The 10 Benefits of Unified Threat Management

Monday, November 30th, 2015


Unified threat management (UTM) is a solution in the network security industry and the leading network gateway defence solution for organizations.

Unified Threat Management (UTM)

Unified threat management (UTM) is a solution in the network security industry and the leading network gateway defence solution for organizations. Perceivably, UTM is the transformation of the traditional firewall into an extensive security product able to operate numerous security functions such as intrusion prevention, anti-virus scanning, load balancing, bandwidth throttling, advanced threat protection, and a number of others that I will go into in detail about, all within one single system. What UTM does is it unites all of the multiple security functions instead of having separate systems performing independently of one another.

It can be compared to an assembly of superheroes that had previously operated individually, but have banded together to form an organized, multi-purpose security force. Older point solutions, that were installed to crack large-scale threat and productivity issues, are arduous to set up, handle and update, which inflates operational complications and upkeep expenditure. Rather, organizations of today require a unified approach to network security and productivity that merges the administration of traditionally divergent point technologies. There are different levels of defence, varied by the needs for security with certain enterprises requiring more defensive options than general users. What level of security does your organization require? This is something to consider before investing in a UTM solution. Once I have broken down the different facets and shed a layman’s light on them, you may have a better idea of what your organization requires. … Spoiler: the more the merrier.

bouncer security

1. Intrusion Prevention

Intrusion prevention is one of the easier concepts to fathom. It’s a precautionary approach to network security used to pinpoint possible threats and react to them promptly. The primary functions of intrusion prevention systems are to identify virulent activity, log the pertinent information about this activity, try to forestall it, and then report it.

Imagine intrusion prevention to be the security guard, or bouncer, stationed at the door to your network. This security guard is able to recognize menacing entities and prevent their access while calling for backup. The mischievous intruders are unceremoniously bounced before they can enter your system and cause damage.


2. Anti-virus Scanning

Anti-virus software (AV) is computer software used to impede, identify and eliminate malicious software which is why it is also – and perhaps more accurately – known as anti-malware software. Antivirus software was initially designed to reveal and eradicate computer viruses, hence the term ‘anti-virus’. However, with the emergence of other kinds of malware, antivirus software began to implement security against other computer threats. In particular, modern antivirus software can safeguard against ransomware, rootkits, browser hijackers, fraud tools, key loggers, backdoors, malicious LSPs, Trojan horses, worms, diallers, adware and spyware, and malicious browser helper objects (BHOs). Some products also include protection from other computer threats, such as infected and malicious URLs, social engineering scams, electronic spamming, phishing attacks, online privacy hacks, online banking attacks, advanced persistent threat (APT), and botnets DDoS attacks.

I initially struggled to identify an everyday system that resembles anti-virus scanning to form an understanding by comparing them. In the end, I came to the conclusion that anti-virus scanning performs very much like an intelligence agency would with special agents tasked with preventing, detecting and removing malignant entities. It’s a form of counter-terrorism with software capable of using intelligence to identify threats and deploy operations to neutralize the offending parties.


3. Load Balancing

A load balancer is a mechanism that acts as a reverse proxy and apportions network traffic across various servers. Load balancers are used to increase the soundness and capacity of applications.

This sounds familiar, doesn’t it? I can picture a little person with a flag and a luminescent vest directing users in tightly congested networks. A traffic guard is a person who directs traffic through a traffic control zone using gestures, signs or flags. Their duties are to direct traffic to moderate the traffic density so as to not cause traffic jams. Thus, the person directing traffic is responsible for maintaining the efficiency of it.

Similarly, a load balancer is a device that directs network traffic and its duty is to moderate network traffic density so as to not cause traffic jams. Effectively, the load balancing device directing network traffic is responsible for maintaining the efficiency of traffic. This, as it is with traffic guards, allows for applications to run smoothly, much like allowing city services to navigate roads smoothly. So, next time you find your application or network struggling to run efficiently, it is because your little electronic flagger is off duty or inadequate.

download (1)

4. Bandwidth Throttling

Bandwidth throttling is the wilful tempering of internet service by an internet service provider (ISP). It is a reactive amendment utilized in communication networks to control network traffic and curtail bandwidth traffic jams.

Now, what do we encounter every day that operates in a very similar fashion? Ah, yes. The speed bump. A speed bump is a traffic appeasing apparatus that relies on vertical deflection to moderate motor-vehicle traffic in order to improve safety conditions. Speed bumps are used in locations where very low speeds are reasonable and desired. Like a speed bump, bandwidth throttling regulates traffic by slowing it down. Now, this is not necessarily for safety, unless you run the risk of a crashing system thereby losing valuable data or time. Bandwidth throttling simply abates traffic to avoid congestion. A lot like slowing down traffic to allow intersections to function smoothly. Without speed bumps, traffic would back up at intersections. Without bandwidth throttling, traffic would backup in networks.


5. Data Loss Prevention

Typically, data loss prevention (DLP) – also referred to as data leak prevention, information loss prevention or extrusion prevention products – is a strategy for making sure that end users do not send critical or sensitive data outside of the corporate network, be it accidentally or maliciously, essentially exposing information that could put the organization at risk. The term is also used to describe software products that help a network director control what information end users can transmit or relocate. Endorsement of DLP is being driven by more scrupulous privacy laws and by insider threats.

Well then, what do we have here? A non-disclosure agreement (NDA)? A confidential disclosure agreement (CDA)? A confidentiality agreement (CA)? A secrecy agreement (SA)? Or a proprietary information agreement (PIA)? Whatever you want to call it, it is a legal contract that outlines confidential information, material, or knowledge that the parties wish to share with one another, but wish to inhibit third party access to. An NDA creates an intimate relationship between the parties to protect any type of trade secrets or proprietary information. As such, an NDA protects non-public business information. This is pretty much what DLP is. With it, you and your employees will zip it rather than unzip it. So, zip it real good with data loss prevention.


6. Reporting

Reporting is an essential part of the bigger movement towards revised business intelligence and knowledge administration. Generally, implementation involves the extract, transform, and load procedure (ETL) in coordination with an information storehouse and then using certain reporting tools. Many UTMs produce reports that allow you to see how your network is being used. The option to have real-time reports on how your network is being used will help you find out where you may be at risk.

This isn’t terribly exciting and the analogy I am forced to use – for the lack of a better one – isn’t either. Alas, it is a statistician. Reporting is to UTM what Maria Hill is to Marvel Comics’ The Avengers. Yes, you serve a necessary cause, but it’s an unflattering one. People pay attention not because it is interesting, but because it is useful. I’m not saying Maria Hill is simply a statistician. I’m not saying she isn’t either. She’s more like a glorified statistician. Anyway, a statistician is someone who works with theoretical or applied statistics. Perhaps I have the wrong attitude. I mean, not all statisticians settled with the profession and some people may find the mind numbing task of sifting through data fulfilling and not just file-filling. Either way, it is an integral part of network security. Ultimately, big decisions can be made using comprehensive data collected by reporting systems such as the ones provided by UTMs.


7. Advanced Threat Protection

Advanced threat protection (ATP) relies on numerous types of security technologies to fight these threats from the network’s core to the end user’s device, with each mechanism operating a different role, but still performing together seamlessly. Cybercriminals continue to invent, hoodwink, and basically penetrate existing security solutions of organizations with advanced persistent threats, multi-stage malware, and targeted attacks. As security solutions used by organizations evolve to protect themselves, assailants continue to adapt their attacks.

This reminds me of vaccines and the constantly evolving threats posed to human bodies. As the diseases evolve, so must the vaccinations adapt to the aggressive change or stand to leave the targeted body vulnerable. It is an almost identical process with ATPs and cybercriminals. The seemingly endless cycle and back-and-forth between advanced threat protection systems and advanced threats is an all too common aspect of the internet business and there doesn’t appear to be any clear end to the conflict in sight.


8. Virtual Private Network Capabilities

A virtual private network (VPN) extends a private network across a public network, such as the internet. It permits users to send and receive information across public or shared networks in such a way that their computing devices are directly connected to the private network, so that they are gaining from the security, the range of capabilities, and the administration policies of the private network. A VPN is generated by instituting a virtual point-to-point network through the use of traffic encryption, virtual tunnelling protocols, or committed connections. VPNs grant staff members secure access to the corporate intranet while operating outside of the workplace. Likewise, VPNs securely connect geographically disconnected offices of an organization, constructing one close-knit network.

Telepathy is the theoretical transmission of information from one person to another without using physical interaction or any of our known sensory channels. Pretty much, it is communicating over variable distances without conventional or detectable methods. Two telepaths could communicate with one another without publicly broadcasting their conversation, while still having access to the environment and information around them. A private network is created and information can thus be passed between engaged members. Another analogy I could make, is when two or more people sit in a crowded room and speak in a language incomprehensible to the vast majority of the other people present when they know genuinely well the language of those left out of the conversation. Yes, I agree. It’s very rude. And shame on those people.


9. Application and Web Filtering

An application firewall is one that controls input, output, and access to, from, and by a service or application. It monitors and blocks the system service call or input and output that does not meet the firewall’s policy configuration. The application firewall is normally built to regulate all network traffic on any layer and it is able to control applications or services specifically. There are two main kinds of application firewalls, host-based application firewalls and network-based application firewalls.

A web filter is a program that can screen an incoming web page to determine whether all or some of it should not be presented to the user. The filter reviews the content or origin of a web page against a set of specifications administered by the party that installed the web filter. It allows an enterprise or individual user to shut out pages from web sites that are likely to include unpleasant advertising, malware, pornography, and other distasteful content.

Basically, this is like an immune system, which is a system of biological structures and processes within an organism that protects it against disease. To operate accordingly, an immune system must be able to identify a variety of agents, known as pathogens, from viruses to parasitic worms, and discriminate against them and not the organism’s own healthy tissue or harmless intruders. Like an immune system, application and web filters detect and distinguish what is potentially harmful or harmless to a network.


10. Email Filtering

Email filtering is the processing of email to organize it according to specified criteria. The typical uses for mail filters include organizing incoming email and removal of spam and computer viruses. A less familiar use is to scan outgoing email at some companies to make certain that employees adhere to relevant laws. Users might also utilize a mail filter to prioritize messages, and to file them into folders based on subject matter or other criteria.

This is quite obviously similar to manual mail sorting that happens at post offices and large corporations. Mail sorters will categorize incoming and outgoing mail for efficiency, effectively prioritizing certain mail. This is largely to reduce costs by receiving discounts on selected mail, however they are employed to handle other important responsibilities such as scanning incoming mail for hidden dangers and threats or outgoing mail for the theft of property and information. Having email filtering is like having a little digital human meticulously and ruthlessly scanning all of your email to make sure you receive the harmless and important messages and that you send only the appropriate ones too.


The Bottom Line

While we’re abusing the use of analogies and have essentially exhausted all possible examples so that no one else will be able to speak figuratively again, let me throw one last analogy at you. Choosing which brand of UTM to use would be like choosing which security company you want to guard your company. If there’s one thing South Africans know though, it’s private security companies, with nearly 9,000 registered companies and 400,000 registered active private security guards in the country. This may make the decision making process difficult, but the overwhelming options allow one to make the best decision possible. The industry provides guarding, monitoring, armed reaction, escorting, investigating and other security-related services to private individuals and companies in the country. Which is very similar to the UTM industry, if you think about it. Now, I’m not going to tell you which security company to use, but I can recommend which UTM provider you should use to make that particular decision easy for you to make and to ensure your company is as safe as it can be.

Now that you are slightly more informed about UTM appliances and their services, you are in a better position to decide what your company needs. You may be thinking to yourself that your company really isn’t big enough to require such advanced network security with so many benefits, and you may be right. However, have you thought about each and every web site that you have on your network, or perhaps intend to have on your network? Having a reliable security appliance not only protects your company, but it protects all those who are affiliated with you via a secure network you are providing. Additionally, you would be perceived as a reliable network provider if you did in fact have efficient network security, giving you an advantage over your competitors. Not such a bad idea after all, right? Not at all.

And so, I’m going to recommend Cyberoam Technologies, which is a Sophos Company, and one that DigiWorks South Africa markets through its website. Cyberoam is an international network security appliances provider that offers user identity-based network security in its unified threat management appliances. It allows control over and visibility into users’ activities in business networks. Cyberoam’s UTM appliances provide extensive security to individuals, and significantly, to organizations of all sizes. Its multiple security features, unified into a single platform, make security highly effective and appreciably uncomplicated. Cyberoam’s ESA (Extensible Security Architecture) and multi-core technology upholds the ability to combat eventual threats for the security of organizations. Its UTM appliances provide future-ready security with advanced hardware and software up to 5 times the average industry throughputs, thus making them the fastest UTM hardware on the market.

There you have it. I have provided a – some-what – detailed description of an array of solutions revealing the problems that require said solutions. And, I have provided the best all-encompassing solution to your network security needs. I wish you and your company well. For more information on the products Cyberoam has to offer, visit the online shop on the DigiWorks website.


By Clinton Walker

Bank Identification