What Is UTM?

Why Is UTM Required?

Besides traditional threats such as viruses and Trojan horses, more advanced threats such as advanced persistent threats (APTs), are also evolving. Due to the allure of huge economic benefits, there is a growing diversity of attacks such as ransomware and machine-to-machine (M2M) attacks. The emergence of hybrid threats has turned the focus of the industry towards devices providing unified threat management. Combining different types of malware and attacks, hybrid threats target different independent parts of the network simultaneously. In the network environment where one device is used for a specific security purpose, it is hard to effectively defend against the latest forms of malware and cybercrimes, as each device must be managed and updated separately.

The current situation is different. The centralized management provided by UTM allows a single device to effectively defend against unknown threats.

Advantages of UTM

UTM can be configured easily, and provides more flexible and visible network management as well as updating all security functions or programs at the same time. Despite the increasingly complex and diversified cyber threats, UTM products can provide a range of technologies to block attacks at key nodes of the kill chain. This helps administrators in their operations so that they no longer need to maintain multiple security programs at the same time and greatly simplifies O&M.

Flexibility and adaptability

With UTM, you can choose from a range of solutions based on your network requirements, and select the most appropriate ones out of a series of security management tools. In this way, you can handle various complex network settings in modern service infrastructure. Instead of buying individual solutions, you can opt for a single mode that includes all the necessary technologies.

The flexibility of UTM allows administrators to freely deploy multiple appropriate security technologies. In addition, the automatic update function of UTM ensures that the system is always ready to cope with the latest threats in the network environment.

Centralized integration and management

Hybrid threats and emerging threats may target different parts of a network at the same time. If multiple security devices are involved, it could be a huge challenge for management personnel. In normal settings without UTM, administrators may need to simultaneously coordinate multiple security components, including firewalls, application control, and VPNs. This is quite time-consuming and resource-intensive. However, UTM allows administrators to manage threats in local and remote environments on a single console. This makes it easier to monitor the system and update or check particular components within UTM. Patch management is also simplified because only one or a relatively small number of devices need to be patched.

High cost-effectiveness

With the centralized configuration, administrators of small and midsize enterprises can purchase, deploy, and manage one type of device. In large enterprises, there is no need for administrators to manage a large number of devices. Instead of purchasing multiple devices, with the aid of UTM, an organization now only needs a smaller number of devices for network protection, saving considerably on costs. And with fewer personnel required by the monitoring system, the labor cost can also be reduced. This may significantly slash expenses.

Higher awareness of threats to cyber security

UTM, in addition to combining centralized functions and faster operations, improves administrators' awareness of threats to cyber security so that they can effectively identify APTs. In this way, IT teams can better manage APTs and other new risks in cyber environments.

Faster security solution

With UTM, administrators can simplify data processing and reduce resource usage. This ensures that fewer resources are required when multiple components do not need to run independently. With the aid of UTM, administrators can work more efficiently. This saves resources and enables better management of other key processes dependent on the network.

Desired Features of a UTM

There are certain features that an ideal UTM solution must possess.

Antivirus

A UTM comes with antivirus software that can monitor your network, detecting and stopping viruses from damaging your system or its connected devices. This is done by leveraging the information in signature databases to check if any viruses are active within your system or are trying to gain access. Some of the threats the antivirus software within a UTM can stop include infected files, Trojans, worms, spyware, and other malware.

Anti-malware

UTM protects your network against malware by detecting and then responding to the malware. A UTM can be preconfigured to detect known malware, filtering the malware out of your data streams and blocking it from penetrating your system. UTM can also be configured to detect novel malware threats using heuristic analysis, which involves rules that analyze the behavior and characteristics of files. For example, if a program is designed to prevent the proper function of a computer's camera, a heuristic approach can flag that program as malware. UTM can also use sandboxing as an anti-malware measure. A sandbox is a virtual system program that enables you to open browsers or run other programs in a virtual environment. Even though the malware can run in such an environment, the sandbox prevents it from interacting with other programs in the computer.

Firewall

Because UTM firewalls examine the data coming both in and out of your network, they can also prevent devices within your network from being used to spread malware to other networks connected to your network.

Intrusion prevention

A UTM system can provide an enterprise with the intrusion prevention capability. Common intrusion methods include Trojan horses, worms, injection attacks, botnets, DDoS attacks, cross-site scripting attacks, and brute force cracking. The UTM system detects and guards against attacks to protect enterprise information systems and network architectures from being compromised. This functionality is often referred to as an intrusion prevention system (IPS). To identify threats, an IPS analyzes packets of data, looking for patterns known to exist in threats. When one of these patterns is recognized, the IPS stops the attack.

In some cases, an IPS will merely detect the dangerous data packet, after which an IT team can then choose how they want to address the threat. The steps taken to stop the attack can be automated or performed manually. The UTM will also log the malicious event. These logs can then be analyzed and used to defend against future attacks.

VPN

The VPN features that come with a UTM device function similarly to regular VPN infrastructure. A VPN creates a private network that sets up a tunnel through a public network, giving you the ability to send and receive data through the public network without others seeing the data. All transmissions are encrypted, so even if someone were to intercept the data, it would be of no use to them.

URL filtering

A UTM's web filtering feature can prevent users from seeing specific websites or Uniform Resource Locators (URLs). This is done by stopping users' browsers from loading the pages of those sites onto their devices. Users can configure web filters to target certain sites based on service requirements.

For example, if you want to prevent employees from being distracted by certain social media sites, you can stop those sites from loading on their devices while they are connected to your network.

Data breach prevention

The data loss prevention built into a UTM device enables you to detect data breaches and theft attempts and then prevent them. To do this, the data loss prevention system monitors sensitive data, and when it identifies an attempt by a malicious actor to steal data, it blocks the attempt, thereby protecting the data.

Advantages of Huawei Firewalls with UTM

Huawei's AI firewalls provide the UTM function and uses an all-new software and hardware architecture to effectively cope with network threats and challenges.

• Intelligent technologies are used to enable border defense, accurately blocking known and unknown threats.
• Multiple built-in dedicated security acceleration engines effectively improve the processing performance of key services such as forwarding, content security detection, and IPsec.
• The security O&M platform implements unified management and O&M of multiple types of security products, such as firewalls, IPS products, and anti-DDoS devices, reducing security O&M OPEX.

For more information, see Huawei AI Firewall Product Documentation.