Unified Threat Management is expanding

The "security in the one box" industry is developing rapidly. Rather than purchasing separate solutions from separate vendors, there are obvious efficiencies in having everything in the one place - an architecture called "unified threat management", or UTM.

The term UTM was coined by IDC in 2004, when it described this technology as an "integrated network appliance that performs firewall, gateway anti-virus and intrusion detection/prevention services".

The UTM concept covers a wide spectrum of security products, but the main UTM architecture combines a firewall, anti-virus and anti-spyware.

Until recently, UTM devices had not added features such as SSL VPN, IM, peer-to-peer and VoIP, but over the past year that has started to change - as have the attitudes of those who are considering purchasing a UTM architecture.

Threats are more sophisticated, leaving enterprise and SMB networks open to targeted attacks, which include blended security threats, such as phishing emails, VoIP exploits and drive-by downloads.

This is prompting UTM device vendors such as Fortinet, WatchGuard and Check Point to introduce the next generation of threat-management devices - "extensible threat management" (XTM) - to counter them. The XTM architecture takes UTM technology one step further by offering flexibility: user-advanced, application-aware technologies, supporting a multitude of network architectures.

Check Point has gone even further along this road by announcing last month that it believes the future is in "software blade architecture" (SBA) - of which more later. For now, let's take a look at why an enterprise or mid-sized business might adopt a UTM strategy.

Organisations such as these need to mitigate risk, especially in the light of recent high-profile data breaches, and the cost to reputation and revenue growth expectations.

There are many threats facing security administrators and enterprise and SMB information security managers in 2009. Malicious websites are targeting visitors, with clever manipulation of IP addresses whereby the IP address changes every five minutes - making detection increasingly difficult.

There are threats from automated repackaging applications, which change how malware will be delivered every few minutes. And mobile devices that connect to a network can encourage virus and malware propagation - for example, an SMS worm that sends out an SMS without your knowledge or steals your company and personal contacts. And there are PDF and flash exploits that inject code to steal information using a keylogger or other malicious Trojan/malware.

For security administrators to counter these fresh threats and those already in the wild, they will need to be supported by a world-class security management research team, so that all vulnerabilities can be identified and removed quickly. These include malware, VoIP exploits, spyware and scareware threats (ie fake scanning websites that don't scan your PC, but drop a malicious payload that collects sensitive information from your computer and network). A UTM that covers all such threats is an attractive proposition.