The need for information security in corporate environments is constant, more and more companies are seeking greater visibility, competitiveness and scale, regardless of the segment. For this, the massive use of technology and internet is fundamental and, in many cases, it clearly presents itself as a competitive advantage.
All scalability offered by the use of technology and the internet in business can be proportionally threatened if security measures and solutions are not adopted to protect the transit, exchange and storage of information.
There are a number of security solutions to minimize the risks of Internet threats, allowing companies to increasingly take advantage of the benefits of technologies to their business advantage without potentially exposing their systems and information inappropriately.
Many security solutions operate in isolation from each other, and starting from this need are more integrated solutions, especially perimeter, that offer a set of security features, with high added value, in a single product with strong integration.
The term UTM firewallor simply UTM (Unified Threat management) is the nomenclature given to a hardware or software device capable of assembling various security functions, such as packet filtering, proxy, intrusion detection and prevention systems, protection against malware, application control, among others.
In a simplified way, the main role of a firewall in a corporate network is to regulate traffic between two or more networks (internet and internal network, or internal networks, internet and DMZ, among others), defending the interests and/or control needs of companies.
In the case of a UTM firewall it is no different, however its capacity or depth of protection is superior to traditional firewalls, since it brings a greater set of characteristics. This offers more dynamism and security to create controls in the corporate environment.
Instead of the traditional control model offered by proxies web, in which the administrator manages access profiles with own bases of URL of what can be accessed, control based on categories allows a very deep knowledge of classified websites according to their content.
These databases offer greater ease in both the interest-based management of the industry, as it considerably reduces the complexity of web access management, having more assertiveness in controls and, therefore, greater security for the company.
With this feature, you can use the same facilities of any proxy service, such as rules by time, users, groups, equipment and others. The big difference is associated with a highly segmented URL base used during rule processing.
No more need to create endless lists of restricted websites, whether adult content, cracking, warez and the like. The URL baseis fully structured and is maintained by the manufacturer itself, delivering much more quality for the proxy service, which consequently reflects on security and productivity for organizations.
It is relatively common for UTM firewall solutions to have built-in or third-party antivirus capability, or they have the option of maintaining a classified database of signatures and addresses that host malicious content.
The feature is interesting because it allows that, regardless of whether the organization does not have an appropriate endpoint protection policy, the UTM firewall itself potentially reduces the risks of an outdated device (notebook, computer, etc.) being infected and otherwise harming the company.
If it does not have its own database, it is common for the solutions to provide integrated structure with external antivirus, so requests made to the firewall (such as one-page access) are properly forwarded to the antivirus to verify the security of those data.
While having control of malware at the gateway or network firewall reduces potential problems at the endpoint, it is always a good practice to enable features that protect the endpoint within the information security strategy.
In addition to the above features, application-based control or layer 7 filtering has a great advantage in today’s information security management, where fewer and fewer port, protocol, and address-based policies are effective.
The application control deals with filtering the contents of the last layer of a network packet in order to identify, regardless of address, port and protocol, the behavior of the applications, and based on this and in the policy, allow or block access.
Through a knowledge base of application behavior, vendors offer regular updates (as with antivirus vaccines) to ensure that control efficiency remains even after updates of applications such as Skype, Tor, BitTorrent, and others.
Another fundamental feature of protection found in UTM firewall are the systems that detect and prevent the occurrence of attacks in the networks. These systems traditionally work with pattern recognition in typically attack packets, and can act to block such attacks.
There are several facilities regarding the use of IDS and IPS, and this will depend a lot on the need of each environment. In many, administrators only use passively to become aware of events and incidents, but there is no occurrence of blocking attacks.
In other cases, in addition to logging events, the UTM firewall effectively prevents that request or malicious packet from reaching the server or station present in the communication. It is a potential mechanism in an in-depth defense strategy.
In addition to these features, there are several others that could be added as part of UTM firewall solutions; however, each provider deals with their particularities and competitive differentials. Together, they provide greater security for corporate networks, and because of this, they are called unified threat management because they centralize multiple layers and protection solutions to maximize the success of organizations’ security strategy.
How is your company prepared for security challenges? If you have any questions or concerns, please contact our team of experts.