08 Feb NGFW and UTM Firewall: Find out the main differences
Since the late 1980s, when the first firewall concepts emerged, to this day, many generations of security mechanisms have been incorporated into firewall solutions.
Since the 1990s, especially in the second half with the popularization of the Internet, new security challenges have emerged requiring the firewall solutions to be enhanced with features that meet the demand of protection in computing environments.
The more the Internet became popular, the greater the number of businesses converged to the online platform, making ever more evident the concern and need to protect companies in this new era of information and connectivity.
The firewall market over the last 5 years has been populated by two main concepts of solutions, which in some cases generate confusion with regard to operation, scope and especially difference.
Get to know the basic concept behind these terms, how to differentiate them and even check what is best suited to your company’s reality or needs.
Unified Threat Management (UTM)
The concept of UTM Firewall arose naturally over time, according to the need and evolution of the security market itself. As new attacks and vulnerabilities were discovered, the firewall was enhanced with new features and functionalities.
Because of this, an UTM can be easily identified as a software and hardware asset, or a combination of the two, which centralizes on a single platform some features of stateful filtering, VPN, web proxy, antivirus, IDS/IPS, Deep Packet Inspection (DPI), etc.
As a limitation to the UTM Firewall, we can highlight problems associated to performance, since all security functions are centralized in a single product. The problem becomes evident in corporate environments, with a high volume of packets and insufficient hardware, resulting in damages to the processing of security rules applied in the environment.
On the other hand, centralization can be incredibly positive for small and medium-sized businesses, where a single device will meet most of the security needs, with highly competitive values compared to purchasing individual products to meet the needs separately.
Unified threat management (UTM) is a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM: firewall/intrusion prevention system (IPS)/virtual private network, secure Web gateway security (URL filtering, Web antivirus [AV]) and messaging security (anti-spam, mail AV). (Gartner, 2015)
Next Generation Firewall (NGFW)
The Next Generation Firewall (NGFW) was developed with the motivation to solve the performance deficiency reported by the UTMs, delivering application control features and deep packet inspection in a highly performing and cohesive architecture.
Complementary features such as web proxy, virus and malware protection and others, present in UTM Firewall, are not part of the NGFW architecture since these features have been removed and outsourced, ensuring high scalability rates for large environments.
The main contribution of NGFW lies in the technological advances generated from the deep packet inspection and the visibility of applications, regardless of protocols and ports. Together, these features not only allow attacks to be avoided but they also create more dynamic and efficient access control policies for today’s security challenges.
Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated. (Gartner, 2015)
Main differences between UTM and NGFW firewalls
Although the concepts present substantial differences, there is still some difficulty in understanding them. Many writers and suppliers argue that there is currently no difference in practice between the two types of products. This is because the main challenge of UTMs for large environments was solved with the maturing of the technology developed.
Some opinion makers argue that NGFW is suitable for high-intensity traffic environments, especially complex businesses, telecommunications and others that centralize a large amount of data traffic. Moreover, in these cases separating security assets is critical to the scalability and resilience of the environment. Therefore, an UTM Firewall would be recommended for the small and medium-sized businesses (SMBs), in which the data flow is lower.
Regardless of the term used and the size of the company, the most important thing to be analyzed during the process of purchasing a perimeter security solution is whether the resources offered meet the functional and growth requirements of the environment or not, being this the most relevant point, also regardless of the concept used (UTM or NGFW).
Another fundamental aspect is to analyze the technology used to offer the features of UTM Firewall and NGFW. In fact, both have brought great contributions to the security market in several manufacturers. Others, however, only tried to change their nomenclature, without actually adding technology to products delivered to the market.