Unified Threat Management (UTM)
We TECHSMART IT SOLUTIONS Provide UTM Security Solutions with various brands like SONICWALL, SOPHOS, CYBEROAM, CISCO, FORTIGATE, WATCHGUARD, JUNIPER.
Unified threat management (UTM) is an approach to security management that allows an administrator to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console.
Unified threat management (UTM) technology delivers comprehensive protection and simplifies security management, all without slowing your network.
Intrusion prevention, network-based anti-malware with cloud assist, content and URL filtering and anti-spam services
Standard firewall features: They include the traditional (first-generation) firewall functionalities such as stateful port/protocol inspection, network address translation (NAT), and VPN.
Application identification and filtering: This is the chief characteristic of NGFWs. They can identify and filter traffic based upon the specific applications, rather than just opening ports for any and all traffic. This prevents malicious applications and activity from using non-standard ports to evade the firewall.
SSL and SSH inspection: NGFWs can even inspect SSL and SSH encrypted traffic. They can decrypt traffic, make sure it’s an allowed application and check other policies, and then re-encrypt it. This provides additional protection from malicious applications and activity that try to hide using encryption to avoid the firewall.
Intrusion prevention: Being more intelligent and with deeper traffic inspection, they may also be able to perform intrusion detection and prevention. Some next-gen firewalls might include enough IPS functionality that a stand-alone IPS might not be needed.
Directory integration: Most NGFWs include directory support (i.e., Active Directory). For instance, to manage authorized applications based upon users and user groups.
Malware filtering: NGFWs can also provide reputation-based filtering to block applications that have a bad reputation. This can possibly check phishing, virus, and other malware sites and applications.
Palo Alto Networks : This is one of the first vendors to release an application-aware firewall. Their proprietary technologies include App-ID, User-ID, and Content-ID: App-ID classifies known and unknown applications traversing any port and protocol via clear-text or encrypted SSL or SSH connections; User-ID adds support of user and group policies via most all enterprise directories on the market in conjunction with the network-based User-ID agent; and Content-ID provides the real-time content inspection and filtering, URL filtering, and IPS functionality.
Traffic inspection across all ports, without compromising performance
The principal advantage of a UTM product is its ability to reduce complexity. The principal disadvantage is that a UTM appliance can become a single point of failure(SPOF).
UTM appliances are sometimes referred to as Next-Generation Firewalls:
High - Performance Detection