UTM seems to have become a misused term; anyone who puts together something more than a firewall in the same box calls it a UTM.
So what are the key elements? Read on:
- Firewall – of course you want this, but in light of the other features that you will want, a packet filtering and proxy will be very useful as well; so your firewall must be a hybrid.
- IDS/IPS – this today is a must; you can’t have edge protection without proper IPS, and it is ridiculous to buy a separate one after you have spent all the money for a UTM device. This feature should be fully integrated with the firewall, to achieve a next generation firewall protection, and should be INLINE with the firewall.
- Email protection – should be much more than just an AV product. Should be policy protection, to block unwanted attachments, hidden, compressed or otherwise. Should be protection for the server, integrated with the firewall and IPS. Should be protection from vulnerabilities that affect the protocols and the servers.
- Antivirus – protocols to be protected are, at a minimum: SMTP, POP3, IMAP, FTP, and HTTP.
a. AV is too generic a term; one single AV is no longer acceptable as no one can really keep up; best is to have more than one
b. Real time AV – this is an emerging technology; we already have it. But if you want to hope to block emerging threats, you need zero day protection, you need a real time AV
Antispam. Hackers use all kinds of ways to get in; you need to have protection against all of them. Antispam should have a proven record of at least 98% protection, should not be using old spam lists but should be based on more modern techniques, such as SPF check and many others. We still see too many systems that use old methods that cause way too many false positives and yield poor overall results</LI
Web access policy – a company must be able to control where its employees are allowed to go on the internet, and this in turn enhances protection as it prevents users from landing on dangerous websites.
VPNs – modern devices should support IPSEC for compatibility, but should also offer SSL as a full VPN, with roaming AND site-to-site solutions. PPTP is still there, as it is free and inexpensive, but not mandatory at this point.
A true UTM device should be seamless – the final result is stronger than the sum of the parts. The antispam should be able to communicate with the IPS, so that a spammer attacking your device will be blocked before the email is even delivered. The antispam should also be able to use the categorization abilities of the web access policy to see if a URL in an email should be allowed or not. The IPS and the firewall should be fully integrated.
There are many other functions that a UTM device can do for you. For example, our device can host DNS records for the company. It can act as DHCP server and NTP server. It supports VLANs (256 per interface), it can automatically create a signature for any outbound email (for legal statements mostly). We support advanced routing, any type of packet mangling, Quality of Service; we can set up a load balancer in the firewall; we can support multiple internet connections either in high availability or in weighed load balance.
Our devices can be set up in high availability or in load balance or in cluster. New functions that are emerging as required on the UTM this year are DLP and Vulnerability Scanning. These functions thus far have been done using separate devices; more and more companies are demanding to see them integrated with the gateway protection.
Lastly, it’s important that the technology offered for small offices is the same provided for the main office. For example, you want the same AV protection, nothing less. — viruses don’t treat small offices any better than they treat your headquarters. With Network Box, you get the same exact protection whether your office has 1 person or 10,000!