The Internet is a scary place for a business. Headlines about malware attacks and data breeches have become a daily occurrence. Older firewall appliances which screen out malicious programs using only dynamic packet filtering, otherwise known as stateful inspection, are no match for today’s hackers.
Stateful inspection limits firewall protection to an all-or-nothing security policy, and this makes the technology essentially obsolete. Network security should be able to inspect the entire data payload of a network packet with enough precision and intelligence to distinguish good web traffic from bad, and be able to enforce security policies set by an IT administrator.
To a certain point, this can be achieved with software solutions like endpoint management (Kaspersky, for example), and antivirus and antimalware protection (like Webroot, Symantec, and others), which add layers of protection at the desktop or device level. These solutions run from a server, usually in the background or during scheduled scans for malware.
A UTM defends your network at the point of attack
After a computer network grows beyond 10 or 20 users, an SMB should consider deploying network security at the outskirts of its network. This is where a UTM becomes essential.
Unified Threat Management devices (Dell SonicWALL and Netgear ProSecure, as examples) provide gateway antivirus, URL blocking, intrusion prevention, and other security features that desktop software solutions provide. The drawback for running any form of network security is that it tends to add latency to the network. Essentially you are sacrificing performance for protection in every security scenario—the more security functions you add, the more latency you can expect. It is a give and take.
A UTM facilitates this balancing process. By placing all the tools for conducting deep packet inspection in one appliance, which is controlled by single graphical user interface, a network administrator can fine tune network security to best fit the needs of the ends user as efficiently as possible.
What network security features does a next-generation firewall have that a UTM does not?
A next-generation firewall (NGFW) in many ways resembles a UTM in appearance and function—deep packet inspection coupled with minimal network latency. Application awareness is the essential differentiator between NGFW and a UTM according to Gartner’s definition:
Next-generation firewalls are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated.
When should you consider a NGFW over a UTM?
While there is some grey area about what distinguishes a NGFW from a UTM, the general consensus is that a next-generation firewall allows for greater control over security features at the application level when the applications involved are more complex. They tend to offer greater throughput and a higher connection capacity. NGFWs for the most part are more expensive to purchase and license. For examples and feature sets, compare NGFWs from Stonesoft and Check Point.
For companies that want deep packet inspection and have limited resources for IT staff, licensing, and hardware, UTMs provide enterprise-level protection at a price point that is reasonable for an SMB budget. The real difference between a NGFW and a UTM in many cases pertains to only the largest enterprises that deploy custom applications over large, multi-location networks and need the multi-gigabyte speeds that expensive NGFWs can offer.
In many cases, the defining factor between UTM and NGFW is nebulous. Some companies even label their midrange network security appliances as both UTM and NGFW, like the Fortinet FortiGate for example.
In the end just remember that with any IT purchasing decision, assess your needs and plan for growth when deciding whether a UTM is the best fit for your company’s network security.