercrime threats are unpredictable and constantly evolving. As technology progresses and we become more connected, the number of threats keeps growing.

A business can’t predict when or how the next attack will occur or what data breach costs will be. Threats could come via text, email, pop-up ads, or even a vulnerability in an otherwise-effective business website. 

As threats grow more unpredictable and proliferate, it becomes essential to implement a comprehensive UTM program throughout your organization. A UTM program is like a cybersecurity force that guards against the most common vulnerabilities hackers might seek to exploit to cause a data breach. 

By essentially guarding every virtual entry point, a UTM is an excellent preventive security measure for any business.

A brief history of UTM

It’s important to understand the evolution of UTM in information security and how this cybersecurity tenet gained traction. 

1. Perimeter security became available. The history of information security and preventive technologies goes back to the 1980s, when perimeter security (through firewalls and screening routers) and malware protection (primarily early antivirus technologies) became available. 
2. Network security technologies evolved. As threats evolved in sophistication and capability, other elements to secure business networks and systems became available. These methods included email checks, file screening, phishing protection, and allow lists and blacklists for IP addresses and URLs.
3. Specific threat solutions proliferated. From the mid-1990s to the early 2000s, there was an incredible proliferation of point solutions to counter specific threat types, such as malware, IP-based attacks, DDoS attacks, and rogue websites with drive-by downloads. This explosion led to an onslaught of data security software and hardware designed to counter individual threat classes. 
4. Single-focus threat prevention was found to be lacking. A collection of single-focus security systems lacks consistent and coherent coordination. There’s no way to detect and mitigate hybrid attacks that might start with a rogue URL embedded in a tweet or email message, continue with a drive-by download when that URL is accessed, and really get underway when a surreptitiously installed keylogger teams up with timed transmissions of captured data from a backdoor uploader. Worse yet, many cyberattack applications are web-based and use standard HTTP port addresses. 
5. The need for UTM became apparent. The cybersecurity community realized that more comprehensive, higher-level content and activity screening is necessary to detect and counter unwanted influences. 

Unified threat management providers

UTM solutions usually take the form of special-purpose network appliances that sit at the network boundary, straddling the links that connect internal networks to external networks via high-speed links to service providers or communication companies. It’s worth noting that they’re often not referred to as UTMs; different packages can combine more than one function.

By design, UTM devices coordinate all aspects of a security policy, applying a consistent and coherent set of checks and balances to incoming and outgoing network traffic. Most UTM device manufacturers build their appliances to work with centralized, web-based management consoles. This lets network management companies install, configure and maintain UTM devices for their clients. 

Alternatively, centralized IT departments and skilled IT managers can take over this function. This approach ensures that the same checks, filters, controls and policy enforcement apply to all UTM devices equally. This prevents the gaps that the integration of multiple disparate point solutions — like discrete firewalls, email appliances, content filters and virus checkers — can expose.

Top UTM providers

These are some of the most respected UTM providers:

• Fortinet FortiGate Next-Generation Firewall (NGFW): FortiGate NGFW offers comprehensive online security features. It stands out for its ease of use, scalability and support. By consolidating multiple security services within a single platform, FortiGate NGFW reduces security costs and improves risk management. At the same time, its automated threat protection prevents common types of attacks, like ransomware, command-and-control, and firewall incidents.
• Check Point Next-Generation Firewall: Designed to provide versatile, intuitive online protection, Check Point NGFW can perform more than 60 security services through a single dashboard. Check Point NGFW comes with the proprietary SandBlast Zero-Day Protection, which uses CPU-based threat detection to quickly identify zero-day attacks and can scale on demand. With unified security management across your networks, cloud servers and internet of things devices, Check Point NGFW is an efficient UTM solution.
• WatchGuard Firebox: WatchGuard Network Security’s Firebox is targeted at small and midsize businesses and distributed enterprises. It is a complete security platform that doesn’t sacrifice the user experience. WatchGuard is equipped with a powerful firewall, antivirus services, spam and content filters, and many other security features, so it’s ready to use right out of the box. 

How to choose the right UTM provider

When choosing a business UTM solution, you should seek the standard functions described above as well as more advanced features. 

• Look for endpoint controls that enforce corporate security policies on remote devices and their users.
• Ensure there are integrated wireless controllers to consolidate wired and wireless traffic on the same device. These controllers simplify security policy implementation and enforcement and reduce network complexity.
• Although virtualization technologies have pros and cons, make sure support is included for virtual clients and servers and virtualized implementations for UTM appliances.
• Advanced UTM devices must also support flexible architectures whose firmware can be easily upgraded to incorporate new means of filtering and detection and to respond to the ever-changing threat landscape. 

UTM providers generally operate large, ongoing security teams that monitor, catalog and respond to emerging threats as quickly as possible and provide warning and guidance to client organizations.

Some of the best-known names in the computing industry offer UTM solutions, but not all offerings are equal. Look for solutions from reputable companies, like Cisco, Netgear, SonicWall and Juniper Networks. You’re sure to find the right mix of features and controls to meet your security needs without breaking your budget.

IT Infosec certifications that address UTM

While gaining accreditations can help you learn more about your field, not all of the best IT certifications address UTM directly or explicitly. No credential focuses exclusively on UTM, and stand-alone modules covering various UTM functionalities won’t necessarily be labeled as such. Nonetheless, some of the best Infosec and cybersecurity certifications cover UTM aspects in their exam objectives or the associated standard body of knowledge that candidates must master.

Consider these IT certifications that address UTM:

• ISACA Certified Information Systems Auditor (CISA)
• Cisco security certifications: CCNA, CCNP Security, CCIE Security
• Juniper Networks security certifications: JNCIS-SEC, JNCIP-SEC, JNCIE-SEC, JNCIA-SEC
• (ISC)2 Certified Information Systems Security Professional (CISSP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Windows Security Administrator (GCWN)
• Global Center for Public Safety certifications (CHPP and CHPA Levels I-IV)

Of these credentials, the generalist items (such as CISA, CISSP and CHPP/CHPA) and the two GIAC certifications (GCIH and GCWN) provide varying levels of coverage on the principles of data loss prevention and the best practices for its application and use within the context of a well-defined security policy. 

Out of the above list, CISSP and CISA are the most advanced and demanding certifications. The Cisco and Juniper credentials concentrate more on the details of specific platforms and systems from vendors of UTM solutions.

With the ever-increasing emphasis on and demand for cybersecurity, any of these certifications — or even entry-level cybersecurity certifications — can be a springboard to your next information security opportunity.

Take the next steps to pursue UTM

If this information has inspired you to take action to improve your business’s cybersecurity, it’s worth considering which elements of your firm would benefit most from a UTM solution. Perhaps you have a primarily offsite workforce that uses remote login tools, or maybe your firm has past experience with DDoS attacks.

UTM implementation doesn’t have to be a daunting task. You can choose to invest in IT certifications or outsource the installation and maintenance to a specialist. The key is to recognize that in today’s hostile cyber climate, the security of your firm’s data is non-negotiable, and UTM tools can help ensure its safety.

Neil Cumins contributed to this article.