Unified Threat Managers (UTMs) and Next Generation Firewalls (NGFW) are often categorized together. I am going to define what is generally included in each product what the differences are, approaches to evaluating, and decisions to make when considering either of these solutions.
What is a UTM?
UTMs are typically multifunction network security devices. They are most commonly used by small or midsize business of around 100 to 2,000 employees. The typical feature set in UTMs include a browser based management console at least (but not limited to) Firewall, VPN, Secure Web Gateway (SWG) and Intrusion Prevention.
Other things that can be included are email security features such a spam filter or secure email gateway, some application layer filtering, Web application Firewall (WAF) Data loss prevention, Endpoint antivirus etc.
How it’s different from a NGFW
NGFWs are similar to a UTM but let’s look to Gartner for an official definition to create our distinction. As per Gartner’s definition a NGFW should be a deep packet inspection firewall that does the traditional port and service permit deny functions but also includes the ability to do application level inspection categorization and blocking, and intrusion prevention. Now these devices can also come with SWG features, advanced detection for threats VPN and other UTM features. The biggest differences are generally NGFWs are targeted towards enterprise size customers and can have a more specific focus.
Why we like Sophos’ UTM 9.2
Sophos’ UTM spans both categories and provides some important NGFW features. Confining it to one category or another is pointless because of the stage of evolution these devices are in. Find out for yourself with a free trial just for Softchoice customers!
Some of the business problems this UTM solves for is reducing the costs of using multiple tools, protecting the edge and both understanding and blocking what is coming and going from your networks using:
- Application layer filtering: Application filtering allows you to do a deep packet inspection and have a better understanding of what users are doing online. App layer filtering gives you the ability to see what web applications are doing even if they are all over port 80. For example Farmville, Facebook chat, Dropbox etc.
- Intrusion Protection Systems (IPS): This is also known as Advanced Threat Protection. While doing that deep inspection, we also monitor network and system activities for malicious activity and, at the same time, potentially block known exploits. The key to IPS is normalization to do anomaly detection so you are not only relying on the same old signatures out there. This is an area where some products make cutbacks to ensure they can process larger amounts of traffic with less possibility of latency.
- Secure Web Gateway (SWG): This provides the ability to monitor and block content from a predefined list of categorized sites. SWG also scans for malware and reputation based services along with content scanning to protect against hacked sites.
- SSL VPN: Easily configured and managed virtual private network with flexible configurations to meet most customer needs.
- Firewalling: Traditional stateful port and service permit deny.
- Centralized management: A great value add is a centralized browser-based console for managing all these features.
Who is it for?
A UTM is frequently used by mid-market businesses, however the hardware and software combinations will vary greatly (e.g. the Sophos UTM 9.2 120, 220, 320 and so on). If you need purpose built, high-performance hardware with the same network security you need from next-gen firewall, a UTM simplifies your IT security without the complexity of multiple-point solutions. This UTM is essentially a single appliance that will help you control security risks, and offer clear detailed reports.
What you should do
Although it is important to think about using as many features as possible, taxing these systems and doing more and more inspection on traffic can cause latency on your network or possibly outages (scalability can also be an issue). These are all issues that are important when selecting the correct product, so make sure you are referring to a sizing guide. Ask yourself:
- Are you using the correct tool to account for the size of the organization and pipe that you are running?
- Are you maxed out from day one or do you have room to grow?
- Are there bigger appliances or architectural changes you should make for your growing environment?
With some UTM systems you may find additional features including, but not limited to, email gateway and spam filtering, server protection, wireless protection, data loss prevention, and endpoint protection. You can also take a video tour of the Sophos UTM 9.2.
Remember the benefit of these devices is consolidating as few technologies and vendors as possible. Also, when evaluating a vendor, look at what else they can provide for your environment. Do they have other gateway technologies? Do they have an Endpoint Antivirus product? Can they do DLP? Do I already have technology from this vendor in my environment?
This is not only a great opportunity to evaluate the technology. It’s also the time to look for an approach that includes more security features while also reducing costs by consolidating around a single vendor. Also, consolidation aids in reducing the hassle of management and support of all these technologies.
The key is to look for the right technology, with the right support for the right price. By leveraging fewer vendors as we do with NGFWs or UTMs, we are able to be more strategic by using one consolidated vendor.
Softchoice helps you make the right decision
From health checks to vulnerability and compliance reviews, Softchoice offers a complete repertoire of security assessments that ensure we design your security solution from the right place. To learn more, download our Softchoice Security Solutions PDF.
Bonus: Use the free trial download of Sophos UTM 9.2 as an opportunity to evaluate the technology I discussed in this post.